#spectrum on 2019-11-04

2019-08-29 20:55 qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/

06:31 <MichaelRaskin> (I do get initramfs shell, and can access nd modify the stateful storage provided as rwdisk)

06:48 tilpner has joined #spectrum

06:56 MichaelRaskin has quit [Quit: MichaelRaskin]

09:00 <IdleBot_9cfd8a4c> Status update: when running CrosVM as user, 9p works only with --disable-sandbox. NixOS VM does not work anyway: for some reason overlayfs works fine with Qemu 9p but not with CrosVM 9p

09:31 <qyliss> IdleBot_9cfd8a4c: Have you tried getting it to boot from a rootfs, with no initrd?

09:44 <IdleBot_9cfd8a4c> I wanted to use a Hydra kernel, so no

09:45 <qyliss> Would be interested to see if you could get it to work.

09:46 <IdleBot_9cfd8a4c> I wonder how small an initramfs is needed to mount the RO store over 9p… maybe it would be easier and not too slow

10:19 <IdleBot_9cfd8a4c> qyliss: you are specifically interested in rootfs without initramfs?

10:22 <qyliss> Yes -- I don't see any point having an initramfs

10:27 <IdleBot_9cfd8a4c> Well, avoiding kernel rebuilds…

10:28 <IdleBot_9cfd8a4c> Although in our case we could build something just large enough to use 9p or tftp

10:29 <IdleBot_9cfd8a4c> (in the same way a normal boot sequence would use initramfs)

10:31 IdleBot_9cfd8a4c has quit [Remote host closed the connection]

10:31 IdleBot_59b8da4c has joined #spectrum

10:32 <IdleBot_59b8da4c> But if we want any kind of tmpfs, we can just as well use initramfs, too

10:56 <qyliss> We'll build our own kernels anyway -- kernel rebuilds don't really matter.

11:06 <IdleBot_59b8da4c> Well, eventually maybe yes, but I want least amount of work before something useful happens (then iterate)

18:05 <IdleBot_59b8da4c> qyliss: re: no-initramfs: do you have a promising enough kernel config?

18:05 <qyliss> All I really tried was the Nixpkgs kernel with ENABLE_SQUASHFS=y

18:10 <IdleBot_59b8da4c> Did it have any block device as Y??

18:11 <qyliss> I suppose not?

18:11 <IdleBot_59b8da4c> And how was it supposed to read the image?

18:12 <qyliss> crosvm magic?? :P

18:13 <qyliss> I'll admit I don't know exactly where the seperation between vmm and kernel is in setting up devices and stuff

18:13 <IdleBot_59b8da4c> I thought VM magic boils down to vda block device which still needs _some_ block device support in kernel!

18:14 <multi> IdleBot_59b8da4c: that aligns with my understanding

18:14 <IdleBot_59b8da4c> CONFIG_VIRTIO_BLK=Y is highly recommended if you want your kernel to actually see vda

18:14 <multi> qyliss: afaiui, the hypervisor provides an emulated block device to the guest, which the guest then requires block device drivers to access

18:14 <multi> IdleBot_59b8da4c +1

18:15 <IdleBot_59b8da4c> That explains the squashfs failure, I guess…

18:15 <IdleBot_59b8da4c> Still unsure why sandbox+nonroot+9p=fail

18:16 <IdleBot_59b8da4c> I wonder if one cann connect third-party virtio providers without compiling them into the CrosVM…

18:16 <multi> i would offer to poke at things, but i have neither the time spare nor a hypervisor machine i can through up a nixos vm on ^^"

18:17 <qyliss> No need for a NixOS vm

18:17 <qyliss> You just need a Nix installation

18:17 <IdleBot_59b8da4c> NixOS VM is not strictly speaking necessary at any point

18:17 <qyliss> You can get it from apt in debian nowadays I think

18:19 <multi> qyliss: not seeing anything, unless i'm not getting the package name right

18:20 <qyliss> Might still be in testing or whatever

18:21 <multi> not seeing anything on packages.debian.org either (under the search term "nix")

18:22 <qyliss> https://ftp-master.debian.org/new/nix_2.2.1-2.html

18:22 <multi> ooooooh hello

18:25 <multi> i can probably work with that and feed that into my automagic package generation tooling

18:30 <multi> inb4 i turn into that weirdo who runs nixpkgs-on-debian...

18:30 <qyliss> not that weird

18:31 <multi> i dunno how common or not doing that sort of thing is

18:32 <qyliss> it's not uncommon

18:32 <multi> fair enough

18:32 <qyliss> Linux Nix users are generally either on NixOS or Ubuntu/Debian, IME

18:32 <qyliss> At least the ones I hear from

18:32 <multi> huh, til

18:37 <multi> how much does nixpkgs assume that you're running systemd? my debian machine is a bit of a frankenmess running with s6

18:39 <qyliss> none

18:39 <qyliss> It doesn't install units or anything

18:39 <qyliss> That's NixOS's job

18:39 <multi> right. just checking as this debian packaging has systemd-ish stuff involved, which i don't totally understand

18:39 <qyliss> Nix itself has a daemon

18:40 <qyliss> Which you don't have to use, but does nice things

18:40 <qyliss> So I imagine the Debian package comes with a systemd unit for that

18:40 <multi> looks like it

18:41 <multi> i can hack around that by just running it in a root-owned tmux for now tbh

18:42 <qyliss> You can also just not use the daemon

18:42 <qyliss> Or, well, I don't know about with the Debian package

18:42 <multi> what nice things does the daemon do?

18:42 <qyliss> Means you don't have to own the store, for one

18:43 <qyliss> Which is important if you have multiple users

18:43 * multi nods

18:43 <qyliss> Untrusted users don't have to be able to write to the store

18:43 <qyliss> Only root or whatever

18:43 <qyliss> That's basically it

18:45 <multi> okay

18:56 * multi hacks on debian package's dependencies to make it actually installable on her laptop, rebuilds

19:14 pie_ has quit [Quit: pie_]

19:59 <IdleBot_59b8da4c> Re: Nixpkgs and systemd: I dropped NixOS with one of the annoyances being systemd, I run a weird something based on Nixpkgs, I have no problems

20:00 <IdleBot_59b8da4c> nix-daemon is quite useful, but you basically run it as nix-daemon without arguments, so you should be able to make it work with any init system

23:31 pie_ has joined #spectrum