Artifact Content
Not logged in

Artifact 8ffff49d5a86bcd502534a1f905e48fdf635da7e:

Wiki page [Experiment: mmmv_silkexec] by martin_vahi on 2017-06-02 00:37:43.
D 2017-06-02T00:37:43.896
L Experiment:\smmmv_silkexec
P 5268df65d4ba274452af7d76558cb6c880ab1daf
U martin_vahi
W 23217
<p><br>
</p>

<h1>The Current and&nbsp;<font color="#ff0000">Incomplete</font>&nbsp;Version
of this Specification</h1>

<p><font color="#ff0000">Currently code for the mmmv_silkexec does not exist.
The flaws that the current version must eliminate are described at the page of
the&nbsp;<a href="https://www.softf1.com/cgi-bin/tree1/technology/flaws/silktorrent.bash/wiki?name=Experiment:+mmmv_silkexec:+Deprecated+Version+1">most
current deprecated version</a>.</font></p>

<p><br>
</p>

<h1>Deprecated Versions of this Specification</h1>

<p></p>
<ul>
<li><a href="./wiki?name=Experiment:+mmmv_silkexec:+Deprecated+Version+1">Deprecated
Version 1</a>, which is complete, but flawed.&nbsp;</li>
</ul>

<p></p>

<p><br>
</p>

<h1>Partial Draft of the Current Specification</h1>

<p>A&nbsp;<b>mmmv_silkexec application (hereafter: silkexapp) is wrapper to
other applications</b>, including other mmmv_silkexec applications.&nbsp;<b>The
purpose of the wrapping is to use tags and user specific configuration
parameters</b>&nbsp;for using the wrappable application. Each silkexapp is
distributed as a Silktorrent packet. Silkexapp declares its dependencies either
by listing the Silktorrent packets that the dependencies have been wrapped to
or by listing the names of the command line programs that must be on the PATH.
Silkexapps are searched from a path that is described at the environment
variable named MMMV_SILKEXEC_TRUSTED_REPOSITORY. Optionally there may also be a
folder path referencing environment variable named
MMMV_SILKEXEC_UNTRUSTED_REPOSITORY, but Silktorrent packets at that folder are
expected to be accessed only for scrutinizing/auditing.&nbsp;</p>

<p>Silkexapps must use/set their own build specific and execution specific
values for the LD_LIBRARY_PATH and PATH. The general ideology is that almost
nothing is assumed of the silkexapps and the silkexapps are expected to
optionally use the environment that is offered to them, except that the
silkexapp packaging format.</p>

<p><br>
</p>

<h1>Silkexapp Format</h1>

<p>None of the silkexapp standard file and folder names contain any spaces,
tabulation characters, line breaks. All silkexapp configuration text files, the
ones at the silkexapp etc folder, are preprocessed by removing all spaces,
tabulation characters,&nbsp;<b>single-line-comments that start with either "#"
or "//"</b>. After the single-line-comments deletion preprocessing step all of
the linebreaks are deleted, except for the list_of_immediate_dependencies.txt.</p>

<p>&lt;silktorrent packet name&gt;</p>

<p>&nbsp; |</p>

<p>&nbsp; +--payload</p>

<p>&nbsp; &nbsp; &nbsp; | &nbsp; &nbsp;</p>

<div>
<pre>   +--silkexapp</pre>
<pre>     |</pre>
<pre>     +--&lt;a folder that has the silkexapp format version as its name&gt;</pre>
<pre>        |</pre>
<pre>        # The rest according to the silkexapp format version</pre>
<pre><br>
</pre>
<pre><h1 style="font-family: sans-serif; white-space: normal;">Silkexapp Format Version 01</h1><div><pre>format_version_01</pre><pre>  |</pre><pre>  +--list_of_immediate_dependencies_silkexapps.txt # Optional. If it exists, then </pre></div></pre>
</div>

<div>
<pre><pre>  |                                                # there is one <a href="http://www.softf1.com/cgi-bin/tree1/technology/flaws/silktorrent.bash/wiki?name=Algorithm+and+Implementation">Silktorrent packet</a> name per line.</pre><pre>  |                                                # All of the Silktorrent packets are required to </pre><pre>  |                                                # conform to the Silkexapp format.</pre><pre>  |                                                # The list includes build dependencies.</pre><pre>  |</pre><pre>  +--list_of_immediate_dependencies_on_PATH.txt  # Optional. If it exists, then </pre><pre>  |                                              # there is a semicolon-separated list of </pre><pre>  |                                              # command line programs. The list can be </pre><pre>  |                                              # placed to multiple lines, but last command line program </pre><pre>  |                                              # at the end of the line must be suffixed with a semicolon.</pre><pre>  |</pre><pre>  +--bin</pre><pre><pre>  |</pre><pre>  +--bonnet </pre><pre><pre>  |</pre><pre>  +--Rakefile</pre></pre></pre></pre>
</div>

<div>

<h1><br>
</h1>

<h1><br class="Apple-interchange-newline">
Action plan</h1>

<p>Create a reference implementation of the mmmv_silkexec specification and
document the reference implementation. The documentation will be in the role of
the mmmv_silkexec specification. Preliminary ideas about the implementation:<br>
</p>

<p></p>
<ul>
<li><b>Silkexapp is implemented as a Ruby class that is derived from a silkexec
specific base class. The silkexec uses reflection to study, whether the derived
class meets silkexec specification. The silkexapp Ruby class is required to
override silkexec API related methods.</b>&nbsp;The Rakefile of the silkexapp
either calls the same silkexapp specific Ruby library that the siliexapp Ruby
class calls, or the silkexapp Rakefile makes some of the silkexec API calls by
calling the Ruby API of the silkexec command line tool.</li>
<li>Test cases are implemented as part of the<font color="#008000">&nbsp;<a href="http://technology.softf1.com/mmmv_distrocomponents_t1/">mmmv_distrocomponents_t1</a>.&nbsp;</font><br>
</li>
</ul>

<p></p></div>

<p><br>
</p>

<p><br>
</p>

<h1><b><font color="#008000">Template text from Older spec for Copying Parts of
it</font></b></h1>

<p><br>
</p>

<p>A <b>mmmv_silkexec application (hereafter: silkexapp) is wrapper to other
applications</b>, including other mmmv_silkexec applications. <b>The purpose of
the wrapping is to use extra tags and user specific configuration parameters</b>
for using the wrappable application.</p>

<p>The mmmv_silkexec project consists of the following tools:</p>

<p></p>
<ul>
<li>The mmmv_silkexec command line tool for executing silkexapps by
automatically prefixing the PATH with a silkexapp specific PATH value. Call
syntax: &nbsp;</li>
</ul>

<blockquote>mmmv_silkexec &lt;full path of or a name on the PATH&gt; &lt;the
command line args of the silkexapp&gt;</blockquote>

<div><br>
</div>
<ul>
<li>An application for maintaining the tags, for example, tester specific test
results.</li>
<li>An application for maintaining mmmv_silkexec local installation specific
global configuration and the collection of silkexapps.<br>
</li>
</ul>

<p></p>

<p>No technical solution is going to compensate for crappy work, because
technical tools can be switched off or the original authors of software may
leave edge cases out of consideration. The main ideas behind the mmmv_silkexec
are<b>&nbsp;</b>to <b>allow the execution of only those silkexapps that have
been tested and/or verified by trusted parties</b>, the
<a href="https://nixos.org/nix/">NixOS package manager</a> idea that each
application is executed in an environment, where <b>the LD_LIBRARY_PATH and the
PATH have silkexapp specific prefixes</b>, the reliance on operating system
services is&nbsp;<b>limited to the UNIX standard</b> to give the mmmv_silkexec
a chance to be ported to all operating systems that have the UNIX layer <i>(Linux,
BSD, GNU Hurd, Genode OS, Minix3),</i> the&nbsp;mmmv_silkexec must be fully <b>usable
without having any root access</b>.</p>

<p><br>
</p>

<p><br>
</p>

<h1>Silkexapp Format</h1>

<p>None of the silkexapp standard file and folder names contain any spaces,
tabulation characters, line breaks. All silkexapp configuration text files, the
ones at the silkexapp etc folder, are preprocessed by removing all spaces,
tabulation characters, <b>single-line-comments that start with either "#" or
"//"</b>. After the single-line-comments deletion preprocessing step all of the
linebreaks are deleted, except for the list_of_immediate_dependencies.txt.</p>

<p><br>
</p>
<pre>&lt;silktorrent packet ID as folder name&gt;
</pre>
<pre>    |</pre>
<pre><pre>    +--bin  # is a symlink to ./build/bin . The symlink gets created by</pre><pre><pre>    |       # the mmmv_silkexec after the building of the silkexapp has succeeded. </pre><pre>    |       # The mmmv_silkexec deletes this symlink before the execution of the build_script.bash .</pre><pre>    |       # If the build_script.bash exited with an error, the mmmv_silkexec does not create this symlink.</pre></pre></pre>
<pre>    |</pre>
<pre>    +--doc  # is an optional symlink to ./build/doc . The symlink gets created by</pre>
<pre><pre>    |       # the mmmv_silkexec after the building of the silkexapp has succeeded. </pre><pre>    |       # The mmmv_silkexec deletes this symlink before the execution of the build_script.bash .</pre><pre>    |       # If the build_script.bash exited with an error, the mmmv_silkexec does not create this symlink.</pre></pre>
<pre>    |</pre>
<pre>    +-- etc # is an optional folder</pre>
<pre>    |    +--runtime_environment # is an optional folder</pre>
<pre>    |    |    |</pre>
<pre><pre>    |    |    +--overriding_values_of_environment_variable_values   # the existence of this folder is optional</pre><pre>    |    |    |    |  # All files in this folder are optional. File names without the ".txt" suffix</pre><pre>    |    |    |    |  # must match with the environment variable name. File names are case sensitive.</pre><pre>    |    |    |    |  </pre><pre>    |    |    |    +--LD_LIBRARY_PATH.txt</pre><pre>    |    |    |    +--PATH.txt</pre><pre>    |    |    |    +--CFLAGS.txt</pre><pre>    |    |    |    +--&lt;other environment variables&gt;</pre><pre>    |    |    |</pre></pre>
<pre>    |    |    +--prefixes_of_environment_variable_values   # the existence of this folder is optional</pre>
<pre><pre>    |    |         |  # All files in this folder are optional. File names without the ".txt" suffix</pre><pre>    |    |         |  # must match with the environment variable name. File names are case sensitive.</pre><pre>    |    |         |  </pre></pre>
<pre>    |    |         +--LD_LIBRARY_PATH.txt</pre>
<pre>    |    |         +--PATH.txt</pre>
<pre>    |    |         +--CFLAGS.txt</pre>
<pre>    |    |         +--&lt;other environment variables&gt;</pre>
<pre>    |    |</pre>
<pre>    |    +--buildtime_environment # is an optional folder.</pre>
<pre><pre>    |    |                        # The content of this folder has the same format</pre><pre>    |    |                        # as does the folder ./runtime_environment</pre></pre>
<pre><pre>    |    |</pre><pre><pre>    |    +--list_of_immediate_dependencies.txt # Optional. If exists, then </pre><pre>    |    |                                     # there is one <a href="http://www.softf1.com/cgi-bin/tree1/technology/flaws/silktorrent.bash/wiki?name=Algorithm+and+Implementation">Silktorrent packet</a> name per line.</pre><pre>    |    |                                     # All of the Silktorrent packets are required to </pre><pre>    |    |                                     # conform to the Silkexapp format.</pre><pre>    |    |                                     # The list includes build dependencies.</pre><pre>    |    |</pre></pre><pre>    |    +--list_of_aggregate_Silktorrent_packets.txt # Optional. If exists, then </pre><pre>    |                                                 # there is one <a href="./wiki?name=Algorithm+and+Implementation">Silktorrent packet</a> name per line.</pre><pre>    |                                                 # From the point of view of this mmmv_silkexec</pre><pre>    |                                                 # specification the content of those Silktorrent packets</pre><pre>    |                                                 # is not determined.</pre><pre>    |</pre><pre>    +--src # After unpacking it is recursively set to file permissions 04AB, </pre><pre>    |    | # where A,B inSet{4,0} and each of them, the A and the B, is </pre><pre>    |    | # determined by mmmv_silkexec settings, which are manipulated by </pre><pre>    |    | # mmmv_silkexec sys-commands. Everything in the this folder, the src,</pre><pre>    |    | # is automatically copied to the build folder before building. </pre><pre>    |    |</pre><pre>    |    +--silkexapp_control</pre><pre>    |    |    |</pre><pre>    |    |    +--build_script.bash # is executed as a copy in the subfolder of the build folder. </pre><pre>    |    |    |                    # Building always includes bootstrapping. If the build fails,</pre><pre>    |    |    |                    # then the build_script.bash must exit with a non-0 error code.</pre><pre>    |    |    |</pre><pre><pre>    |    |    +--run_all_tests_and_exit_with_0_if_all_tests_pass_t1.bash # should describe failures at stdout or stderr</pre><pre>    |    |    |</pre><pre>    |    |    +--si_storage_space_size_in_bytes_without_including_dependencies.bash # Prints a number to console.</pre><pre>    |    |    |                                                                     # The printout may include </pre><pre>    |    |    |                                                                     # a line break.</pre><pre>    |    |    |</pre><pre><pre>    |    |    +--si_recursive_storage_space_size_of_all_immediate_dependencies_in_bytes.bash </pre><pre>    |    |    |                                                                     # Prints a number to console.</pre><pre>    |    |    |                                                                     # The printout may include </pre><pre>    |    |    |                                                                     # a line break.</pre><pre>    |    |    |</pre><pre>    |    |    +--s_silkexapp_core_version.bash # Prints a string to console. To facilitate </pre><pre>    |    |    |                                # the use of signatures, the string is allowed to  </pre><pre>    |    |    |                                # include line breaks, spaces, tabulation characters.</pre><pre>    |    |    |                                # </pre><pre>    |    |    |                                # The idea is that different silkexapps can use the same  </pre><pre>    |    |    |                                # version of an application source, but the application source </pre><pre>    |    |    |                                # can be built by using different build parameters. </pre><pre>    |    |    |                                # Different silkexapps that build the application by </pre><pre>    |    |    |                                # using the same build parameters, can have 
</pre><pre>    |    |    |                                # different silkexapp scripts and different developers.</pre><pre>    |    |    |</pre><pre>    |    |    +--sb_is_ready_4_silkexapp_package_format_tests.bash # Prints a string from the set {"t","f"}, </pre><pre>    |    |    |                                                    # where "t" stands for "true" </pre><pre>    |    |    |                                                    # and "f" stands for "false".</pre><pre>    |    |    |                                                    # The string does not end with a line break.</pre><pre>    |    |    |                                                    # 
</pre><pre>    |    |    |                                                    # The "f" indicates that not all 
</pre><pre>    |    |    |                                                    # silkexapp format specific scripts and </pre><pre>    |    |    |                                                    # folders are present or ready to be used.</pre><pre>    |    |    |                                                    # The "t" indicates that the current </pre><pre>    |    |    |                                                    # specification is expected to be met</pre><pre>    |    |    |                                                    # to the extent that the silkexapp scripts</pre><pre>    |    |    |                                                    # can be tested. The output value can be
</pre><pre>    |    |    |                                                    # calculated during runtime, dynamically. </pre><pre>    |    |    |                                                    # For example, the script may study the </pre><pre>    |    |    |                                                    # value of environment variables and the presence</pre><pre>    |    |    |                                                    # and content of files.</pre><pre>    |    |    |                                                    # </pre><pre>    |    |    |                                                    # An optional command line parameter, </pre><pre>    |    |    |                                                    # "explanation", without the quotes, </pre><pre>    |    |    |                                                    # is expected to change the output mode </pre><pre>    |    |    |                                                    # from the "t" and "f" to a freestyle </pre><pre>    |    |    |                                                    # text that explains the circumstances </pre><pre>    |    |    |                                                    # that effect the choice between the </pre><pre>    |    |    |                                                    # "t" and "f". The freestyle text can</pre><pre>    |    |    |                                                    # contain line brakes, tabulation characters and </pre><pre>    |    |    |                                                    # spaces.</pre><pre>    |    |    |
</pre></pre><pre>    |    |    +--delete_cache_content_t1.bash # sets silkexapp state to as if it were installed the 1. time</pre><pre>    |    |                                    # If build succeeds and this file exists, then </pre><pre>    |    |                                    # it is automatically called by the mmmv_silkexec</pre><pre>    |    |                                    # after the build. It must be able to handle a case, </pre><pre>    |    |                                    # where there is no copy of the cache.</pre></pre><pre>    |    |</pre><pre>    |    +--upstream_deliverables # is a folder for unpatched, unmodified, originals</pre><pre>    |</pre><pre>    +--build  # is deleted by the mmmv_silkexec every time before the silkexapp is built .</pre></pre>
<pre><pre>         |    # The mmmv_silkexec sets its file permissions recursively </pre><pre>         |    # to 07AB before executing the build_script.bash. </pre><pre>         |    # The A and the B are the same as with the src folder.</pre><pre>         | </pre><pre>         +--bin # is the target of the silkexapp bin folder symlink. This folder </pre><pre>         |      # is created automatically before the build_script.bash is run.</pre><pre>         |</pre><pre>         +--doc # an optional folder that is meant to be created by the build_script.bash .</pre><pre>         |      # If this folder exists and the build_script.bash has </pre><pre>         |      # exited without any errors, id est with error code 0, </pre><pre>         |      # then mmmv_silkexec creates a symlink to this folder </pre><pre>         |      # from the silkexapp folder.</pre><pre>         |</pre><pre>         +--silkexapp_control  # copy of the folder from the src</pre><pre><br>


</pre>
</pre>

<p>Silkexapps are installed/unpacked to</p>
<ul>
<li>~/.silktorrent/mmmv_silkexec/silkexapps/&lt;various folders that have their
name derived from silkexapp Silktorrent packet name&gt;/&lt;Silkexapp
Silktorrent packet name&gt;_dir</li>
</ul>

<p>To make it possible to share silkexapps between different users of a same
system, packages are allowed to assume that they have write access only to&nbsp;</p>

<p></p>
<ul>
<li>/tmp</li>
<li>~/.silktorrent/mmmv_silkexec/applications_write_area/&lt;`whoami`&gt;/&lt;relative
path from package collection root&gt;</li>
<li>&lt;list of folders that can be queried by "mmmv_silkexec sys_&lt;something&gt;,
for example: mmmv_silkexec sys_s_fp_ramdisk_1 &gt;</li>
</ul>

<p></p>

<p>The mmmv_silkexec preprocesses silkexapp names by removing a single instance
of the following prefixes:<b> "sys_", "usr_".</b> A silkexapp that is on PATH
and has a name of "sys_foo" should be executed as "mmmv_silkexec usr_sys_foo".
The<b> prefix "sys_" is reserved for mmmv_silkexec commands.</b> Preprocessing
is not applied, when the silkexapp executable is referred through a full path.
&nbsp;The mmmv_silkexec sets the values of silkexapp runtime and buildtime
enironment variables according to the following precedence:&nbsp;</p>

<p></p>
<ol>
<li>If configuration exists, override the value of the environment variable.</li>
<li>Prefix the value from the step 1 with the value from the configuration
file.</li>
<li>Prefix the value from the step 2 with the full path of the silkexapp bin
folder.</li>
<li>&lt;Execute the executable from the silkexapp bin folder or
silkexapp_control folder.&gt;</li>
</ol>

<p></p>

<p><br>
</p>

<p><br>
</p>

<h1>Testing (Including Verification and Audits)</h1>

<p>Silkexecapp is executed only, if all of its dependencies have been
recursively audited/tested by trusted parties. Different parties trust
different other parties. Trust is a multidimensional value. A very kindhearted
and not corrupt person can be totally untrustworthy from their capabilities
point of view. On the other hand, sometimes, at some narrow contexts, enemies
can be more trustworthy than friends. For example, enemies might have a good
track record of fine skills and being rigorous and they might use some
component, software package, at some security wise extremely critical role,
while being very rigorous at the construction of their software component.</p>

<p>Given that
<a href="http://martin.softf1.com/g/yellow_soap_opera_blog/the-future-of-security-audits-episode-0">the
only proper way to verify/review code is to study it in a fully automated way</a><i>(<a href="https://archive.is/h3HJ4">archival
copy</a>)</i>, there has to be a way to subscribe to the testing/verification
system of the trusted parties. To avoid a Denial of Service attack by hacking
into the testing/verification systems of one of the trusted parties, the local
settings of the mmmv_silkexec should treat a test failure of a formerly
accepted component as a timed warning, where the warning state moves to a
blocked/failed state with a delay. The delay gives the trusted party time to
handle the hack.</p>

<p><br>
</p>

<p><br>
</p>

<h1>Components to Study</h1>

<p></p>
<ul>
<li><a href="https://firejail.wordpress.com/">Firejail</a> (<a href="https://github.com/netblue30/firejail">src</a>)
is a Linux specific component, but it might be a useful add-on on Linux.</li>
</ul>

<p></p>

<p><br>
</p>

<p><br>
</p>

<h1><a href="./wiki?name=Experiment:+mmmv_silkexec:+sub-specifications:">Experimental
Subspecifications</a></h1>

<p><br>
</p>

<h1><a href="./wiki?name=Experiment:+mmmv_silkexec:+References">References</a></h1>

<p><br>
</p>

Z b4864b18de66da299f9a26577a152c04