-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC] Manage the occlum image with bom file: Design Details #565
Comments
I totally agree with the motivation of the RFC. But I think the syntax needs some rethinking to make it more user friendly. Here is an alternative, YAML-based syntax for BOM. I didn't have the time to come up with a formal spec for the syntax. But here is a sample code to give your an idea. # A sample code of an alternative, YAML-based syntax for BOM
#
# The benefits
# * More concise (see the numbers of line reduction)
# * More readable (organized in target directories)
# * No quotes for paths thanks to the YAML
# The new base.bom, whose lines is reduced from 64 to 21
- target: /
dirs:
- bin
- dev
- root
- sys
- proc
- tmp
- glibc/lib
- target: /lib64
files:
- /lib64/ld-linux-x86-64.so.2
- target: /etc
src: /etc
files:
- localtime
- hosts
- target: /opt/occlum
dirs:
- glibc
- glibc/etc
- glibc/libc
# The new glibc.bom, whose lines is reduced from 28 to 10
- include:
- base.bom
- target: /opt/occlum/glibc/lib
src: /opt/occlum/glibc/lib/
files:
- *.so
- *.so.*
- target: /lib64
files:
- /lib64/ld-linux-x86-64.so.2
# The new musl.bom, whose line is reduced from 24 to 7
- include:
- base.bom
- target: /lib
src: /opt/occlum/toolchains/gcc/x86_64-linux-musl/lib/
files:
- *.so
- *.so.*
# A bom file for the glibc python demo
- include:
- glibc.bom
- target: /bin
files:
- /opt/python-occlum/bin/python3
- target: /opt/occlum/glibc/lib/
src: /opt/occlum/glibc/lib/
files:
- libdl.so.2
- libutil.so.1
- librt.so.1
- target: /dataset
src: ../dataset
- target: /
files:
- ../demo.py The syntax is by no means complete or perfect. But I think it is a promising direction that we should explore. As you know, YAML can be viewed as a natural superset of JSON. If we are to adopt YAML, we may also consider replace |
After discussion, something has come to a conclusion:
Some problems is still open and we give some suggestions:
After reading the above comment, the bom file content should be as concise as possible to relieve the writing burden. This can achieved by group files with the same destinations and srcs together. So we can avoid writing the same directory prefixes repeatedly. Yaml can also support directories with space. we give a formal example of yaml by appending some corner cases (rename files, hash, auto_dependence) to the yaml in above comment. # yaml example
# Each line with ~ can be deleted when human writes yaml files. We contain ~ lines here because we want to show the inner details.
# include other bom files
includes:
- base.yaml
- java-11-alibaba-dragonwell.yaml
# This excludes will only take effect when copy directories. We will exclude files or dirs with following patterns.
excludes:
- .git
- .dockerignore
targets:
# one target represents operations at the same destination
- target: /
# make directory in dest: mkdir -p $target/dirname
mkdirs:
- bin
- proc
# build a symlink: ln -s $src $target/linkname
createlinks:
- src: ../hello
linkname: hello_softlink
copy:
# from represents the prefix of copydirs and files(to copy)
# If there's no copydirs or files, copy the *ENTIRE from directory* to target: cp -r $from/ $target
- from: .
# copy directory: cp -r $from/dirname $target
dirs:
- hello_c_demo
- example_dirname
# copy file: cp $from/filename $target
files:
- Makefile
- name: Cargo.toml
hash: DA665E483C11922D07239B1A04BEE0F0C7C1AB6D60AF041DDA7CE56D07AF723E
autodep: false
rename: Cargo.toml.backup
- target: /bin
mkdirs:
- python-occlum
- python-occlum/bin To compare, we also give a toml case. Toml indeed represents a hash table. The below toml is auto-generated by Rust toml crate. Toml has two disadvantages: If we want to define arrays of objects, we must wirte [[array_name]] repeatedly; It can not clearly picture the structure of directories. Toml has two advantages: It is friendly for people who dislike indent; toml facilitates expressing very deep hash tables. #base.bom
[[targets]]
dest = "/"
dirs = ["bin", "dev", "root", "sys", "proc", "tmp", "glibc/lib"]
[[targets]]
dest = "/lib64"
[[targets.files]]
name = "/lib64/ld-linux-x86-64.so.2"
[[targets]]
dest = "/etc"
src = "/opt/occlum/glibc/lib/"
[[targets.files]]
name = "localtime"
[[targets.files]]
name = "host"
[[targets]]
dest = "/opt/occlum"
dirs = ["glibc", "glibc/etc", "glibc/libc"] We also give an example of trying to simplify the toml version bom file with braces and wildcards. The advantage is that it has the same semantics as shell commands; The disadvantages are 1. It will be somewhat tricky to deal with renaming files if we use braces 2. braces and wildcards can't be used together. # shell: mkdir -p <dest>
[[directories]]
dest = "{bin, dev, etc, host, lib, lib64, proc, root, sys, tmp}"
# shell: cp -p <src> <dest>
[[files]]
dest = "etc/"
src = "/etc/{hosts, localtime}"
[[files]]
dest = "lib64/"
src = "/lib64/ld-linux-x86-64.so.2"
[[files]]
dest = "opt/occlum/glibc/etc/"
src = "/etc/localtime" Our final suggestion is to use the first yaml version, because it facilitates human reading and writing, and we can finally make bom file an entry in occlum.yaml . |
Summary
This RFC is about design details of RFC #542 . Bom file is used to manage occlum image. In this RFC, we explain why we try to introduce bom file into occlum and the design details of bom files.
Motivation
Currently, what files are included in occlum image is not transparent to users. This will have several drawbacks:
hello_world
example compiled with musl, we may not want to copy glibc libraries into occlum image. Since users do not know which files will be copied into the image when they executeocclum new
orocclum init
, they can't achieve this goal.To deal with all above problems, we wish to introduce a bom file to describe the files we try to include in occlum image. Users can know the source of each file in image from this bom file. We can use bom file to copy files into occlum image. The obvious benefits are
Guide-level explanation
The bom file is used to describe all file entries included in occlum image. It should meet several requirements:
• It should be convenient for users to read and write.
• It can contain comments.
• It can be easy to extend to support other entries.
The bom file should have entries to describe directories and files and can include other bom files. More details can be seen in the bom file template below.
We suggest two tools to deal with bom files.
•
generate_bom: generate bom files from command line options.• copy_bom: copy files described in bom files into occlum image.
We will use hello_c as an example. Currently, we don't integrate bom files into
occlum new
, so after install our tool, the commands areIf we integrate bom file into
occlum init
andocclum build
, the commands will beCompared to the previous command, there is no big change. We save human labor to manually copy files.
Note: In this RFC, we don't focus on how to change the behavior of
occlum new
orocclum build
. We only want to discuss the design of bom files. We will issue another RFC about the behavior if this RFC is approved.Reference-level explanation
rsync
can skip files that are not changed. However, rsync is not able to copy files in /sys directory. See https://unix.stackexchange.com/questions/315680/rsync-option-to-disable-verification.Further:
occlum build
to find the bom file, this bom file should have a fixed name, such asimage.bom
Drawbacks
occlum init
andocclum build
, it will be a break change for previous practice and docs.Unresolved questions
toml
? From my point of view, toml is a good choice to meet all above requirements. Toml also has good support from Rust for serialization. Maybe yaml is also a good idea, but I have no idea. And a better name?if we try to integrate bom file into
occlum build
orocclum init
:Future possibilities
In the future, the bom file may be part of occlum.toml (If we convert the occlum.json file to toml). This bom file can be an entry in the occlum.toml.
The text was updated successfully, but these errors were encountered: