Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
IPFS / IPFS Camp 2022 / 30 Oct 2022
IPFS / IPFS Camp 2022 / 30 Oct 2022
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Zapps — A new standard for go-anywhere linux executables - Eric Myhre

Description

Zapps are a new convention for producing linux executables which are path-agnostic, highly-portable bundles, which can be relocated freely and work in a wide variety of deployment scenarios. This talk was given at IPFS Camp 2022 in Lisbon, Portugal.

A

I'm going to share with you a piece of technology today that I'm very excited about I call it zaps. This is short for zero dependency applications.

A

This is going to be an admittedly very Linux focused talk. I have this problem that I want to ship applications and on Linux I find this is often really weirdly hard. Shared libraries make my life difficult. I want to just give people things and I want those things to run for people and I want as few steps in that process as possible as a little fuss as possible and I want that to involve approximately one answer me as a developer I.

A

This should be simple: I want to give people a thing and I want to run. That should take one step. It should have one package produced. It should not be a count of every Linux distro in the universe. Different answers, that's no fun for anybody, it's not fun for developers, because it's lots of work. It's not fun for users, because it creates a plethora of choices that aren't actually helpful.

A

And we end up here, I think not because anybody who wanted to end up with shipping applications on Linux being hard, but because of some accidents of how we Built tool chains.

A

When we ship executables on Linux, we have shared libraries um in ancient history. This was for sharing space on disk and you only wanted to have one version of a library on a system for some reason, but this is no longer the constraints of reality that we need to live within. Disks are cheap, having only one version of a library on a system isn't a real important goal, anymore, typically, and in exchange for those limitations we've taken on the burden of years of fragility and portability failure.

A

If you have a different version of lib C on your host, then some application was linked against the application. Just fails. It just fails to run. This is a crappy user experience.

A

We end up fighting this nonetheless, because Library paths in the way that executables are distributed in Linux, need to be absolute paths, and this means that you are stuck integrating with host libraries almost all the time and this problem compounds with the portability issues of exact, simple versioning, to create a nearly unsolvable combination of problems.

A

This is so bad that most businesses and large teams who need to produce applications that work on people's computers, ship, electron, amps I, think that's, embarrassing. I think it's fine! If, if you're in the scenario, where that's like a solution for you, you know what it's fine, but for us who want Linux to work for everyone and to be a good Target.

A

This is embarrassing. We should have better choices than this that are available to people. We should have better options that work so I'm going to propose zaps as a way to improve this situation.

A

So, first of all goal enumeration I want one answer: right: I want something that works everywhere. No, it depends that means I need to not depend on host. Libraries at all. I will not accept any conflicts from situations on the host.

A

I want something that works on any install path.

A

This is actually really tricky if you've ever built applications on Linux before you know it's normal to take a prefix path somewhere in, like your make, make install nonsense. I'm tired of that and I'm not going to have it anymore, I want something that works, even if the install path is completely unpredictable, even if we're at ipfs Camp right. Even if my install path is slash, ipfs, slash a cryptographic, hash I literally, could not anticipate at compile time. I want that install path to be acceptable and I want it to work.

A

I want no post install hooks. None so I want this to work again, even on read-only mounts like, for example, slash, ipfs long cryptographic, hash. That should be fine.

A

And in practice, I have a couple of other goals: I still do want Dynamic linking static. Binaries do solve a bunch of these problems, but they're, not a tenable solution for every situation. Static, link, binaries are huge. Sometimes you need to patch your Upstream libraries in order from that actually work and that's to me a non-starter it's just people, don't like the solution. I'll move on quickly. It doesn't work, ideally at the end of this. I would also love to be able to do. Libraries on disk I did say that that's not critical to me.

A

We have big disks, but it's nice if it works right. So these are all goals. These are all goals. I have in zaps and I'm, going to solve all of them and I'm going to do this, mostly in the form of a demo. So this is going to be absolutely terrifying by the way I have written a shell script which is going to type into a terminal. This terminal is live. If you see it starting to type rmrf, slash I'm going to cry on stage, and hopefully this adventure works.

A

Is so the top one doesn't matter? Is the bottom one visible? Is it okay, okay cool?

A

So we have a folder here which is going to contain a bunch of demo content.

A

The first thing I'm showing you is this- is a path agnostic, executable. You see this absolute mess right here. This is a cryptographic hash of that file system. It is Bash, it does work.

A

The file system looks kind of like this. We have the executables itself and we have another executable in this folder called din bin I'll come back to why later it's scary, and we have all of the libraries that are used by this bash executable in directories that are relative to it.

A

So we're bundling everything up in one file system, but this file system- you can just move around by itself. That is the goal of a zap and we'll demonstrate this. We'll just move this thing to another path. It still runs all accomplished.

A

This is something that we can do with absolutely any Linux executable. We're going to do it with python next, just to prove that it can be done. Bash only has four libraries, so that was kind of easy. You might think we did something like very custom. No, this is General I, don't have a system python installed by the way, but nonetheless, this path, agnostic, one, is going to work.

A

It's python errors like python as one plus one like python I could do anything here.

A

The file system for this python thing looks a little noisier, because python is a rather huge application right with many many libraries, but all of these are still relative to the python binary that we've compiled here and it all works.

A

Scroll back, okay, so now, let's start to lift the hood. If you are someone who's experienced in Linux system, administration, you've probably used the ldd tool before so we'll take a peek at our python binary. This is still as I promised a dynamic executable. So there's nothing weird here, nothing crazy. We did a shockingly little Upstream patching to produce this thing. Almost none, absolutely not actually I'll show you the build script later.

A

It has the Linux vdso. If you know what this is, you know that well, I won't talk about this, um and here we have the rest of the libraries. Now when ldd inspects this, it is still showing an absolute path here. However, this is the fully resolved path, because that's how ldd reports things? That is not what the headers say and this thing will move freely and ldd will just change its report freely.

A

um Advance the demo please so the headers will use a different sysadmin's best friend here. The red LF binary will sort of peek into the headers inside of this thing and tell us at a very low level. What's going on eof by the way is short for executable and Linker format. This is the standard format for dynamically linked executables on Linux, and these headers are a very well standardized thing, so these header type one.

A

These are the names of libraries that are needed by this thing, and now the other header that's interesting to us here- is this one called our path. This is something that is not present in every elf header. If you look at the bash on your system, it probably doesn't have this r pathing, but ours does, and it has this value called dollar sign origin in it.

A

This is 80 of the magic there's a second 80 that I'll see if I have time to show you later in the talk. But fundamentally, this tells something called the elf interpreter, which is part of how processes actually launched on Linux that it should look for libraries relative to where the binary is. It should start at dollar sign origin. That means where the binary is. It should pop up One Directory. It should go over to lid and then it should search there. So this corresponds to these file systems. That I showed you earlier.

A

We just put libraries next to the binaries, very simple: that's it that is a bunch of the magic.

A

So this means you can move these things anywhere. I'll just keep claiming that that's true and important, because it is and it's hard to do, and this works truly for anything. So so far, I've shown you bash I've shown you python. I will also show you Helix. This is one of my new favorite text editors.

A

It can also be relocated in this way, Helix was implemented in Rust. We made it path, agnostic with the exact same tricks as we did with bash and python. This really works for anything. If it's an elf executable, we can do it all of these things. Zero host libraries drag and drop. You saw me move them around several times right, I promise. This works on a read-only mount I promise. This works even on something with a hash prefix as file system. You couldn't control, it will be fine.

A

If somebody wants to try this, if somebody wants to do it, live I am so confident in this I will give you a jump, drive. Anyone who dares come grab it and you can mount it and if you have a Linux kernel, if you have a Linux kernel that is like new enough to have ext3 file system. So, if it's like from this decade, possibly last decade, this will work.

A

And there is a website in here with more information all right, so that is the end of the demo phase and I understand if nobody wants to sprint on stage, but I will find somebody to take this demo later and I promise you it's going to work.

A

Summertime done.

A

Now, if you want to know how this works in Greater detail, first of all, let me check my time got some time. This is harder than it should be. I showed you, the dollar sign origin trick. That was the beginning. You set this R path header. This is widely known. You can look at the Man pages for like how to compile stuff in Linux, like GCC described as the dash dash R path flag. It's out there that's the beginning of the journey.

A

You need to know this magical string. This dollar sign origin thing. You need to embed that in the r path. Now you saw that in the the redlf output. You just need to get that thing in there.

A

That turns out to be easier said than done. Has anyone heard of make? Does anyone know how wonderful make is? Does anyone know how environment variables work and make dollar signs are dangerous in make? If you use recursive make, and you want to pass a string through a series of systems- you can't it's not possible. Fortunately, that string isn't load bearing until it gets in the binary, so you can use another string of the same length patch, the elf headers.

A

At the end, this is so dirty, but it works, but libraries next to the main thing after this okay, now we're 90 of the way there except there's something else on your system that will create an enormous mess. There's something called the elf interpreter now. This is something that I haven't shown in the demo. Shoot I skipped a bit. If you look at the very first string in any binary on your computer, if you do like strings of which bash pipe head and one you will see a path that is the elf interpreter.

A

This is a fairly magical part of Linux and launching executables. The kernel does not directly launch your executable. It jumps into something else called the elf interpreter which it finds by following that very first path in every binary.

A

That thing is also an absolute path, so we have to fix it.

A

We have to actually turn the elf interpreter itself into a library that we bundle with the rest of the things. This necessitates, one more step, I call this the jump loader for lack of a better name. We need a tiny statically linked executable to handle, jumping in to the elf interpreter that we're treating as a library and tell it to jump back into the real dynamically linked executable that part's downright embarrassing. However, there is no other way to do this.

A

The header in a binary for where the elf interpreter must be, must be an absolute path until we patch the kernel, maybe someday, we can patch the kernel, but today this works and it works anywhere, including on kernels. That wildly predate me having any of these ideas, which is important.

A

It's a little strange some of those things, but it can be done. This is, as far as I can tell the simplest thing that works and nothing more. This really works on absolutely every machine I've ever tried it on in every distro at any age.

A

We produce this results by focusing purely on what's load-bearing and discarding all other Illusions, so what's really load bearing in a system is that elf interpreter how it goes after these Library paths- and we just do that thing.

A

The reason I'm excited about this technology is because it is easily composable by being path agnostic. By being able to go anywhere and by bundling all libraries you can put these together with anything they work on any distro.

A

That means we could actually begin to build together Suites of packages that just they don't need to be as sweet. You can just do anything compose with anyone. Anyone can make zaps and anyone can ship them to anyone. We don't need to force coordination anymore, around Library versioning. This is freedom.

A

That's all I've got there is a website, zaps.apps, sorry dot, app, singular.

A

This website will contain more detail about this technology. Even a couple of variations on how exactly you can do the dynamic linking by the way deduplication is still possible with this. If you happen to be mounting these things out of an ipfs mount it de-duplicated at the Block Level, underneath the mount driver nice, if you don't have that ability, you can do library deduplication with Sim links, it's totally fine. This is one of the major advantages of this system over static linking you will find more about this in the website.

A

If you would like zaps right now, where other desktops, so here's the website for that we've produced these by the way as part of warp Forge, which there was a talk on earlier today and all of these things that we have built in warp Forge. We have packaged as zaps, so you can get more zaps either by chasing me down and finding some jump drives.

A

I've got a lot of them by the way. I really want people to test this out. Please please come borrow one of these.

A

um You can dive into all of these things on the catalog.warpsis.org site and, for example, here are the versions of bash that we have packaged. If you click into this, you will find content hashes. You will find a download link if you don't like the jump drives, and you will find this link called replay and if you want a fuller understanding of how to put this to work, you'll have to go watch the warp Forge talk from earlier, but here is how we built the pagno. Sorry, the zap of bash, the path agnostic bash.

A

This is it. This is all of the secret sauce. This Json document is executable with warpforge and it will reproduce the thing. So if you want to run these binaries also without trusting me build them yourself, it can be done.

A

That concludes the talk. Any questions I will be happy to take them.