Update of "Experiment: mmmv_silkexec"
Not logged in

Artifact ID: 3f93973052ff38249260755151902ab9f6c40db3
Page Name:Experiment: mmmv_silkexec
Date: 2017-01-09 17:30:10
Original User: martin_vahi
Parent: 3133a2faf5783ada0336828a42408049e4b0b33f (diff)
Next 6c57a7635835bff6a0b71e4aa4076348014736f1

Currently code for the mmmv_silkexec does not exist, but the development deliverables will be among versioned files, when it becomes available.

A mmmv_silkexec application (hereafter: silkexapp) is wrapper to other applications, including other mmmv_silkexec applications. The purpose of the wrapping is to use extra tags and user specific configuration parameters for using the wrappable application.

The mmmv_silkexec project consists of the following tools:

mmmv_silkexec <full path of or a name on the PATH> <the command line args of the silkexapp>

No technical solution is going to compensate for crappy work, because technical tools can be switched off or the original authors of software may leave edge cases out of consideration. The main ideas behind the mmmv_silkexec are to allow the execution of only those silkexapps that have been tested and/or verified by trusted parties, the NixOS package manager idea that each application is executed in an environment, where the LD_LIBRARY_PATH and the PATH have silkexapp specific prefixes, the reliance on operating system services is limited to the UNIX standard to give the mmmv_silkexec a chance to be ported to all operating systems that have the UNIX layer (Linux, BSD, GNU Hurd, Genode OS, Minix3), the mmmv_silkexec must be fully usable without having any root access.

Silkexapp Format

None of the silkexapp standard file and folder names contain any spaces, tabulation characters, line breaks. All silkexapp configuration text files, the ones at the silkexapp etc folder, are preprocessed by removing all spaces, tabulation characters, single-line-comments that start with either "#" or "//". After the single-line-comments deletion preprocessing step all of the linebreaks are deleted, except for the list_of_immediate_dependencies.txt.

<relateive ID as folder name>
    +--bin  # is a symlink to the folder ./build/bin 
    |       # that gets created by the mmmv_silkexec after the building of the silkexapp has succeeded.
    |       # It is guaranteed to be missing, when a properly constructed build script exited with an error.
    +-- etc # is an optional folder
    |    +--runtime_environment # is an optional folder
    |    |    |
    |    |    +--overriding_values_of_environment_variables   # the existence of this folder is optional
    |    |    |    |# All files in this folder are optional. File names without the ".txt" suffix
    |    |    |    |# must match with the environment variable name. File names are case sensitive.
    |    |    |    +--LD_LIBRARY_PATH.txt
    |    |    |    +--PATH.txt
    |    |    |    +--CFLAGS.txt
    |    |    |    +--<other environment variables>
    |    |    |
    |    |    +--prefixes_of_environment_variables   # the existence of this folder is optional
    |    |         |# All files in this folder are optional. File names without the ".txt" suffix
    |    |         |# must match with the environment variable name. File names are case sensitive.
    |    |         +--LD_LIBRARY_PATH.txt
    |    |         +--PATH.txt
    |    |         +--CFLAGS.txt
    |    |         +--<other environment variables>
    |    |
    |    +--buildtime_environment # is an optional folder.
    |    |                        # The content of this folder has the same format
    |    |                        # as does the folder ./runtime_environment
    |    |
    |    +--list_of_immediate_dependencies.txt # Optional. If exists, then 
    |                                          # there is one Silktorrent packet name per line.
    |                                          # Includes build dependencies.
    +--src # After unpacking it is recursively set to file permissions 04AB, 
    |    | # where A,B inSet{4,0} and each of them, the A and the B, is 
    |    | # determined by mmmv_silkexec settings, which are manipulated by 
    |    | # mmmv_silkexec sys-commands. Everything in the this folder, the src,
    |    | # is automatically copied to the build folder before building. 
    |    |
    |    +--silkexapp_control
    |    |    |
    |    |    +--build_script.bash # is executed as a copy in the subfolder of the build folder. 
    |    |    |                    # Building always includes bootstrapping. If the build fails,
    |    |    |                    # then the build_script.bash must exit with a non-0 error code.
    |    |    |
    |    |    +--run_all_tests_and_exit_with_0_if_all_tests_pass_t1.bash # should describe failures at stdout or stderr
    |    |    |
    |    |    +--delete_cache_content_t1.bash # sets silkexapp state to as if it were installed the 1. time
    |    |                                    # If build succeeds and this file exists, then 
    |    |                                    # it is automatically called by the mmmv_silkexec
    |    |                                    # after the build. It must be able to handle a case, 
    |    |                                    # where there is no copy of the cache.
    |    |
    |    +--upstream_deliverables # is a folder
    +--build  # is deleted by the mmmv_silkexec every time before the silkexapp is built .
         |    # The mmmv_silkexec sets its file permissions recursively 
         |    # to 07AB before executing the build_script.bash. 
         |    # The A and the B are the same as with the src folder.
         +--bin # is the target of the silkexapp bin folder symlink. This folder 
         |      # is created automatically before the build_script.bash is run.
         +--silkexapp_control  # copy of the folder from the src

Silkexapps are installed/unpacked to

To make it possible to share silkexapps between different users of a same system, packages are allowed to assume that they have write access only to 

The mmmv_silkexec preprocesses silkexapp names by removing a single instance of the following prefixes: "sys_", "usr_". A silkexapp that is on PATH and has a name of "sys_foo" should be executed as "mmmv_silkexec usr_sys_foo". The prefix "sys_" is reserved for mmmv_silkexec commands. Preprocessing is not applied, when the silkexapp executable is referred through a full path.  The mmmv_silkexec sets the values of silkexapp runtime and buildtime enironment variables according to the following precedence: 

  1. If configuration exists, override the value of the environment variable.
  2. Prefix the value from the step 1 with the value from the configuration file.
  3. Prefix the value from the step 2 with the full path of the silkexapp bin folder.
  4. <Execute the executable from the silkexapp bin folder or diagnostics folder.>

Testing (Including Verification and Audits)

The executable mmmv_silkexec application must have only dependencies that have also been verified and/or tested by trusted parties. 

Different parties trust different other parties. Trust is a multidimensional value. A very kindhearted and not corrupt person can be totally untrustworthy from their capabilities point of view. On the other hand, sometimes, at some narrow contexts, enemies can be more trustworthy than friends. For example, enemies might have a good track record of fine skills and being rigorous and they might use some component, software package, at some security wise extremely critical role, while being very rigorous at the construction of their software component.

Given that the only proper way to verify/review code is a fully automated way(archival copy), there has to be a way to subscribe to the testing/verification system of the trusted parties. To avoid a Denial of Service attack by hacking into the testing/verification systems of one of the trusted parties, the local settings of the mmmv_silkexec should treat a test failure of a formerly accepted component as a timed warning, where the warning state moves to a blocked/failed state with a delay. The delay gives the trusted party time to handle the hack.

Components to Study