Spectrum Development
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- 1 participants
- 201 discussions
Create separate folders for new parent pages, update Introduction page,
remove a and the articles from titles, quick check text for simple english
Signed-off-by: Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
---
Documentation/{ => about}/architecture.adoc | 27 ++++-----
Documentation/about/index.adoc | 32 ++++++++++
Documentation/building-documentation.adoc | 52 ----------------
.../decisions/001-host-update-mechanism.adoc | 4 +-
.../decisions/002-install-options.adoc | 4 +-
Documentation/decisions/003-partitioning.adoc | 2 +-
.../004-data-at-rest-encryption.adoc | 4 +-
.../005-virtual-machine-monitor.adoc | 2 +-
.../decisions/006-drivers-on-host.adoc | 2 +-
.../decisions/007-usb-virtual-machines.adoc | 2 +-
...008-inter-vm-communication-mechanisms.adoc | 2 +-
Documentation/decisions/index.adoc | 2 +-
Documentation/{ => development}/b4.adoc | 6 +-
.../build-configuration.adoc | 13 ++--
.../development/building-documentation.adoc | 52 ++++++++++++++++
.../{ => development}/creating-vms.adoc | 4 +-
.../{ => development}/debugging.adoc | 12 ++--
.../{ => development}/first-patch.adoc | 32 +++++-----
Documentation/development/index.adoc | 59 +++++++++++++++++++
Documentation/development/managing-vms.adoc | 14 +++++
Documentation/{ => development}/replying.adoc | 13 ++--
.../{ => development}/reviewing-patches.adoc | 4 +-
.../{ => development}/running-vms.adoc | 4 +-
.../{ => development}/testing-patches.adoc | 28 ++++-----
Documentation/development/user-partition.adoc | 18 ++++++
.../{ => development}/uuid-reference.adoc | 5 +-
.../development/working-with-patces.adoc | 12 ++++
Documentation/explanation.adoc | 6 --
Documentation/how-to.adoc | 6 --
Documentation/index.adoc | 29 +++++++--
.../{ => installation}/binary-cache.adoc | 22 +++++--
.../{ => installation}/getting-spectrum.adoc | 16 ++---
Documentation/installation/index.adoc | 23 ++++++++
Documentation/reference.adoc | 6 --
Documentation/tutorials.adoc | 6 --
Documentation/user-partition.adoc | 12 ----
36 files changed, 350 insertions(+), 187 deletions(-)
rename Documentation/{ => about}/architecture.adoc (79%)
create mode 100644 Documentation/about/index.adoc
delete mode 100644 Documentation/building-documentation.adoc
rename Documentation/{ => development}/b4.adoc (91%)
rename Documentation/{ => development}/build-configuration.adoc (73%)
create mode 100644 Documentation/development/building-documentation.adoc
rename Documentation/{ => development}/creating-vms.adoc (97%)
rename Documentation/{ => development}/debugging.adoc (79%)
rename Documentation/{ => development}/first-patch.adoc (80%)
create mode 100644 Documentation/development/index.adoc
create mode 100644 Documentation/development/managing-vms.adoc
rename Documentation/{ => development}/replying.adoc (68%)
rename Documentation/{ => development}/reviewing-patches.adoc (88%)
rename Documentation/{ => development}/running-vms.adoc (85%)
rename Documentation/{ => development}/testing-patches.adoc (82%)
create mode 100644 Documentation/development/user-partition.adoc
rename Documentation/{ => development}/uuid-reference.adoc (97%)
create mode 100644 Documentation/development/working-with-patces.adoc
delete mode 100644 Documentation/explanation.adoc
delete mode 100644 Documentation/how-to.adoc
rename Documentation/{ => installation}/binary-cache.adoc (74%)
rename Documentation/{ => installation}/getting-spectrum.adoc (79%)
create mode 100644 Documentation/installation/index.adoc
delete mode 100644 Documentation/reference.adoc
delete mode 100644 Documentation/tutorials.adoc
delete mode 100644 Documentation/user-partition.adoc
diff --git a/Documentation/architecture.adoc b/Documentation/about/architecture.adoc
similarity index 79%
rename from Documentation/architecture.adoc
rename to Documentation/about/architecture.adoc
index 1c4307b..1237577 100644
--- a/Documentation/architecture.adoc
+++ b/Documentation/about/architecture.adoc
@@ -1,32 +1,31 @@
= Architecture
-:page-parent: Explanation
+:page-parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Introduction
+Spectrum is based on the principle of security by compartmentalization.
-Spectrum is based on the principle of security by
-compartmentalization. The high level stack is illustrated in the
-following diagram:
+The high level stack is illustrated in the following diagram:
-image::diagrams/stack.svg[]
+image::../diagrams/stack.svg[]
The default set of virtual machines includes two application VMs,
_appvm-catgirl_ (an IRC client) and _appvm-lynx_ (a text-based web
browser); and a system VM, _netvm_ (which handles hardware network
devices and provides network services to application VMs). Refer to
-xref:creating-vms.adoc[Creating VMs] and xref:running-vms.adoc[Running
+xref:../development/creating-vms.adoc[Creating VMs] and
+xref:../development/running-vms.adoc[Running
VMs] for more information about using VMs in Spectrum.
== Architecture Decision Records (ADRs)
https://en.wikipedia.org/wiki/Architectural_decision[Architecturally significant
-decisions] are xref:decisions/index.adoc[recorded] as lightweight
-https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions/[ADRs].
+decisions] are xref:../decisions/index.adoc[recorded] as lightweight
+https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions[ADRs].
-== The Spectrum host system
+== Spectrum Host System
Compartmentalization is implemented using
https://cloud-hypervisor.org/[cloud-hypervisor] virtual machines.
@@ -44,7 +43,7 @@ and service scripts.
https://wayland.freedesktop.org/[Wayland] is used for window management and
display. The Wayland architecture is well documented
-https://wayland.freedesktop.org/architecture.html[here]. The host provides only
+https://wayland.freedesktop.org/architecture.html[here]. The host provides only
a Wayland terminal client, https://codeberg.org/dnkl/foot/[foot], which is used
for interacting with VM consoles. In future it will be possible for application
VMs to display windows on the single Wayland compositor on the host system,
@@ -57,7 +56,7 @@ https://www.etalabs.net/compare_libcs.html[added safety on resource exhaustion
and security hardening on memory allocation]. Kernel hardening will be
investigated in future.
-== Exploring the Spectrum dependency tree
+== Spectrum Dependency Tree
For a detailed, interactive view of dependencies, use
https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository:
@@ -66,5 +65,5 @@ https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository:
[listing]
nix-build img/live -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz --no-out-link | xargs -o nix-tree
-https://diode.zone/w/8DBDQ6HQUe5UUdLkpDuL35[See video of Spectrum live image
-interactive analysis with nix-tree]
+See the https://diode.zone/w/8DBDQ6HQUe5UUdLkpDuL35[video] of Spectrum live
+image interactive analysis with nix-tree.
diff --git a/Documentation/about/index.adoc b/Documentation/about/index.adoc
new file mode 100644
index 0000000..6961b6a
--- /dev/null
+++ b/Documentation/about/index.adoc
@@ -0,0 +1,32 @@
+= About Spectrum
+:description: Some words about Spectrum as the operating system, not a project. Highlights the differences between common Linux distributions and Spectrum.
+:page-nav_order: 1
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is a Linux-based system that uses the
+https://github.com/NixOS/nix[Nix package manager] and
+the https://github.com/NixOS/nixpkgs[Nix Packages collection] (Nixpkgs).
+
+This gives an actively-developed base with good
+hardware support, powerful and optimised compartmentalization primitives in
+https://www.linux-kvm.org/page/Main_Page[KVM], and the reproducible packaging
+and configuration system that is important
+for a maintainable compartmentalized system.
+
+== Why Spectrum
+
+* User data and applications are managed centrally while remaining isolated.
+That means that the system can be backed up and managed as a whole, rather than
+mixed up in several dozen VMs.
+
+* The host system and isolated environments are managed declaratively and
+reproducibly using the Nix package manager.
+This can save the user the burden of maintaining many different virtual
+computers, allowing finer-grained resource access controls and making it
+possible to verify the software running across all environments.
+
+TIP: If you are interested in why we do something _this_ way instead of _that_
+way, see xref:../decisions/index.adoc[Architecture Decision Records].
diff --git a/Documentation/building-documentation.adoc b/Documentation/building-documentation.adoc
deleted file mode 100644
index b491105..0000000
--- a/Documentation/building-documentation.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-= Building the Documentation
-:page-parent: Tutorials
-
-// SPDX-FileCopyrightText: 2022 Unikie
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-
-This tutorial assumes that you have https://nixos.org/[Nix] installed.
-You may also want to xref:binary-cache.adoc[configure the Spectrum
-binary cache], to avoid having to wait for dependencies to compile on
-your local system.
-
-1. Get a copy of the Spectrum source code:
-+
-[source,shell]
-----
-git clone https://spectrum-os.org/git/spectrum
-----
-2. Enter the documentation directory:
-+
-[source,shell]
-----
-cd spectrum/Documentation
-----
-3. Enter the development environment:
-+
-[source,shell]
-----
-nix-shell -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz
-----
-4. In the development shell, do an initial build of the documentation
-site:
-+
-[source,shell]
-----
-scripts/build.sh
-----
-5. Run a development server for previewing changes locally:
-+
-[source,shell]
-----
-jekyll serve
-----
-+
-This will serve a local copy of the documentation at http://localhost:4000/.
-+
-IMPORTANT: Jekyll doesn't handle rendering of the draw.io diagrams, so
-if you modify any of those, or add new ones, you'll have to run
-`scripts/build.sh` again to do a full rebuild of the site.
-
-Once you've made your changes to the documentation, see
-xref:first-patch.adoc[Sending Your First Patch] for information
-about how to submit them for review.
diff --git a/Documentation/decisions/001-host-update-mechanism.adoc b/Documentation/decisions/001-host-update-mechanism.adoc
index 574deb4..39f9f28 100644
--- a/Documentation/decisions/001-host-update-mechanism.adoc
+++ b/Documentation/decisions/001-host-update-mechanism.adoc
@@ -1,6 +1,6 @@
= 001 Host Update Mechanism
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -11,7 +11,7 @@ Proposed
== Context
-Spectrum currently has no implementation for software update. The host --
+Spectrum currently has no implementation for software update. The host --
consisting of the Linux kernel, KVM, cloud-hypervisor and minimal user space
tools -- will require software updates to support feature development and
security fixes.
diff --git a/Documentation/decisions/002-install-options.adoc b/Documentation/decisions/002-install-options.adoc
index 4412b53..4a745eb 100644
--- a/Documentation/decisions/002-install-options.adoc
+++ b/Documentation/decisions/002-install-options.adoc
@@ -1,6 +1,6 @@
-= 002 Install options
+= 002 Install Options
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/003-partitioning.adoc b/Documentation/decisions/003-partitioning.adoc
index 8494ea4..a13b8cc 100644
--- a/Documentation/decisions/003-partitioning.adoc
+++ b/Documentation/decisions/003-partitioning.adoc
@@ -1,6 +1,6 @@
= 003 Partitioning
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/004-data-at-rest-encryption.adoc b/Documentation/decisions/004-data-at-rest-encryption.adoc
index 26fe273..5b0f518 100644
--- a/Documentation/decisions/004-data-at-rest-encryption.adoc
+++ b/Documentation/decisions/004-data-at-rest-encryption.adoc
@@ -1,6 +1,6 @@
= 004 Data at Rest Encryption
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -20,5 +20,5 @@ User data is encrypted.
== Consequences
Spectrum needs to come with enough software to get the encryption key
-via different methods (password, usb, fido, etc.) Can we use dm-crypt
+via different methods (password, usb, fido, etc.). Can we use dm-crypt
for everything instead of LUKS?
diff --git a/Documentation/decisions/005-virtual-machine-monitor.adoc b/Documentation/decisions/005-virtual-machine-monitor.adoc
index db81c72..df1b501 100644
--- a/Documentation/decisions/005-virtual-machine-monitor.adoc
+++ b/Documentation/decisions/005-virtual-machine-monitor.adoc
@@ -1,6 +1,6 @@
= 005 Virtual Machine Monitor
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/006-drivers-on-host.adoc b/Documentation/decisions/006-drivers-on-host.adoc
index 872044e..b92d863 100644
--- a/Documentation/decisions/006-drivers-on-host.adoc
+++ b/Documentation/decisions/006-drivers-on-host.adoc
@@ -1,6 +1,6 @@
= 006 Drivers on Host
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/007-usb-virtual-machines.adoc b/Documentation/decisions/007-usb-virtual-machines.adoc
index 3bdf78b..d832691 100644
--- a/Documentation/decisions/007-usb-virtual-machines.adoc
+++ b/Documentation/decisions/007-usb-virtual-machines.adoc
@@ -1,6 +1,6 @@
= 007 USB Virtual Machine
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
index a1b7d49..c1e5b87 100644
--- a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
+++ b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
@@ -1,6 +1,6 @@
= 008 Inter-VM Communication Mechanisms
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/index.adoc b/Documentation/decisions/index.adoc
index 772f382..a022239 100644
--- a/Documentation/decisions/index.adoc
+++ b/Documentation/decisions/index.adoc
@@ -1,6 +1,6 @@
= Architecture Decision Records
:page-has_children: true
-:page-parent: Explanation
+:page-parent: About Spectrum
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/b4.adoc b/Documentation/development/b4.adoc
similarity index 91%
rename from Documentation/b4.adoc
rename to Documentation/development/b4.adoc
index 489ced4..5f141e9 100644
--- a/Documentation/b4.adoc
+++ b/Documentation/development/b4.adoc
@@ -1,5 +1,7 @@
= Installing and Configuring b4
-:page-parent: Tutorials
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 1
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-FileCopyrightText: 2022 Unikie
@@ -19,7 +21,7 @@ of the Spectrum root's nix-shell.
You should be able to install b4 from your package manager.
-Using Nix, you can start a shell with b4 available by running
+Using Nix, you can start a shell with b4 available by running:
[listing]
[source,shell]
diff --git a/Documentation/build-configuration.adoc b/Documentation/development/build-configuration.adoc
similarity index 73%
rename from Documentation/build-configuration.adoc
rename to Documentation/development/build-configuration.adoc
index b89575f..c9a8c99 100644
--- a/Documentation/build-configuration.adoc
+++ b/Documentation/development/build-configuration.adoc
@@ -1,19 +1,22 @@
= Configuring the Build
-:page-parent: How-to Guides
+:page-parent: Development
+:page-nav_order: 1
:example-caption: Test
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
Some aspects of a Spectrum build can be customised using a build
-configuration file. By default, this configuration file should be
-called config.nix and located in the root of the Spectrum source tree,
-but this can be overridden by setting `spectrum-config` in the
+configuration file.
+
+By default, this configuration file should be called config.nix and located in
+the root of the Spectrum source tree, but this can be overridden by setting
+`spectrum-config` in the
https://nixos.org/manual/nix/stable/command-ref/env-common.html#env-NIX_PAT…
to the path of the configuration file.
The configuration file should contain an attribute set. The only
-currently allowed attribute name is `pkgs`, which allows using a
+currently allowed attribute name is `pkgs`. It allows using a
custom Nixpkgs to evaluate Spectrum.
.config.nix to build Spectrum with a https://nixos.org/manual/nixpkgs/unstable/#sec-overlays-definition[Nixpkgs overlay]
diff --git a/Documentation/development/building-documentation.adoc b/Documentation/development/building-documentation.adoc
new file mode 100644
index 0000000..4f464f5
--- /dev/null
+++ b/Documentation/development/building-documentation.adoc
@@ -0,0 +1,52 @@
+= Building Documentation
+:page-parent: Development
+:page-nav_order: 5
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Make sure you have https://nixos.org/download.html[Nix] installed.
+You may also want to xref:../installation/binary-cache.adoc[configure the Spectrum
+binary cache], to avoid having to wait for dependencies to compile on
+your local system.
+
+. Get a copy of the Spectrum source code:
++
+[source,shell]
+----
+git clone https://spectrum-os.org/git/spectrum
+----
+. Enter the documentation directory:
++
+[source,shell]
+----
+cd spectrum/Documentation
+----
+. Enter the development environment:
++
+[source,shell]
+----
+nix-shell -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz
+----
+. In the development shell, do an initial build of the documentation
+site:
++
+[source,shell]
+----
+scripts/build.sh
+----
+. Run a development server for previewing changes locally:
++
+[source,shell]
+----
+jekyll serve
+----
++
+This will serve a local copy of the documentation at http://localhost:4000/.
++
+IMPORTANT: Jekyll does not handle rendering of the draw.io diagrams. If you
+modify any of those, or add new ones, run `scripts/build.sh` again to do a full
+rebuild of the site.
+
+After making changes to the documentation, see how to
+xref:first-patch.adoc[send your patch] and submit the changes for review.
diff --git a/Documentation/creating-vms.adoc b/Documentation/development/creating-vms.adoc
similarity index 97%
rename from Documentation/creating-vms.adoc
rename to Documentation/development/creating-vms.adoc
index d967098..8785190 100644
--- a/Documentation/creating-vms.adoc
+++ b/Documentation/development/creating-vms.adoc
@@ -1,5 +1,7 @@
= Creating VMs
-:page-parent: Reference
+:page-parent: Managing VMs
+:page-grand_parent: Development
+:page-nav_order: 1
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/debugging.adoc b/Documentation/development/debugging.adoc
similarity index 79%
rename from Documentation/debugging.adoc
rename to Documentation/development/debugging.adoc
index 3871a7c..f1bbf01 100644
--- a/Documentation/debugging.adoc
+++ b/Documentation/development/debugging.adoc
@@ -1,7 +1,6 @@
-= Debugging Spectrum
-:page-parent: Explanation
-:toc:
-:toclevels: 1
+= Debugging
+:page-parent: Development
+:page-nav_order: 4
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -9,8 +8,9 @@
== Extracting core dumps when running Spectrum in a VM
When using a VM to run the Spectrum host system, a special mechanism
-is available to enable easy introspection of core files. When a
-program on the Spectrum host system dumps core, the system will
+is available to enable easy introspection of core files.
+
+When a program on the Spectrum host system dumps core, the system will
attempt to upload the core file to _its_ host (i.e. the system running
Spectrum in a VM) using the vsock(7) protocol, on port 1129271877.
diff --git a/Documentation/first-patch.adoc b/Documentation/development/first-patch.adoc
similarity index 80%
rename from Documentation/first-patch.adoc
rename to Documentation/development/first-patch.adoc
index 30672b9..aa6ebee 100644
--- a/Documentation/first-patch.adoc
+++ b/Documentation/development/first-patch.adoc
@@ -1,11 +1,11 @@
-= Sending Your First Patch
-:page-parent: Tutorials
+= Sending Your Patch
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 1
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Prerequisites
-
This tutorial assumes that you already have basic
https://git-scm.com/[git] experience.
@@ -14,19 +14,18 @@ https://spectrum-os.org/git/[Spectrum source tree]. You'll also need
to have configured `git send-email` — a guide for this can be found at
https://git-send-email.io/.
-== Making your changes
+== Making Changes
-If you've worked on any git repository before, the process for making
-your changes will probably be very familiar.
+The process of making changes is similar to working on any git repository.
-1. Create a branch for your changes:
+. Create a branch for your changes:
+
[source,shell]
----
git checkout -b fix-docs # for example
----
-2. Make changes in your editor.
-3. Stage and commit your changes:
+. Make changes in your editor.
+. Stage and commit your changes:
+
[source,shell]
----
@@ -39,7 +38,7 @@ indicates your acceptance of the
https://spectrum-os.org/git/spectrum/tree/DCO-1.1.txt[Developer's
Certificate of Origin], which is mandatory for Spectrum patches.
-== Submitting changes
+== Submitting Changes
Once you're happy with how the commits on your branch look, run:
@@ -64,13 +63,14 @@ message that will be sent before all of your patches.
Once your patch has been submitted, wait for it to be reviewed.
Feedback, if any, will be sent as email replies to your submitted
-patch. You can respond to feedback in your mail client. Please use
-the Reply All button to ensure that your messages are sent to the
+patch. You can respond to feedback in your mail client.
+
+Use the *Reply All* button to sent your messages to the
mailing list as well as to the person who sent the feedback.
-If you need to make changes to your patch, and submit a new version,
+If you need to make changes to your patch and submit a new version,
use https://git-rebase.io/[`git rebase`] to create a new version of
-your patch(es), and submit it like this:
+your patch(es) and then submit it like this:
[source,shell]
----
@@ -81,7 +81,7 @@ The added `-v2` flag indicates that this is version two of your
patch set. If your patches require more rounds of changes, submit
subsequent rounds with `-v3`, `-v4`, etc. as appropriate.
-If you'd like to describe what has changed from the previous version
+If you would like to describe what has changed from the previous version
of your patches, you can do so in a xref:cover-letter[cover letter]
as described above.
diff --git a/Documentation/development/index.adoc b/Documentation/development/index.adoc
new file mode 100644
index 0000000..4925570
--- /dev/null
+++ b/Documentation/development/index.adoc
@@ -0,0 +1,59 @@
+= Development
+:description: Development progress, general development practices
+:page-nav_order: 4
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is free software, currently under active development.
+
+
+== General Workflow
+
+Spectrum is a very small and not changeable sort of Linux distro. It does
+not have a package manager for users. If you faced a missing feature or a bug, or you want to suggest some improvements, please consider the following:
+
+* Get the latest version of the
+https://spectrum-os.org/git/spectrum[source code] and make sure your problem
+was not fixed.
+* xref:../installation/getting-spectrum.adoc[Build Spectrum] and make changes
+in the source code. In addition:
+** If you need to customize the build to be able to use a
+vendor kernel, you can
+xref:../development/build-configuration.adoc[configure the build].
+** You can xref:../development/testing-patches.adoc[test patches]
+subbmited by others.
+* If you would like to share your code with the community,
+you can send the changes to the maintainers for possible inclusion in
+the Spectrum source code as a new patch.
+** xref:../development/b4.adoc[Install and configure the b4 utility] to be able
+to work with patches.
+** xref:../development/first-patch.adoc[Submit the changes for review].
+Keep your git commits clean and make sure they meet general guidelines.
+** Wait for approval from the maintainers' side. Detailed updates are posted in
+Spectrum Development
+https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/[threads].
+** Update documentation with the code. For more information, see
+xref:../development/building-documentation.adoc[Building Documentation].
+
+For additional information, see
+https://spectrum-os.org/contributing.html[Contributing to Spectrum].
+
+
+== Developer Setup
+
+* https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4]
+* https://nixos.org/manual/nix/stable/introduction.html[Nix package manager]
+* https://docs.asciidoctor.org/[AsciiDoc] for writing the documentation
+
+
+== Mailing Lists
+
+The Spectrum project runs several
+https://spectrum-os.org/participating.html#mailing-lists[mailing lists] on
+which you can ask your questions or help other people with the questions they
+have. All the Spectrum developers as well as many long time Linux and Spectrum users are on the lists.
+
+For real-time feedback, use
+https://spectrum-os.org/participating.html#irc[IRC/Matrix channel].
diff --git a/Documentation/development/managing-vms.adoc b/Documentation/development/managing-vms.adoc
new file mode 100644
index 0000000..d0a3f09
--- /dev/null
+++ b/Documentation/development/managing-vms.adoc
@@ -0,0 +1,14 @@
+= Managing VMs
+:page-parent: Development
+:page-nav_order: 2
+:page-has_children: true
+:page-has_toc: false
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Ready to get started with Spectrum? Here is what you can do next:
+
+* xref:../development/creating-vms.adoc[Create your own VM] to use others applications.
+* xref:../development/running-vms.adoc[Start some applications].
+* If needed, xref:../development/user-partition.adoc[change the user partition type].
diff --git a/Documentation/replying.adoc b/Documentation/development/replying.adoc
similarity index 68%
rename from Documentation/replying.adoc
rename to Documentation/development/replying.adoc
index bb8e31a..a1ad394 100644
--- a/Documentation/replying.adoc
+++ b/Documentation/development/replying.adoc
@@ -1,5 +1,7 @@
= Replying to Messages in the Mailing List Archives
-:page-parent: Tutorials
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -9,14 +11,13 @@ https://spectrum-os.org/participating.html#mailing-lists[mailing
lists].
Make sure to Reply All when replying to messages, so that the message
-is sent to the mailing list and not just to the person you're
-replying to.
+is sent to the mailing list and not just to the person you reply to.
== Getting a copy of a message
-You may want to reply to a mailing list message that you don't have a
-copy of in your mail client, because you aren't subscribed to the
-list, or because you subscribed after the message was sent.
+You may want to reply to a mailing list message that you do not have a
+copy of in your mail client, because you are not subscribed to the
+list or because you subscribed after the message was sent.
To do this, find the message you want to reply to in the
https://spectrum-os.org/lists/archives[public-inbox list archives],
diff --git a/Documentation/reviewing-patches.adoc b/Documentation/development/reviewing-patches.adoc
similarity index 88%
rename from Documentation/reviewing-patches.adoc
rename to Documentation/development/reviewing-patches.adoc
index 63ff24e..ba47f25 100644
--- a/Documentation/reviewing-patches.adoc
+++ b/Documentation/development/reviewing-patches.adoc
@@ -1,5 +1,7 @@
= Reviewing Patches
-:page-parent: How-to Guides
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/running-vms.adoc b/Documentation/development/running-vms.adoc
similarity index 85%
rename from Documentation/running-vms.adoc
rename to Documentation/development/running-vms.adoc
index d0d3f99..7c474d5 100644
--- a/Documentation/running-vms.adoc
+++ b/Documentation/development/running-vms.adoc
@@ -1,5 +1,7 @@
= Running VMs
-:page-parent: Reference
+:page-parent: Managing VMs
+:page-grand_parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/testing-patches.adoc b/Documentation/development/testing-patches.adoc
similarity index 82%
rename from Documentation/testing-patches.adoc
rename to Documentation/development/testing-patches.adoc
index 743cd6e..0c72c93 100644
--- a/Documentation/testing-patches.adoc
+++ b/Documentation/development/testing-patches.adoc
@@ -1,5 +1,7 @@
= Testing Patches
-:page-parent: How-to Guides
+:page-parent: Working with Patches
+:page-grand_parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-FileCopyrightText: 2022 Unikie
@@ -9,7 +11,7 @@ Potential changes to Spectrum are posted to and discussed on the
https://spectrum-os.org/participating.html#spectrum-devel[devel@spectrum-os…
mailing list.
-== Apply the patch
+== Apply Patch
. Find the patch series you want to test on
https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox].
@@ -33,15 +35,15 @@ of the Spectrum root's nix-shell, which allows you to skip this step.
----
b4 am 20220511092352.70E54C980(a)atuin.qyliss.net
----
-
-. b4 will indicate the file name it has downloaded the patches into
- with a line like:
+b4 will indicate the file name it has downloaded the patches into with a line
+like:
+
[example]
[listing]
+----
Writing ./20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
-+
-Run `git am` on that file to apply the patches, for example:
+----
+. Run `git am` on that file to apply the patches. For example:
+
[example]
[source,shell]
@@ -49,14 +51,12 @@ Run `git am` on that file to apply the patches, for example:
git am 20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
----
-== Post your test results
+== Post Your Results
-When you've tested a patch, it's really helpful to
+When you tested a patch, it is helpful to
xref:replying.adoc[reply] with your test results.
-If the patch worked for you, please reply to it and include a line
-like the following, separated from any reply text:
-
+If the patch worked for you, please reply to it and include a line like the following, separated from any reply text:
----
Tested-by: John Smith <john(a)example.com>
----
@@ -66,10 +66,10 @@ patch replies will be automatically included in the commit message
when a patch is applied.
It's also helpful to explain in your reply how you tested the patch,
-but you don't have to if it's obvious. (For example, if a patch is
+but you don't have to if it's obvious. For example, if a patch is
supposed to fix a bug, and you verified that after applying the patch
the bug is fixed, just the Tested-by line on its own is enough to
-indicate that.)
+indicate that.
If you found an issue with the patch, do not include a Tested-by line,
and instead reply to the patch explaining what you tested, what you
diff --git a/Documentation/development/user-partition.adoc b/Documentation/development/user-partition.adoc
new file mode 100644
index 0000000..3fa6d01
--- /dev/null
+++ b/Documentation/development/user-partition.adoc
@@ -0,0 +1,18 @@
+= User Partition
+:page-parent: Managing VMs
+:page-grand_parent: Development
+:page-nav_order: 3
+
+// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+The Spectrum host system is immutable, so configuration and user data
+lives on a separate partition.
+
+The host system discovers the user
+partition by looking for the special partition type
+`9293e1ff-cee4-4658-88be-898ec863944f`.
+
+This behavior can be overridden with the `ext` parameter on the host's kernel
+command line, which works in a similar way to the standard Linux `root`
+parameter.
diff --git a/Documentation/uuid-reference.adoc b/Documentation/development/uuid-reference.adoc
similarity index 97%
rename from Documentation/uuid-reference.adoc
rename to Documentation/development/uuid-reference.adoc
index 4b0b481..0bbded5 100644
--- a/Documentation/uuid-reference.adoc
+++ b/Documentation/development/uuid-reference.adoc
@@ -1,7 +1,8 @@
= UUID Reference
-:page-parent: Reference
+:page-parent: Development
:toc: preamble
:toclevels: 1
+:page-nav_order: 6
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -40,7 +41,7 @@ xref:user-partition.adoc[Spectrum user partition].
=== `56a3bbc3-aefa-43d9-a64d-7b3fd59bbc4e`
-https://github.com/endlessm/eos-installer["eosimages"] partition on the
+https://github.com/endlessm/eos-installer["eosimages"] partition on the
Spectrum combined live system / installer image.
== Combined Image Partition IDs
diff --git a/Documentation/development/working-with-patces.adoc b/Documentation/development/working-with-patces.adoc
new file mode 100644
index 0000000..f73734f
--- /dev/null
+++ b/Documentation/development/working-with-patces.adoc
@@ -0,0 +1,12 @@
+= Working with Patches
+:page-parent: Development
+:page-nav_order: 3
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Patches are the way for contributors to submit code to the Spectrum project.
+
+Make sure to xref:../development/b4.adoc[install and configure the b4 utility]
+before starting.
diff --git a/Documentation/explanation.adoc b/Documentation/explanation.adoc
deleted file mode 100644
index b39cc6d..0000000
--- a/Documentation/explanation.adoc
+++ /dev/null
@@ -1,6 +0,0 @@
-= Explanation
-:page-has_children: true
-:page-nav_order: 4
-
-// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/how-to.adoc b/Documentation/how-to.adoc
deleted file mode 100644
index f43fa13..0000000
--- a/Documentation/how-to.adoc
+++ /dev/null
@@ -1,6 +0,0 @@
-= How-to Guides
-:page-has_children: true
-:page-nav_order: 2
-
-// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/index.adoc b/Documentation/index.adoc
index 3079847..e0a45c7 100644
--- a/Documentation/index.adoc
+++ b/Documentation/index.adoc
@@ -1,13 +1,32 @@
-= Spectrum Docs
+= Spectrum Documentation
:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
+// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-Spectrum is a compartmentalized operating system.
-If you'd like to try Spectrum, see xref:getting-spectrum.adoc[Getting
-Spectrum].
+Spectrum is an open-source project that aims to create a computer operating
+system, based on the principle of security by compartmentalization, that has a
+lower barrier to entry and is easy to use and maintain.
+
+== Using Spectrum
To learn about what Spectrum is and how it's implemented, start with
-the xref:architecture.adoc[architecture overview].
+the xref:about/architecture.adoc[architecture overview].
+
+If you want to try Spectrum, see xref:../installation/index.adoc[Build and Run]
+ to setup a development environment.
+
+
+== Developing and Contributing
+
+Spectrum is made of free and open-source software. It is free for anyone to
+ use, modify, and distribute.
+
+Once you are up and running, see
+ xref:../development/index.adoc[Development] to understand how to work with
+ Spectrum's code and participate in the collaborative development process.
+
+If you are thinking of contributing to Spectrum docs, see
+ xref:../development/building-documentation.adoc[Building Documentation].
diff --git a/Documentation/binary-cache.adoc b/Documentation/installation/binary-cache.adoc
similarity index 74%
rename from Documentation/binary-cache.adoc
rename to Documentation/installation/binary-cache.adoc
index 6e69b39..ab53666 100644
--- a/Documentation/binary-cache.adoc
+++ b/Documentation/installation/binary-cache.adoc
@@ -1,5 +1,6 @@
-= Setting Up the Binary Cache
-:page-parent: How-to Guides
+= Setting Up Binary Cache
+:page-parent: Build and Run
+:page-nav_order: 1
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -20,10 +21,9 @@ encounter any trouble with it.
The binary cache is currently not able to provide logs, due to a
https://github.com/NixOS/nix/pull/6051[Nix bug].
-== On NixOS
+== For NixOS
-The following configuration adds the Spectrum binary cache as a
-substituter, and tells Nix to trust builds signed with its public key.
+Add the following configuration to /etc/nixos/configuration.nix:
[source,nix]
----
@@ -38,7 +38,13 @@ substituter, and tells Nix to trust builds signed with its public key.
}
----
-== On Non-NixOS systems
+This configuration adds the Spectrum binary cache as a substituter and makes
+Nix trust builds signed with its public key.
+
+To apply changes, rebuild your system with the https://nixos.wiki/wiki/Nixos-rebuild[nixos-rebuild] command.
+
+
+== For Non-NixOS Systems
Add the following configuration to /etc/nix/nix.conf:
@@ -48,6 +54,10 @@ substituters = https://cache.dataaturservice.se/spectrum/ https://cache.nixos.or
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= spectrum-os.org-1:rnnSumz3+Dbs5uewPlwZSTP0k3g/5SRG4hD7Wbr9YuQ=
----
+Run `systemctl restart nix-daemon.service` after making any changes in the Nix
+configuration. After that the binary cache will be used automatically when
+`nix-build` is run.
+
If you have other binary caches configured besides cache.nixos.org,
make sure to add the Spectrum cache URL and public key to the existing
configuration lines in your nix.conf file.
diff --git a/Documentation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc
similarity index 79%
rename from Documentation/getting-spectrum.adoc
rename to Documentation/installation/getting-spectrum.adoc
index b422a94..392cab5 100644
--- a/Documentation/getting-spectrum.adoc
+++ b/Documentation/installation/getting-spectrum.adoc
@@ -1,5 +1,6 @@
= Getting Spectrum
-:page-parent: Tutorials
+:page-parent: Build and Run
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -8,7 +9,7 @@ To get Spectrum, you need to build it from source. As long as you're
running Linuxfootnote:[Building from other operating systems might
work, but hasn't been tested. Patches are welcome to support building
from other operating systems, as long as they're not too invasive.]
-and have https://nixos.org/[Nix] and https://git-scm.com/[git]
+and have https://nixos.org/download.html[Nix] and https://git-scm.com/[git]
installed, it's very easy to do.
TIP: Before you start, consider setting up the
@@ -34,7 +35,7 @@ nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run'
This builds just enough of Spectrum to try it out in a VM, but it will
still take a very long time.
-== Building an installer
+== Building Installer
[source,shell]
----
@@ -47,8 +48,7 @@ If you haven't set up the xref:binary-cache.adoc[binary cache], this
will take a very long time. When it's done, a symbolic link named
"result" will appear, pointing to a Spectrum USB installer image.
-CAUTION: Spectrum is not yet suitable for real-world use. Do not use
-your Spectrum system for anything important or sensitive. Spectrum is
-currently missing many important security properties, and there is no
-procedure for updating to new versions of Spectrum -- you have to
-reinstall.
+CAUTION: Do not use Spectrum for anything important or sensitive as it is not
+yet suitable for real-world use. Many important security properties are
+currently missing, and there is no procedure for updating to
+new versions—you have to reinstall the OS.
diff --git a/Documentation/installation/index.adoc b/Documentation/installation/index.adoc
new file mode 100644
index 0000000..d67c88d
--- /dev/null
+++ b/Documentation/installation/index.adoc
@@ -0,0 +1,23 @@
+= Build and Run
+:description: How to download and install Spectrum OS.
+:page-nav_order: 2
+:page-has_children: true
+:page-has_toc: false
+
+// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+
+To start working with Spectrum, you need:
+
+* xref:../installation/binary-cache.adoc[Set up the binary cache] to speed up the build process.
+* xref:../installation/getting-spectrum.adoc[Build Spectrum] from the source.
+
+TIP: At this stage, Spectrum works only on x86-64. AArch64 support is in
+development.
+
+== Uninstalling and Updating
+
+Currently, there is no implementation for a software update.
+
+You can replace Spectrum by installing another OS.
diff --git a/Documentation/reference.adoc b/Documentation/reference.adoc
deleted file mode 100644
index 44b359d..0000000
--- a/Documentation/reference.adoc
+++ /dev/null
@@ -1,6 +0,0 @@
-= Reference
-:page-has_children: true
-:page-nav_order: 3
-
-// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/tutorials.adoc b/Documentation/tutorials.adoc
deleted file mode 100644
index cd1fb12..0000000
--- a/Documentation/tutorials.adoc
+++ /dev/null
@@ -1,6 +0,0 @@
-= Tutorials
-:page-nav_order: 1
-:page-has_children: true
-
-// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/user-partition.adoc b/Documentation/user-partition.adoc
deleted file mode 100644
index 73bc0d0..0000000
--- a/Documentation/user-partition.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-= The User Partition
-:page-parent: Explanation
-
-// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
-// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-
-The Spectrum host system is immutable, so configuration and user data
-lives on a separate partition. The host system discovers the user
-partition by looking for the special partition type
-`9293e1ff-cee4-4658-88be-898ec863944f`. This behavior can be
-overridden with the `ext` parameter on the host's kernel command line,
-which works in a similar way to the standard Linux `root` parameter.
--
2.34.1
2
3
Create separate folders for new parent pages, update Introduction page,
remove a and the articles from titles, quick check text for simple english
Signed-off-by: Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
---
Documentation/{ => about}/architecture.adoc | 19 ++++-----
Documentation/about/index.adoc | 21 ++++++++++
.../decisions/001-host-update-mechanism.adoc | 2 +-
.../decisions/002-install-options.adoc | 4 +-
Documentation/decisions/003-partitioning.adoc | 2 +-
.../004-data-at-rest-encryption.adoc | 2 +-
.../005-virtual-machine-monitor.adoc | 2 +-
.../decisions/006-drivers-on-host.adoc | 2 +-
.../decisions/007-usb-virtual-machines.adoc | 2 +-
...008-inter-vm-communication-mechanisms.adoc | 2 +-
Documentation/decisions/index.adoc | 2 +-
.../building-documentation.adoc | 10 ++---
.../{ => development}/debugging.adoc | 7 ++--
.../{ => development}/first-patch.adoc | 28 +++++++------
Documentation/development/index.adoc | 17 ++++++++
Documentation/{ => development}/replying.adoc | 4 +-
.../{ => development}/reviewing-patches.adoc | 4 +-
.../{ => development}/testing-patches.adoc | 42 ++++++++-----------
.../{ => development}/uuid-reference.adoc | 4 +-
Documentation/explanation.adoc | 3 +-
.../{ => getting-started}/creating-vms.adoc | 2 +-
Documentation/getting-started/index.adoc | 7 ++++
.../{ => getting-started}/running-vms.adoc | 2 +-
.../{ => getting-started}/user-partition.adoc | 8 ++--
Documentation/how-to.adoc | 1 +
Documentation/index.adoc | 22 +++++++---
Documentation/{ => installation}/b4.adoc | 3 +-
.../{ => installation}/binary-cache.adoc | 11 ++---
.../{ => installation}/getting-spectrum.adoc | 11 ++---
Documentation/installation/index.adoc | 18 ++++++++
Documentation/reference.adoc | 3 +-
Documentation/tutorials.adoc | 3 +-
32 files changed, 171 insertions(+), 99 deletions(-)
rename Documentation/{ => about}/architecture.adoc (84%)
create mode 100644 Documentation/about/index.adoc
rename Documentation/{ => development}/building-documentation.adoc (85%)
rename Documentation/{ => development}/debugging.adoc (92%)
rename Documentation/{ => development}/first-patch.adoc (83%)
create mode 100644 Documentation/development/index.adoc
rename Documentation/{ => development}/replying.adoc (93%)
rename Documentation/{ => development}/reviewing-patches.adoc (89%)
rename Documentation/{ => development}/testing-patches.adoc (62%)
rename Documentation/{ => development}/uuid-reference.adoc (98%)
rename Documentation/{ => getting-started}/creating-vms.adoc (98%)
create mode 100644 Documentation/getting-started/index.adoc
rename Documentation/{ => getting-started}/running-vms.adoc (93%)
rename Documentation/{ => getting-started}/user-partition.adoc (80%)
rename Documentation/{ => installation}/b4.adoc (96%)
rename Documentation/{ => installation}/binary-cache.adoc (90%)
rename Documentation/{ => installation}/getting-spectrum.adoc (85%)
create mode 100644 Documentation/installation/index.adoc
diff --git a/Documentation/architecture.adoc b/Documentation/about/architecture.adoc
similarity index 84%
rename from Documentation/architecture.adoc
rename to Documentation/about/architecture.adoc
index 1c4307b..db82d60 100644
--- a/Documentation/architecture.adoc
+++ b/Documentation/about/architecture.adoc
@@ -1,17 +1,16 @@
= Architecture
-:page-parent: Explanation
+:page-parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
+// SPDX-FileCopyrightText: 2022 Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Introduction
+Spectrum OS is based on the principle of security by compartmentalization.
-Spectrum is based on the principle of security by
-compartmentalization. The high level stack is illustrated in the
-following diagram:
+The high level stack is illustrated in the following diagram:
-image::diagrams/stack.svg[]
+image::../diagrams/stack.svg[]
The default set of virtual machines includes two application VMs,
_appvm-catgirl_ (an IRC client) and _appvm-lynx_ (a text-based web
@@ -26,7 +25,7 @@ https://en.wikipedia.org/wiki/Architectural_decision[Architecturally significant
decisions] are xref:decisions/index.adoc[recorded] as lightweight
https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions/[A….
-== The Spectrum host system
+== Spectrum Host System
Compartmentalization is implemented using
https://cloud-hypervisor.org/[cloud-hypervisor] virtual machines.
@@ -35,7 +34,7 @@ https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine[Kernel-based Virtual
Machine] (KVM) to provide lightweight, hardware-accelerated VMs.
While Linux (including KVM) is portable between many hardware architectures,
-cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only
+cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only
works on x86_64, but aarch64 support is in development.
https://skarnet.org/software/s6-rc/overview.html[s6-rc] is used for service
@@ -44,7 +43,7 @@ and service scripts.
https://wayland.freedesktop.org/[Wayland] is used for window management and
display. The Wayland architecture is well documented
-https://wayland.freedesktop.org/architecture.html[here]. The host provides only
+https://wayland.freedesktop.org/architecture.html[here]. The host provides only
a Wayland terminal client, https://codeberg.org/dnkl/foot/[foot], which is used
for interacting with VM consoles. In future it will be possible for application
VMs to display windows on the single Wayland compositor on the host system,
@@ -57,7 +56,7 @@ https://www.etalabs.net/compare_libcs.html[added safety on resource exhaustion
and security hardening on memory allocation]. Kernel hardening will be
investigated in future.
-== Exploring the Spectrum dependency tree
+== Spectrum Dependency Tree
For a detailed, interactive view of dependencies, use
https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository:
diff --git a/Documentation/about/index.adoc b/Documentation/about/index.adoc
new file mode 100644
index 0000000..a882852
--- /dev/null
+++ b/Documentation/about/index.adoc
@@ -0,0 +1,21 @@
+= About Spectrum OS
+:description: Some words about Spectrum as the operating system, not a project. Highlights the differences between common Linux distributions and Spectrum.
+:page-nav_order: 1
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is a Linux-based system, derived from NixOS. This gives an actively-developed base with good hardware support, powerful and optimised compartmentalization primitives in KVM, and the reproducible packaging and configuration system that is important for a maintainable compartmentalized system.
+
+== Why Spectrum
+
+There are several features that make Spectrum OS unique:
+
+* User data and applications are managed centrally, while remaining isolated.
+That means that the system can be backed up and managed as a whole, rather than mixed up in several dozen VMs.
+
+* The host system and isolated environments are managed declaratively and reproducibly using the Nix package manager.
+This can save the user the burden of maintaining many different virtual computers, allowing finer-grained resource access controls and making it possible to verify the software running across all environments.
+
+TIP: If you are interested in why we do something _this_ way instead of _that_ way, see xref:../decisions/index.adoc[Architecture Decision Records].
diff --git a/Documentation/decisions/001-host-update-mechanism.adoc b/Documentation/decisions/001-host-update-mechanism.adoc
index 574deb4..7032146 100644
--- a/Documentation/decisions/001-host-update-mechanism.adoc
+++ b/Documentation/decisions/001-host-update-mechanism.adoc
@@ -1,6 +1,6 @@
= 001 Host Update Mechanism
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/002-install-options.adoc b/Documentation/decisions/002-install-options.adoc
index 4412b53..a7c4175 100644
--- a/Documentation/decisions/002-install-options.adoc
+++ b/Documentation/decisions/002-install-options.adoc
@@ -1,6 +1,6 @@
-= 002 Install options
+= 002 Install Options
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/003-partitioning.adoc b/Documentation/decisions/003-partitioning.adoc
index 8494ea4..b00f528 100644
--- a/Documentation/decisions/003-partitioning.adoc
+++ b/Documentation/decisions/003-partitioning.adoc
@@ -1,6 +1,6 @@
= 003 Partitioning
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/004-data-at-rest-encryption.adoc b/Documentation/decisions/004-data-at-rest-encryption.adoc
index 26fe273..27323db 100644
--- a/Documentation/decisions/004-data-at-rest-encryption.adoc
+++ b/Documentation/decisions/004-data-at-rest-encryption.adoc
@@ -1,6 +1,6 @@
= 004 Data at Rest Encryption
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/005-virtual-machine-monitor.adoc b/Documentation/decisions/005-virtual-machine-monitor.adoc
index db81c72..df5a65e 100644
--- a/Documentation/decisions/005-virtual-machine-monitor.adoc
+++ b/Documentation/decisions/005-virtual-machine-monitor.adoc
@@ -1,6 +1,6 @@
= 005 Virtual Machine Monitor
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/006-drivers-on-host.adoc b/Documentation/decisions/006-drivers-on-host.adoc
index 872044e..86d3105 100644
--- a/Documentation/decisions/006-drivers-on-host.adoc
+++ b/Documentation/decisions/006-drivers-on-host.adoc
@@ -1,6 +1,6 @@
= 006 Drivers on Host
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/007-usb-virtual-machines.adoc b/Documentation/decisions/007-usb-virtual-machines.adoc
index 3bdf78b..24dac65 100644
--- a/Documentation/decisions/007-usb-virtual-machines.adoc
+++ b/Documentation/decisions/007-usb-virtual-machines.adoc
@@ -1,6 +1,6 @@
= 007 USB Virtual Machine
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
index a1b7d49..9fce4ef 100644
--- a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
+++ b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc
@@ -1,6 +1,6 @@
= 008 Inter-VM Communication Mechanisms
:page-parent: Architecture Decision Records
-:page-grand_parent: Explanation
+:page-grand_parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/decisions/index.adoc b/Documentation/decisions/index.adoc
index 772f382..4f3a7e1 100644
--- a/Documentation/decisions/index.adoc
+++ b/Documentation/decisions/index.adoc
@@ -1,6 +1,6 @@
= Architecture Decision Records
:page-has_children: true
-:page-parent: Explanation
+:page-parent: About Spectrum OS
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/building-documentation.adoc b/Documentation/development/building-documentation.adoc
similarity index 85%
rename from Documentation/building-documentation.adoc
rename to Documentation/development/building-documentation.adoc
index b491105..da5fa8c 100644
--- a/Documentation/building-documentation.adoc
+++ b/Documentation/development/building-documentation.adoc
@@ -1,5 +1,5 @@
-= Building the Documentation
-:page-parent: Tutorials
+= Building Documentation
+:page-parent: Development
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -47,6 +47,6 @@ IMPORTANT: Jekyll doesn't handle rendering of the draw.io diagrams, so
if you modify any of those, or add new ones, you'll have to run
`scripts/build.sh` again to do a full rebuild of the site.
-Once you've made your changes to the documentation, see
-xref:first-patch.adoc[Sending Your First Patch] for information
-about how to submit them for review.
+Once you made your changes to the documentation, see
+xref:first-patch.adoc[Patching] for information
+on how to submit your patch for review.
diff --git a/Documentation/debugging.adoc b/Documentation/development/debugging.adoc
similarity index 92%
rename from Documentation/debugging.adoc
rename to Documentation/development/debugging.adoc
index 3871a7c..6e529a9 100644
--- a/Documentation/debugging.adoc
+++ b/Documentation/development/debugging.adoc
@@ -1,7 +1,6 @@
-= Debugging Spectrum
-:page-parent: Explanation
-:toc:
-:toclevels: 1
+= Debugging
+:page-parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/first-patch.adoc b/Documentation/development/first-patch.adoc
similarity index 83%
rename from Documentation/first-patch.adoc
rename to Documentation/development/first-patch.adoc
index 30672b9..7b8dd1d 100644
--- a/Documentation/first-patch.adoc
+++ b/Documentation/development/first-patch.adoc
@@ -1,11 +1,12 @@
-= Sending Your First Patch
-:page-parent: Tutorials
+= Patching
+:page-parent: Development
+:page-nav_order: 1
+:page-has_children: true
+:toc: preamble
// SPDX-FileCopyrightText: 2022 Unikie
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-== Prerequisites
-
This tutorial assumes that you already have basic
https://git-scm.com/[git] experience.
@@ -14,10 +15,10 @@ https://spectrum-os.org/git/[Spectrum source tree]. You'll also need
to have configured `git send-email` — a guide for this can be found at
https://git-send-email.io/.
-== Making your changes
+== Making Changes
-If you've worked on any git repository before, the process for making
-your changes will probably be very familiar.
+If you worked on any git repository before, the process for making
+your changes will be very familiar.
1. Create a branch for your changes:
+
@@ -39,7 +40,7 @@ indicates your acceptance of the
https://spectrum-os.org/git/spectrum/tree/DCO-1.1.txt[Developer's
Certificate of Origin], which is mandatory for Spectrum patches.
-== Submitting changes
+== Submitting Changes
Once you're happy with how the commits on your branch look, run:
@@ -64,13 +65,14 @@ message that will be sent before all of your patches.
Once your patch has been submitted, wait for it to be reviewed.
Feedback, if any, will be sent as email replies to your submitted
-patch. You can respond to feedback in your mail client. Please use
-the Reply All button to ensure that your messages are sent to the
+patch. You can respond to feedback in your mail client.
+
+Use the *Reply All* button to sent your messages to the
mailing list as well as to the person who sent the feedback.
-If you need to make changes to your patch, and submit a new version,
+If you need to make changes to your patch and submit a new version,
use https://git-rebase.io/[`git rebase`] to create a new version of
-your patch(es), and submit it like this:
+your patch(es) and then submit it like this:
[source,shell]
----
@@ -81,7 +83,7 @@ The added `-v2` flag indicates that this is version two of your
patch set. If your patches require more rounds of changes, submit
subsequent rounds with `-v3`, `-v4`, etc. as appropriate.
-If you'd like to describe what has changed from the previous version
+If you would like to describe what has changed from the previous version
of your patches, you can do so in a xref:cover-letter[cover letter]
as described above.
diff --git a/Documentation/development/index.adoc b/Documentation/development/index.adoc
new file mode 100644
index 0000000..471daf7
--- /dev/null
+++ b/Documentation/development/index.adoc
@@ -0,0 +1,17 @@
+= Development
+:description: Development progress, general development practices
+:page-nav_order: 4
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+Spectrum is free software, currently under active development.
+
+== Developer Setup
+
+Before starting, make sure you are familiar with https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4] and the https://nixos.org/manual/nix/stable/introduction.html[Nix package manager].
+
+== Mailing Lists
+
+The Spectrum project runs several https://spectrum-os.org/mailman3/lists/?all-lists[mailing lists] on which you can ask your questions or help other people with the questions they have. All the Spectrum developers as well as many long time Linux and Spectrum users are on the lists.
diff --git a/Documentation/replying.adoc b/Documentation/development/replying.adoc
similarity index 93%
rename from Documentation/replying.adoc
rename to Documentation/development/replying.adoc
index bb8e31a..05740a0 100644
--- a/Documentation/replying.adoc
+++ b/Documentation/development/replying.adoc
@@ -1,5 +1,7 @@
= Replying to Messages in the Mailing List Archives
-:page-parent: Tutorials
+:page-parent: Patching
+:page-grand_parent: Development
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/reviewing-patches.adoc b/Documentation/development/reviewing-patches.adoc
similarity index 89%
rename from Documentation/reviewing-patches.adoc
rename to Documentation/development/reviewing-patches.adoc
index 63ff24e..c8c971f 100644
--- a/Documentation/reviewing-patches.adoc
+++ b/Documentation/development/reviewing-patches.adoc
@@ -1,5 +1,7 @@
= Reviewing Patches
-:page-parent: How-to Guides
+:page-parent: Patching
+:page-grand_parent: Development
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/testing-patches.adoc b/Documentation/development/testing-patches.adoc
similarity index 62%
rename from Documentation/testing-patches.adoc
rename to Documentation/development/testing-patches.adoc
index 8ba7804..99adfd2 100644
--- a/Documentation/testing-patches.adoc
+++ b/Documentation/development/testing-patches.adoc
@@ -1,5 +1,8 @@
= Testing Patches
-:page-parent: How-to Guides
+:page-parent: Patching
+:page-grand_parent: Development
+:page-nav_order: 1
+:toc: preamble
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
@@ -8,52 +11,41 @@ Potential changes to Spectrum are posted to and discussed on the
https://spectrum-os.org/participating.html#spectrum-devel[devel@spectrum-os…
mailing list.
-== Apply the patch
+== Apply Patch
If you haven't already, you'll first need to xref:b4.adoc[install and
configure] https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4].
Then:
-. Find the patch series you want to test on
- https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox].
-. Navigate to the "permalink" page for any patch in the series.
-. Copy the Message-Id for the patch, as shown on the permalink page, e.g.
- \20220511092352.70E54C980(a)atuin.qyliss.net.
-. In a checkout of the appropriate git repository
- (https://spectrum-os.org/git/spectrum[Spectrum] or
- https://spectrum-os.org/git/nixpkgs[Spectrum Nixpkgs]), Run `b4 am`
- with the patch's Message-Id to download all the patches in the
- series into a file.
+1. Find the patch series you want to test on https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox].
+2. Navigate to the "permalink" page for any patch in the series.
+3. Copy the Message-Id for the patch, as shown on the permalink page, e.g. \20220511092352.70E54C980(a)atuin.qyliss.net.
+4. In a checkout of the appropriate git repository (https://spectrum-os.org/git/spectrum[Spectrum] or https://spectrum-os.org/git/nixpkgs[Spectrum Nixpkgs]), run `b4 am` with the patch's Message-Id to download all the patches in the series into a file.
+
-[example]
[source,shell]
----
b4 am 20220511092352.70E54C980(a)atuin.qyliss.net
----
-
-. b4 will indicate the file name it has downloaded the patches into
- with a line like:
+b4 will indicate the file name it has downloaded the patches into with a line like:
+
-[example]
-[listing]
+[source,shell]
+----
Writing ./20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
+----
+5. Run `git am` on that file to apply the patches, for example:
+
-Run `git am` on that file to apply the patches, for example:
-+
-[example]
[source,shell]
----
git am 20220424_hi_host_rootfs_fix_weston_hotplugging.mbx
----
-== Post your test results
+== Post Your Results
When you've tested a patch, it's really helpful to
xref:replying.adoc[reply] with your test results.
-If the patch worked for you, please reply to it and include a line
-like the following, separated from any reply text:
-
+If the patch worked for you, please reply to it and include a line like the following, separated from any reply text:
+[source,shell]
----
Tested-by: John Smith <john(a)example.com>
----
diff --git a/Documentation/uuid-reference.adoc b/Documentation/development/uuid-reference.adoc
similarity index 98%
rename from Documentation/uuid-reference.adoc
rename to Documentation/development/uuid-reference.adoc
index 4b0b481..0eccc82 100644
--- a/Documentation/uuid-reference.adoc
+++ b/Documentation/development/uuid-reference.adoc
@@ -1,5 +1,5 @@
= UUID Reference
-:page-parent: Reference
+:page-parent: Development
:toc: preamble
:toclevels: 1
@@ -40,7 +40,7 @@ xref:user-partition.adoc[Spectrum user partition].
=== `56a3bbc3-aefa-43d9-a64d-7b3fd59bbc4e`
-https://github.com/endlessm/eos-installer["eosimages"] partition on the
+https://github.com/endlessm/eos-installer["eosimages"] partition on the
Spectrum combined live system / installer image.
== Combined Image Partition IDs
diff --git a/Documentation/explanation.adoc b/Documentation/explanation.adoc
index b39cc6d..f682129 100644
--- a/Documentation/explanation.adoc
+++ b/Documentation/explanation.adoc
@@ -1,6 +1,5 @@
= Explanation
-:page-has_children: true
-:page-nav_order: 4
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/creating-vms.adoc b/Documentation/getting-started/creating-vms.adoc
similarity index 98%
rename from Documentation/creating-vms.adoc
rename to Documentation/getting-started/creating-vms.adoc
index d967098..e06be85 100644
--- a/Documentation/creating-vms.adoc
+++ b/Documentation/getting-started/creating-vms.adoc
@@ -1,5 +1,5 @@
= Creating VMs
-:page-parent: Reference
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/getting-started/index.adoc b/Documentation/getting-started/index.adoc
new file mode 100644
index 0000000..1b468ab
--- /dev/null
+++ b/Documentation/getting-started/index.adoc
@@ -0,0 +1,7 @@
+= Getting Started
+:description: Exploring Spectrum OS. Using (=How-To-Guides), Configuring (adding smth). Ready to get started with Spectrum OS? After installing you can create VMs and then configure each one.
+:page-nav_order: 3
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/running-vms.adoc b/Documentation/getting-started/running-vms.adoc
similarity index 93%
rename from Documentation/running-vms.adoc
rename to Documentation/getting-started/running-vms.adoc
index d0d3f99..9073e3c 100644
--- a/Documentation/running-vms.adoc
+++ b/Documentation/getting-started/running-vms.adoc
@@ -1,5 +1,5 @@
= Running VMs
-:page-parent: Reference
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/user-partition.adoc b/Documentation/getting-started/user-partition.adoc
similarity index 80%
rename from Documentation/user-partition.adoc
rename to Documentation/getting-started/user-partition.adoc
index 73bc0d0..a33d7fc 100644
--- a/Documentation/user-partition.adoc
+++ b/Documentation/getting-started/user-partition.adoc
@@ -1,11 +1,13 @@
-= The User Partition
-:page-parent: Explanation
+= User Partition
+:page-parent: Getting Started
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
The Spectrum host system is immutable, so configuration and user data
-lives on a separate partition. The host system discovers the user
+lives on a separate partition.
+
+The host system discovers the user
partition by looking for the special partition type
`9293e1ff-cee4-4658-88be-898ec863944f`. This behavior can be
overridden with the `ext` parameter on the host's kernel command line,
diff --git a/Documentation/how-to.adoc b/Documentation/how-to.adoc
index f43fa13..98cc842 100644
--- a/Documentation/how-to.adoc
+++ b/Documentation/how-to.adoc
@@ -1,4 +1,5 @@
= How-to Guides
+:page-nav_exclude: true
:page-has_children: true
:page-nav_order: 2
diff --git a/Documentation/index.adoc b/Documentation/index.adoc
index 3079847..d26676b 100644
--- a/Documentation/index.adoc
+++ b/Documentation/index.adoc
@@ -1,13 +1,23 @@
-= Spectrum Docs
+= Spectrum Documentation
:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
+// SPDX-FileCopyrightText: 2022 Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-Spectrum is a compartmentalized operating system.
+== Spectrum Project
-If you'd like to try Spectrum, see xref:getting-spectrum.adoc[Getting
-Spectrum].
+Spectrum is an open source project that aims to create a computer operating system, based on the principle of security by compartmentalization, that has a lower barrier to entry and is easier to use and maintain than other such systems. For more information on the Spectrum project, see https://spectrum-os.org/.
-To learn about what Spectrum is and how it's implemented, start with
-the xref:architecture.adoc[architecture overview].
+Spectrum is made of free and open source software. It is free for anyone to use, modify, and distribute. If you want to be involved with the Spectrum project, see https://spectrum-os.org/contributing.html.
+
+The Spectrum project source code is https://spectrum-os.org/git/spectrum.
+
+== Spectrum OS
+
+Spectrum is an in-development operating system that aims to afford its users security by compartmentalization, while also improving upon other similar projects by maintaining a high level of usability.
+
+To learn about what Spectrum OS is and how it's implemented, start with
+the xref:about/architecture.adoc[architecture overview].
+
+If you want to try Spectrum, see xref:../installation/index.adoc[Build and Run].
diff --git a/Documentation/b4.adoc b/Documentation/installation/b4.adoc
similarity index 96%
rename from Documentation/b4.adoc
rename to Documentation/installation/b4.adoc
index 2519894..1ba87b2 100644
--- a/Documentation/b4.adoc
+++ b/Documentation/installation/b4.adoc
@@ -1,5 +1,6 @@
= Installing and Configuring b4
-:page-parent: Tutorials
+:page-parent: Build and Run
+:page-nav_order: 3
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/binary-cache.adoc b/Documentation/installation/binary-cache.adoc
similarity index 90%
rename from Documentation/binary-cache.adoc
rename to Documentation/installation/binary-cache.adoc
index 6e69b39..232f96c 100644
--- a/Documentation/binary-cache.adoc
+++ b/Documentation/installation/binary-cache.adoc
@@ -1,10 +1,11 @@
-= Setting Up the Binary Cache
-:page-parent: How-to Guides
+= Setting Up Binary Cache
+:page-parent: Build and Run
+:page-nav_order: 1
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-Building Spectrum from source can take a very long time. To avoid
+Building Spectrum OS from source can take a very long time. To avoid
having to wait when building the system to try it out or test patches,
an x86_64 binary cache service is available. If configured to do so,
Nix will download build outputs from the cache, instead of building
@@ -20,7 +21,7 @@ encounter any trouble with it.
The binary cache is currently not able to provide logs, due to a
https://github.com/NixOS/nix/pull/6051[Nix bug].
-== On NixOS
+== For NixOS
The following configuration adds the Spectrum binary cache as a
substituter, and tells Nix to trust builds signed with its public key.
@@ -38,7 +39,7 @@ substituter, and tells Nix to trust builds signed with its public key.
}
----
-== On Non-NixOS systems
+== For Non-NixOS Systems
Add the following configuration to /etc/nix/nix.conf:
diff --git a/Documentation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc
similarity index 85%
rename from Documentation/getting-spectrum.adoc
rename to Documentation/installation/getting-spectrum.adoc
index b3fa1ef..a0ea1c4 100644
--- a/Documentation/getting-spectrum.adoc
+++ b/Documentation/installation/getting-spectrum.adoc
@@ -1,10 +1,11 @@
= Getting Spectrum
-:page-parent: Tutorials
+:page-parent: Build and Run
+:page-nav_order: 2
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
-To get Spectrum, you need to build it from source. As long as you're
+To get Spectrum OS, you need to build it from source. As long as you're
running Linuxfootnote:[Building from other operating systems might
work, but hasn't been tested. Patches are welcome to support building
from other operating systems, as long as they're not too invasive.]
@@ -17,7 +18,7 @@ lot of time waiting for builds.
== Trying Spectrum
-If you want to try Spectrum out to get a feel for it, without
+If you want to try Spectrum OS out to get a feel for it, without
installing it, you can run it in a development VM with some example
applications.
@@ -34,7 +35,7 @@ nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run'
This builds just enough of Spectrum to try it out in a VM, but it will
still take a very long time.
-== Building an installer
+== Building Installer
[source,shell]
----
@@ -48,7 +49,7 @@ named "result" will appear, pointing to a Spectrum USB installer
image.
CAUTION: Spectrum is not yet suitable for real-world use. Do not use
-your Spectrum system for anything important or sensitive. Spectrum is
+your Spectrum OS for anything important or sensitive. Spectrum is
currently missing many important security properties, and there is no
procedure for updating to new versions of Spectrum -- you have to
reinstall.
diff --git a/Documentation/installation/index.adoc b/Documentation/installation/index.adoc
new file mode 100644
index 0000000..99e9723
--- /dev/null
+++ b/Documentation/installation/index.adoc
@@ -0,0 +1,18 @@
+= Build and Run
+:description: How to download and install Spectrum OS.
+:page-nav_order: 2
+:page-has_children: true
+
+// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com>
+// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
+
+To try Spectrum OS out or xref:../development/testing-patches.adoc[test patches], you need to build the system from the source.
+
+In order to speed up the build process, set up the binary cache. After building Spectrum OS, you can install and configure the b4 utility to be able to work with patches.
+
+
+TIP: Note that Spectrum OS currently works only on x86-64. AAarch64 support is in development.
+
+Currently, there is no implementation for a software update.
+
+You can replace the installation with some other OS.
diff --git a/Documentation/reference.adoc b/Documentation/reference.adoc
index 44b359d..55259ea 100644
--- a/Documentation/reference.adoc
+++ b/Documentation/reference.adoc
@@ -1,6 +1,5 @@
= Reference
-:page-has_children: true
-:page-nav_order: 3
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
diff --git a/Documentation/tutorials.adoc b/Documentation/tutorials.adoc
index cd1fb12..fcef31b 100644
--- a/Documentation/tutorials.adoc
+++ b/Documentation/tutorials.adoc
@@ -1,6 +1,5 @@
= Tutorials
-:page-nav_order: 1
-:page-has_children: true
+:page-nav_exclude: true
// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is>
// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
--
2.34.1
4
4
I've published branches called "wayland" on both the spectrum and
nixpkgs repositories, to make it easier to follow the current state of
that work.
I've tested that both hello-wayland and foot work in a Spectrum VM.
(To test foot I just found-and-replaced hello-wayland with foot in
hello-wayland.nix.)
1
0
I'm taking a holiday from my work for Unikie for two weeks starting now.
(Back on Monday, 9th Oct.)
I'll be spending some of the time finishing up some work for NLnet
before Spectrum's grant expires, so you'll almost certainly still see
some activity from me on the lists.
But the rest of the time I'm going to try to spend away, relaxing, so
anybody sending patches should not be alarmed if they go a couple of
weeks before I take a look at them. :)
Alyssa
1
1
NOTE: These patches are designed to apply on top of the previous
Wayland support series at [1].
This series contains the patches necessary to build the demo repository
for Wayland security-context[2] support. As the Spectrum support for
Wayland is also very WIP, and uses a different WM than the one I was
focused on (Weston versus sway), it's not yet integrated with Spectrum
itself. Of course, my decision to use Sway in this demo isn't setting
Spectrum's own window manager in stone; the hope is this protocol gets
implemented into as many compositors (and sandboxes) as possible :)
To try out the demo, see [3] for the repository and instructions.
A few of these patches (wlroots, sway) have been sent upstream
already[4][5]. The crosvm patches need a tiny bit of work before I'm
completely confident sending them upstream.
One major issue that is worked around but not entirely solved is a bit
of a mystery to me: After a short amount of messages, the virtio-gpu
driver stops sending and receiving Wayland messages. As far as I can
tell, this is likely a quirk of running crosvm with only cross-domain
enabled, but one I haven't been able to delve into the Linux source
code for to figure out how to properly solve.
[1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379…
[2]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68
[3]: https://puck.moe/git/security-context-demo
[4]: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
[5]: https://github.com/swaywm/sway/pull/7187
Puck Meerburg (4):
cloud-hypervisor: workaround keymap mmap
wlroots: apply security-context patches
sway: apply security-context patches
crosvm: apply security-context patches
...ry-mapping-shared-memory-as-RO-if-RW.patch | 57 ++++++++
.../cloud-hypervisor/default.nix | 1 +
.../virtualization/crosvm/default.nix | 10 +-
.../window-managers/sway/default.nix | 22 +++
pkgs/development/libraries/wlroots/0.15.nix | 20 ++-
.../libraries/wlroots/security-context-v1.xml | 131 ++++++++++++++++++
6 files changed, 235 insertions(+), 6 deletions(-)
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch
create mode 100644 pkgs/development/libraries/wlroots/security-context-v1.xml
--
2.35.1
1
5
IMPORTANT NOTE: this series should be applied on top of my previous
series "Introduce a shared base for application VMs" [1]. This is a
bit inconvenient I know, but I haven't committed the other series yet
due to wanting to take a second pass at it.
Changes since v1:
- Fix syntax in img/app development Makefile target.
- Enable virgl for virtio-gpu devices (see below).
v1: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379…
Introduction
------------
This series adds the Spectrum-side support for running VMs that can
display Wayland windows on the host compositor, using virtio-gpu.
There are various small things still to be resolved, but it's ready
for other people to try out and test.
The easiest way to test this out is to run "vm-start hello-wayland" on
the Spectrum host. If everything goes well, a small window with a
picture of a cat (hello-wayland) should appear. This window is
running in a VM.
Currently, virgl is enabled for all virtio-gpu devices. This means
that all VMs will have GPU acceleration enabled. This is currently
required to work around what appears to be a kernel bug that causes
applications to freeze, but is likely not something we want to be
enabling by default once that's fixed.
I have tested with hello-wayland, as in the appvm provided as a
demonstration here, and also with foot (by replacing hello-wayland
with foot in that VM). I haven't done enough testing with this
version of the code to guage how reliably they work yet.
[1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220919073659.170327…
[2]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379…
Alyssa Ross (10):
host/start-vm: use MAP_SHARED memory for VMs
img/app: don't block app startup on network online
img/app: add Wayland over virtio-gpu support to kernel
vm-lib: add mesa drivers to VM
img/app: add support for testing virtio-gpu
img/app: add support for testing in crosvm
host/start-vm: factor out VM definition path
host: add support for Wayland in VMs
vm/app: add hello-wayland demo VM
host/start-vm: disable cloud-hypervisor sandbox
Documentation/creating-vms.adoc | 5 +++
host/initramfs/extfs.nix | 3 ++
host/rootfs/Makefile | 4 +++
host/rootfs/default.nix | 4 +--
host/rootfs/etc/s6-rc/ext-rc-init/up | 8 +++++
host/rootfs/etc/template/gpu/data/check | 5 +++
host/rootfs/etc/template/gpu/notification-fd | 1 +
.../etc/template/gpu/notification-fd.license | 2 ++
host/rootfs/etc/template/gpu/run | 9 ++++++
host/rootfs/etc/template/gpu/type | 1 +
host/rootfs/etc/template/gpu/type.license | 2 ++
host/start-vm/start-vm.rs | 26 +++++++++------
img/app/Makefile | 32 +++++++++++++++++--
img/app/default.nix | 3 +-
img/app/etc/mdev/iface | 2 +-
img/app/etc/mdev/listen | 12 +++++++
img/app/etc/mdev/wait | 15 +++++++++
img/app/etc/s6-rc/ok-all/contents | 1 +
img/app/shell.nix | 2 +-
vm-lib/make-vm.nix | 14 ++++++--
vm/app/catgirl.nix | 1 +
vm/app/hello-wayland.nix | 25 +++++++++++++++
vm/app/lynx.nix | 1 +
23 files changed, 159 insertions(+), 19 deletions(-)
create mode 100755 host/rootfs/etc/template/gpu/data/check
create mode 100644 host/rootfs/etc/template/gpu/notification-fd
create mode 100644 host/rootfs/etc/template/gpu/notification-fd.license
create mode 100755 host/rootfs/etc/template/gpu/run
create mode 100644 host/rootfs/etc/template/gpu/type
create mode 100644 host/rootfs/etc/template/gpu/type.license
create mode 100755 img/app/etc/mdev/listen
create mode 100755 img/app/etc/mdev/wait
create mode 100644 vm/app/hello-wayland.nix
--
2.37.1
1
11
30 Sep '22
Changes since v1
----------------
- Fixed the cloud-hypervisor seccomp sandbox for the GPU device.
- Worked around crosvm not handling wlroots's read-only keymaps in
cloud-hypervisor. (Thanks Puck.)
- Switched to cherry-picks of sternenseemann's ocamlPackages.wayland
and wayland-proxy-virtwl updates from upstream.
v1: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379…
Introduction
------------
This series contains all the changes needed to make it possible to run
Wayland over cross-domain virtio-gpu using cloud-hypervisor. It only
contains changes needed to packages in Nixpkgs, so there's no Spectrum
integration here. That's a separate patchset, of which I'll also be
sending v2 soon.
There's also still some work to do here, hence being marked RFC — in
the cloud-hypervisor patch you'll spot a few TODOs and FIXMEs — but
it's ready for other people to have a look at and test.
With these changes, it's possible to run a cloud-hypervisor VM with a
GPU attached as follows:
crosvm device gpu --socket vhost-user-gpu.sock ...
cloud-hypervisor --gpu socket=vhost-user-gpu.sock ...
Then in the guest, just run a Wayland application under
wayland-proxy-virtwl:
wayland-proxy-virtwl --virtio-gpu hello-wayland
For Wayland over cross-domain virtio-gpu, which we're particularly
interested in, the full crosvm command line would be something like:
crosvm device gpu --socket vhost-user-gpu.sock \
--wayland-sock "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \
--params '{"context-types": "virgl:virgl2:cross-domain"}'
Overview
--------
We start by upgrading crosvm to a beta version (since very recent
changes changed their vhost-user implementation in a way that makes it
significantly easier to interoperate with from cloud-hypervisor), then
applying a few small fixes for cases where crosvm had made assumptions
that were violated by cloud-hypervisor.
Next, we apply patches to cloud-hypervisor and some of its
dependencies, to implement the frontend of the GPU device.
Finally, we upgrade wayland-proxy-virtwl (the program that speaks
virtio-gpu and acts as the Wayland compositor inside the guest) to a
version that supports virtio-gpu. I'm using wayland-proxy-virtwl over
Sommelier here primary because Sommelier appears to have broken with
Linux 5.19, but another nice benefit is that wayland-proxy-virtwl is
maintained by somebody that we know and talk to sometimes on
discuss(a)spectrum-os.org.
Upstreamability
---------------
A question anybody looking at the volume of changes here should be
asking is: "To what extent is this upstreamable?". It's a bit of a
mixed bag — most notably, cloud-hypervisor is not interested in
virtio-gpu[1], so we'll have to maintain the cloud-hypervisor patches
ourselves until we can come up with a more upstream-friendly solution
(e.g. a vfio-user implementation of virtio-gpu). We also can't
upstream the changes to the vhost crate, as the protocol we are using
is crosvm specific, and so some standardisation work would need to
happen there.
But we can upstream the changes to crosvm, and the virtio-bindings
crate. I've already started on the latter. As for the patches to
Nixpkgs itself here, the updates to wayland-proxy-virtwl and the
wayland library it depends on are already upstream (thanks sterni), I
have an open PR[2] for the crosvm update (although to 105.0 rather
than 106.3 than here, since the 106 series is still in beta), and the
rustPlatform change is also upstreamable, but would require auditing
Nixpkgs for cargoSha256 values that would change as a result.
[1]: https://github.com/cloud-hypervisor/cloud-hypervisor/discussions/3960#discu…
[2]: https://github.com/NixOS/nixpkgs/pull/193746
Alyssa Ross (7):
crosvm: switch back to old git repo URL
crosvm.updateScript: update release branch format
crosvm: 104.0 -> 106.2
crosvm.updateScript: don't vendor Cargo.lock
crosvm: add fixes for cloud-hypervisor virtio-gpu
rustPlatform: forward unpack hooks to cargo fetch
cloud-hypervisor: add virtio-gpu support
sternenseemann (2):
ocamlPackages.wayland: 1.0 -> 1.1
wayland-proxy-virtwl: unstable-2021-12-05 -> unstable-2022-09-22
.../0001-build-use-local-vhost.patch | 39 +
...dings-regenerate-with-bindgen-0.60.1.patch | 2589 ++++++++++++
...0002-build-use-local-virtio-bindings.patch | 39 +
...gs-remove-workaround-for-old-bindgen.patch | 28 +
...-bindings-regenerate-with-Glibc-2.36.patch | 247 ++
...0003-virtio-devices-add-a-GPU-device.patch | 1279 ++++++
...-bindings-regenerate-with-Linux-5.19.patch | 1067 +++++
...tio-bindings-add-virtio-gpu-bindings.patch | 3587 +++++++++++++++++
.../cloud-hypervisor/default.nix | 64 +-
...ser-add-shared-memory-region-support.patch | 724 ++++
.../virtualization/crosvm/Cargo.lock | 2214 ----------
.../crosvm/default-seccomp-policy-dir.diff | 38 +-
.../virtualization/crosvm/default.nix | 15 +-
...-consider-shm-buuffers-when-setting-.patch | 34 +
...t_user-loosen-expected-message-order.patch | 71 +
...ces-vhost_user-remove-spurious-check.patch | 42 +
.../virtualization/crosvm/update.py | 15 +-
.../rust/build-rust-package/default.nix | 4 +-
.../ocaml-modules/wayland/default.nix | 8 +-
.../wayland/wayland-proxy-virtwl/default.nix | 17 +-
20 files changed, 9857 insertions(+), 2264 deletions(-)
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-build-use-local-vhost.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-virtio-bindings-regenerate-with-bindgen-0.60.1.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-build-use-local-virtio-bindings.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-virtio-bindings-remove-workaround-for-old-bindgen.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-bindings-regenerate-with-Glibc-2.36.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-devices-add-a-GPU-device.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-bindings-regenerate-with-Linux-5.19.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0005-virtio-bindings-add-virtio-gpu-bindings.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/vhost-vhost_user-add-shared-memory-region-support.patch
delete mode 100644 pkgs/applications/virtualization/crosvm/Cargo.lock
create mode 100644 pkgs/applications/virtualization/crosvm/devices-properly-consider-shm-buuffers-when-setting-.patch
create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-loosen-expected-message-order.patch
create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-remove-spurious-check.patch
base-commit: 768879638cfd6a54664b762ec98a7f8f45620c44
--
2.37.1
1
9
IMPORTANT NOTE: this series should be applied on top of my previous
series "Introduce a shared base for application VMs" [1]. This is a
bit inconvenient I know, but I haven't committed the other series yet
due to wanting to take a second pass at it.
This series adds the Spectrum-side support for running VMs that can
display Wayland windows on the host compositor, using virtio-gpu.
There are various small things still to be resolved, but it's ready
for other people to try out and test.
The easiest way to test this out is to run "vm-start hello-wayland" on
the Spectrum host. If everything goes well, a small window with a
picture of a cat (hello-wayland) should appear. This window is
running in a VM.
One particular known issue is that on one run of the new
appvm-hello-wayland, I got this error:
[12:11:52.107] libwayland: error in client communication (pid 863)
I'm not yet aware of what would cause such an error. It went away
after I rebooted and tried again. There are some other known issues
with my cloud-hypervisor patch too. See the other thread for
information on those.
[1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220919073659.170327…
[2]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379…
Alyssa Ross (10):
host/start-vm: use MAP_SHARED memory for VMs
img/app: don't block app startup on network online
img/app: add Wayland over virtio-gpu support to kernel
vm-lib: add mesa drivers to VM
img/app: add support for testing virtio-gpu
img/app: add support for testing in crosvm
host/start-vm: factor out VM definition path
host: add support for Wayland in VMs
vm/app: add hello-wayland demo VM
host/start-vm: disable cloud-hypervisor sandbox
Documentation/creating-vms.adoc | 5 +++
host/initramfs/extfs.nix | 3 ++
host/rootfs/Makefile | 4 +++
host/rootfs/default.nix | 4 +--
host/rootfs/etc/s6-rc/ext-rc-init/up | 8 +++++
host/rootfs/etc/template/gpu/data/check | 5 +++
host/rootfs/etc/template/gpu/notification-fd | 1 +
.../etc/template/gpu/notification-fd.license | 2 ++
host/rootfs/etc/template/gpu/run | 9 ++++++
host/rootfs/etc/template/gpu/type | 1 +
host/rootfs/etc/template/gpu/type.license | 2 ++
host/start-vm/start-vm.rs | 26 +++++++++------
img/app/Makefile | 32 +++++++++++++++++--
img/app/default.nix | 3 +-
img/app/etc/mdev/iface | 2 +-
img/app/etc/mdev/listen | 12 +++++++
img/app/etc/mdev/wait | 15 +++++++++
img/app/etc/s6-rc/ok-all/contents | 1 +
img/app/shell.nix | 2 +-
vm-lib/make-vm.nix | 14 ++++++--
vm/app/catgirl.nix | 1 +
vm/app/hello-wayland.nix | 25 +++++++++++++++
vm/app/lynx.nix | 1 +
23 files changed, 159 insertions(+), 19 deletions(-)
create mode 100755 host/rootfs/etc/template/gpu/data/check
create mode 100644 host/rootfs/etc/template/gpu/notification-fd
create mode 100644 host/rootfs/etc/template/gpu/notification-fd.license
create mode 100755 host/rootfs/etc/template/gpu/run
create mode 100644 host/rootfs/etc/template/gpu/type
create mode 100644 host/rootfs/etc/template/gpu/type.license
create mode 100755 img/app/etc/mdev/listen
create mode 100755 img/app/etc/mdev/wait
create mode 100644 vm/app/hello-wayland.nix
--
2.37.1
1
11
Previously there were hardcoded "x64" in EFI loaders' filenames.
Signed-off-by: Ivan Nikolaenko <ivan.nikolaenko(a)unikie.com>
---
img/combined/default.nix | 8 +++++---
img/live/Makefile | 2 +-
img/live/default.nix | 6 ++++--
3 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/img/combined/default.nix b/img/combined/default.nix
index 3989d55..f65f619 100644
--- a/img/combined/default.nix
+++ b/img/combined/default.nix
@@ -6,7 +6,7 @@
let
inherit (builtins) storeDir;
- inherit (pkgs.lib) removePrefix;
+ inherit (pkgs.lib) removePrefix toUpper;
eosimages = import ./eosimages.nix { inherit config; };
@@ -31,6 +31,8 @@ let
--owner 0 --group 0 | tar2sqfs $out
'';
+ efiArch = stdenv.hostPlatform.efiArch;
+
grub = grub2_efi;
grubCfg = substituteAll {
@@ -74,8 +76,8 @@ let
done
mcopy -i $out ${grub}/share/grub/unicode.pf2 ::/grub/fonts
- grub-mkimage -o grubx64.efi -p "(hd0,gpt1)/grub" -O ${grub.grubTarget} part_gpt fat
- mcopy -i $out grubx64.efi ::/EFI/BOOT/BOOTX64.EFI
+ grub-mkimage -o grub${efiArch}.efi -p "(hd0,gpt1)/grub" -O ${grub.grubTarget} part_gpt fat
+ mcopy -i $out grub${efiArch}.efi ::/EFI/BOOT/BOOT${toUpper efiArch}.EFI
fsck.vfat -n $out
'';
diff --git a/img/live/Makefile b/img/live/Makefile
index 9815c88..e63c598 100644
--- a/img/live/Makefile
+++ b/img/live/Makefile
@@ -36,7 +36,7 @@ build/boot.fat: $(KERNEL) $(INITRAMFS) $(SYSTEMD_BOOT_EFI) build/spectrum.conf
$(MCOPY) -i $@ build/spectrum.conf ::/loader/entries
$(MCOPY) -i $@ $(KERNEL) ::/spectrum/linux
$(MCOPY) -i $@ $(INITRAMFS) ::/spectrum/initrd
- $(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/BOOTX64.EFI
+ $(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/$(EFINAME)
# veritysetup format produces two files, but Make only (portably)
# supports one output per rule, so we combine the two outputs then
diff --git a/img/live/default.nix b/img/live/default.nix
index 1fa8da3..4301ccc 100644
--- a/img/live/default.nix
+++ b/img/live/default.nix
@@ -9,7 +9,7 @@
let
inherit (config) pkgs;
- inherit (pkgs.lib) cleanSource cleanSourceWith hasSuffix;
+ inherit (pkgs.lib) cleanSource cleanSourceWith hasSuffix toUpper;
extfs = pkgs.pkgsStatic.callPackage ../../host/initramfs/extfs.nix {
inherit config;
@@ -17,6 +17,7 @@ let
rootfs = import ../../host/rootfs { inherit config; };
scripts = import ../../scripts { inherit config; };
initramfs = import ../../host/initramfs { inherit config rootfs; };
+ efiArch = stdenv.hostPlatform.efiArch;
in
stdenvNoCC.mkDerivation {
@@ -35,7 +36,8 @@ stdenvNoCC.mkDerivation {
INITRAMFS = initramfs;
KERNEL = "${rootfs.kernel}/${stdenv.hostPlatform.linux-kernel.target}";
ROOT_FS = rootfs;
- SYSTEMD_BOOT_EFI = "${systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
+ SYSTEMD_BOOT_EFI = "${systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
+ EFINAME = "BOOT${toUpper efiArch}.EFI";
buildFlags = [ "build/live.img" ];
makeFlags = [ "SCRIPTS=${scripts}" ];
--
2.25.1
3
2
29 Sep '22
Introduction
------------
This series contains all the changes needed to make it possible to run
Wayland over cross-domain virtio-gpu using cloud-hypervisor. It only
contains changes needed to packages in Nixpkgs, so there's no Spectrum
integration here. That'll be coming soon.
There's also still some work to do here, hence being marked RFC — in
the cloud-hypervisor patch you'll spot a few TODOs and FIXMEs — but
it's ready for other people to have a look at and test.
With these changes, it's possible to run a cloud-hypervisor VM with a
GPU attached as follows:
crosvm device gpu --socket vhost-user-gpu.sock ...
cloud-hypervisor --gpu socket=vhost-user-gpu.sock ...
Then in the guest, just run a Wayland application under
wayland-proxy-virtwl:
wayland-proxy-virtwl --virtio-gpu hello-wayland
For Wayland over cross-domain virtio-gpu, which we're particularly
interested in, the full crosvm command line would be something like:
crosvm device gpu --socket vhost-user-gpu.sock \
--wayland-sock "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \
--params '{"context-types": "cross-domain"}'
Overview
--------
We start by upgrading crosvm to a beta version (since very recent
changes changed their vhost-user implementation in a way that makes it
significantly easier to interoperate with from cloud-hypervisor), then
applying a few small fixes for cases where crosvm had made assumptions
that were violated by cloud-hypervisor.
Next, we apply patches to cloud-hypervisor and some of its
dependencies, to implement the frontend of the GPU device.
Finally, we upgrade wayland-proxy-virtwl (the program that speaks
virtio-gpu and acts as the Wayland compositor inside the guest) to a
version that supports virtio-gpu. I'm using wayland-proxy-virtwl over
Sommelier here primary because Sommelier appears to have broken with
Linux 5.19, but another nice benefit is that wayland-proxy-virtwl is
maintained by somebody that we know and talk to sometimes on
discuss(a)spectrum-os.org.
Upstreamability
---------------
A question anybody looking at the volume of changes here should be
asking is: "To what extent is this upstreamable?". It's a bit of a
mixed bag — most notably, cloud-hypervisor is not interested in
virtio-gpu[1], so we'll have to maintain the cloud-hypervisor patches
ourselves until we can come up with a more upstream-friendly solution
(e.g. a vfio-user implementation of virtio-gpu). We also can't
upstream the changes to the vhost crate, as the protocol we are using
is crosvm specific, and so some standardisation work would need to
happen there.
But we can upstream the changes to crosvm, and the virtio-bindings
crate. I've already started on the latter. As for the patches to
Nixpkgs itself here, we can upstream the crosvm update (although
should probably target 105 if I get round to it soon, since 106 is
still beta), the rustPlatform change, and the updates to
wayland-proxy-virtwl and the wayland library it depends on.
[1]: https://github.com/cloud-hypervisor/cloud-hypervisor/discussions/3960#discu…
Alyssa Ross (9):
crosvm: switch back to old git repo URL
crosvm.updateScript: update release branch format
crosvm: 104.0 -> 106.2
crosvm.updateScript: don't vendor Cargo.lock
crosvm: add fixes for cloud-hypervisor virtio-gpu
rustPlatform: forward unpack hooks to cargo fetch
cloud-hypervisor: add virtio-gpu support
ocamlPackages.wayland: 1.0 -> unstable-2022-05-07
wayland-proxy-virtwl: unstable-2021-12-05 -> unstable-2022-08-06
.../0001-build-use-local-vhost.patch | 39 +
...dings-regenerate-with-bindgen-0.60.1.patch | 2589 ++++++++++++
...0002-build-use-local-virtio-bindings.patch | 39 +
...gs-remove-workaround-for-old-bindgen.patch | 28 +
...-bindings-regenerate-with-Glibc-2.36.patch | 247 ++
...-devices-add-a-vhost-user-gpu-device.patch | 1253 ++++++
...-bindings-regenerate-with-Linux-5.19.patch | 1067 +++++
...tio-bindings-add-virtio-gpu-bindings.patch | 3587 +++++++++++++++++
.../cloud-hypervisor/default.nix | 64 +-
...ser-add-shared-memory-region-support.patch | 724 ++++
.../virtualization/crosvm/Cargo.lock | 2214 ----------
.../crosvm/default-seccomp-policy-dir.diff | 38 +-
.../virtualization/crosvm/default.nix | 15 +-
...-consider-shm-buuffers-when-setting-.patch | 34 +
...t_user-loosen-expected-message-order.patch | 71 +
...ces-vhost_user-remove-spurious-check.patch | 42 +
.../virtualization/crosvm/update.py | 15 +-
.../rust/build-rust-package/default.nix | 4 +-
.../ocaml-modules/wayland/default.nix | 12 +-
.../wayland/wayland-proxy-virtwl/default.nix | 14 +-
20 files changed, 9834 insertions(+), 2262 deletions(-)
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-build-use-local-vhost.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-virtio-bindings-regenerate-with-bindgen-0.60.1.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-build-use-local-virtio-bindings.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-virtio-bindings-remove-workaround-for-old-bindgen.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-bindings-regenerate-with-Glibc-2.36.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-devices-add-a-vhost-user-gpu-device.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-bindings-regenerate-with-Linux-5.19.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0005-virtio-bindings-add-virtio-gpu-bindings.patch
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/vhost-vhost_user-add-shared-memory-region-support.patch
delete mode 100644 pkgs/applications/virtualization/crosvm/Cargo.lock
create mode 100644 pkgs/applications/virtualization/crosvm/devices-properly-consider-shm-buuffers-when-setting-.patch
create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-loosen-expected-message-order.patch
create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-remove-spurious-check.patch
base-commit: 768879638cfd6a54664b762ec98a7f8f45620c44
--
2.37.1
2
13