[HN Gopher] Alpine Linux: Proposal to move Rust to main
___________________________________________________________________
Alpine Linux: Proposal to move Rust to main
Author : thecatster
Score : 128 points
Date : 2021-09-18 20:29 UTC (2 hours ago)
(HTM) web link (gitlab.alpinelinux.org)
(TXT) w3m dump (gitlab.alpinelinux.org)
| Corrado wrote:
| >"With the introduction of Rust to the base system, it may be
| desirable to oxidize certain components which have high security
| value in the system."
|
| This is such a great way to phrase this activity; I really hope
| it catches on with other projects.
| patcon wrote:
| I also think it's neat. My read of it was that they were saying
| it like "hardening at the surface", e.g.,
| https://www.sciencedirect.com/topics/materials-science/surfa...
|
| Though technically oxidization can either strengthen or weaken
| a surface, so it's not a perfect phrasing, if so
| nsajko wrote:
| I don't know what do you like about the phrasing, but it's not
| really friendly. The word "oxidize" used like that is clearly a
| Rust community slang, so it signals that the author identifies
| with the (a?) Rust community, but it also has the effect of
| alienating those who are not members of the subculture.
|
| Apart from that, I find it strange that people are so brazen
| with the whole "rewrite stuff in Rust" agenda.
| alias_neo wrote:
| I'm not a member of the Rust community (yet), but there was
| no great leap to understand the oxidation "in-reference", it
| may very well be community slang, but the link between
| oxidation and rust in the English language is not at all
| misunderstood.
|
| As for the agenda of re-write everything in Rust, I cannot
| comment; as a software engineer I love re-writing things in
| my new favourite language of the day, so my judgement is
| clouded.
| bluejekyll wrote:
| I read that comment not as "re-write everything in Rust",
| but more "rewrite a subset of components in Rust where it
| might help with security and resiliency".
|
| Rust can certainly help with the latter, but very few
| projects will ever have the funding or time to achieve the
| former.
| zozbot234 wrote:
| Well, they have to start somewhere. It makes sense that
| they would be picking the lowest-hanging fruit.
| darig wrote:
| I'm not a member of the subculture. It took me half a second
| to figure out what they meant, and I thought to myself,
| "clever". Rust community seems like good people. Then, I read
| your comment and thought to myself, "nope, just a bunch of a
| infighting retards, just like everywhere else".
|
| Apart from that, you suck.
| Waterluvian wrote:
| Do you mind explaining what it means to you and why you love
| it?
|
| My guess is this means "help fuel the advancement of..." but
| I'm having a slow day.
|
| I get that there's also a pun there I think?
| [deleted]
| [deleted]
| cogburnd02 wrote:
| I'd assume it meant 'rewrite in rust.'
| bluejekyll wrote:
| It probably means different things to different people.
| Usually when I see the term "oxidize" it tends to mean
| rewrite critical parts of software, but not necessarily the
| entire thing (like swapping out the TLS library in a C
| implementation for one in Rust, but the rest of the C
| program remains the same).
|
| This would be different from rewriting the entire program
| in Rust.
| alderz wrote:
| Metals get rust by an oxidation process.
| SV_BubbleTime wrote:
| I'm not Latin expert, but I think iron, or ferus metals are
| the only ones that "rust". Raw aluminum starts oxidizing
| the moment air hits it, anodizing is specially oxidizing
| aluminum then dying it, and of course this is more true for
| metals like potassium that dull while you are looking at
| them, but I've never heard anyone say these metals "rust",
| they oxidize.
| djxfade wrote:
| If iron oxidizes, it turns in to rust
| kaladin-jasnah wrote:
| Not OP, but I think "oxidize" here would refer to...
| rewriting the components in Rust.
| boulos wrote:
| Do you specifically mean "oxidize"? If so, that's already the
| term. If not, did you mean the "high-security value" part?
|
| Edit: https://wiki.mozilla.org/Oxidation is an example of the
| history of the term, though amusingly it doesn't show up on
| https://en.wikipedia.org/wiki/Rust_(programming_language)
| olingern wrote:
| > It is assumed that by following the steps in this proposal that
| Alpine users will be presented with a functional Rust toolchain
| which has a maintenance window of 2 years, that is also
| supportable by the Rust community through its normal support
| channels.
|
| I'm struggling to see the benefit of moving from community to
| main. It seems more symbolic and geared towards making certain
| guarantees for end users, but it's hard to grok that
| RcouF1uZ4gsC wrote:
| > I'm struggling to see the benefit of moving from community to
| main
|
| I think this is about using Rust in the Alpine distribution
| itself and having core components actually use Rust.
| edoceo wrote:
| At this point it's just getting ready to have the future
| option of more core stuff in Rust. Step0:tooling;
| Step1:packages
| EwanToo wrote:
| I think without that commitment, it's hard for the overall
| Alpine distribution and other teams working on it to use Rust
| as part of their toolchain.
| pdimitar wrote:
| This might be a little side-topic but IMO Alpine is famous for
| having a small byte size footprint.
|
| I love Rust to tears but it produces fairly huge binaries even in
| release mode and even with some symbols stripping.
|
| So if Alpine also plans to include various Rust tools I'd hope
| that this will prompt the core team to also work on reducing the
| sizes of the final Rust binaries.
|
| I don't want to sound entitled! I am very thankful to the entire
| Rust team. And Rust is hugely important nowadays. It's just that
| when it comes to distributing stuff in Dockerfiles (and fly.io,
| and several others) the Rust binaries stick out like a sore
| thumb. :\ They're fairly big.
| dijit wrote:
| Is alpine really going for "small" though?
|
| I'm not saying they're not small and haven't done a fantastic
| job, but my impression is that this is due to being mostly
| minimal in the default install;
|
| The reason I say this (and I could be wrong) is because the use
| of musl for the libc means each binary kinda needs to include
| it's own libc statically.
|
| This must make the binaries huge!
|
| Also, you can easily make small rust binaries, it's Golang (of
| the two) that produces very large binaries.
|
| If you just follow the first two bits of advice from:
| https://github.com/johnthagen/min-sized-rust you'll reduce your
| binary sizes to near C++ levels.
| AndyKelley wrote:
| > the use of musl for the libc means each binary kinda needs
| to include it's own libc statically.
|
| This is factually incorrect. Musl supports dynamic linking
| and if you run `ldd` on any binary in Alpine you can see that
| it dynamically links against musl libc.
| dijit wrote:
| Ah, fair enough. I did a little more digging and it seems
| you can dynamically link rust binaries too now:
| https://github.com/rust-lang/compiler-team/issues/422
| bredren wrote:
| There was a thing in February where Python cryptography required
| rust, which broke docker-compose installs via pip. [1]
|
| There was a fair amount of back and forth about version pinning--
| it affected a lot of builds.
|
| Even the issue on the crypto package about it was fairly tense.
| Iirc, the dependency was rolled back.
|
| [1]
| https://github.com/docker/compose/issues/8105#issuecomment-7...
| gpm wrote:
| > Iirc, the dependency was rolled back.
|
| I am fairly certain it was not, e.g. see this comment (or just
| notice that there's still rust code in the codebase)
|
| https://github.com/pyca/cryptography/issues/5771#issuecommen...
|
| (Edit: Changed link to a better one)
| reaperhulk wrote:
| (I'm one of the cryptography authors)
|
| We did not roll back our dependency, no, although our current
| release (3.4.x) allows you to disable Rust compilation via an
| environment variable specifically so we could understand
| where in the ecosystem challenges would occur. Our next
| release (now 35.0 based partially on feedback from the
| community around our unusual versioning) will hard depend on
| it for all X509 ASN.1 parsing. During the months since we did
| our first rust release, however, the `musllinux`
| specification and implementation has been finished so we
| expect to be able to ship binary wheels for Alpine very
| shortly. I am actually working on that today, with the only
| remaining blocker being an update to warehouse to allow wheel
| upload.
| adobrawy wrote:
| The Rust was not rolled back from cryptography. The new version
| of wheel and pip now use the precompiled wheel package for
| cryptography. Therefore, installing that package does not
| require the Rust compiler in Docker. However, this does not
| guarantee that the installation of other Python packages with
| Rust will also run smoothly.
| LAC-Tech wrote:
| Alpines biggest issue isn't that it doesn't have rust in main,
| it's documentation. `apk` is a great package manager but a lot of
| it is undocumented and you need to read the source.
___________________________________________________________________
(page generated 2021-09-18 23:00 UTC)