[HN Gopher] Alpine Linux: Proposal to move Rust to main ___________________________________________________________________ Alpine Linux: Proposal to move Rust to main Author : thecatster Score : 128 points Date : 2021-09-18 20:29 UTC (2 hours ago) (HTM) web link (gitlab.alpinelinux.org) (TXT) w3m dump (gitlab.alpinelinux.org) | Corrado wrote: | >"With the introduction of Rust to the base system, it may be | desirable to oxidize certain components which have high security | value in the system." | | This is such a great way to phrase this activity; I really hope | it catches on with other projects. | patcon wrote: | I also think it's neat. My read of it was that they were saying | it like "hardening at the surface", e.g., | https://www.sciencedirect.com/topics/materials-science/surfa... | | Though technically oxidization can either strengthen or weaken | a surface, so it's not a perfect phrasing, if so | nsajko wrote: | I don't know what do you like about the phrasing, but it's not | really friendly. The word "oxidize" used like that is clearly a | Rust community slang, so it signals that the author identifies | with the (a?) Rust community, but it also has the effect of | alienating those who are not members of the subculture. | | Apart from that, I find it strange that people are so brazen | with the whole "rewrite stuff in Rust" agenda. | alias_neo wrote: | I'm not a member of the Rust community (yet), but there was | no great leap to understand the oxidation "in-reference", it | may very well be community slang, but the link between | oxidation and rust in the English language is not at all | misunderstood. | | As for the agenda of re-write everything in Rust, I cannot | comment; as a software engineer I love re-writing things in | my new favourite language of the day, so my judgement is | clouded. | bluejekyll wrote: | I read that comment not as "re-write everything in Rust", | but more "rewrite a subset of components in Rust where it | might help with security and resiliency". | | Rust can certainly help with the latter, but very few | projects will ever have the funding or time to achieve the | former. | zozbot234 wrote: | Well, they have to start somewhere. It makes sense that | they would be picking the lowest-hanging fruit. | darig wrote: | I'm not a member of the subculture. It took me half a second | to figure out what they meant, and I thought to myself, | "clever". Rust community seems like good people. Then, I read | your comment and thought to myself, "nope, just a bunch of a | infighting retards, just like everywhere else". | | Apart from that, you suck. | Waterluvian wrote: | Do you mind explaining what it means to you and why you love | it? | | My guess is this means "help fuel the advancement of..." but | I'm having a slow day. | | I get that there's also a pun there I think? | [deleted] | [deleted] | cogburnd02 wrote: | I'd assume it meant 'rewrite in rust.' | bluejekyll wrote: | It probably means different things to different people. | Usually when I see the term "oxidize" it tends to mean | rewrite critical parts of software, but not necessarily the | entire thing (like swapping out the TLS library in a C | implementation for one in Rust, but the rest of the C | program remains the same). | | This would be different from rewriting the entire program | in Rust. | alderz wrote: | Metals get rust by an oxidation process. | SV_BubbleTime wrote: | I'm not Latin expert, but I think iron, or ferus metals are | the only ones that "rust". Raw aluminum starts oxidizing | the moment air hits it, anodizing is specially oxidizing | aluminum then dying it, and of course this is more true for | metals like potassium that dull while you are looking at | them, but I've never heard anyone say these metals "rust", | they oxidize. | djxfade wrote: | If iron oxidizes, it turns in to rust | kaladin-jasnah wrote: | Not OP, but I think "oxidize" here would refer to... | rewriting the components in Rust. | boulos wrote: | Do you specifically mean "oxidize"? If so, that's already the | term. If not, did you mean the "high-security value" part? | | Edit: https://wiki.mozilla.org/Oxidation is an example of the | history of the term, though amusingly it doesn't show up on | https://en.wikipedia.org/wiki/Rust_(programming_language) | olingern wrote: | > It is assumed that by following the steps in this proposal that | Alpine users will be presented with a functional Rust toolchain | which has a maintenance window of 2 years, that is also | supportable by the Rust community through its normal support | channels. | | I'm struggling to see the benefit of moving from community to | main. It seems more symbolic and geared towards making certain | guarantees for end users, but it's hard to grok that | RcouF1uZ4gsC wrote: | > I'm struggling to see the benefit of moving from community to | main | | I think this is about using Rust in the Alpine distribution | itself and having core components actually use Rust. | edoceo wrote: | At this point it's just getting ready to have the future | option of more core stuff in Rust. Step0:tooling; | Step1:packages | EwanToo wrote: | I think without that commitment, it's hard for the overall | Alpine distribution and other teams working on it to use Rust | as part of their toolchain. | pdimitar wrote: | This might be a little side-topic but IMO Alpine is famous for | having a small byte size footprint. | | I love Rust to tears but it produces fairly huge binaries even in | release mode and even with some symbols stripping. | | So if Alpine also plans to include various Rust tools I'd hope | that this will prompt the core team to also work on reducing the | sizes of the final Rust binaries. | | I don't want to sound entitled! I am very thankful to the entire | Rust team. And Rust is hugely important nowadays. It's just that | when it comes to distributing stuff in Dockerfiles (and fly.io, | and several others) the Rust binaries stick out like a sore | thumb. :\ They're fairly big. | dijit wrote: | Is alpine really going for "small" though? | | I'm not saying they're not small and haven't done a fantastic | job, but my impression is that this is due to being mostly | minimal in the default install; | | The reason I say this (and I could be wrong) is because the use | of musl for the libc means each binary kinda needs to include | it's own libc statically. | | This must make the binaries huge! | | Also, you can easily make small rust binaries, it's Golang (of | the two) that produces very large binaries. | | If you just follow the first two bits of advice from: | https://github.com/johnthagen/min-sized-rust you'll reduce your | binary sizes to near C++ levels. | AndyKelley wrote: | > the use of musl for the libc means each binary kinda needs | to include it's own libc statically. | | This is factually incorrect. Musl supports dynamic linking | and if you run `ldd` on any binary in Alpine you can see that | it dynamically links against musl libc. | dijit wrote: | Ah, fair enough. I did a little more digging and it seems | you can dynamically link rust binaries too now: | https://github.com/rust-lang/compiler-team/issues/422 | bredren wrote: | There was a thing in February where Python cryptography required | rust, which broke docker-compose installs via pip. [1] | | There was a fair amount of back and forth about version pinning-- | it affected a lot of builds. | | Even the issue on the crypto package about it was fairly tense. | Iirc, the dependency was rolled back. | | [1] | https://github.com/docker/compose/issues/8105#issuecomment-7... | gpm wrote: | > Iirc, the dependency was rolled back. | | I am fairly certain it was not, e.g. see this comment (or just | notice that there's still rust code in the codebase) | | https://github.com/pyca/cryptography/issues/5771#issuecommen... | | (Edit: Changed link to a better one) | reaperhulk wrote: | (I'm one of the cryptography authors) | | We did not roll back our dependency, no, although our current | release (3.4.x) allows you to disable Rust compilation via an | environment variable specifically so we could understand | where in the ecosystem challenges would occur. Our next | release (now 35.0 based partially on feedback from the | community around our unusual versioning) will hard depend on | it for all X509 ASN.1 parsing. During the months since we did | our first rust release, however, the `musllinux` | specification and implementation has been finished so we | expect to be able to ship binary wheels for Alpine very | shortly. I am actually working on that today, with the only | remaining blocker being an update to warehouse to allow wheel | upload. | adobrawy wrote: | The Rust was not rolled back from cryptography. The new version | of wheel and pip now use the precompiled wheel package for | cryptography. Therefore, installing that package does not | require the Rust compiler in Docker. However, this does not | guarantee that the installation of other Python packages with | Rust will also run smoothly. | LAC-Tech wrote: | Alpines biggest issue isn't that it doesn't have rust in main, | it's documentation. `apk` is a great package manager but a lot of | it is undocumented and you need to read the source. ___________________________________________________________________ (page generated 2021-09-18 23:00 UTC)