New Package Request: crun-wasm and wasmedge-rt

[rhatdan]

What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc)

wasmedge (wasm-library)

What is the size of the package and its dependencies?

According to dnf info

crun-wasm:
Size : 11

wasmedge:
Size : 1.6 M

What problem are you trying to solve with this package? Or what functionality does the package provide?

A lot of people are starting to play with WASM and Containers, we have published a wasm edge blog and people are trying it out on podman-machine on Windows and MAC and failing.

Can the software provided by the package be run from a container? Explain why or why not.

No. The software is needed to run a container.

Can the tool(s) provided by the package be helpful in debugging container runtime issues?

No.

Can the tool(s) provided by the package be helpful in debugging networking issues?

No.

Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not.

Yes

In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries?

No

Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS?

Maybe

Does the software provided by the package have a history of CVEs?

No.

[rhatdan]

This is needed to fix containers/podman#16930

[travier]

Likely related blog posts:

• https://opensource.com/article/22/10/wasm-containers
• https://www.redhat.com/en/blog/red-hat-and-webassembly

[travier]

I'm +1 in general.

We'll likely discuss more in the community meeting. Could you join us this week or the next?

What are the stability / compatibility guarantee for WASM? I don't know much about it so not sure if that question even makes sense.

[rhatdan]

I can join, when is it? Do you have a calendar invite/reminder.
@flouthoc @giuseppe should also join.

[travier]

16:30 UTC on Wednesdays: https://github.com/coreos/fedora-coreos-tracker#meetings

[travier]

Another question: Why wasmedge and not wesmer or wasmtime?

[rhatdan]

I guess that is up to @flouthoc and @giuseppe

[travier]

Note that today's meeting will be over video: https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/thread/UFC25ERR5I3G5HQZ5QUUCQGZ2VNTB3BI/

[cgwalters]

One concern I have is that /usr/bin/wasmedge would also become something that (in theory) users/scripts and other code could depend on, and if we plan to switch crun over to a different runtime, then if implemented in the obvious way it would result in wasmedge being removed later.

Options:

• Explicitly document that this is an implementation detail
• Actually move it into /usr/libexec/wasmedge
• Commit to shipping wasmedge for the forseeable future, even if there's a switch to defaulting to wasmtime or something else later

[jlebon]

Currently, it seems to pull in Python:

[root@cosa-devsh ~]# rpm-ostree install crun-wasm
...
Added:
  crun-wasm-1.7.2-1.fc37.x86_64
  fmt-9.1.0-1.fc37.x86_64
  libb2-0.98.1-7.fc37.x86_64
  libgomp-12.2.1-4.fc37.x86_64
  libxcrypt-compat-4.4.33-3.fc37.x86_64
  lld-15.0.6-1.fc37.x86_64
  lld-libs-15.0.6-1.fc37.x86_64
  llvm-15.0.6-1.fc37.x86_64
  llvm-libs-15.0.6-1.fc37.x86_64
  mpdecimal-2.5.1-4.fc37.x86_64
  python-pip-wheel-22.2.2-3.fc37.noarch
  python-setuptools-wheel-62.6.0-2.fc37.noarch
  python-unversioned-command-3.11.1-1.fc37.noarch
  python3-3.11.1-1.fc37.x86_64
  python3-libs-3.11.1-1.fc37.x86_64
  spdlog-1.10.0-3.fc37.x86_64
  wasmedge-0.11.2-1.fc37.x86_64
Changes queued for next boot. Run "systemctl reboot" to start a reboot
[root@cosa-devsh ~]#

[cgwalters]

There is another path to pursue here, which is having wasm delivered as "system extension container", like containers/bootc#7 style.

[dustymabe]

After last week's meeting @rhatdan and team decided they had some work to do on their end (including trying to remove the python dep) before moving this proposal forward.

[benoitf]

@dustymabe

I think you need to use wasmedge-rt dependency (+ crun-wasm) and not wasmedge

for example if I try to install crun-wasm and wasmedge-rt

podman run --rm -it quay.io/fedora/fedora-coreos:next


bash-5.2# rpm-ostree install crun-wasm wasmedge-rt
Enabled rpm-md repositories: fedora updates-modular updates fedora-cisco-openh264 fedora-modular updates-archive
Updating metadata for 'fedora'... done
Updating metadata for 'updates-modular'... done
Updating metadata for 'updates'... done
Updating metadata for 'fedora-cisco-openh264'... done
Updating metadata for 'fedora-modular'... done
Updating metadata for 'updates-archive'... done
Importing rpm-md... done
rpm-md repo 'fedora'; generated: 2023-04-13T20:36:48Z solvables: 59720
rpm-md repo 'updates-modular'; generated: 2023-08-19T01:34:25Z solvables: 1081
rpm-md repo 'updates'; generated: 2023-09-04T01:28:36Z solvables: 20146
rpm-md repo 'fedora-cisco-openh264'; generated: 2023-03-14T10:56:46Z solvables: 4
rpm-md repo 'fedora-modular'; generated: 2023-04-13T20:30:28Z solvables: 1068
rpm-md repo 'updates-archive'; generated: 2023-09-04T01:39:39Z solvables: 34050
Resolving dependencies... done
Will download: 4 packages (723.8?kB)
Downloading from 'fedora'... done
Downloading from 'updates-archive'... done
Downloading from 'updates'... done
Installing 4 packages:
  crun-wasm-1.8.6-1.fc38.aarch64 (updates-archive)
  fmt-9.1.0-2.fc38.aarch64 (fedora)
  spdlog-1.11.0-5.fc38.aarch64 (fedora)
  wasmedge-rt-0.13.3-1.fc38.aarch64 (updates)
Installing: fmt-9.1.0-2.fc38.aarch64 (fedora)
Installing: spdlog-1.11.0-5.fc38.aarch64 (fedora)
Installing: wasmedge-rt-0.13.3-1.fc38.aarch64 (updates)
Installing: crun-wasm-1.8.6-1.fc38.aarch64 (updates-archive)

so, no python dependencies as @jlebon pointed out

[benoitf]

@dustymabe is it ok now to include crun-wasm and wasmedge-rt ?

[travier]

This likely needs to be discussed again in a community meeting. I don't remember if we had a conviencing answer for #1375 (comment).

[benoitf]

hello @travier , has it been discussed as meetings seem to happen every Wednesday ?

it looks like it wasn't https://meetbot.fedoraproject.org/fedora-meeting-1/2023-09-13/fedora_coreos_meeting.2023-09-13-16.30.html

labelling the issue is not enough to get it discussed ?

[travier]

We didn't get to it during last week meeting as we had other topics to discuss. The best way to get something on the agenda is to attend the meeting :).

[travier]

You should also strongly consider answering the questions we've had above.

[rhatdan]

@travier what questions need to be answered. I believe the python requirement has been removed.

[travier]

• What are the stability / compatibility guarantee for WASM? Once we include something in the image, users may start relying on it so we'll have to make sure things keep working on updates. See New Package Request: crun-wasm and wasmedge-rt #1375 (comment)
• Why wasmedge and not wesmer or wasmtime? While I don't have a preference, we need a clear answer to this question to document why we would only include one runtime and not the others. (From New Package Request: crun-wasm and wasmedge-rt #1375 (comment))
• What needs this? I assume it's podman desktop. Layering the package may also be an option. The amount of podman desktop specific packages keeps growing. (New Package Request: gvisor-tap-vsock-gvforwarder #1557)

[cgwalters]

My 2c: Sprint to having podman derive its own custom images, from !FCOS even.

[rhatdan]

I am leaning the same way. The question is time to market. POdman desktop wants to be able to support WASM workloads.
Wasmedge was the library that Docker originally supported, which is why we chose it by default. I am informed that Docker Desktop now allows users to select different WASM Libraries.

[lsm5]

My 2c: Sprint to having podman derive its own custom images, from !FCOS even.

containers/podman#20041

[dustymabe]

The fix for this went into next stream release 39.20231002.1.1. Please try out the new release and report issues.

[dustymabe]

This will stay in the next stream for the foreseeable future and will not be promoted to testing and stable. We'll re-evaluate this decision at a future time.

[benoitf]

hello @dustymabe

I figured out that podman is using testing channel and not next for their default machines 🤦 so we don't see the packages in the podman machine

I've checked with a podman machine that is using fedora-coreos-38.20231002.2.2-qemu.aarch64.qcow2

and there is no wasmedge-rt or crun-wasm installed (but it's expected as it's in next, not in testing)

podman machine ssh                                                                                                                                                                                                                                                                                      
Connecting to vm. To close connection, use `~.` or `exit`
Fedora CoreOS 38.20231002.2.2
Tracker: https://github.com/coreos/fedora-coreos-tracker
Discuss: https://discussion.fedoraproject.org/tag/coreos

[core@localhost ~]$ crun-wasm
-bash: crun-wasm: command not found

[core@localhost ~]$ sudo rpm-ostree install crun-wasm wasmedge-rt
Removed:
  moby-engine-20.10.23-1.fc38.aarch64
Added:
  crun-wasm-1.9.2-1.fc38.aarch64
  fmt-9.1.0-2.fc38.aarch64
  spdlog-1.11.0-5.fc38.aarch64
  wasmedge-rt-0.13.3-1.fc38.aarch64
Changes queued for next boot. Run "systemctl reboot" to start a reboot

creating with next it's working but it's not the default option

[jlebon]

creating with next it's working but it's not the default option

Hi @benoitf. Yes, this is what #1375 (comment) was getting at, but likely it wasn't made explicit enough. The underlying question there was: are we OK to have it be in next for now and opt-in until the other options have progressed far enough?

[benoitf]

I don't really know here, as it means that all people using podman machines on macOS will probably have the testing and not next channel.

So at the end, user experience is not the one expected.
I thought that podman machine was using next channel at first.

[dustymabe]

Proposal here to add to our testing/stable streams: coreos/fedora-coreos-config#2690

[dustymabe]

The fix for this went into testing stream release 39.20231119.2.0. Please try out the new release and report issues.

[benoitf]

I tried this morning and it went well, it works like a charm

thanks !

$ podman run --platform wasi/wasm quay.io/podman-desktop-demo/wasm-rust-hello-world                                                    
Trying to pull quay.io/podman-desktop-demo/wasm-rust-hello-world:latest...
Getting image source signatures
Copying blob sha256:aef58f11cc595816273402cf78b560dc8e2b5f0b2e2db0bb59d696fb1a0ba5a7
Copying config sha256:213ba29e5067ee94700be912fbc44a77ea88a03e1e7e51adcfa7c4f2fbd1d8c8
Writing manifest to image destination

!... Hello Podman wasm World ...!

         .--"--.
       / -     - \
      / (O)   (O) \
   ~~~| -=(,Y,)=- |
    .---. /`  \   |~~
 ~/  o  o \~~~~.----. ~~
  | =(X)= |~  / (O (O) \
   ~~~~~~~  ~| =(Y_)=-  |
  ~~~~    ~~~|   U      |~~

Project:   https://github.com/containers/podman
Website:   https://podman.io
Documents: https://docs.podman.io
Twitter:   @Podman_io

[dustymabe]

@benoitf - we could still use a test added to our test suite as mentioned in #1375 (comment)

From your comment above it looks like you might have a good example test to add :)

See https://github.com/coreos/fedora-coreos-config/blob/testing-devel/tests/kola/podman/rootless-pasta-networking for an example of adding a test.

Would you be willing to open a PR for it? You can test it locally after adding the test like cosa kola run ext.config.podman.rootless-pasta-networking.

[benoitf]

I can give a try but I'm on macOS so I'm not sure cosa kola will work ?! I guess I need to use a Linux VM
if so, which one should I use

[travier]

You can build and test FCOS on FCOS in podman machine :)

[dustymabe]

The fix for this went into stable stream release 39.20231119.3.0.