FreeBSD Quarterly Status Report - 2nd Quarter 2017

FreeBSD continues to defy the rumors of its demise.

Much of the development work done this quarter was not particularly
visible, especially the effort needed to ensure the upcoming 11.1
release has as few regressions as possible. Planning is also well under
way for the 10.4 maintenance release which will quickly follow it.

Further work focused on moving the arm architectures' support closer to
tier-1 status and improving documentation. In addition, large changes
were made to the src and ports trees.

These projects and others are further detailed below.

--Mark Linimon
__________________________________________________________________

The deadline for submissions covering the period from July to September
2017 is October 21, 2017.
__________________________________________________________________

FreeBSD Team Reports

* FreeBSD Release Engineering Team
* Ports Collection
* The FreeBSD Core Team
* The FreeBSD Foundation
* The Postmaster Team

Projects

* 64-bit Inode Numbers
* Capability-Based Network Communication for Capsicum/CloudABI
* Ceph on FreeBSD
* DTS Updates

Kernel

* Coda revival
* FreeBSD Driver for the Annapurna Labs ENA
* Intel 10G Driver Update
* pNFS Server Plan B

Architectures

* FreeBSD on Marvell Armada38x
* FreeBSD/arm64

Userland Programs

* DTC
* Using LLVM's LLD Linker as FreeBSD's System Linker

Ports

* A New USES Macro for Porting Cargo-Based Rust Applications
* GCC (GNU Compiler Collection)
* GNOME on FreeBSD
* KDE on FreeBSD
* New Port: FRRouting
* PHP Ports: Help Improving QA
* Rust
* sndio Support in the FreeBSD Ports Collection
* TensorFlow
* Updating Port Metadata for non-x86 Architectures
* Xfce on FreeBSD

Documentation

* Absolute FreeBSD, 3rd Edition
* Doc Version Strings Improved by Their Absence
* New Xen Handbook Section

Miscellaneous

* BSD Meetups at Rennes (France)

Third-Party Projects

* HardenedBSD
__________________________________________________________________

FreeBSD Team Reports

FreeBSD Release Engineering Team

Links
FreeBSD 11.1-RELEASE Schedule
URL: https://www.FreeBSD.org/releases/11.1R/schedule.html
FreeBSD Development Snapshots
URL: https://download.FreeBSD.org/ftp/snapshots/ISO-IMAGES/

Contact: FreeBSD Release Engineering Team <re@FreeBSD.org>

The FreeBSD Release Engineering Team is responsible for setting and
publishing release schedules for official project releases of FreeBSD,
announcing code freezes, and maintaining the respective branches, among
other things.

The FreeBSD 11.1-RELEASE cycle started on May 19, and continued as
scheduled. FreeBSD consumers are urged to test whenever possible to
help ensure the reliability and stability of the upcoming second
release from the stable/11 branch.

This project was sponsored by The FreeBSD Foundation.
__________________________________________________________________

Ports Collection

Links
About FreeBSD Ports
URL: https://www.FreeBSD.org/ports/
Contributing to Ports
URL: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/ports-contributing.html
FreeBSD Ports Monitoring
URL: http://portsmon.freebsd.org/index.html
Ports Management Team Website
URL: https://www.freebsd.org/portmgr/index.html
FreeBSD portmgr on Twitter (@freebsd_portmgr)
URL: https://twitter.com/freebsd_portmgr/
FreeBSD Ports Management Team on Facebook
URL: https://www.facebook.com/portmgr
FreeBSD Ports Management Team on Google+
URL: https://plus.google.com/communities/108335846196454338383

Contact: René Ladan <portmgr-secretary@FreeBSD.org>
Contact: FreeBSD Ports Management Team <portmgr@FreeBSD.org>

This quarter, 2017Q2, broke the 30,000 ports landmark for the first
time. The PR count is currently just under 2,500, with almost 600 of
them unassigned. This quarter saw almost 7,400 commits from 171
committers. More PRs got closed this quarter than last quarter, but
also more PRs got sent in, both of which are good to see.

Over the past three months, we welcomed four new committers: Bradley T.
Hughes (bhughes@), Danilo G. Baio (dbaio@), Jochen Neumeister
(joneum@), and Richard Gallamore (ultima@). kan@ re-joined us as a
ports committer. One commit bit, that of bf@, was taken in for
safekeeping after a long period of inactivity.

On the management side, the Ports Management Team welcomed back bapt@,
who is working on several new features for the Ports Tree. The Ports
Management Team also had its annual real-life meeting during BSDCan.

On the infrastructure side, three new USES values were introduced:
* cargo, to ease the porting of Rust packages or binaries using the
cargo command (also covered separately in this report)
* groff, to handle a dependency on the groff document formatting
system, that has been removed from the base system for FreeBSD 12
* meson, to provide support for projects based on Meson

The default version of PostgreSQL switched from 9.3 to 9.5, and that of
Python3 from 3.5 to 3.6. The default generator for ports using cmake
has been switched to ninja.

Some major version updates are: pkg 1.10.1, Firefox 54.0.1, and
Chromium 59.0.3071.115.

Behind the scenes, antoine@ ran 36 exp-runs to test version updates,
make the CRAN ports platform-independent, test installing bsdgrep(1) as
/usr/bin/grep, test LLVM updates, test the ino64 project, and perform
Makefile cleanups.
__________________________________________________________________

The FreeBSD Core Team

Contact: FreeBSD Core Team <core@FreeBSD.org>

Core's activities during the second quarter culminated in the
introduction of two new initiatives during BSDCan:
* Extending FreeBSD Project Membership
* The FreeBSD Community Process

FreeBSD Project Members

FreeBSD Project Membership being extended to more than just committers
is a step that enables the Project to recognise and reward people who
support us in ways other than by writing code. People that organise
conferences or user groups; who are prominent supporters on social
media; who triage bug reports and who test changes; and many others who
contribute in various ways, are deserving of recognition for the
support that they give to the Project. Core hopes that this will both
encourage more people to volunteer their time and effort on behalf of
the Project, and encourage those who already do to stick with the
Project, if not become more deeply involved.

The naming for the new group of non-committer Project members took a
few tries to get right: having tried, and rejected, "Contributor" and
then "Associate", Core took the view that since what they were
offerring was formal Project Membership, then that was the right thing
to call it. Committers thus become those Project Members with access to
commit to the Project's code repositories. Project Members receive an
@FreeBSD.org e-mail address, access to various Project hardware, access
to internal mailing lists and other communications channels, and
invitations to attend Developer Summits in their own right. Committers
in addition have commit rights in the Subversion repositories and
GitHub, and active Committers can vote in Core team elections.

The FreeBSD Community Process

This is an idea that has a long pedigree within other projects, and
FreeBSD is very consciously modelling its implementation on what has
worked elsewhere. When a significantly disruptive or wide-scale change
is proposed, we should have a formal mechanism for documenting the
change and what it implies. Interested parties can then respond and the
change can be evolved into the best fit for all users, or else it can
be found to be impracticable and withdrawn. The documentation of the
change will remain as a point of reference should the same or a similar
proposal come up in the future. Creating a more formal process should
help avoid endless sterile arguments about what needs to be done,
without anyone feeling they have sufficient investment in the idea nor
backing from the majority of the project to justify putting in the work
to achieve the desired result.

The very first FCP -- FCP 0 -- describes the process itself. At the
time of this writing, Core is voting on accepting the initial document,
which can be viewed in the Project's Github repository. Two new mailing
lists have been created: fcp@FreeBSD.org is the channel for receiving
notifications of new FCP proposals and discussing their content, whilst
fcp-editors@FreeBSD.org exists to provide help with the process of
drafting the FCP documents.

Other Core activities

Core is delighted to announce that Gordon Tetlow has joined the
Security Officer team, and will be working on managing the Security
Team caseload, freeing up other members to concentrate on the more
technical aspects of vulnerability remediation. In addition, Ed Maste
has joined the Security Team and is available to assist the Security
Officers where necessary.

Although Florian Smeets had to step down, the postmaster team has
recruited three new members and is now back up to strength.

Considering the desirability of a number of fixes that have been merged
into 10-STABLE since the 10.3 release, core has approved a 10.4 release
to occur shortly after the 11.1 release. This will be a normal
support-lifetime release, unlike the extended lifetime of the 10.3
release, so the overall support lifetime for the 10.x branch will not
be significantly extended.

During this quarter, Core has approved issuing three new commit bits.
Please welcome:
* Vladimir Kondratyev (wulf@)
* Ryan Libby (rlibby@)
* Kyle Evans (kevans@)

Also, during this quarter, we had one person give up their commit bit:
* Jordan Hubbard (jkh@)

It is always unsettling when one of the Project's founding members
decides to move on, but Jordan's interests have migrated away from
FreeBSD-related projects and he has decided to hang up his bit once and
for all.

Core would like to thank NTTA (formerly Verio) for providing hosting
for a cvsup mirror for many years, and also for their kind offer to
provide ongoing hosting for a machine in their Seattle facility. Since
we have no need for additional North America hosting, we have declined
their offer.

As usual, a number of questions have been raised about code licensing
and other matters related to intellectual property. Ed Maste has
registered "freebsd" on behalf of the FreeBSD Foundation on the
Mastodon social media network. The "Unlicense" is suitable for code
being imported into libc. We still have some code published under the
old 4-clause style BSD license, where the extra clause refers
specifically to the University of California. While UC has generally
approved removing that clause, we need to check with all copyright
holders before changing any remaining 4-clause licensing.

Core, along with the Security Team, are monitoring developments
concerning the "Stack Clash" vulnerability that hit the headlines
during June. Changes to the stack-guard mitigation system are underway
as a response to the proof-of-concept published by Qualys.
__________________________________________________________________

The FreeBSD Foundation

Links
FreeBSD Foundation Website
URL: https://www.FreeBSDFoundation.org/
FreeBSD Foundation Quarterly Newsletter
URL: https://www.FreeBSDfoundation.org/wp-content/uploads/2017/06/FreeBSD-Foundation-Q2-2017-Update.pdf

Contact: Deb Goodkin <deb@FreeBSDFoundation.org>

Last quarter the Foundation was busy supporting the FreeBSD Project in
so many ways! We brought on two interns from the University of Waterloo
who were extremely productive, from working on a continuous integration
project to adding MSDOS FAT filesystem support to makefs. We continued
helping to accelerate OS changes with our internal staff of software
developers, as well as funding outside software development projects,
and continued promoting FreeBSD by participating in technology
conferences around the world. To encourage more commercial users to
donate to the Foundation, we launched a new partnership program. The
FreeBSD 11.1 release effort has been led by a full-time Foundation
employee, to continue keeping releases timely and reliable. Finally, we
led the effort to celebrate the newly declared FreeBSD Day, to help
raise awareness of FreeBSD around the world!

Below, you can read some of the highlights from our Q2 newsletter, and
find writeups throughout this status report from Foundation staff
members including Ed Maste, Kostik Belousov, and Glen Barber. Don't
forget, we are 100% funded by donations. Please take a moment to donate
now, so we can continue supporting the FreeBSD Project and community
worldwide!

Q2 Development Projects Summary

Our hard work continues into the 2nd quarter of 2017. Please take a
look at the highlights from our more recent Development Projects
summaries.

April: FreeBSD USB Mass Storage Target Project Update

The Foundation awarded a project grant to Edward Tomasz Napierała to
develop a USB mass storage target driver, using the FreeBSD CAM Target
Layer (CTL) as a backend. This project allows FreeBSD on an embedded
platform, such as a BeagleBone Black or Raspberry Pi Zero, to emulate a
USB mass storage target, commonly known as a USB flash stick. Read more
at https://www.FreeBSDfoundation.org/blog/april-2017-development-projects-update/.

May: Foundation Brings on Co-Op Students

At the beginning of May we embarked on a new path in the FreeBSD
Foundation, with the hiring of co-operative education (co-op) students
from the University of Waterloo. The University of Waterloo is a
pioneer and leader in co-operative education, with 100% of Engineering
students and a majority of Computer Science students participating in
co-op programs. Read more at
https://www.FreeBSDfoundation.org/blog/may-2017-development-projects-update/.

June: FreeBSD Foundation 2017 Project Proposal Solicitation
(contributed by Ed Maste)

One of the ways the Foundation supports FreeBSD is by providing
development grants for work on individual projects. These allow
developers to propose projects they would like to undertake to improve
FreeBSD and request funding to perform that work. The Foundation is
always willing to receive proposals, but will occasionally issue a call
for proposals to highlight specific areas of focus and to be able to
collect and evaluate a group of proposals.

The proposal submission deadline was July 14, 2017, but as mentioned
above, people are welcome to submit proposals at any time.

Although proposals may address any FreeBSD subsystem or infrastructure,
we are particularly interested in receiving proposals related to:
* Improvements to the security of FreeBSD itself, or of applications
running on FreeBSD
* New test cases, improved test infrastructure, and quality assurance
* Improved software development tools
* Projects to improve community collaboration and communication
* Improving the FreeBSD "out of the box" experience for new users on
various hardware platforms
* Establishing FreeBSD as a leader in advancing projects of shared
interest (such as ZFS, LLVM, or libarchive)

More details can be found at
https://www.FreeBSDfoundation.org/blog/FreeBSD-foundation-2017-project-proposal-solicitation/.
The full project proposal submission guidelines can be found at
http://cts.vresp.com/c/?FreeBSDFoundation/d364934d4d/TEST/1b229d9af7.

Please do not hesitate to contact proposals@FreeBSDfoundation.org with
any questions.

Announcing the New Partnership Program (contributed by Deb Goodkin)

I'm excited to announce our new FreeBSD Foundation Partnership Program!
Our work is 100% supported by donations from individuals and
organizations. With a spending budget of $1,500,000, we rely on large
donations from our commercial users to help us sustain and increase our
support. Recognizing the value of these donations, and putting together
a sustainable funding model, we wanted to institute benefits that
highlighted this support, and recognize these donors in productive
ways. Partnerships are an avenue to assist commercial users by helping
them get on board more quickly with FreeBSD, share their needs with the
community, and facilitate collaboration with FreeBSD developers. We
believe that building these relationships with commercial users will
contribute to keeping FreeBSD relevant and help provide a sustainable
and healthy ecosystem.

You can check out our updated donor pages to see how we are
acknowledging our Partners at
https://www.FreeBSDfoundation.org/donors/. You can also find out more
about this new program at
https://www.FreeBSDfoundation.org/FreeBSD-foundation-partnership-program/.

When I was in China last week, I had a chance to talk to a few
companies about our new partnership program, and it definitely
generated more interest in supporting our efforts.

We are continuing to reach out to commercial users for help that will
enable us to provide more outreach and support for FreeBSD. This
includes funding more projects to improve FreeBSD, providing FreeBSD
education and training, and recruiting more contributors to the
Project. We can only provide the above support with your donations, and
we need your help to connect us with your companies. Please consider
notifying your organization about our new Partnership Program and
helping to connect us with the appropriate contacts at your company.

Your donations will help us:
* Accelerate improvements and add new features to FreeBSD
* Support release engineering efforts full-time
* Create and provide FreeBSD educational and training material
* Provide face-to-face opportunities for developers to work together
* Improve and support FreeBSD infrastructure

We need your support to continue improving FreeBSD.

Q2 2017 Conference Recaps

From sponsoring events to attending conferences, the Foundation
continued its mission of advocacy in the second quarter of 2017. Over
the past few weeks, members of the Foundation team represented the
Project and the Foundation at events around the world. Below are just a
few of the conference recaps.

FOSSASIA 2017 (contributed by Philip Paeps)

The Foundation kindly funded part of my travel from Tokyo to Singapore
to attend FOSSASIA. I gave the "FreeBSD is not a Linux Distribution"
presentation that Foundation board member George Neville-Neil wrote for
Open Source China in December. My presentation was well-attended, and I
got a lot of good questions from the primarily Linux-oriented audience.
Read more at
https://www.FreeBSDfoundation.org/blog/fossasia-2017-trip-report-philip-paeps/.

OSCON 2017 (contributed by Ed Maste)

I represented the FreeBSD Foundation at OSCON 2017, which took place
May 8-11, 2017, in Austin, TX:
https://conferences.oreilly.com/oscon/oscon-tx .

The Foundation booth was also staffed by FreeBSD committer Brad Davis
and Doug Mcintire from Netgate. We met up Wednesday morning to set up
the table. We were part of a "nonprofit pavilion" which consisted of
eight or so tables, located between Open Camps and Operation Code.

To help attract booth traffic, I brought a Raspberry Pi 3, with a small
LCD display attached. As a demo, the Raspberry Pi showed a video of a
Gource rendering of changes to the FreeBSD source tree over time (see
example at https://www.youtube.com/watch?v=vZ8Sspua0Ks). Read more at
https://www.FreeBSDfoundation.org/blog/conference-recap-oscon-2017/.

Rootconf 2017 (contributed by Philip Paeps)

In mid-May I presented at Rootconf 2017 in Bangalore. Rootconf is
India's principal conference where systems and operations engineers
share real-world knowledge about building reliable systems:
https://rootconf.in/2017/.

As always, it was interesting to hear the difficulties people face
trying to run reliable systems on less reliable platforms. While many
of the presentations were very Linux-specific and not very exciting to
me, a couple of talks did catch my eye.

I particularly enjoyed the talk by Aruna Sankaranarayanan
(https://www.youtube.com/watch?v=XQJ7YhVoSWI&feature=youtu.be)
explaining how Mapbox takes advantage of Amazon's "spot pricing"
mechanism by spawning and shutting down machines at different price
points to optimize for cost without compromising availability. Their
spotswap https://github.com/mapbox/spotswap/ software has been released
under a BSD license. It sounds as though it should be possible to port
this to FreeBSD with minimal effort. Read more at
https://www.FreeBSDfoundation.org/blog/rootconf-2017-trip-report-philip-paeps/.

BSDCan 2017/FreeBSD Developers Summit (contributed by Deb Goodkin)

One of our initiatives is to assist in providing face-to-face knowledge
sharing and development opportunities around the world. One way we do
this is by sponsoring BSD-related conferences and FreeBSD Developer and
Vendor Summits. We recently sponsored both BSDCan 2017 and the FreeBSD
Developer and Vendor Summit in Ottawa, Ontario, Canada, which took
place June 7-10, 2017. Many of our board and staff members attended the
summit and conference to run tutorials, give presentations, lead
sessions, work with developers, give demos, and share knowledge.

In addition, this year we were pleased to bring our new University of
Waterloo interns to the conference where they had the opportunity to
demonstrate some of their projects at the Foundation table. Read more
at https://www.FreeBSDfoundation.org/blog/conference-recap-bsdcan-2017FreeBSD-developers-summit/.

Open Travel Grant Applications

The Foundation recognizes the importance of bringing members of the
FreeBSD community face-to-face to both further development of the
Project and spread the word about FreeBSD. Travel grants are available
to community members who need assistance with travel expenses for
attending conferences related to FreeBSD development and advocacy.
Please note: the travel grant policy has been recently updated. Please
carefully review it before submitting your application.

More information about travel grants is available at:
https://www.FreeBSDfoundation.org/what-we-do/grants/travel-grants/.

FreeBSD Day was June 19! (contributed by Anne Dickison)

June 19th was declared FreeBSD Day! Thank you to everyone who joined us
in honoring the FreeBSD Project's pioneering legacy and continuing
impact on technology. Find out more about FreeBSD Day and how we
celebrated here at
https://www.FreeBSDfoundation.org/blog/happy-FreeBSD-day/.

Upcoming Events

Find out about upcoming Foundation events at
https://www.FreeBSDfoundation.org/news-and-events/upcoming-events/.

FreeBSD Journal

The May/June 2017 Issue of the FreeBSD Journal is now available. Don't
miss articles on FreeBSD's Firewall Feast, CADETS: Blending Tracing and
Security on FreeBSD, Toward Oblivious Sandboxing with Capsicum, and
more. (https://www.FreeBSDfoundation.org/past-issues/security/)

Did you miss the March/April issue? Check out articles on CFEngine,
Puppet on FreeBSD, Vagrant, and more!
(https://www.FreeBSDfoundation.org/past-issues/configuration-management/)
As a recent addition of functionality, browser-based subscribers now
have the ability to download and share PDFs of the articles!

Sample Issue! If you've ever wanted to read through an entire issue of
the FreeBSD Journal, now's your chance. Download the sample issue from
https://mydigitalpublication.com/publication/?i=296880#{"issue_id":296880,"numpages":1,"page":1}
and be sure to share with your friends and colleagues. Not a subscriber?
Sign up today at https://www.FreeBSDfoundation.org/journal/.

More information about the Foundation's doings and goings-on can be
found in our own quarterly newsletter, linked above.
__________________________________________________________________

The Postmaster Team

Links
The Postmaster Team
URL: https://www.FreeBSD.org/administration.html#t-postmaster

Contact: David Wolfskill <dhw@FreeBSD.org>
Contact: Larry Rosenman <ler@FreeBSD.org>
Contact: Ryan Steinmetz <zi@FreeBSD.org>
Contact: Eygene Ryabinkin <rea@FreeBSD.org>
Contact: Remko Lodder <remko@FreeBSD.org>
Contact: Kurt Jaeger <pi@FreeBSD.org>

Postmaster handles the mail flow for the FreeBSD project.

Clusteradm provides us with four jails: mailman, mailarchive, mx1, and
mx2. In addition, there is some part of the setup running on
freefall.FreeBSD.org. The system uses postfix, mailman, spamassassin,
and some other tools from the ports tree to handle the mail flow. We
use a very small, non-public Subversion repository for parts of the
configuration.

During Q2, Larry Rosenman, Kurt Jaeger, Eygene Ryabinkin, Remko Lodder
and Ryan Steinmetz joined the Postmaster Team, and Florian Smeets left
the Postmaster Team.

Thanks to Florian for his long service in that role! David Wolfskill is
planning to leave the role as soon as the new team members are settled.
Vsevolod Stakhov plans to provide us with support to integrate rspamd
into the setup, as well.

The workload for the Postmaster Team is not high, but the complexity of
the setup has its own demands.

Open tasks:

1. We need to improve our internal documentation of workflows and
processes.
2. We should consider adding some monitoring to provide quarterly
numbers on the mail flow.
__________________________________________________________________

Projects

64-bit Inode Numbers

Links
Phabricator Review
URL: https://reviews.FreeBSD.org/D10439

Contact: Gleb Kurtsou <gleb@FreeBSD.org>
Contact: Konstantin Belousov <kib@FreeBSD.org>
Contact: Kirk McKusick <mckusick@FreeBSD.org>

The 64-bit inode project was completed and merged into FreeBSD 12 on
May 23, 2017. It extends the ino_t, dev_t, and nlink_t types to be
64-bit integers. It modifies the struct dirent layout to add a d_off
field, increases the size of d_fileno to 64 bits, increases the size of
d_namlen to 16 bits, and changes the required alignment of the
structure. It increases the struct statfs f_mntfromname[] and
f_mntonname[] array lengths from MNAMELEN to 1024.

ABI breakage is mitigated by providing compatibility using versioned
symbols, ingenious use of the existing padding in structures, and
employing various other tricks. Unfortunately, not everything can be
fixed, especially outside the base system. For instance, third-party
APIs which pass struct stat as parameters are broken in backward- and
forward-incompatible ways.

The ABI for kinfo-consuming sysctl MIBs is changed in a
backward-compatible way, but there is no general mechanism to handle
other sysctl MIBS which return structures where the layout has changed.
In our consideration, this breakage is either in management interfaces,
where we usually allow ABI slippage, or is not important.

The layout of struct xvnode changed, and no compatibility shims are
provided.

For struct xtty, the dev_t tty device member was reduced to be just
uint32_t. It was decided that maintaining ABI compatability in this
case is more useful than reporting a 64-bit dev_t value, for the sake
of pstat.

Updating note: strictly follow the instructions in UPDATING. Build and
install the new kernel with the COMPAT_FREEBSD11 option enabled, then
reboot, and only then install the new world.

Credits: The 64-bit inode project, also known as ino64, started life
many years ago as a project by Gleb Kurtsou (gleb). Kirk McKusick
(mckusick) then picked up and updated the patch, and acted as a
flag-waver. Feedback, suggestions, and discussions were carried out by
Ed Maste (emaste), John Baldwin (jhb), Jilles Tjoelker (jilles), and
Rick Macklem (rmacklem). Kris Moore (kris) performed an initial ports
investigation followed by an exp-run by Antoine Brodin (antoine).
Essential and all-embracing testing was done by Peter Holm (pho). The
heavy lifting of coordinating all these efforts and bringing the
project to completion were done by Konstantin Belousov (kib).

This project was sponsored by The FreeBSD Foundation (emaste, kib).
__________________________________________________________________

Capability-Based Network Communication for Capsicum/CloudABI

Links
ARPC: GRPC-Like RPC Library That Supports File Descriptor Passing
URL: https://github.com/NuxiNL/arpc
Flower: A Label-Based Network Backplane
URL: https://github.com/NuxiNL/flower

Contact: Ed Schouten <ed@nuxi.nl>

One of the weaknesses of Capsicum and CloudABI is that it is not easy
to develop applications that need to make outgoing network connections,
since system calls like connect() and sendto() are disabled. Though we
can sometimes work around this by ensuring that the sandboxed process
already possesses socket file descriptors on startup, this does not
allow the destination process to be restarted, moved to a different
network address, be load balanced, etc..

Coming up with a solution for this is quite important for me, as I am
currently working on making CloudABI work on top of Kubernetes,
Google's open source cluster management suite. The idea is that
Kubernetes will schedule CloudABI processes instead of Docker
containers. All of these CloudABI processes will have their
dependencies on other services in the cluster injected explicitly,
making internal communication very secure. All of this is intended to
work on FreeBSD as well, of course!

To solve this problem, I've been working on a daemon called Flower
(read: flow-er) that allows software to register services and connect
to them. Servers are identified by a set of labels with values (e.g.,
{datacenter: 'frankfurt', service: 'mysql'}). Clients can connect these
servers by providing the corresponding label(s). Flower's security
model is capability-based, just like Capsicum. The ability to bind and
connect can be limited by permanently constraining labels to certain
values.

Flower has been designed not to act as a proxy. It does not copy any
data. It merely forwards existing socket file descriptors or creates
UNIX socket pairs and hands these out to its clients and servers. To
realize this, processes communicate with Flower using an RPC library
called ARPC. ARPC is a very simple clone of Google's GRPC, with the
special feature that messages (Protobufs) can have file descriptors
attached.

This project was sponsored by Nuxi, the Netherlands.

Open tasks:

1. Finish implementing the Flower code.
2. Integrate Flower with the Kubernetes/CloudABI runtime.
3. Release the Kubernetes/CloudABI runtime as open source software.
__________________________________________________________________

Ceph on FreeBSD


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)