- Spectrum Development - spectrum-os.org

[PATCH v3] Docs: new structure
by Jenni Nikolaenko 08 Nov '22

08 Nov '22

Create separate folders for new parent pages, update Introduction page, remove a and the articles from titles, quick check text for simple english Signed-off-by: Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com> --- Documentation/{ => about}/architecture.adoc | 27 ++++----- Documentation/about/index.adoc | 32 ++++++++++ Documentation/building-documentation.adoc | 52 ---------------- .../decisions/001-host-update-mechanism.adoc | 4 +- .../decisions/002-install-options.adoc | 4 +- Documentation/decisions/003-partitioning.adoc | 2 +- .../004-data-at-rest-encryption.adoc | 4 +- .../005-virtual-machine-monitor.adoc | 2 +- .../decisions/006-drivers-on-host.adoc | 2 +- .../decisions/007-usb-virtual-machines.adoc | 2 +- ...008-inter-vm-communication-mechanisms.adoc | 2 +- Documentation/decisions/index.adoc | 2 +- Documentation/{ => development}/b4.adoc | 6 +- .../build-configuration.adoc | 13 ++-- .../development/building-documentation.adoc | 52 ++++++++++++++++ .../{ => development}/creating-vms.adoc | 4 +- .../{ => development}/debugging.adoc | 12 ++-- .../{ => development}/first-patch.adoc | 32 +++++----- Documentation/development/index.adoc | 59 +++++++++++++++++++ Documentation/development/managing-vms.adoc | 14 +++++ Documentation/{ => development}/replying.adoc | 13 ++-- .../{ => development}/reviewing-patches.adoc | 4 +- .../{ => development}/running-vms.adoc | 4 +- .../{ => development}/testing-patches.adoc | 28 ++++----- Documentation/development/user-partition.adoc | 18 ++++++ .../{ => development}/uuid-reference.adoc | 5 +- .../development/working-with-patces.adoc | 12 ++++ Documentation/explanation.adoc | 6 -- Documentation/how-to.adoc | 6 -- Documentation/index.adoc | 29 +++++++-- .../{ => installation}/binary-cache.adoc | 22 +++++-- .../{ => installation}/getting-spectrum.adoc | 16 ++--- Documentation/installation/index.adoc | 23 ++++++++ Documentation/reference.adoc | 6 -- Documentation/tutorials.adoc | 6 -- Documentation/user-partition.adoc | 12 ---- 36 files changed, 350 insertions(+), 187 deletions(-) rename Documentation/{ => about}/architecture.adoc (79%) create mode 100644 Documentation/about/index.adoc delete mode 100644 Documentation/building-documentation.adoc rename Documentation/{ => development}/b4.adoc (91%) rename Documentation/{ => development}/build-configuration.adoc (73%) create mode 100644 Documentation/development/building-documentation.adoc rename Documentation/{ => development}/creating-vms.adoc (97%) rename Documentation/{ => development}/debugging.adoc (79%) rename Documentation/{ => development}/first-patch.adoc (80%) create mode 100644 Documentation/development/index.adoc create mode 100644 Documentation/development/managing-vms.adoc rename Documentation/{ => development}/replying.adoc (68%) rename Documentation/{ => development}/reviewing-patches.adoc (88%) rename Documentation/{ => development}/running-vms.adoc (85%) rename Documentation/{ => development}/testing-patches.adoc (82%) create mode 100644 Documentation/development/user-partition.adoc rename Documentation/{ => development}/uuid-reference.adoc (97%) create mode 100644 Documentation/development/working-with-patces.adoc delete mode 100644 Documentation/explanation.adoc delete mode 100644 Documentation/how-to.adoc rename Documentation/{ => installation}/binary-cache.adoc (74%) rename Documentation/{ => installation}/getting-spectrum.adoc (79%) create mode 100644 Documentation/installation/index.adoc delete mode 100644 Documentation/reference.adoc delete mode 100644 Documentation/tutorials.adoc delete mode 100644 Documentation/user-partition.adoc diff --git a/Documentation/architecture.adoc b/Documentation/about/architecture.adoc similarity index 79% rename from Documentation/architecture.adoc rename to Documentation/about/architecture.adoc index 1c4307b..1237577 100644 --- a/Documentation/architecture.adoc +++ b/Documentation/about/architecture.adoc @@ -1,32 +1,31 @@ = Architecture -:page-parent: Explanation +:page-parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -== Introduction +Spectrum is based on the principle of security by compartmentalization. -Spectrum is based on the principle of security by -compartmentalization. The high level stack is illustrated in the -following diagram: +The high level stack is illustrated in the following diagram: -image::diagrams/stack.svg[] +image::../diagrams/stack.svg[] The default set of virtual machines includes two application VMs, _appvm-catgirl_ (an IRC client) and _appvm-lynx_ (a text-based web browser); and a system VM, _netvm_ (which handles hardware network devices and provides network services to application VMs). Refer to -xref:creating-vms.adoc[Creating VMs] and xref:running-vms.adoc[Running +xref:../development/creating-vms.adoc[Creating VMs] and +xref:../development/running-vms.adoc[Running VMs] for more information about using VMs in Spectrum. == Architecture Decision Records (ADRs) https://en.wikipedia.org/wiki/Architectural_decision[Architecturally significant -decisions] are xref:decisions/index.adoc[recorded] as lightweight -https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions/[ADRs]. +decisions] are xref:../decisions/index.adoc[recorded] as lightweight +https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions[ADRs]. -== The Spectrum host system +== Spectrum Host System Compartmentalization is implemented using https://cloud-hypervisor.org/[cloud-hypervisor] virtual machines. @@ -44,7 +43,7 @@ and service scripts. https://wayland.freedesktop.org/[Wayland] is used for window management and display. The Wayland architecture is well documented -https://wayland.freedesktop.org/architecture.html[here]. The host provides only +https://wayland.freedesktop.org/architecture.html[here]. The host provides only a Wayland terminal client, https://codeberg.org/dnkl/foot/[foot], which is used for interacting with VM consoles. In future it will be possible for application VMs to display windows on the single Wayland compositor on the host system, @@ -57,7 +56,7 @@ https://www.etalabs.net/compare_libcs.html[added safety on resource exhaustion and security hardening on memory allocation]. Kernel hardening will be investigated in future. -== Exploring the Spectrum dependency tree +== Spectrum Dependency Tree For a detailed, interactive view of dependencies, use https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository: @@ -66,5 +65,5 @@ https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository: [listing] nix-build img/live -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz --no-out-link | xargs -o nix-tree -https://diode.zone/w/8DBDQ6HQUe5UUdLkpDuL35[See video of Spectrum live image -interactive analysis with nix-tree] +See the https://diode.zone/w/8DBDQ6HQUe5UUdLkpDuL35[video] of Spectrum live +image interactive analysis with nix-tree. diff --git a/Documentation/about/index.adoc b/Documentation/about/index.adoc new file mode 100644 index 0000000..6961b6a --- /dev/null +++ b/Documentation/about/index.adoc @@ -0,0 +1,32 @@ += About Spectrum +:description: Some words about Spectrum as the operating system, not a project. Highlights the differences between common Linux distributions and Spectrum. +:page-nav_order: 1 +:page-has_children: true + +// SPDX-FileCopyrightText: 2022 Unikie +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +Spectrum is a Linux-based system that uses the +https://github.com/NixOS/nix[Nix package manager] and +the https://github.com/NixOS/nixpkgs[Nix Packages collection] (Nixpkgs). + +This gives an actively-developed base with good +hardware support, powerful and optimised compartmentalization primitives in +https://www.linux-kvm.org/page/Main_Page[KVM], and the reproducible packaging +and configuration system that is important +for a maintainable compartmentalized system. + +== Why Spectrum + +* User data and applications are managed centrally while remaining isolated. +That means that the system can be backed up and managed as a whole, rather than +mixed up in several dozen VMs. + +* The host system and isolated environments are managed declaratively and +reproducibly using the Nix package manager. +This can save the user the burden of maintaining many different virtual +computers, allowing finer-grained resource access controls and making it +possible to verify the software running across all environments. + +TIP: If you are interested in why we do something _this_ way instead of _that_ +way, see xref:../decisions/index.adoc[Architecture Decision Records]. diff --git a/Documentation/building-documentation.adoc b/Documentation/building-documentation.adoc deleted file mode 100644 index b491105..0000000 --- a/Documentation/building-documentation.adoc +++ /dev/null @@ -1,52 +0,0 @@ -= Building the Documentation -:page-parent: Tutorials - -// SPDX-FileCopyrightText: 2022 Unikie -// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 - -This tutorial assumes that you have https://nixos.org/[Nix] installed. -You may also want to xref:binary-cache.adoc[configure the Spectrum -binary cache], to avoid having to wait for dependencies to compile on -your local system. - -1. Get a copy of the Spectrum source code: -+ -[source,shell] ----- -git clone https://spectrum-os.org/git/spectrum ----- -2. Enter the documentation directory: -+ -[source,shell] ----- -cd spectrum/Documentation ----- -3. Enter the development environment: -+ -[source,shell] ----- -nix-shell -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz ----- -4. In the development shell, do an initial build of the documentation -site: -+ -[source,shell] ----- -scripts/build.sh ----- -5. Run a development server for previewing changes locally: -+ -[source,shell] ----- -jekyll serve ----- -+ -This will serve a local copy of the documentation at http://localhost:4000/. -+ -IMPORTANT: Jekyll doesn't handle rendering of the draw.io diagrams, so -if you modify any of those, or add new ones, you'll have to run -`scripts/build.sh` again to do a full rebuild of the site. - -Once you've made your changes to the documentation, see -xref:first-patch.adoc[Sending Your First Patch] for information -about how to submit them for review. diff --git a/Documentation/decisions/001-host-update-mechanism.adoc b/Documentation/decisions/001-host-update-mechanism.adoc index 574deb4..39f9f28 100644 --- a/Documentation/decisions/001-host-update-mechanism.adoc +++ b/Documentation/decisions/001-host-update-mechanism.adoc @@ -1,6 +1,6 @@ = 001 Host Update Mechanism :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -11,7 +11,7 @@ Proposed == Context -Spectrum currently has no implementation for software update. The host -- +Spectrum currently has no implementation for software update. The host -- consisting of the Linux kernel, KVM, cloud-hypervisor and minimal user space tools -- will require software updates to support feature development and security fixes. diff --git a/Documentation/decisions/002-install-options.adoc b/Documentation/decisions/002-install-options.adoc index 4412b53..4a745eb 100644 --- a/Documentation/decisions/002-install-options.adoc +++ b/Documentation/decisions/002-install-options.adoc @@ -1,6 +1,6 @@ -= 002 Install options += 002 Install Options :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/003-partitioning.adoc b/Documentation/decisions/003-partitioning.adoc index 8494ea4..a13b8cc 100644 --- a/Documentation/decisions/003-partitioning.adoc +++ b/Documentation/decisions/003-partitioning.adoc @@ -1,6 +1,6 @@ = 003 Partitioning :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/004-data-at-rest-encryption.adoc b/Documentation/decisions/004-data-at-rest-encryption.adoc index 26fe273..5b0f518 100644 --- a/Documentation/decisions/004-data-at-rest-encryption.adoc +++ b/Documentation/decisions/004-data-at-rest-encryption.adoc @@ -1,6 +1,6 @@ = 004 Data at Rest Encryption :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -20,5 +20,5 @@ User data is encrypted. == Consequences Spectrum needs to come with enough software to get the encryption key -via different methods (password, usb, fido, etc.) Can we use dm-crypt +via different methods (password, usb, fido, etc.). Can we use dm-crypt for everything instead of LUKS? diff --git a/Documentation/decisions/005-virtual-machine-monitor.adoc b/Documentation/decisions/005-virtual-machine-monitor.adoc index db81c72..df1b501 100644 --- a/Documentation/decisions/005-virtual-machine-monitor.adoc +++ b/Documentation/decisions/005-virtual-machine-monitor.adoc @@ -1,6 +1,6 @@ = 005 Virtual Machine Monitor :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/006-drivers-on-host.adoc b/Documentation/decisions/006-drivers-on-host.adoc index 872044e..b92d863 100644 --- a/Documentation/decisions/006-drivers-on-host.adoc +++ b/Documentation/decisions/006-drivers-on-host.adoc @@ -1,6 +1,6 @@ = 006 Drivers on Host :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/007-usb-virtual-machines.adoc b/Documentation/decisions/007-usb-virtual-machines.adoc index 3bdf78b..d832691 100644 --- a/Documentation/decisions/007-usb-virtual-machines.adoc +++ b/Documentation/decisions/007-usb-virtual-machines.adoc @@ -1,6 +1,6 @@ = 007 USB Virtual Machine :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc index a1b7d49..c1e5b87 100644 --- a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc +++ b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc @@ -1,6 +1,6 @@ = 008 Inter-VM Communication Mechanisms :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/index.adoc b/Documentation/decisions/index.adoc index 772f382..a022239 100644 --- a/Documentation/decisions/index.adoc +++ b/Documentation/decisions/index.adoc @@ -1,6 +1,6 @@ = Architecture Decision Records :page-has_children: true -:page-parent: Explanation +:page-parent: About Spectrum // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/b4.adoc b/Documentation/development/b4.adoc similarity index 91% rename from Documentation/b4.adoc rename to Documentation/development/b4.adoc index 489ced4..5f141e9 100644 --- a/Documentation/b4.adoc +++ b/Documentation/development/b4.adoc @@ -1,5 +1,7 @@ = Installing and Configuring b4 -:page-parent: Tutorials +:page-parent: Working with Patches +:page-grand_parent: Development +:page-nav_order: 1 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-FileCopyrightText: 2022 Unikie @@ -19,7 +21,7 @@ of the Spectrum root's nix-shell. You should be able to install b4 from your package manager. -Using Nix, you can start a shell with b4 available by running +Using Nix, you can start a shell with b4 available by running: [listing] [source,shell] diff --git a/Documentation/build-configuration.adoc b/Documentation/development/build-configuration.adoc similarity index 73% rename from Documentation/build-configuration.adoc rename to Documentation/development/build-configuration.adoc index b89575f..c9a8c99 100644 --- a/Documentation/build-configuration.adoc +++ b/Documentation/development/build-configuration.adoc @@ -1,19 +1,22 @@ = Configuring the Build -:page-parent: How-to Guides +:page-parent: Development +:page-nav_order: 1 :example-caption: Test // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 Some aspects of a Spectrum build can be customised using a build -configuration file. By default, this configuration file should be -called config.nix and located in the root of the Spectrum source tree, -but this can be overridden by setting `spectrum-config` in the +configuration file. + +By default, this configuration file should be called config.nix and located in +the root of the Spectrum source tree, but this can be overridden by setting +`spectrum-config` in the https://nixos.org/manual/nix/stable/command-ref/env-common.html#env-NIX_PAT… to the path of the configuration file. The configuration file should contain an attribute set. The only -currently allowed attribute name is `pkgs`, which allows using a +currently allowed attribute name is `pkgs`. It allows using a custom Nixpkgs to evaluate Spectrum. .config.nix to build Spectrum with a https://nixos.org/manual/nixpkgs/unstable/#sec-overlays-definition[Nixpkgs overlay] diff --git a/Documentation/development/building-documentation.adoc b/Documentation/development/building-documentation.adoc new file mode 100644 index 0000000..4f464f5 --- /dev/null +++ b/Documentation/development/building-documentation.adoc @@ -0,0 +1,52 @@ += Building Documentation +:page-parent: Development +:page-nav_order: 5 + +// SPDX-FileCopyrightText: 2022 Unikie +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +Make sure you have https://nixos.org/download.html[Nix] installed. +You may also want to xref:../installation/binary-cache.adoc[configure the Spectrum +binary cache], to avoid having to wait for dependencies to compile on +your local system. + +. Get a copy of the Spectrum source code: ++ +[source,shell] +---- +git clone https://spectrum-os.org/git/spectrum +---- +. Enter the documentation directory: ++ +[source,shell] +---- +cd spectrum/Documentation +---- +. Enter the development environment: ++ +[source,shell] +---- +nix-shell -I nixpkgs=https://spectrum-os.org/git/nixpkgs/snapshot/nixpkgs-rootfs.tar.gz +---- +. In the development shell, do an initial build of the documentation +site: ++ +[source,shell] +---- +scripts/build.sh +---- +. Run a development server for previewing changes locally: ++ +[source,shell] +---- +jekyll serve +---- ++ +This will serve a local copy of the documentation at http://localhost:4000/. ++ +IMPORTANT: Jekyll does not handle rendering of the draw.io diagrams. If you +modify any of those, or add new ones, run `scripts/build.sh` again to do a full +rebuild of the site. + +After making changes to the documentation, see how to +xref:first-patch.adoc[send your patch] and submit the changes for review. diff --git a/Documentation/creating-vms.adoc b/Documentation/development/creating-vms.adoc similarity index 97% rename from Documentation/creating-vms.adoc rename to Documentation/development/creating-vms.adoc index d967098..8785190 100644 --- a/Documentation/creating-vms.adoc +++ b/Documentation/development/creating-vms.adoc @@ -1,5 +1,7 @@ = Creating VMs -:page-parent: Reference +:page-parent: Managing VMs +:page-grand_parent: Development +:page-nav_order: 1 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/debugging.adoc b/Documentation/development/debugging.adoc similarity index 79% rename from Documentation/debugging.adoc rename to Documentation/development/debugging.adoc index 3871a7c..f1bbf01 100644 --- a/Documentation/debugging.adoc +++ b/Documentation/development/debugging.adoc @@ -1,7 +1,6 @@ -= Debugging Spectrum -:page-parent: Explanation -:toc: -:toclevels: 1 += Debugging +:page-parent: Development +:page-nav_order: 4 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -9,8 +8,9 @@ == Extracting core dumps when running Spectrum in a VM When using a VM to run the Spectrum host system, a special mechanism -is available to enable easy introspection of core files. When a -program on the Spectrum host system dumps core, the system will +is available to enable easy introspection of core files. + +When a program on the Spectrum host system dumps core, the system will attempt to upload the core file to _its_ host (i.e. the system running Spectrum in a VM) using the vsock(7) protocol, on port 1129271877. diff --git a/Documentation/first-patch.adoc b/Documentation/development/first-patch.adoc similarity index 80% rename from Documentation/first-patch.adoc rename to Documentation/development/first-patch.adoc index 30672b9..aa6ebee 100644 --- a/Documentation/first-patch.adoc +++ b/Documentation/development/first-patch.adoc @@ -1,11 +1,11 @@ -= Sending Your First Patch -:page-parent: Tutorials += Sending Your Patch +:page-parent: Working with Patches +:page-grand_parent: Development +:page-nav_order: 1 // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -== Prerequisites - This tutorial assumes that you already have basic https://git-scm.com/[git] experience. @@ -14,19 +14,18 @@ https://spectrum-os.org/git/[Spectrum source tree]. You'll also need to have configured `git send-email` — a guide for this can be found at https://git-send-email.io/. -== Making your changes +== Making Changes -If you've worked on any git repository before, the process for making -your changes will probably be very familiar. +The process of making changes is similar to working on any git repository. -1. Create a branch for your changes: +. Create a branch for your changes: + [source,shell] ---- git checkout -b fix-docs # for example ---- -2. Make changes in your editor. -3. Stage and commit your changes: +. Make changes in your editor. +. Stage and commit your changes: + [source,shell] ---- @@ -39,7 +38,7 @@ indicates your acceptance of the https://spectrum-os.org/git/spectrum/tree/DCO-1.1.txt[Developer's Certificate of Origin], which is mandatory for Spectrum patches. -== Submitting changes +== Submitting Changes Once you're happy with how the commits on your branch look, run: @@ -64,13 +63,14 @@ message that will be sent before all of your patches. Once your patch has been submitted, wait for it to be reviewed. Feedback, if any, will be sent as email replies to your submitted -patch. You can respond to feedback in your mail client. Please use -the Reply All button to ensure that your messages are sent to the +patch. You can respond to feedback in your mail client. + +Use the *Reply All* button to sent your messages to the mailing list as well as to the person who sent the feedback. -If you need to make changes to your patch, and submit a new version, +If you need to make changes to your patch and submit a new version, use https://git-rebase.io/[`git rebase`] to create a new version of -your patch(es), and submit it like this: +your patch(es) and then submit it like this: [source,shell] ---- @@ -81,7 +81,7 @@ The added `-v2` flag indicates that this is version two of your patch set. If your patches require more rounds of changes, submit subsequent rounds with `-v3`, `-v4`, etc. as appropriate. -If you'd like to describe what has changed from the previous version +If you would like to describe what has changed from the previous version of your patches, you can do so in a xref:cover-letter[cover letter] as described above. diff --git a/Documentation/development/index.adoc b/Documentation/development/index.adoc new file mode 100644 index 0000000..4925570 --- /dev/null +++ b/Documentation/development/index.adoc @@ -0,0 +1,59 @@ += Development +:description: Development progress, general development practices +:page-nav_order: 4 +:page-has_children: true + +// SPDX-FileCopyrightText: 2022 Unikie +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +Spectrum is free software, currently under active development. + + +== General Workflow + +Spectrum is a very small and not changeable sort of Linux distro. It does +not have a package manager for users. If you faced a missing feature or a bug, or you want to suggest some improvements, please consider the following: + +* Get the latest version of the +https://spectrum-os.org/git/spectrum[source code] and make sure your problem +was not fixed. +* xref:../installation/getting-spectrum.adoc[Build Spectrum] and make changes +in the source code. In addition: +** If you need to customize the build to be able to use a +vendor kernel, you can +xref:../development/build-configuration.adoc[configure the build]. +** You can xref:../development/testing-patches.adoc[test patches] +subbmited by others. +* If you would like to share your code with the community, +you can send the changes to the maintainers for possible inclusion in +the Spectrum source code as a new patch. +** xref:../development/b4.adoc[Install and configure the b4 utility] to be able +to work with patches. +** xref:../development/first-patch.adoc[Submit the changes for review]. +Keep your git commits clean and make sure they meet general guidelines. +** Wait for approval from the maintainers' side. Detailed updates are posted in +Spectrum Development +https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/[threads]. +** Update documentation with the code. For more information, see +xref:../development/building-documentation.adoc[Building Documentation]. + +For additional information, see +https://spectrum-os.org/contributing.html[Contributing to Spectrum]. + + +== Developer Setup + +* https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4] +* https://nixos.org/manual/nix/stable/introduction.html[Nix package manager] +* https://docs.asciidoctor.org/[AsciiDoc] for writing the documentation + + +== Mailing Lists + +The Spectrum project runs several +https://spectrum-os.org/participating.html#mailing-lists[mailing lists] on +which you can ask your questions or help other people with the questions they +have. All the Spectrum developers as well as many long time Linux and Spectrum users are on the lists. + +For real-time feedback, use +https://spectrum-os.org/participating.html#irc[IRC/Matrix channel]. diff --git a/Documentation/development/managing-vms.adoc b/Documentation/development/managing-vms.adoc new file mode 100644 index 0000000..d0a3f09 --- /dev/null +++ b/Documentation/development/managing-vms.adoc @@ -0,0 +1,14 @@ += Managing VMs +:page-parent: Development +:page-nav_order: 2 +:page-has_children: true +:page-has_toc: false + +// SPDX-FileCopyrightText: 2022 Unikie +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +Ready to get started with Spectrum? Here is what you can do next: + +* xref:../development/creating-vms.adoc[Create your own VM] to use others applications. +* xref:../development/running-vms.adoc[Start some applications]. +* If needed, xref:../development/user-partition.adoc[change the user partition type]. diff --git a/Documentation/replying.adoc b/Documentation/development/replying.adoc similarity index 68% rename from Documentation/replying.adoc rename to Documentation/development/replying.adoc index bb8e31a..a1ad394 100644 --- a/Documentation/replying.adoc +++ b/Documentation/development/replying.adoc @@ -1,5 +1,7 @@ = Replying to Messages in the Mailing List Archives -:page-parent: Tutorials +:page-parent: Working with Patches +:page-grand_parent: Development +:page-nav_order: 3 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -9,14 +11,13 @@ https://spectrum-os.org/participating.html#mailing-lists[mailing lists]. Make sure to Reply All when replying to messages, so that the message -is sent to the mailing list and not just to the person you're -replying to. +is sent to the mailing list and not just to the person you reply to. == Getting a copy of a message -You may want to reply to a mailing list message that you don't have a -copy of in your mail client, because you aren't subscribed to the -list, or because you subscribed after the message was sent. +You may want to reply to a mailing list message that you do not have a +copy of in your mail client, because you are not subscribed to the +list or because you subscribed after the message was sent. To do this, find the message you want to reply to in the https://spectrum-os.org/lists/archives[public-inbox list archives], diff --git a/Documentation/reviewing-patches.adoc b/Documentation/development/reviewing-patches.adoc similarity index 88% rename from Documentation/reviewing-patches.adoc rename to Documentation/development/reviewing-patches.adoc index 63ff24e..ba47f25 100644 --- a/Documentation/reviewing-patches.adoc +++ b/Documentation/development/reviewing-patches.adoc @@ -1,5 +1,7 @@ = Reviewing Patches -:page-parent: How-to Guides +:page-parent: Working with Patches +:page-grand_parent: Development +:page-nav_order: 2 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/running-vms.adoc b/Documentation/development/running-vms.adoc similarity index 85% rename from Documentation/running-vms.adoc rename to Documentation/development/running-vms.adoc index d0d3f99..7c474d5 100644 --- a/Documentation/running-vms.adoc +++ b/Documentation/development/running-vms.adoc @@ -1,5 +1,7 @@ = Running VMs -:page-parent: Reference +:page-parent: Managing VMs +:page-grand_parent: Development +:page-nav_order: 2 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/testing-patches.adoc b/Documentation/development/testing-patches.adoc similarity index 82% rename from Documentation/testing-patches.adoc rename to Documentation/development/testing-patches.adoc index 743cd6e..0c72c93 100644 --- a/Documentation/testing-patches.adoc +++ b/Documentation/development/testing-patches.adoc @@ -1,5 +1,7 @@ = Testing Patches -:page-parent: How-to Guides +:page-parent: Working with Patches +:page-grand_parent: Development +:page-nav_order: 2 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-FileCopyrightText: 2022 Unikie @@ -9,7 +11,7 @@ Potential changes to Spectrum are posted to and discussed on the https://spectrum-os.org/participating.html#spectrum-devel[devel@spectrum-os… mailing list. -== Apply the patch +== Apply Patch . Find the patch series you want to test on https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox]. @@ -33,15 +35,15 @@ of the Spectrum root's nix-shell, which allows you to skip this step. ---- b4 am 20220511092352.70E54C980(a)atuin.qyliss.net ---- - -. b4 will indicate the file name it has downloaded the patches into - with a line like: +b4 will indicate the file name it has downloaded the patches into with a line +like: + [example] [listing] +---- Writing ./20220424_hi_host_rootfs_fix_weston_hotplugging.mbx -+ -Run `git am` on that file to apply the patches, for example: +---- +. Run `git am` on that file to apply the patches. For example: + [example] [source,shell] @@ -49,14 +51,12 @@ Run `git am` on that file to apply the patches, for example: git am 20220424_hi_host_rootfs_fix_weston_hotplugging.mbx ---- -== Post your test results +== Post Your Results -When you've tested a patch, it's really helpful to +When you tested a patch, it is helpful to xref:replying.adoc[reply] with your test results. -If the patch worked for you, please reply to it and include a line -like the following, separated from any reply text: - +If the patch worked for you, please reply to it and include a line like the following, separated from any reply text: ---- Tested-by: John Smith <john(a)example.com> ---- @@ -66,10 +66,10 @@ patch replies will be automatically included in the commit message when a patch is applied. It's also helpful to explain in your reply how you tested the patch, -but you don't have to if it's obvious. (For example, if a patch is +but you don't have to if it's obvious. For example, if a patch is supposed to fix a bug, and you verified that after applying the patch the bug is fixed, just the Tested-by line on its own is enough to -indicate that.) +indicate that. If you found an issue with the patch, do not include a Tested-by line, and instead reply to the patch explaining what you tested, what you diff --git a/Documentation/development/user-partition.adoc b/Documentation/development/user-partition.adoc new file mode 100644 index 0000000..3fa6d01 --- /dev/null +++ b/Documentation/development/user-partition.adoc @@ -0,0 +1,18 @@ += User Partition +:page-parent: Managing VMs +:page-grand_parent: Development +:page-nav_order: 3 + +// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +The Spectrum host system is immutable, so configuration and user data +lives on a separate partition. + +The host system discovers the user +partition by looking for the special partition type +`9293e1ff-cee4-4658-88be-898ec863944f`. + +This behavior can be overridden with the `ext` parameter on the host's kernel +command line, which works in a similar way to the standard Linux `root` +parameter. diff --git a/Documentation/uuid-reference.adoc b/Documentation/development/uuid-reference.adoc similarity index 97% rename from Documentation/uuid-reference.adoc rename to Documentation/development/uuid-reference.adoc index 4b0b481..0bbded5 100644 --- a/Documentation/uuid-reference.adoc +++ b/Documentation/development/uuid-reference.adoc @@ -1,7 +1,8 @@ = UUID Reference -:page-parent: Reference +:page-parent: Development :toc: preamble :toclevels: 1 +:page-nav_order: 6 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -40,7 +41,7 @@ xref:user-partition.adoc[Spectrum user partition]. === `56a3bbc3-aefa-43d9-a64d-7b3fd59bbc4e` -https://github.com/endlessm/eos-installer["eosimages"] partition on the +https://github.com/endlessm/eos-installer["eosimages"] partition on the Spectrum combined live system / installer image. == Combined Image Partition IDs diff --git a/Documentation/development/working-with-patces.adoc b/Documentation/development/working-with-patces.adoc new file mode 100644 index 0000000..f73734f --- /dev/null +++ b/Documentation/development/working-with-patces.adoc @@ -0,0 +1,12 @@ += Working with Patches +:page-parent: Development +:page-nav_order: 3 +:page-has_children: true + +// SPDX-FileCopyrightText: 2022 Unikie +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +Patches are the way for contributors to submit code to the Spectrum project. + +Make sure to xref:../development/b4.adoc[install and configure the b4 utility] +before starting. diff --git a/Documentation/explanation.adoc b/Documentation/explanation.adoc deleted file mode 100644 index b39cc6d..0000000 --- a/Documentation/explanation.adoc +++ /dev/null @@ -1,6 +0,0 @@ -= Explanation -:page-has_children: true -:page-nav_order: 4 - -// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> -// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/how-to.adoc b/Documentation/how-to.adoc deleted file mode 100644 index f43fa13..0000000 --- a/Documentation/how-to.adoc +++ /dev/null @@ -1,6 +0,0 @@ -= How-to Guides -:page-has_children: true -:page-nav_order: 2 - -// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> -// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/index.adoc b/Documentation/index.adoc index 3079847..e0a45c7 100644 --- a/Documentation/index.adoc +++ b/Documentation/index.adoc @@ -1,13 +1,32 @@ -= Spectrum Docs += Spectrum Documentation :page-nav_exclude: true // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> +// SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -Spectrum is a compartmentalized operating system. -If you'd like to try Spectrum, see xref:getting-spectrum.adoc[Getting -Spectrum]. +Spectrum is an open-source project that aims to create a computer operating +system, based on the principle of security by compartmentalization, that has a +lower barrier to entry and is easy to use and maintain. + +== Using Spectrum To learn about what Spectrum is and how it's implemented, start with -the xref:architecture.adoc[architecture overview]. +the xref:about/architecture.adoc[architecture overview]. + +If you want to try Spectrum, see xref:../installation/index.adoc[Build and Run] + to setup a development environment. + + +== Developing and Contributing + +Spectrum is made of free and open-source software. It is free for anyone to + use, modify, and distribute. + +Once you are up and running, see + xref:../development/index.adoc[Development] to understand how to work with + Spectrum's code and participate in the collaborative development process. + +If you are thinking of contributing to Spectrum docs, see + xref:../development/building-documentation.adoc[Building Documentation]. diff --git a/Documentation/binary-cache.adoc b/Documentation/installation/binary-cache.adoc similarity index 74% rename from Documentation/binary-cache.adoc rename to Documentation/installation/binary-cache.adoc index 6e69b39..ab53666 100644 --- a/Documentation/binary-cache.adoc +++ b/Documentation/installation/binary-cache.adoc @@ -1,5 +1,6 @@ -= Setting Up the Binary Cache -:page-parent: How-to Guides += Setting Up Binary Cache +:page-parent: Build and Run +:page-nav_order: 1 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -20,10 +21,9 @@ encounter any trouble with it. The binary cache is currently not able to provide logs, due to a https://github.com/NixOS/nix/pull/6051[Nix bug]. -== On NixOS +== For NixOS -The following configuration adds the Spectrum binary cache as a -substituter, and tells Nix to trust builds signed with its public key. +Add the following configuration to /etc/nixos/configuration.nix: [source,nix] ---- @@ -38,7 +38,13 @@ substituter, and tells Nix to trust builds signed with its public key. } ---- -== On Non-NixOS systems +This configuration adds the Spectrum binary cache as a substituter and makes +Nix trust builds signed with its public key. + +To apply changes, rebuild your system with the https://nixos.wiki/wiki/Nixos-rebuild[nixos-rebuild] command. + + +== For Non-NixOS Systems Add the following configuration to /etc/nix/nix.conf: @@ -48,6 +54,10 @@ substituters = https://cache.dataaturservice.se/spectrum/ https://cache.nixos.or trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= spectrum-os.org-1:rnnSumz3+Dbs5uewPlwZSTP0k3g/5SRG4hD7Wbr9YuQ= ---- +Run `systemctl restart nix-daemon.service` after making any changes in the Nix +configuration. After that the binary cache will be used automatically when +`nix-build` is run. + If you have other binary caches configured besides cache.nixos.org, make sure to add the Spectrum cache URL and public key to the existing configuration lines in your nix.conf file. diff --git a/Documentation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc similarity index 79% rename from Documentation/getting-spectrum.adoc rename to Documentation/installation/getting-spectrum.adoc index b422a94..392cab5 100644 --- a/Documentation/getting-spectrum.adoc +++ b/Documentation/installation/getting-spectrum.adoc @@ -1,5 +1,6 @@ = Getting Spectrum -:page-parent: Tutorials +:page-parent: Build and Run +:page-nav_order: 2 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -8,7 +9,7 @@ To get Spectrum, you need to build it from source. As long as you're running Linuxfootnote:[Building from other operating systems might work, but hasn't been tested. Patches are welcome to support building from other operating systems, as long as they're not too invasive.] -and have https://nixos.org/[Nix] and https://git-scm.com/[git] +and have https://nixos.org/download.html[Nix] and https://git-scm.com/[git] installed, it's very easy to do. TIP: Before you start, consider setting up the @@ -34,7 +35,7 @@ nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run' This builds just enough of Spectrum to try it out in a VM, but it will still take a very long time. -== Building an installer +== Building Installer [source,shell] ---- @@ -47,8 +48,7 @@ If you haven't set up the xref:binary-cache.adoc[binary cache], this will take a very long time. When it's done, a symbolic link named "result" will appear, pointing to a Spectrum USB installer image. -CAUTION: Spectrum is not yet suitable for real-world use. Do not use -your Spectrum system for anything important or sensitive. Spectrum is -currently missing many important security properties, and there is no -procedure for updating to new versions of Spectrum -- you have to -reinstall. +CAUTION: Do not use Spectrum for anything important or sensitive as it is not +yet suitable for real-world use. Many important security properties are +currently missing, and there is no procedure for updating to +new versions—you have to reinstall the OS. diff --git a/Documentation/installation/index.adoc b/Documentation/installation/index.adoc new file mode 100644 index 0000000..d67c88d --- /dev/null +++ b/Documentation/installation/index.adoc @@ -0,0 +1,23 @@ += Build and Run +:description: How to download and install Spectrum OS. +:page-nav_order: 2 +:page-has_children: true +:page-has_toc: false + +// SPDX-FileCopyrightText: 2022 Unikie +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + + +To start working with Spectrum, you need: + +* xref:../installation/binary-cache.adoc[Set up the binary cache] to speed up the build process. +* xref:../installation/getting-spectrum.adoc[Build Spectrum] from the source. + +TIP: At this stage, Spectrum works only on x86-64. AArch64 support is in +development. + +== Uninstalling and Updating + +Currently, there is no implementation for a software update. + +You can replace Spectrum by installing another OS. diff --git a/Documentation/reference.adoc b/Documentation/reference.adoc deleted file mode 100644 index 44b359d..0000000 --- a/Documentation/reference.adoc +++ /dev/null @@ -1,6 +0,0 @@ -= Reference -:page-has_children: true -:page-nav_order: 3 - -// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> -// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/tutorials.adoc b/Documentation/tutorials.adoc deleted file mode 100644 index cd1fb12..0000000 --- a/Documentation/tutorials.adoc +++ /dev/null @@ -1,6 +0,0 @@ -= Tutorials -:page-nav_order: 1 -:page-has_children: true - -// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> -// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/user-partition.adoc b/Documentation/user-partition.adoc deleted file mode 100644 index 73bc0d0..0000000 --- a/Documentation/user-partition.adoc +++ /dev/null @@ -1,12 +0,0 @@ -= The User Partition -:page-parent: Explanation - -// SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> -// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 - -The Spectrum host system is immutable, so configuration and user data -lives on a separate partition. The host system discovers the user -partition by looking for the special partition type -`9293e1ff-cee4-4658-88be-898ec863944f`. This behavior can be -overridden with the `ext` parameter on the host's kernel command line, -which works in a similar way to the standard Linux `root` parameter. -- 2.34.1

2 3

[PATCH] Docs: new structure
by Jenni Nikolaenko 28 Oct '22

28 Oct '22

Create separate folders for new parent pages, update Introduction page, remove a and the articles from titles, quick check text for simple english Signed-off-by: Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com> --- Documentation/{ => about}/architecture.adoc | 19 ++++----- Documentation/about/index.adoc | 21 ++++++++++ .../decisions/001-host-update-mechanism.adoc | 2 +- .../decisions/002-install-options.adoc | 4 +- Documentation/decisions/003-partitioning.adoc | 2 +- .../004-data-at-rest-encryption.adoc | 2 +- .../005-virtual-machine-monitor.adoc | 2 +- .../decisions/006-drivers-on-host.adoc | 2 +- .../decisions/007-usb-virtual-machines.adoc | 2 +- ...008-inter-vm-communication-mechanisms.adoc | 2 +- Documentation/decisions/index.adoc | 2 +- .../building-documentation.adoc | 10 ++--- .../{ => development}/debugging.adoc | 7 ++-- .../{ => development}/first-patch.adoc | 28 +++++++------ Documentation/development/index.adoc | 17 ++++++++ Documentation/{ => development}/replying.adoc | 4 +- .../{ => development}/reviewing-patches.adoc | 4 +- .../{ => development}/testing-patches.adoc | 42 ++++++++----------- .../{ => development}/uuid-reference.adoc | 4 +- Documentation/explanation.adoc | 3 +- .../{ => getting-started}/creating-vms.adoc | 2 +- Documentation/getting-started/index.adoc | 7 ++++ .../{ => getting-started}/running-vms.adoc | 2 +- .../{ => getting-started}/user-partition.adoc | 8 ++-- Documentation/how-to.adoc | 1 + Documentation/index.adoc | 22 +++++++--- Documentation/{ => installation}/b4.adoc | 3 +- .../{ => installation}/binary-cache.adoc | 11 ++--- .../{ => installation}/getting-spectrum.adoc | 11 ++--- Documentation/installation/index.adoc | 18 ++++++++ Documentation/reference.adoc | 3 +- Documentation/tutorials.adoc | 3 +- 32 files changed, 171 insertions(+), 99 deletions(-) rename Documentation/{ => about}/architecture.adoc (84%) create mode 100644 Documentation/about/index.adoc rename Documentation/{ => development}/building-documentation.adoc (85%) rename Documentation/{ => development}/debugging.adoc (92%) rename Documentation/{ => development}/first-patch.adoc (83%) create mode 100644 Documentation/development/index.adoc rename Documentation/{ => development}/replying.adoc (93%) rename Documentation/{ => development}/reviewing-patches.adoc (89%) rename Documentation/{ => development}/testing-patches.adoc (62%) rename Documentation/{ => development}/uuid-reference.adoc (98%) rename Documentation/{ => getting-started}/creating-vms.adoc (98%) create mode 100644 Documentation/getting-started/index.adoc rename Documentation/{ => getting-started}/running-vms.adoc (93%) rename Documentation/{ => getting-started}/user-partition.adoc (80%) rename Documentation/{ => installation}/b4.adoc (96%) rename Documentation/{ => installation}/binary-cache.adoc (90%) rename Documentation/{ => installation}/getting-spectrum.adoc (85%) create mode 100644 Documentation/installation/index.adoc diff --git a/Documentation/architecture.adoc b/Documentation/about/architecture.adoc similarity index 84% rename from Documentation/architecture.adoc rename to Documentation/about/architecture.adoc index 1c4307b..db82d60 100644 --- a/Documentation/architecture.adoc +++ b/Documentation/about/architecture.adoc @@ -1,17 +1,16 @@ = Architecture -:page-parent: Explanation +:page-parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie +// SPDX-FileCopyrightText: 2022 Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com> // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -== Introduction +Spectrum OS is based on the principle of security by compartmentalization. -Spectrum is based on the principle of security by -compartmentalization. The high level stack is illustrated in the -following diagram: +The high level stack is illustrated in the following diagram: -image::diagrams/stack.svg[] +image::../diagrams/stack.svg[] The default set of virtual machines includes two application VMs, _appvm-catgirl_ (an IRC client) and _appvm-lynx_ (a text-based web @@ -26,7 +25,7 @@ https://en.wikipedia.org/wiki/Architectural_decision[Architecturally significant decisions] are xref:decisions/index.adoc[recorded] as lightweight https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions/[A…. -== The Spectrum host system +== Spectrum Host System Compartmentalization is implemented using https://cloud-hypervisor.org/[cloud-hypervisor] virtual machines. @@ -35,7 +34,7 @@ https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine[Kernel-based Virtual Machine] (KVM) to provide lightweight, hardware-accelerated VMs. While Linux (including KVM) is portable between many hardware architectures, -cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only +cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only works on x86_64, but aarch64 support is in development. https://skarnet.org/software/s6-rc/overview.html[s6-rc] is used for service @@ -44,7 +43,7 @@ and service scripts. https://wayland.freedesktop.org/[Wayland] is used for window management and display. The Wayland architecture is well documented -https://wayland.freedesktop.org/architecture.html[here]. The host provides only +https://wayland.freedesktop.org/architecture.html[here]. The host provides only a Wayland terminal client, https://codeberg.org/dnkl/foot/[foot], which is used for interacting with VM consoles. In future it will be possible for application VMs to display windows on the single Wayland compositor on the host system, @@ -57,7 +56,7 @@ https://www.etalabs.net/compare_libcs.html[added safety on resource exhaustion and security hardening on memory allocation]. Kernel hardening will be investigated in future. -== Exploring the Spectrum dependency tree +== Spectrum Dependency Tree For a detailed, interactive view of dependencies, use https://github.com/utdemir/nix-tree[nix-tree] in the Spectrum repository: diff --git a/Documentation/about/index.adoc b/Documentation/about/index.adoc new file mode 100644 index 0000000..a882852 --- /dev/null +++ b/Documentation/about/index.adoc @@ -0,0 +1,21 @@ += About Spectrum OS +:description: Some words about Spectrum as the operating system, not a project. Highlights the differences between common Linux distributions and Spectrum. +:page-nav_order: 1 +:page-has_children: true + +// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com> +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +Spectrum is a Linux-based system, derived from NixOS. This gives an actively-developed base with good hardware support, powerful and optimised compartmentalization primitives in KVM, and the reproducible packaging and configuration system that is important for a maintainable compartmentalized system. + +== Why Spectrum + +There are several features that make Spectrum OS unique: + +* User data and applications are managed centrally, while remaining isolated. +That means that the system can be backed up and managed as a whole, rather than mixed up in several dozen VMs. + +* The host system and isolated environments are managed declaratively and reproducibly using the Nix package manager. +This can save the user the burden of maintaining many different virtual computers, allowing finer-grained resource access controls and making it possible to verify the software running across all environments. + +TIP: If you are interested in why we do something _this_ way instead of _that_ way, see xref:../decisions/index.adoc[Architecture Decision Records]. diff --git a/Documentation/decisions/001-host-update-mechanism.adoc b/Documentation/decisions/001-host-update-mechanism.adoc index 574deb4..7032146 100644 --- a/Documentation/decisions/001-host-update-mechanism.adoc +++ b/Documentation/decisions/001-host-update-mechanism.adoc @@ -1,6 +1,6 @@ = 001 Host Update Mechanism :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/002-install-options.adoc b/Documentation/decisions/002-install-options.adoc index 4412b53..a7c4175 100644 --- a/Documentation/decisions/002-install-options.adoc +++ b/Documentation/decisions/002-install-options.adoc @@ -1,6 +1,6 @@ -= 002 Install options += 002 Install Options :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/003-partitioning.adoc b/Documentation/decisions/003-partitioning.adoc index 8494ea4..b00f528 100644 --- a/Documentation/decisions/003-partitioning.adoc +++ b/Documentation/decisions/003-partitioning.adoc @@ -1,6 +1,6 @@ = 003 Partitioning :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/004-data-at-rest-encryption.adoc b/Documentation/decisions/004-data-at-rest-encryption.adoc index 26fe273..27323db 100644 --- a/Documentation/decisions/004-data-at-rest-encryption.adoc +++ b/Documentation/decisions/004-data-at-rest-encryption.adoc @@ -1,6 +1,6 @@ = 004 Data at Rest Encryption :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/005-virtual-machine-monitor.adoc b/Documentation/decisions/005-virtual-machine-monitor.adoc index db81c72..df5a65e 100644 --- a/Documentation/decisions/005-virtual-machine-monitor.adoc +++ b/Documentation/decisions/005-virtual-machine-monitor.adoc @@ -1,6 +1,6 @@ = 005 Virtual Machine Monitor :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/006-drivers-on-host.adoc b/Documentation/decisions/006-drivers-on-host.adoc index 872044e..86d3105 100644 --- a/Documentation/decisions/006-drivers-on-host.adoc +++ b/Documentation/decisions/006-drivers-on-host.adoc @@ -1,6 +1,6 @@ = 006 Drivers on Host :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/007-usb-virtual-machines.adoc b/Documentation/decisions/007-usb-virtual-machines.adoc index 3bdf78b..24dac65 100644 --- a/Documentation/decisions/007-usb-virtual-machines.adoc +++ b/Documentation/decisions/007-usb-virtual-machines.adoc @@ -1,6 +1,6 @@ = 007 USB Virtual Machine :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc index a1b7d49..9fce4ef 100644 --- a/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc +++ b/Documentation/decisions/008-inter-vm-communication-mechanisms.adoc @@ -1,6 +1,6 @@ = 008 Inter-VM Communication Mechanisms :page-parent: Architecture Decision Records -:page-grand_parent: Explanation +:page-grand_parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/decisions/index.adoc b/Documentation/decisions/index.adoc index 772f382..4f3a7e1 100644 --- a/Documentation/decisions/index.adoc +++ b/Documentation/decisions/index.adoc @@ -1,6 +1,6 @@ = Architecture Decision Records :page-has_children: true -:page-parent: Explanation +:page-parent: About Spectrum OS // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/building-documentation.adoc b/Documentation/development/building-documentation.adoc similarity index 85% rename from Documentation/building-documentation.adoc rename to Documentation/development/building-documentation.adoc index b491105..da5fa8c 100644 --- a/Documentation/building-documentation.adoc +++ b/Documentation/development/building-documentation.adoc @@ -1,5 +1,5 @@ -= Building the Documentation -:page-parent: Tutorials += Building Documentation +:page-parent: Development // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -47,6 +47,6 @@ IMPORTANT: Jekyll doesn't handle rendering of the draw.io diagrams, so if you modify any of those, or add new ones, you'll have to run `scripts/build.sh` again to do a full rebuild of the site. -Once you've made your changes to the documentation, see -xref:first-patch.adoc[Sending Your First Patch] for information -about how to submit them for review. +Once you made your changes to the documentation, see +xref:first-patch.adoc[Patching] for information +on how to submit your patch for review. diff --git a/Documentation/debugging.adoc b/Documentation/development/debugging.adoc similarity index 92% rename from Documentation/debugging.adoc rename to Documentation/development/debugging.adoc index 3871a7c..6e529a9 100644 --- a/Documentation/debugging.adoc +++ b/Documentation/development/debugging.adoc @@ -1,7 +1,6 @@ -= Debugging Spectrum -:page-parent: Explanation -:toc: -:toclevels: 1 += Debugging +:page-parent: Development +:page-nav_order: 2 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/first-patch.adoc b/Documentation/development/first-patch.adoc similarity index 83% rename from Documentation/first-patch.adoc rename to Documentation/development/first-patch.adoc index 30672b9..7b8dd1d 100644 --- a/Documentation/first-patch.adoc +++ b/Documentation/development/first-patch.adoc @@ -1,11 +1,12 @@ -= Sending Your First Patch -:page-parent: Tutorials += Patching +:page-parent: Development +:page-nav_order: 1 +:page-has_children: true +:toc: preamble // SPDX-FileCopyrightText: 2022 Unikie // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -== Prerequisites - This tutorial assumes that you already have basic https://git-scm.com/[git] experience. @@ -14,10 +15,10 @@ https://spectrum-os.org/git/[Spectrum source tree]. You'll also need to have configured `git send-email` — a guide for this can be found at https://git-send-email.io/. -== Making your changes +== Making Changes -If you've worked on any git repository before, the process for making -your changes will probably be very familiar. +If you worked on any git repository before, the process for making +your changes will be very familiar. 1. Create a branch for your changes: + @@ -39,7 +40,7 @@ indicates your acceptance of the https://spectrum-os.org/git/spectrum/tree/DCO-1.1.txt[Developer's Certificate of Origin], which is mandatory for Spectrum patches. -== Submitting changes +== Submitting Changes Once you're happy with how the commits on your branch look, run: @@ -64,13 +65,14 @@ message that will be sent before all of your patches. Once your patch has been submitted, wait for it to be reviewed. Feedback, if any, will be sent as email replies to your submitted -patch. You can respond to feedback in your mail client. Please use -the Reply All button to ensure that your messages are sent to the +patch. You can respond to feedback in your mail client. + +Use the *Reply All* button to sent your messages to the mailing list as well as to the person who sent the feedback. -If you need to make changes to your patch, and submit a new version, +If you need to make changes to your patch and submit a new version, use https://git-rebase.io/[`git rebase`] to create a new version of -your patch(es), and submit it like this: +your patch(es) and then submit it like this: [source,shell] ---- @@ -81,7 +83,7 @@ The added `-v2` flag indicates that this is version two of your patch set. If your patches require more rounds of changes, submit subsequent rounds with `-v3`, `-v4`, etc. as appropriate. -If you'd like to describe what has changed from the previous version +If you would like to describe what has changed from the previous version of your patches, you can do so in a xref:cover-letter[cover letter] as described above. diff --git a/Documentation/development/index.adoc b/Documentation/development/index.adoc new file mode 100644 index 0000000..471daf7 --- /dev/null +++ b/Documentation/development/index.adoc @@ -0,0 +1,17 @@ += Development +:description: Development progress, general development practices +:page-nav_order: 4 +:page-has_children: true + +// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com> +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +Spectrum is free software, currently under active development. + +== Developer Setup + +Before starting, make sure you are familiar with https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4] and the https://nixos.org/manual/nix/stable/introduction.html[Nix package manager]. + +== Mailing Lists + +The Spectrum project runs several https://spectrum-os.org/mailman3/lists/?all-lists[mailing lists] on which you can ask your questions or help other people with the questions they have. All the Spectrum developers as well as many long time Linux and Spectrum users are on the lists. diff --git a/Documentation/replying.adoc b/Documentation/development/replying.adoc similarity index 93% rename from Documentation/replying.adoc rename to Documentation/development/replying.adoc index bb8e31a..05740a0 100644 --- a/Documentation/replying.adoc +++ b/Documentation/development/replying.adoc @@ -1,5 +1,7 @@ = Replying to Messages in the Mailing List Archives -:page-parent: Tutorials +:page-parent: Patching +:page-grand_parent: Development +:page-nav_order: 3 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/reviewing-patches.adoc b/Documentation/development/reviewing-patches.adoc similarity index 89% rename from Documentation/reviewing-patches.adoc rename to Documentation/development/reviewing-patches.adoc index 63ff24e..c8c971f 100644 --- a/Documentation/reviewing-patches.adoc +++ b/Documentation/development/reviewing-patches.adoc @@ -1,5 +1,7 @@ = Reviewing Patches -:page-parent: How-to Guides +:page-parent: Patching +:page-grand_parent: Development +:page-nav_order: 2 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/testing-patches.adoc b/Documentation/development/testing-patches.adoc similarity index 62% rename from Documentation/testing-patches.adoc rename to Documentation/development/testing-patches.adoc index 8ba7804..99adfd2 100644 --- a/Documentation/testing-patches.adoc +++ b/Documentation/development/testing-patches.adoc @@ -1,5 +1,8 @@ = Testing Patches -:page-parent: How-to Guides +:page-parent: Patching +:page-grand_parent: Development +:page-nav_order: 1 +:toc: preamble // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 @@ -8,52 +11,41 @@ Potential changes to Spectrum are posted to and discussed on the https://spectrum-os.org/participating.html#spectrum-devel[devel@spectrum-os… mailing list. -== Apply the patch +== Apply Patch If you haven't already, you'll first need to xref:b4.adoc[install and configure] https://git.kernel.org/pub/scm/utils/b4/b4.git/about/[b4]. Then: -. Find the patch series you want to test on - https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox]. -. Navigate to the "permalink" page for any patch in the series. -. Copy the Message-Id for the patch, as shown on the permalink page, e.g. - \20220511092352.70E54C980(a)atuin.qyliss.net. -. In a checkout of the appropriate git repository - (https://spectrum-os.org/git/spectrum[Spectrum] or - https://spectrum-os.org/git/nixpkgs[Spectrum Nixpkgs]), Run `b4 am` - with the patch's Message-Id to download all the patches in the - series into a file. +1. Find the patch series you want to test on https://spectrum-os.org/lists/archives/spectrum-devel/[public-inbox]. +2. Navigate to the "permalink" page for any patch in the series. +3. Copy the Message-Id for the patch, as shown on the permalink page, e.g. \20220511092352.70E54C980(a)atuin.qyliss.net. +4. In a checkout of the appropriate git repository (https://spectrum-os.org/git/spectrum[Spectrum] or https://spectrum-os.org/git/nixpkgs[Spectrum Nixpkgs]), run `b4 am` with the patch's Message-Id to download all the patches in the series into a file. + -[example] [source,shell] ---- b4 am 20220511092352.70E54C980(a)atuin.qyliss.net ---- - -. b4 will indicate the file name it has downloaded the patches into - with a line like: +b4 will indicate the file name it has downloaded the patches into with a line like: + -[example] -[listing] +[source,shell] +---- Writing ./20220424_hi_host_rootfs_fix_weston_hotplugging.mbx +---- +5. Run `git am` on that file to apply the patches, for example: + -Run `git am` on that file to apply the patches, for example: -+ -[example] [source,shell] ---- git am 20220424_hi_host_rootfs_fix_weston_hotplugging.mbx ---- -== Post your test results +== Post Your Results When you've tested a patch, it's really helpful to xref:replying.adoc[reply] with your test results. -If the patch worked for you, please reply to it and include a line -like the following, separated from any reply text: - +If the patch worked for you, please reply to it and include a line like the following, separated from any reply text: +[source,shell] ---- Tested-by: John Smith <john(a)example.com> ---- diff --git a/Documentation/uuid-reference.adoc b/Documentation/development/uuid-reference.adoc similarity index 98% rename from Documentation/uuid-reference.adoc rename to Documentation/development/uuid-reference.adoc index 4b0b481..0eccc82 100644 --- a/Documentation/uuid-reference.adoc +++ b/Documentation/development/uuid-reference.adoc @@ -1,5 +1,5 @@ = UUID Reference -:page-parent: Reference +:page-parent: Development :toc: preamble :toclevels: 1 @@ -40,7 +40,7 @@ xref:user-partition.adoc[Spectrum user partition]. === `56a3bbc3-aefa-43d9-a64d-7b3fd59bbc4e` -https://github.com/endlessm/eos-installer["eosimages"] partition on the +https://github.com/endlessm/eos-installer["eosimages"] partition on the Spectrum combined live system / installer image. == Combined Image Partition IDs diff --git a/Documentation/explanation.adoc b/Documentation/explanation.adoc index b39cc6d..f682129 100644 --- a/Documentation/explanation.adoc +++ b/Documentation/explanation.adoc @@ -1,6 +1,5 @@ = Explanation -:page-has_children: true -:page-nav_order: 4 +:page-nav_exclude: true // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/creating-vms.adoc b/Documentation/getting-started/creating-vms.adoc similarity index 98% rename from Documentation/creating-vms.adoc rename to Documentation/getting-started/creating-vms.adoc index d967098..e06be85 100644 --- a/Documentation/creating-vms.adoc +++ b/Documentation/getting-started/creating-vms.adoc @@ -1,5 +1,5 @@ = Creating VMs -:page-parent: Reference +:page-parent: Getting Started // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/getting-started/index.adoc b/Documentation/getting-started/index.adoc new file mode 100644 index 0000000..1b468ab --- /dev/null +++ b/Documentation/getting-started/index.adoc @@ -0,0 +1,7 @@ += Getting Started +:description: Exploring Spectrum OS. Using (=How-To-Guides), Configuring (adding smth). Ready to get started with Spectrum OS? After installing you can create VMs and then configure each one. +:page-nav_order: 3 +:page-has_children: true + +// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com> +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/running-vms.adoc b/Documentation/getting-started/running-vms.adoc similarity index 93% rename from Documentation/running-vms.adoc rename to Documentation/getting-started/running-vms.adoc index d0d3f99..9073e3c 100644 --- a/Documentation/running-vms.adoc +++ b/Documentation/getting-started/running-vms.adoc @@ -1,5 +1,5 @@ = Running VMs -:page-parent: Reference +:page-parent: Getting Started // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/user-partition.adoc b/Documentation/getting-started/user-partition.adoc similarity index 80% rename from Documentation/user-partition.adoc rename to Documentation/getting-started/user-partition.adoc index 73bc0d0..a33d7fc 100644 --- a/Documentation/user-partition.adoc +++ b/Documentation/getting-started/user-partition.adoc @@ -1,11 +1,13 @@ -= The User Partition -:page-parent: Explanation += User Partition +:page-parent: Getting Started // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 The Spectrum host system is immutable, so configuration and user data -lives on a separate partition. The host system discovers the user +lives on a separate partition. + +The host system discovers the user partition by looking for the special partition type `9293e1ff-cee4-4658-88be-898ec863944f`. This behavior can be overridden with the `ext` parameter on the host's kernel command line, diff --git a/Documentation/how-to.adoc b/Documentation/how-to.adoc index f43fa13..98cc842 100644 --- a/Documentation/how-to.adoc +++ b/Documentation/how-to.adoc @@ -1,4 +1,5 @@ = How-to Guides +:page-nav_exclude: true :page-has_children: true :page-nav_order: 2 diff --git a/Documentation/index.adoc b/Documentation/index.adoc index 3079847..d26676b 100644 --- a/Documentation/index.adoc +++ b/Documentation/index.adoc @@ -1,13 +1,23 @@ -= Spectrum Docs += Spectrum Documentation :page-nav_exclude: true // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> +// SPDX-FileCopyrightText: 2022 Jenni Nikolaenko <evgeniia.nikolaenko(a)unikie.com> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -Spectrum is a compartmentalized operating system. +== Spectrum Project -If you'd like to try Spectrum, see xref:getting-spectrum.adoc[Getting -Spectrum]. +Spectrum is an open source project that aims to create a computer operating system, based on the principle of security by compartmentalization, that has a lower barrier to entry and is easier to use and maintain than other such systems. For more information on the Spectrum project, see https://spectrum-os.org/. -To learn about what Spectrum is and how it's implemented, start with -the xref:architecture.adoc[architecture overview]. +Spectrum is made of free and open source software. It is free for anyone to use, modify, and distribute. If you want to be involved with the Spectrum project, see https://spectrum-os.org/contributing.html. + +The Spectrum project source code is https://spectrum-os.org/git/spectrum. + +== Spectrum OS + +Spectrum is an in-development operating system that aims to afford its users security by compartmentalization, while also improving upon other similar projects by maintaining a high level of usability. + +To learn about what Spectrum OS is and how it's implemented, start with +the xref:about/architecture.adoc[architecture overview]. + +If you want to try Spectrum, see xref:../installation/index.adoc[Build and Run]. diff --git a/Documentation/b4.adoc b/Documentation/installation/b4.adoc similarity index 96% rename from Documentation/b4.adoc rename to Documentation/installation/b4.adoc index 2519894..1ba87b2 100644 --- a/Documentation/b4.adoc +++ b/Documentation/installation/b4.adoc @@ -1,5 +1,6 @@ = Installing and Configuring b4 -:page-parent: Tutorials +:page-parent: Build and Run +:page-nav_order: 3 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/binary-cache.adoc b/Documentation/installation/binary-cache.adoc similarity index 90% rename from Documentation/binary-cache.adoc rename to Documentation/installation/binary-cache.adoc index 6e69b39..232f96c 100644 --- a/Documentation/binary-cache.adoc +++ b/Documentation/installation/binary-cache.adoc @@ -1,10 +1,11 @@ -= Setting Up the Binary Cache -:page-parent: How-to Guides += Setting Up Binary Cache +:page-parent: Build and Run +:page-nav_order: 1 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -Building Spectrum from source can take a very long time. To avoid +Building Spectrum OS from source can take a very long time. To avoid having to wait when building the system to try it out or test patches, an x86_64 binary cache service is available. If configured to do so, Nix will download build outputs from the cache, instead of building @@ -20,7 +21,7 @@ encounter any trouble with it. The binary cache is currently not able to provide logs, due to a https://github.com/NixOS/nix/pull/6051[Nix bug]. -== On NixOS +== For NixOS The following configuration adds the Spectrum binary cache as a substituter, and tells Nix to trust builds signed with its public key. @@ -38,7 +39,7 @@ substituter, and tells Nix to trust builds signed with its public key. } ---- -== On Non-NixOS systems +== For Non-NixOS Systems Add the following configuration to /etc/nix/nix.conf: diff --git a/Documentation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc similarity index 85% rename from Documentation/getting-spectrum.adoc rename to Documentation/installation/getting-spectrum.adoc index b3fa1ef..a0ea1c4 100644 --- a/Documentation/getting-spectrum.adoc +++ b/Documentation/installation/getting-spectrum.adoc @@ -1,10 +1,11 @@ = Getting Spectrum -:page-parent: Tutorials +:page-parent: Build and Run +:page-nav_order: 2 // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -To get Spectrum, you need to build it from source. As long as you're +To get Spectrum OS, you need to build it from source. As long as you're running Linuxfootnote:[Building from other operating systems might work, but hasn't been tested. Patches are welcome to support building from other operating systems, as long as they're not too invasive.] @@ -17,7 +18,7 @@ lot of time waiting for builds. == Trying Spectrum -If you want to try Spectrum out to get a feel for it, without +If you want to try Spectrum OS out to get a feel for it, without installing it, you can run it in a development VM with some example applications. @@ -34,7 +35,7 @@ nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run' This builds just enough of Spectrum to try it out in a VM, but it will still take a very long time. -== Building an installer +== Building Installer [source,shell] ---- @@ -48,7 +49,7 @@ named "result" will appear, pointing to a Spectrum USB installer image. CAUTION: Spectrum is not yet suitable for real-world use. Do not use -your Spectrum system for anything important or sensitive. Spectrum is +your Spectrum OS for anything important or sensitive. Spectrum is currently missing many important security properties, and there is no procedure for updating to new versions of Spectrum -- you have to reinstall. diff --git a/Documentation/installation/index.adoc b/Documentation/installation/index.adoc new file mode 100644 index 0000000..99e9723 --- /dev/null +++ b/Documentation/installation/index.adoc @@ -0,0 +1,18 @@ += Build and Run +:description: How to download and install Spectrum OS. +:page-nav_order: 2 +:page-has_children: true + +// SPDX-FileCopyrightText: 2022 Jenni Nikko <evgeniia.nikolaenko(a)unikie.com> +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 + +To try Spectrum OS out or xref:../development/testing-patches.adoc[test patches], you need to build the system from the source. + +In order to speed up the build process, set up the binary cache. After building Spectrum OS, you can install and configure the b4 utility to be able to work with patches. + + +TIP: Note that Spectrum OS currently works only on x86-64. AAarch64 support is in development. + +Currently, there is no implementation for a software update. + +You can replace the installation with some other OS. diff --git a/Documentation/reference.adoc b/Documentation/reference.adoc index 44b359d..55259ea 100644 --- a/Documentation/reference.adoc +++ b/Documentation/reference.adoc @@ -1,6 +1,5 @@ = Reference -:page-has_children: true -:page-nav_order: 3 +:page-nav_exclude: true // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 diff --git a/Documentation/tutorials.adoc b/Documentation/tutorials.adoc index cd1fb12..fcef31b 100644 --- a/Documentation/tutorials.adoc +++ b/Documentation/tutorials.adoc @@ -1,6 +1,5 @@ = Tutorials -:page-nav_order: 1 -:page-has_children: true +:page-nav_exclude: true // SPDX-FileCopyrightText: 2022 Alyssa Ross <hi(a)alyssa.is> // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0 -- 2.34.1

4 4

Branches for in-progress Wayland work
by Alyssa Ross 25 Oct '22

25 Oct '22

I've published branches called "wayland" on both the spectrum and nixpkgs repositories, to make it easier to follow the current state of that work. I've tested that both hello-wayland and foot work in a Spectrum VM. (To test foot I just found-and-replaced hello-wayland with foot in hello-wayland.nix.)

1 0

I'll be on holiday for two weeks
by Alyssa Ross 30 Sep '22

30 Sep '22

I'm taking a holiday from my work for Unikie for two weeks starting now. (Back on Monday, 9th Oct.) I'll be spending some of the time finishing up some work for NLnet before Spectrum's grant expires, so you'll almost certainly still see some activity from me on the lists. But the rest of the time I'm going to try to spend away, relaxing, so anybody sending patches should not be alarmed if they go a couple of weeks before I take a look at them. :) Alyssa

1 1

[RFC PATCH nixpkgs 0/4] Wayland security-context support
by Puck Meerburg 30 Sep '22

30 Sep '22

NOTE: These patches are designed to apply on top of the previous Wayland support series at [1]. This series contains the patches necessary to build the demo repository for Wayland security-context[2] support. As the Spectrum support for Wayland is also very WIP, and uses a different WM than the one I was focused on (Weston versus sway), it's not yet integrated with Spectrum itself. Of course, my decision to use Sway in this demo isn't setting Spectrum's own window manager in stone; the hope is this protocol gets implemented into as many compositors (and sandboxes) as possible :) To try out the demo, see [3] for the repository and instructions. A few of these patches (wlroots, sway) have been sent upstream already[4][5]. The crosvm patches need a tiny bit of work before I'm completely confident sending them upstream. One major issue that is worked around but not entirely solved is a bit of a mystery to me: After a short amount of messages, the virtio-gpu driver stops sending and receiving Wayland messages. As far as I can tell, this is likely a quirk of running crosvm with only cross-domain enabled, but one I haven't been able to delve into the Linux source code for to figure out how to properly solve. [1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379… [2]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68 [3]: https://puck.moe/git/security-context-demo [4]: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589 [5]: https://github.com/swaywm/sway/pull/7187 Puck Meerburg (4): cloud-hypervisor: workaround keymap mmap wlroots: apply security-context patches sway: apply security-context patches crosvm: apply security-context patches ...ry-mapping-shared-memory-as-RO-if-RW.patch | 57 ++++++++ .../cloud-hypervisor/default.nix | 1 + .../virtualization/crosvm/default.nix | 10 +- .../window-managers/sway/default.nix | 22 +++ pkgs/development/libraries/wlroots/0.15.nix | 20 ++- .../libraries/wlroots/security-context-v1.xml | 131 ++++++++++++++++++ 6 files changed, 235 insertions(+), 6 deletions(-) create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch create mode 100644 pkgs/development/libraries/wlroots/security-context-v1.xml -- 2.35.1

1 5

[RFC PATCH v2 00/10] Initial support for VM Wayland
by Alyssa Ross 30 Sep '22

30 Sep '22

IMPORTANT NOTE: this series should be applied on top of my previous series "Introduce a shared base for application VMs" [1]. This is a bit inconvenient I know, but I haven't committed the other series yet due to wanting to take a second pass at it. Changes since v1: - Fix syntax in img/app development Makefile target. - Enable virgl for virtio-gpu devices (see below). v1: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379… Introduction ------------ This series adds the Spectrum-side support for running VMs that can display Wayland windows on the host compositor, using virtio-gpu. There are various small things still to be resolved, but it's ready for other people to try out and test. The easiest way to test this out is to run "vm-start hello-wayland" on the Spectrum host. If everything goes well, a small window with a picture of a cat (hello-wayland) should appear. This window is running in a VM. Currently, virgl is enabled for all virtio-gpu devices. This means that all VMs will have GPU acceleration enabled. This is currently required to work around what appears to be a kernel bug that causes applications to freeze, but is likely not something we want to be enabling by default once that's fixed. I have tested with hello-wayland, as in the appvm provided as a demonstration here, and also with foot (by replacing hello-wayland with foot in that VM). I haven't done enough testing with this version of the code to guage how reliably they work yet. [1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220919073659.170327… [2]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379… Alyssa Ross (10): host/start-vm: use MAP_SHARED memory for VMs img/app: don't block app startup on network online img/app: add Wayland over virtio-gpu support to kernel vm-lib: add mesa drivers to VM img/app: add support for testing virtio-gpu img/app: add support for testing in crosvm host/start-vm: factor out VM definition path host: add support for Wayland in VMs vm/app: add hello-wayland demo VM host/start-vm: disable cloud-hypervisor sandbox Documentation/creating-vms.adoc | 5 +++ host/initramfs/extfs.nix | 3 ++ host/rootfs/Makefile | 4 +++ host/rootfs/default.nix | 4 +-- host/rootfs/etc/s6-rc/ext-rc-init/up | 8 +++++ host/rootfs/etc/template/gpu/data/check | 5 +++ host/rootfs/etc/template/gpu/notification-fd | 1 + .../etc/template/gpu/notification-fd.license | 2 ++ host/rootfs/etc/template/gpu/run | 9 ++++++ host/rootfs/etc/template/gpu/type | 1 + host/rootfs/etc/template/gpu/type.license | 2 ++ host/start-vm/start-vm.rs | 26 +++++++++------ img/app/Makefile | 32 +++++++++++++++++-- img/app/default.nix | 3 +- img/app/etc/mdev/iface | 2 +- img/app/etc/mdev/listen | 12 +++++++ img/app/etc/mdev/wait | 15 +++++++++ img/app/etc/s6-rc/ok-all/contents | 1 + img/app/shell.nix | 2 +- vm-lib/make-vm.nix | 14 ++++++-- vm/app/catgirl.nix | 1 + vm/app/hello-wayland.nix | 25 +++++++++++++++ vm/app/lynx.nix | 1 + 23 files changed, 159 insertions(+), 19 deletions(-) create mode 100755 host/rootfs/etc/template/gpu/data/check create mode 100644 host/rootfs/etc/template/gpu/notification-fd create mode 100644 host/rootfs/etc/template/gpu/notification-fd.license create mode 100755 host/rootfs/etc/template/gpu/run create mode 100644 host/rootfs/etc/template/gpu/type create mode 100644 host/rootfs/etc/template/gpu/type.license create mode 100755 img/app/etc/mdev/listen create mode 100755 img/app/etc/mdev/wait create mode 100644 vm/app/hello-wayland.nix -- 2.37.1

1 11

[RFC PATCH nixpkgs v2 0/9] virtio-gpu with crosvm and cloud-hypervisor
by Alyssa Ross 30 Sep '22

30 Sep '22

Changes since v1 ---------------- - Fixed the cloud-hypervisor seccomp sandbox for the GPU device. - Worked around crosvm not handling wlroots's read-only keymaps in cloud-hypervisor. (Thanks Puck.) - Switched to cherry-picks of sternenseemann's ocamlPackages.wayland and wayland-proxy-virtwl updates from upstream. v1: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379… Introduction ------------ This series contains all the changes needed to make it possible to run Wayland over cross-domain virtio-gpu using cloud-hypervisor. It only contains changes needed to packages in Nixpkgs, so there's no Spectrum integration here. That's a separate patchset, of which I'll also be sending v2 soon. There's also still some work to do here, hence being marked RFC — in the cloud-hypervisor patch you'll spot a few TODOs and FIXMEs — but it's ready for other people to have a look at and test. With these changes, it's possible to run a cloud-hypervisor VM with a GPU attached as follows: crosvm device gpu --socket vhost-user-gpu.sock ... cloud-hypervisor --gpu socket=vhost-user-gpu.sock ... Then in the guest, just run a Wayland application under wayland-proxy-virtwl: wayland-proxy-virtwl --virtio-gpu hello-wayland For Wayland over cross-domain virtio-gpu, which we're particularly interested in, the full crosvm command line would be something like: crosvm device gpu --socket vhost-user-gpu.sock \ --wayland-sock "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \ --params '{"context-types": "virgl:virgl2:cross-domain"}' Overview -------- We start by upgrading crosvm to a beta version (since very recent changes changed their vhost-user implementation in a way that makes it significantly easier to interoperate with from cloud-hypervisor), then applying a few small fixes for cases where crosvm had made assumptions that were violated by cloud-hypervisor. Next, we apply patches to cloud-hypervisor and some of its dependencies, to implement the frontend of the GPU device. Finally, we upgrade wayland-proxy-virtwl (the program that speaks virtio-gpu and acts as the Wayland compositor inside the guest) to a version that supports virtio-gpu. I'm using wayland-proxy-virtwl over Sommelier here primary because Sommelier appears to have broken with Linux 5.19, but another nice benefit is that wayland-proxy-virtwl is maintained by somebody that we know and talk to sometimes on discuss(a)spectrum-os.org. Upstreamability --------------- A question anybody looking at the volume of changes here should be asking is: "To what extent is this upstreamable?". It's a bit of a mixed bag — most notably, cloud-hypervisor is not interested in virtio-gpu[1], so we'll have to maintain the cloud-hypervisor patches ourselves until we can come up with a more upstream-friendly solution (e.g. a vfio-user implementation of virtio-gpu). We also can't upstream the changes to the vhost crate, as the protocol we are using is crosvm specific, and so some standardisation work would need to happen there. But we can upstream the changes to crosvm, and the virtio-bindings crate. I've already started on the latter. As for the patches to Nixpkgs itself here, the updates to wayland-proxy-virtwl and the wayland library it depends on are already upstream (thanks sterni), I have an open PR[2] for the crosvm update (although to 105.0 rather than 106.3 than here, since the 106 series is still in beta), and the rustPlatform change is also upstreamable, but would require auditing Nixpkgs for cargoSha256 values that would change as a result. [1]: https://github.com/cloud-hypervisor/cloud-hypervisor/discussions/3960#discu… [2]: https://github.com/NixOS/nixpkgs/pull/193746 Alyssa Ross (7): crosvm: switch back to old git repo URL crosvm.updateScript: update release branch format crosvm: 104.0 -> 106.2 crosvm.updateScript: don't vendor Cargo.lock crosvm: add fixes for cloud-hypervisor virtio-gpu rustPlatform: forward unpack hooks to cargo fetch cloud-hypervisor: add virtio-gpu support sternenseemann (2): ocamlPackages.wayland: 1.0 -> 1.1 wayland-proxy-virtwl: unstable-2021-12-05 -> unstable-2022-09-22 .../0001-build-use-local-vhost.patch | 39 + ...dings-regenerate-with-bindgen-0.60.1.patch | 2589 ++++++++++++ ...0002-build-use-local-virtio-bindings.patch | 39 + ...gs-remove-workaround-for-old-bindgen.patch | 28 + ...-bindings-regenerate-with-Glibc-2.36.patch | 247 ++ ...0003-virtio-devices-add-a-GPU-device.patch | 1279 ++++++ ...-bindings-regenerate-with-Linux-5.19.patch | 1067 +++++ ...tio-bindings-add-virtio-gpu-bindings.patch | 3587 +++++++++++++++++ .../cloud-hypervisor/default.nix | 64 +- ...ser-add-shared-memory-region-support.patch | 724 ++++ .../virtualization/crosvm/Cargo.lock | 2214 ---------- .../crosvm/default-seccomp-policy-dir.diff | 38 +- .../virtualization/crosvm/default.nix | 15 +- ...-consider-shm-buuffers-when-setting-.patch | 34 + ...t_user-loosen-expected-message-order.patch | 71 + ...ces-vhost_user-remove-spurious-check.patch | 42 + .../virtualization/crosvm/update.py | 15 +- .../rust/build-rust-package/default.nix | 4 +- .../ocaml-modules/wayland/default.nix | 8 +- .../wayland/wayland-proxy-virtwl/default.nix | 17 +- 20 files changed, 9857 insertions(+), 2264 deletions(-) create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-build-use-local-vhost.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-virtio-bindings-regenerate-with-bindgen-0.60.1.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-build-use-local-virtio-bindings.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-virtio-bindings-remove-workaround-for-old-bindgen.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-bindings-regenerate-with-Glibc-2.36.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-devices-add-a-GPU-device.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-bindings-regenerate-with-Linux-5.19.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0005-virtio-bindings-add-virtio-gpu-bindings.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/vhost-vhost_user-add-shared-memory-region-support.patch delete mode 100644 pkgs/applications/virtualization/crosvm/Cargo.lock create mode 100644 pkgs/applications/virtualization/crosvm/devices-properly-consider-shm-buuffers-when-setting-.patch create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-loosen-expected-message-order.patch create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-remove-spurious-check.patch base-commit: 768879638cfd6a54664b762ec98a7f8f45620c44 -- 2.37.1

1 9

[RFC PATCH 00/10] Initial support for VM Wayland
by Alyssa Ross 30 Sep '22

30 Sep '22

IMPORTANT NOTE: this series should be applied on top of my previous series "Introduce a shared base for application VMs" [1]. This is a bit inconvenient I know, but I haven't committed the other series yet due to wanting to take a second pass at it. This series adds the Spectrum-side support for running VMs that can display Wayland windows on the host compositor, using virtio-gpu. There are various small things still to be resolved, but it's ready for other people to try out and test. The easiest way to test this out is to run "vm-start hello-wayland" on the Spectrum host. If everything goes well, a small window with a picture of a cat (hello-wayland) should appear. This window is running in a VM. One particular known issue is that on one run of the new appvm-hello-wayland, I got this error: [12:11:52.107] libwayland: error in client communication (pid 863) I'm not yet aware of what would cause such an error. It went away after I rebooted and tried again. There are some other known issues with my cloud-hypervisor patch too. See the other thread for information on those. [1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220919073659.170327… [2]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.158379… Alyssa Ross (10): host/start-vm: use MAP_SHARED memory for VMs img/app: don't block app startup on network online img/app: add Wayland over virtio-gpu support to kernel vm-lib: add mesa drivers to VM img/app: add support for testing virtio-gpu img/app: add support for testing in crosvm host/start-vm: factor out VM definition path host: add support for Wayland in VMs vm/app: add hello-wayland demo VM host/start-vm: disable cloud-hypervisor sandbox Documentation/creating-vms.adoc | 5 +++ host/initramfs/extfs.nix | 3 ++ host/rootfs/Makefile | 4 +++ host/rootfs/default.nix | 4 +-- host/rootfs/etc/s6-rc/ext-rc-init/up | 8 +++++ host/rootfs/etc/template/gpu/data/check | 5 +++ host/rootfs/etc/template/gpu/notification-fd | 1 + .../etc/template/gpu/notification-fd.license | 2 ++ host/rootfs/etc/template/gpu/run | 9 ++++++ host/rootfs/etc/template/gpu/type | 1 + host/rootfs/etc/template/gpu/type.license | 2 ++ host/start-vm/start-vm.rs | 26 +++++++++------ img/app/Makefile | 32 +++++++++++++++++-- img/app/default.nix | 3 +- img/app/etc/mdev/iface | 2 +- img/app/etc/mdev/listen | 12 +++++++ img/app/etc/mdev/wait | 15 +++++++++ img/app/etc/s6-rc/ok-all/contents | 1 + img/app/shell.nix | 2 +- vm-lib/make-vm.nix | 14 ++++++-- vm/app/catgirl.nix | 1 + vm/app/hello-wayland.nix | 25 +++++++++++++++ vm/app/lynx.nix | 1 + 23 files changed, 159 insertions(+), 19 deletions(-) create mode 100755 host/rootfs/etc/template/gpu/data/check create mode 100644 host/rootfs/etc/template/gpu/notification-fd create mode 100644 host/rootfs/etc/template/gpu/notification-fd.license create mode 100755 host/rootfs/etc/template/gpu/run create mode 100644 host/rootfs/etc/template/gpu/type create mode 100644 host/rootfs/etc/template/gpu/type.license create mode 100755 img/app/etc/mdev/listen create mode 100755 img/app/etc/mdev/wait create mode 100644 vm/app/hello-wayland.nix -- 2.37.1

1 11

[PATCH v2] EFI Loader: use correct arch suffix
by Ivan Nikolaenko 29 Sep '22

29 Sep '22

Previously there were hardcoded "x64" in EFI loaders' filenames. Signed-off-by: Ivan Nikolaenko <ivan.nikolaenko(a)unikie.com> --- img/combined/default.nix | 8 +++++--- img/live/Makefile | 2 +- img/live/default.nix | 6 ++++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/img/combined/default.nix b/img/combined/default.nix index 3989d55..f65f619 100644 --- a/img/combined/default.nix +++ b/img/combined/default.nix @@ -6,7 +6,7 @@ let inherit (builtins) storeDir; - inherit (pkgs.lib) removePrefix; + inherit (pkgs.lib) removePrefix toUpper; eosimages = import ./eosimages.nix { inherit config; }; @@ -31,6 +31,8 @@ let --owner 0 --group 0 | tar2sqfs $out ''; + efiArch = stdenv.hostPlatform.efiArch; + grub = grub2_efi; grubCfg = substituteAll { @@ -74,8 +76,8 @@ let done mcopy -i $out ${grub}/share/grub/unicode.pf2 ::/grub/fonts - grub-mkimage -o grubx64.efi -p "(hd0,gpt1)/grub" -O ${grub.grubTarget} part_gpt fat - mcopy -i $out grubx64.efi ::/EFI/BOOT/BOOTX64.EFI + grub-mkimage -o grub${efiArch}.efi -p "(hd0,gpt1)/grub" -O ${grub.grubTarget} part_gpt fat + mcopy -i $out grub${efiArch}.efi ::/EFI/BOOT/BOOT${toUpper efiArch}.EFI fsck.vfat -n $out ''; diff --git a/img/live/Makefile b/img/live/Makefile index 9815c88..e63c598 100644 --- a/img/live/Makefile +++ b/img/live/Makefile @@ -36,7 +36,7 @@ build/boot.fat: $(KERNEL) $(INITRAMFS) $(SYSTEMD_BOOT_EFI) build/spectrum.conf $(MCOPY) -i $@ build/spectrum.conf ::/loader/entries $(MCOPY) -i $@ $(KERNEL) ::/spectrum/linux $(MCOPY) -i $@ $(INITRAMFS) ::/spectrum/initrd - $(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/BOOTX64.EFI + $(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/$(EFINAME) # veritysetup format produces two files, but Make only (portably) # supports one output per rule, so we combine the two outputs then diff --git a/img/live/default.nix b/img/live/default.nix index 1fa8da3..4301ccc 100644 --- a/img/live/default.nix +++ b/img/live/default.nix @@ -9,7 +9,7 @@ let inherit (config) pkgs; - inherit (pkgs.lib) cleanSource cleanSourceWith hasSuffix; + inherit (pkgs.lib) cleanSource cleanSourceWith hasSuffix toUpper; extfs = pkgs.pkgsStatic.callPackage ../../host/initramfs/extfs.nix { inherit config; @@ -17,6 +17,7 @@ let rootfs = import ../../host/rootfs { inherit config; }; scripts = import ../../scripts { inherit config; }; initramfs = import ../../host/initramfs { inherit config rootfs; }; + efiArch = stdenv.hostPlatform.efiArch; in stdenvNoCC.mkDerivation { @@ -35,7 +36,8 @@ stdenvNoCC.mkDerivation { INITRAMFS = initramfs; KERNEL = "${rootfs.kernel}/${stdenv.hostPlatform.linux-kernel.target}"; ROOT_FS = rootfs; - SYSTEMD_BOOT_EFI = "${systemd}/lib/systemd/boot/efi/systemd-bootx64.efi"; + SYSTEMD_BOOT_EFI = "${systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi"; + EFINAME = "BOOT${toUpper efiArch}.EFI"; buildFlags = [ "build/live.img" ]; makeFlags = [ "SCRIPTS=${scripts}" ]; -- 2.25.1

3 2

[RFC PATCH nixpkgs 0/9] virtio-gpu with crosvm and cloud-hypervisor
by Alyssa Ross 29 Sep '22

29 Sep '22

Introduction ------------ This series contains all the changes needed to make it possible to run Wayland over cross-domain virtio-gpu using cloud-hypervisor. It only contains changes needed to packages in Nixpkgs, so there's no Spectrum integration here. That'll be coming soon. There's also still some work to do here, hence being marked RFC — in the cloud-hypervisor patch you'll spot a few TODOs and FIXMEs — but it's ready for other people to have a look at and test. With these changes, it's possible to run a cloud-hypervisor VM with a GPU attached as follows: crosvm device gpu --socket vhost-user-gpu.sock ... cloud-hypervisor --gpu socket=vhost-user-gpu.sock ... Then in the guest, just run a Wayland application under wayland-proxy-virtwl: wayland-proxy-virtwl --virtio-gpu hello-wayland For Wayland over cross-domain virtio-gpu, which we're particularly interested in, the full crosvm command line would be something like: crosvm device gpu --socket vhost-user-gpu.sock \ --wayland-sock "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \ --params '{"context-types": "cross-domain"}' Overview -------- We start by upgrading crosvm to a beta version (since very recent changes changed their vhost-user implementation in a way that makes it significantly easier to interoperate with from cloud-hypervisor), then applying a few small fixes for cases where crosvm had made assumptions that were violated by cloud-hypervisor. Next, we apply patches to cloud-hypervisor and some of its dependencies, to implement the frontend of the GPU device. Finally, we upgrade wayland-proxy-virtwl (the program that speaks virtio-gpu and acts as the Wayland compositor inside the guest) to a version that supports virtio-gpu. I'm using wayland-proxy-virtwl over Sommelier here primary because Sommelier appears to have broken with Linux 5.19, but another nice benefit is that wayland-proxy-virtwl is maintained by somebody that we know and talk to sometimes on discuss(a)spectrum-os.org. Upstreamability --------------- A question anybody looking at the volume of changes here should be asking is: "To what extent is this upstreamable?". It's a bit of a mixed bag — most notably, cloud-hypervisor is not interested in virtio-gpu[1], so we'll have to maintain the cloud-hypervisor patches ourselves until we can come up with a more upstream-friendly solution (e.g. a vfio-user implementation of virtio-gpu). We also can't upstream the changes to the vhost crate, as the protocol we are using is crosvm specific, and so some standardisation work would need to happen there. But we can upstream the changes to crosvm, and the virtio-bindings crate. I've already started on the latter. As for the patches to Nixpkgs itself here, we can upstream the crosvm update (although should probably target 105 if I get round to it soon, since 106 is still beta), the rustPlatform change, and the updates to wayland-proxy-virtwl and the wayland library it depends on. [1]: https://github.com/cloud-hypervisor/cloud-hypervisor/discussions/3960#discu… Alyssa Ross (9): crosvm: switch back to old git repo URL crosvm.updateScript: update release branch format crosvm: 104.0 -> 106.2 crosvm.updateScript: don't vendor Cargo.lock crosvm: add fixes for cloud-hypervisor virtio-gpu rustPlatform: forward unpack hooks to cargo fetch cloud-hypervisor: add virtio-gpu support ocamlPackages.wayland: 1.0 -> unstable-2022-05-07 wayland-proxy-virtwl: unstable-2021-12-05 -> unstable-2022-08-06 .../0001-build-use-local-vhost.patch | 39 + ...dings-regenerate-with-bindgen-0.60.1.patch | 2589 ++++++++++++ ...0002-build-use-local-virtio-bindings.patch | 39 + ...gs-remove-workaround-for-old-bindgen.patch | 28 + ...-bindings-regenerate-with-Glibc-2.36.patch | 247 ++ ...-devices-add-a-vhost-user-gpu-device.patch | 1253 ++++++ ...-bindings-regenerate-with-Linux-5.19.patch | 1067 +++++ ...tio-bindings-add-virtio-gpu-bindings.patch | 3587 +++++++++++++++++ .../cloud-hypervisor/default.nix | 64 +- ...ser-add-shared-memory-region-support.patch | 724 ++++ .../virtualization/crosvm/Cargo.lock | 2214 ---------- .../crosvm/default-seccomp-policy-dir.diff | 38 +- .../virtualization/crosvm/default.nix | 15 +- ...-consider-shm-buuffers-when-setting-.patch | 34 + ...t_user-loosen-expected-message-order.patch | 71 + ...ces-vhost_user-remove-spurious-check.patch | 42 + .../virtualization/crosvm/update.py | 15 +- .../rust/build-rust-package/default.nix | 4 +- .../ocaml-modules/wayland/default.nix | 12 +- .../wayland/wayland-proxy-virtwl/default.nix | 14 +- 20 files changed, 9834 insertions(+), 2262 deletions(-) create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-build-use-local-vhost.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0001-virtio-bindings-regenerate-with-bindgen-0.60.1.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-build-use-local-virtio-bindings.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0002-virtio-bindings-remove-workaround-for-old-bindgen.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-bindings-regenerate-with-Glibc-2.36.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0003-virtio-devices-add-a-vhost-user-gpu-device.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-bindings-regenerate-with-Linux-5.19.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0005-virtio-bindings-add-virtio-gpu-bindings.patch create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/vhost-vhost_user-add-shared-memory-region-support.patch delete mode 100644 pkgs/applications/virtualization/crosvm/Cargo.lock create mode 100644 pkgs/applications/virtualization/crosvm/devices-properly-consider-shm-buuffers-when-setting-.patch create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-loosen-expected-message-order.patch create mode 100644 pkgs/applications/virtualization/crosvm/devices-vhost_user-remove-spurious-check.patch base-commit: 768879638cfd6a54664b762ec98a7f8f45620c44 -- 2.37.1

2 13