-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add a no-std, libc-based example #1534
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1534 +/- ##
=======================================
Coverage 95.71% 95.71%
=======================================
Files 78 78
Lines 16071 16071
=======================================
Hits 15382 15382
Misses 689 689 ☔ View full report in Codecov by Sentry. |
926f93b
to
bda7497
Compare
quick update: this is working 🎉 that is, the low-level connection API works in no-std mode and can talk to a local rustls server. I have switched the app to using ring after doing some updates in #1502 and sorting out some no-std support issues in ring which resulted in upstream PRs ( briansmith/ring#1754 and briansmith/ring#1794 ). this is currently using a bunch of git dependencies ( temporary branches ) but those should eventually become crates-io deps as things get merged upstream and released. |
678f98c
to
61cd95f
Compare
I've updated this demo to use the PR #1502 as a git dep (that should eventually become a path dep when that PR is merged) and switched almost all other git deps (pemfile, roots) to rustls repos since my PRs there have already been merged (it'd be nice to eventually switch those over to crates.io releases but I don't think we have to block this PR on doing that) the ring dep is a bit of a problem. the demo needs to enable one of its Cargo features to mark a custom an alternative to ring is to use the same
thoughts on which route to go down? ring or (+) they actually produce ICEs in rustc due to LLVM errors |
This patch looks good to me and I'll merge it when it passes CI. (I just started the CI run.) |
I am happy to help you reoslve the issue. I explained some of the details in briansmith/ring#1793. AFAICT, the -none targets are designed for OS kernels and similar environments where the normal rules of typical userspace don't apply. This is why both ring and rust-crypto (and maybe even the Rust toolchain itself) require work. libcore doesn't provide all the facilities that we need to detect and safely use the CPU features and ABI we need for good crypto implementation (i.e. one that isn't just using the same integer-only fallback logic). Again, I tried to outline what I know about these issues in briansmith/ring#1793. Also, I am happy to make crates.io releases to support this work, if it would be helpful |
another option is to use |
OK, this is working with a custom x86_64 target and |
for the record, this has been reported to the rust-crypto folks ( RustCrypto/universal-hashes#189 ) and the rust-lang/rust folks ( rust-lang/rust#117938 ) |
40f0237
to
3e0e841
Compare
squashed and rebased to deal with changes in provider-example and the one thing I noticed is that hpke-rs does not have no-std support and it's not going to be trivial to add no-std support since it internally uses |
3e0e841
to
81a242f
Compare
upon a closer look it seems possible to remove it. I opened an issue to discuss the possibility ( franziskuskiefer/hpke-rs#52 ) and send several PRs to move the crate towards being no-std compatible |
81a242f
to
e47845e
Compare
I am all for incremental progress. The main issue I see with your "fake" |
these examples were never meant to be run in a bare-metal, no/pre-OS environment (there's a different demo in the works that runs on a Cortex-M microcontroller). they are meant to run on OSes that have a POSIX layer and
I agree but those ought to be addressed in rustc because matching on I see that you have jumped into the discussion in rust-lang/rust#117938 ; at least it seems the problem got some renewed attention by the rust devs. |
e47845e
to
60b31a7
Compare
60b31a7
to
3e27f27
Compare
with the API that a server needs
3e27f27
to
75fb77a
Compare
some updates here:
(+) test runners are the usual suspects in this case but disabling all of them in |
OK, I understand better what you're trying to do. Right now my plan in ring is to use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For someone not very familiar with no-std Rust or the embedded space generally this is an interesting branch 😅
Is the ministd
glue for the no-std demo something you see other comparable projects maintain in-tree? It's a pretty sizable chunk of code and the parts that are sourced from upstream rust are going to drift over time. However, I also see the value in having a really solid no-std demo to keep the feature working so I don't think it's unreasonable or anything. Just hoping to draw more from your experience here when weighing the tradeoffs.
The OS bindings have been written to run this demo on Linux. | ||
Other OSes have not been tested and may require modification to the bindings in `packages/ministd/src/libc.rs` | ||
|
||
As a way to check the FFI bindings, one can run the examples in the `ministd` packages -- there no regular `#[test]`s because the `test` crate is not available in no-std context. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
small typo:
As a way to check the FFI bindings, one can run the examples in the `ministd` packages -- there no regular `#[test]`s because the `test` crate is not available in no-std context. | |
As a way to check the FFI bindings, one can run the examples in the `ministd` packages -- there are no regular `#[test]`s because the `test` crate is not available in no-std context. |
@@ -0,0 +1,20 @@ | |||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the uninitiated, how do you arrive at a file like this? The README mentions this is "an OS-agnostic version of x86_64-unknown-linux-gnu
", does that mean you source the x86_64-unknown-linux-gnu
target configuration from upstream rustc
? If so maybe link that in the README. It would also be helpful to know what needed to be customized to achieve agnosticism compared to standard.
|
||
entry!(main); | ||
|
||
fn main() -> Result<(), Error> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leaving a note that it would be helpful once #1583 lands to do a consistency pass between this example (and the later server one) vs the ones that landed in 1583. I think there are a few updates from feedback that would apply here as well.
(and I skipped any of the boring feedback about import style on the assumption that stuff can be sorted out later)
In the effort of keeping our pull request tracker focused on work in progress I'm going to close this for now. The current consensus on the team is that the ministd glue is too much to maintain in-repo. Were this to be revived I think we would want to see it done in a separate repository. Thanks all, |
This is a simple no-std rustls demo that, in principle, should run on any RTOS or OS that has a C library that's more or less POSIX compliant.
For convenience, this has been built to run on Linux as that can be tested in CI but it should not be too hard to port to other (RT)OS that provide a POSIX compatibility layer.
blockers: