Return to Video

Debian_GNUHurd_status_update.webm

  • 0:03 - 0:04
    Let's talk about GNU/Hurd
  • 0:06 - 0:11
    For us it's a bit all about freedom 0,
    that is, the ability to use software,
  • 0:11 - 0:14
    basically, for any purpose.
  • 0:15 - 0:18
    And for us, the important thing is that
    you shouldn't have to ask
  • 0:18 - 0:21
    the system administrator for things.
  • 0:21 - 0:24
    You should be allowed to do
    whatever you want.
  • 0:24 - 0:31
    So for instance, why is fdisk, mke2fs,
    etc. hidden in /sbin?
  • 0:31 - 0:37
    I want to be able to build disk images,
    play with them, mount them, etc.
  • 0:38 - 0:45
    So just be able to work with the kind of
    disk and network access I have,
  • 0:45 - 0:46
    and do whatever I want with this.
  • 0:47 - 0:52
    It's about freedom to innovate as well, if
    I want to use an experimental filesystem,
  • 0:52 - 0:57
    just play with, without being afraid of
    crashing the machine.
  • 0:58 - 1:01
    You should be able to just
    run the file system
  • 1:01 - 1:06
    and let the system administrator be happy
    with this because it's safe to do this.
  • 1:09 - 1:14
    And also, it's a way to provide freedom
    from misbehaving programs
  • 1:14 - 1:18
    like a driver which doesn't work so well,
    some things like this.
  • 1:21 - 1:25
    Just to give an idea, in GNU/Hurd,
  • 1:25 - 1:29
    you have the kernel which does basically
    almost nothing,
  • 1:29 - 1:34
    just managing tasks, the memory and
    inter-process communications,
  • 1:34 - 1:38
    and then you have a lot of daemons
    doing the actual stuff,
  • 1:38 - 1:44
    so the pfinet is the TCP/IP stack,
    and ext2fs does the filesystem thing.
  • 1:44 - 1:48
    And then, you have the user,
    just running programs.
  • 1:49 - 1:55
    And these tools just, actually just talk
    to the daemons through the microkernel,
  • 1:55 - 2:00
    the microkernel doesn't do much, it just
    passes requests along.
  • 2:03 - 2:06
    For instance, if a server crashes,
    then that's fine.
  • 2:07 - 2:10
    For instance a driver crashes,
    or just hangs,
  • 2:10 - 2:17
    you just can kill and then pfinet
    will re-open a new instance of the driver
  • 2:17 - 2:24
    and it will just work, thanks to TCP just
    continuing to ping the other computer.
  • 2:25 - 2:28
    So it's just an error, it's not something
    of the death.
  • 2:29 - 2:33
    At some point on my desktop, I could
    switch off the light,
  • 2:33 - 2:36
    and then that would crash my laptop.
  • 2:36 - 2:43
    Because switching off the light would
    reboot my hard disk, USB hard disk,
  • 2:43 - 2:46
    and then the kernel of the laptop
    wouldn't like this.
  • 2:47 - 2:49
    This is not something which is
    supposed to happen.
  • 2:50 - 2:54
    So, with a server approach, this is
    completely fixed.
  • 2:55 - 3:00
    It's also easier to debug, it's really
    nice to be able to gdb a TCP/IP stack,
  • 3:00 - 3:07
    when there is something happening in there,
    just run gdb, you can gprof it, etc.
  • 3:09 - 3:11
    You can also dare more crazy things.
  • 3:11 - 3:17
    For instance, the Linux console doesn't
    support much, because we don't want to put
  • 3:17 - 3:19
    too much complex code in there.
  • 3:20 - 3:24
    On GNU/Hurd the console actually supports
    things like Chinese,
  • 3:24 - 3:26
    double-width support, etc.
  • 3:26 - 3:28
    which is not supported
    by the Linux console,
  • 3:28 - 3:31
    and that's right because you don't want
    to put too crazy stuff.
  • 3:32 - 3:36
    Here since it's just a userland program,
    then you're fine,
  • 3:36 - 3:41
    and so we do have Chinese support in,
    actually, textmode in the Debian Installer.
  • 3:45 - 3:52
    Just to show an example, so here I have
    ftpfs which uses the TCP/IP stack
  • 3:52 - 3:56
    to actually mount a remote directory,
  • 3:56 - 4:03
    and then I can use isofs to mount an ISO
    image which is inside that FTP server.
  • 4:04 - 4:10
    And then I can just let cp copy a file
    from the ISO image which is on the server.
  • 4:10 - 4:17
    So this translates that way, so I've done
    this command a long time ago,
  • 4:17 - 4:23
    just to say that "ftp:" in my home
    directory is whatever FTP,
  • 4:23 - 4:30
    and then I can take a "~/ftp:/etc." URL
    and give that to isofs
  • 4:30 - 4:33
    and then mount that on my "mnt",
  • 4:33 - 4:38
    and then I can just browse inside the ISO
    image, without having to download
  • 4:38 - 4:44
    the whole ISO image, without having to ask
    root for this kind of things, etc.
  • 4:45 - 4:49
    And I can also permanently store this
    in ext2fs.
  • 4:49 - 4:54
    So just to give an example, I have a
    translator on my signature files,
  • 4:54 - 4:59
    which just calls fortune, so when I
    "cat .signature" [demo],
  • 4:59 - 5:03
    I get one signature or another, because
    each time I open the file,
  • 5:03 - 5:07
    it's a new instance of fortune which is
    started.
  • 5:08 - 5:12
    You can see that, indeed, this is stored
    in my signature file.
  • 5:14 - 5:15
    So this is fun!
  • 5:17 - 5:23
    Another example: as a user, I can start
    my own TCP/IP stack,
  • 5:23 - 5:27
    tell it to use a virtual network
    interface,
  • 5:27 - 5:32
    and then put the TCP/IP service on some
    node in my home,
  • 5:32 - 5:38
    and then I can run openvpn to actually
    push and pull packets
  • 5:38 - 5:42
    from that virtual interface, and build a
    VPN with somewhere else.
  • 5:42 - 5:49
    And then I can remap the system, what is
    supposed to be the system TCP/IP stack
  • 5:49 - 5:51
    into my own socket,
  • 5:51 - 5:58
    and then I get a new shell for which the
    system TCP/IP stack is actually
  • 5:58 - 6:00
    my own TCP/IP stack.
  • 6:01 - 6:06
    So I can decide which program actually
    uses this TCP/IP stack,
  • 6:06 - 6:15
    and just do my own VPN without having to
    ask anything to the administrator.
  • 6:17 - 6:22
    But also, for instance it happens quite
    often that you have a binary,
  • 6:22 - 6:26
    maybe not sh, but like, python or perl
    or whatever,
  • 6:26 - 6:34
    you have a program which wants /bin/sh
    to be actually bash or whatever,
  • 6:34 - 6:39
    so I want to change this, so I can remap
    this, so for instance [demo]
  • 6:39 - 6:44
    if I look at sh, so as usual,
    oh it's green,
  • 6:44 - 6:46
    but you can see here that it's dash,
  • 6:46 - 6:53
    and if I remap /bin/sh into /bin/bash, for
    instance, I get a new shell where actually,
  • 6:53 - 7:02
    sh is not the same, so it's remapped into
    /bin/bash,
  • 7:02 - 7:04
    and so it's actually bash which actually
    shows up here.
  • 7:05 - 7:11
    So I do really choose how I work, what my
    environment looks like.
  • 7:12 - 7:18
    And for instance, I can remap the whole
    /bin directory into my own directory,
  • 7:18 - 7:22
    where I expose /bin, but also
    other things,
  • 7:22 - 7:27
    so that programs which have /bin/something
    hardcoded into them,
  • 7:27 - 7:32
    I can use them without having to ask the
    administrator to install stuff inside /bin.
  • 7:34 - 7:41
    So it's kind of interesting, a bit like
    stow, Nix, Guix, but done in a nice way.
  • 7:43 - 7:48
    How does it work? Well it's actually
    relatively simple in the principle,
  • 7:48 - 7:52
    it's simply that libc doesn't talk with
    the kernel or whatever,
  • 7:52 - 7:57
    it always uses RPCs, so to ask nicely
    about opening files etc.,
  • 7:57 - 8:04
    and so it's really natural in GNU/Hurd
    that you can redirect things.
  • 8:05 - 8:11
    So for instance, the remap translator here
    is like, maybe,
  • 8:11 - 8:13
    200-300 lines
    [Note of transcriptor: 150 actually],
  • 8:14 - 8:15
    because it's just a matter of
  • 8:15 - 8:20
    "you open a file, OK, I look at the file
    path, is it something I want to translate?
  • 8:20 - 8:23
    Yes, I translate that, and then I open
    the real file,
  • 8:23 - 8:27
    and give the new handle to the program",
  • 8:27 - 8:29
    and that's all, so it's extremely simple.
  • 8:32 - 8:37
    So everything in GNU/Hurd is an RPC and
    so it is interposable,
  • 8:37 - 8:44
    and then translators get exposed in the
    filesystem, we have seen the TCP/IP stack,
  • 8:44 - 8:47
    it's just a path inside the filesystem.
  • 8:48 - 8:53
    And then the user can decide whatever it
    wants to do to interpose whatever.
  • 8:54 - 8:59
    So, for instance fakeroot, in Linux,
    is quite big,
  • 8:59 - 9:03
    because it has to interpose libc symbols,
  • 9:03 - 9:07
    and every time libc invents something new,
    then it breaks in fakeroot
  • 9:07 - 9:15
    because fakeroot has to know about this
    new symbol, etc. and interpose them,
  • 9:15 - 9:18
    either through ptrace or ld or whatever.
  • 9:20 - 9:23
    In GNU/Hurd, fakeroot is, like,
    a thousand lines long,
  • 9:23 - 9:26
    because it just implements a few basic
    things,
  • 9:26 - 9:35
    and then everything just works, which just
    interpose basic authentication hooks,
  • 9:35 - 9:37
    and libc uses them all the time.
  • 9:39 - 9:44
    So it's fully virtualizable, and with
    a really fine grain interface,
  • 9:44 - 9:48
    because you can precisely decide
    which RPCs are interposed,
  • 9:48 - 9:51
    or which files in the filesystem
    are interposed.
  • 9:52 - 9:56
    And then you can just use your home
    directory, the TCP/IP stack,
  • 9:56 - 10:00
    and pile stuff over it, the way you want.
  • 10:02 - 10:06
    Just to give a crazy example, we have
    a lot of stuff,
  • 10:06 - 10:12
    I actually have an ISO image inside a
    partitioned disk image on FTP over a VPN.
  • 10:13 - 10:15
    And this is not so crazy.
  • 10:16 - 10:20
    Maybe the ISO image inside the partitioned
    disk, the ISO image is a bit too much,
  • 10:20 - 10:26
    but one file inside the partitioned disk
    image on FTP over VPN is not so crazy,
  • 10:26 - 10:31
    because maybe you are on a hostile
    network, so you have to use a VPN,
  • 10:31 - 10:35
    and then you want to access a file
    you know is inside a disk image,
  • 10:35 - 10:40
    I don't know, a known disk image which is
    provided on a public FTP server,
  • 10:40 - 10:44
    and you don't want to download the whole
    image just to get, I don't know,
  • 10:44 - 10:46
    the README file or something like this.
  • 10:46 - 10:49
    So it's not so crazy, and it just
    works nicely.
  • 10:52 - 10:55
    So a bit more Debian stuff.
  • 10:56 - 11:00
    Porting packages to Hurd is quite easy
    in principle,
  • 11:00 - 11:06
    because it's just a POSIX system, there is
    a lot more than just POSIX,
  • 11:06 - 11:08
    but it provides a POSIX interface.
  • 11:08 - 11:12
    So portable programs should be
    really fine.
  • 11:13 - 11:18
    Just for fun, some dumb issues, so for
    instance some programs think that
  • 11:18 - 11:21
    if it's not Linux or BSD, then they can
    include windows.h...
  • 11:22 - 11:23
    Why not...
  • 11:24 - 11:26
    If the system has mach.h, that must be
    MacOS,
  • 11:27 - 11:32
    because MacOS is the only system in the
    world that uses Mach, I don't know why...
  • 11:33 - 11:38
    Some people try to grep cpuinfo, which
    doesn't exist on GNU/Hurd yet,
  • 11:38 - 11:43
    and so they basically just run "make -j"
    which just explodes the system,
  • 11:43 - 11:49
    I mean even on a Linux system it's just
    the same, unless it's a small program,
  • 11:49 - 11:51
    but with a lot of C++ files it's horrible.
  • 11:52 - 11:59
    Some people include limits.h from linux/
    instead of just the standard one, well...
  • 12:01 - 12:04
    A problematic thing is people who
    hardcoded errno values;
  • 12:04 - 12:10
    the values of errno are not standardized,
    so you shouldn't hardcode them, like,
  • 12:10 - 12:13
    in testsuite results or things like this.
  • 12:14 - 12:18
    And quite often in configure it's
    hardcoded that
  • 12:18 - 12:22
    only Linux knows -lpthread or -ldl, etc.
  • 12:22 - 12:25
    so quite often programs are not
    generic enough,
  • 12:25 - 12:30
    and that's just easy to fix, but we have
    more and more of these.
  • 12:31 - 12:33
    So we have a porter page developing
    a bit more about these.
  • 12:35 - 12:42
    I wanted to talk a bit more about
    PATH_MAX, it is not defined on GNU/Hurd,
  • 12:42 - 12:47
    for very good reasons, and it is allowed
    by POSIX not to define it,
  • 12:47 - 12:51
    just to say that there is no limitation on
    the PATH_MAX value,
  • 12:52 - 12:54
    we don't have a limit on the size of
    the paths.
  • 12:55 - 12:59
    And indeed it has a fragile semantic, it
    has never meant
  • 12:59 - 13:04
    "a reasonable size for an array of
    characters to store a path".
  • 13:05 - 13:09
    On Linux it's 4000, that's a whole page,
  • 13:09 - 13:12
    that's a whole TLB entry for
    just one file name.
  • 13:13 - 13:17
    It's extremely costly, most people don't
    have so long paths,
  • 13:17 - 13:24
    and so it's really a pity to use so much
    memory, because it's always a whole page
  • 13:24 - 13:27
    because it will always be aligned
    on 4k etc.
  • 13:28 - 13:30
    So, well, that's a waste for one.
  • 13:31 - 13:35
    And paths can actually be longer,
    there is no strict limitation,
  • 13:35 - 13:40
    you can mkdir something, cd into that
    mkdir again, cd, etc.,
  • 13:40 - 13:44
    you can do that as much as you want,
    there is no limitation on this,
  • 13:44 - 13:45
    it's just that when you call
  • 13:45 - 13:51
    "get current working directory",
    you won't get it completely.
  • 13:52 - 13:57
    And actually, some programs misbehave
    in that case,
  • 13:57 - 14:01
    because they won't see these files,
    they will be quite actually hidden,
  • 14:01 - 14:03
    or protected, or I don't know,
  • 14:03 - 14:07
    you can not remove them just giving
    the path, you have to cd, cd, cd, cd,
  • 14:07 - 14:09
    and then you can access the file.
  • 14:11 - 14:15
    And for no reason, actually, because Linux
    inside doesn't have
  • 14:15 - 14:18
    such limitation, actually.
  • 14:19 - 14:25
    And also, it's stupid, but POSIX didn't
    really said precisely whether
  • 14:25 - 14:30
    the final \0 actually is included in
    PATH_MAX or not,
  • 14:30 - 14:34
    so people would allocate PATH_MAX+1,
    or maybe not.
  • 14:36 - 14:41
    So we have a lot of code which doesn't,
    maybe, actually work,
  • 14:41 - 14:45
    but nobody tests it, actually, because
    they would never have so long paths.
  • 14:46 - 14:49
    So I'm a bit afraid of all these codes
    using PATH_MAX.
  • 14:50 - 14:51
    You should be afraid as well.
  • 14:53 - 14:55
    Just to give an overview of the state.
  • 14:55 - 15:01
    We have a i386 support, we have a 64bit
    support which has started,
  • 15:01 - 15:02
    we have the kernel booting,
  • 15:02 - 15:07
    and now it's mostly translating between
    32 and 64 in our RPCs.
  • 15:08 - 15:16
    We have drivers for network boards as a
    userland translator, using the DDE layer.
  • 15:18 - 15:20
    We have disk, we have a Xen port.
  • 15:21 - 15:26
    We have a preliminary sound support
    which was announced today, using Rump,
  • 15:26 - 15:28
    the Rump kernel.
  • 15:28 - 15:30
    We don't have USB yet.
  • 15:31 - 15:36
    It is quite stable, I haven't reinstalled
    my boxes for, like, a decade,
  • 15:36 - 15:38
    I don't remember when I installed them,
    actually.
  • 15:38 - 15:43
    And then the buildd machines just keep
    building packages for weeks
  • 15:43 - 15:45
    without a problem.
  • 15:45 - 15:47
    We have 81% of the archive.
  • 15:48 - 15:52
    We have the native Debian Installer which
    is really working great.
  • 15:54 - 16:01
    Recent work is, like, interesting thing is,
    a distributed mtab translator
  • 16:01 - 16:04
    to provide /proc/mounts in a hurdish way.
  • 16:05 - 16:10
    We have quite a few optimizations which
    went in to improve the performance.
  • 16:12 - 16:15
    We had releases quite some time ago,
  • 16:15 - 16:17
    I really recommend to have a look at this
    one, it's fun.
  • 16:18 - 16:21
    We've some Wheezy and Jessie snapshots,
  • 16:21 - 16:25
    they are not official, but for us it's
    really an official thing.
  • 16:29 - 16:35
    An important thing I wanted to discuss
    this week is the removal from ftp-master.
  • 16:35 - 16:40
    This is due since quite a few years now,
    honestly,
  • 16:40 - 16:44
    it's really not useful to mirror the hurd
    packages over the whole world,
  • 16:44 - 16:49
    because there are not even as many users
    as the number of mirrors.
  • 16:50 - 16:56
    So OK, that's fine for just the removal
    from the main archive in terms of mirroring.
  • 16:56 - 16:59
    But then we have a lot of consequences.
  • 16:59 - 17:03
    For instance, buildd.debian.org is really
    an important thing,
  • 17:03 - 17:08
    because that is where the release team
    schedules transitions,
  • 17:08 - 17:13
    and loosing this, for us, would be really
    tedious work,
  • 17:13 - 17:17
    because I've been there, doing, actually,
    the transition work,
  • 17:17 - 17:22
    the same work as the release team, and
    it's really painful to do this again.
  • 17:24 - 17:26
    So we would really like to have a solution
    for this.
  • 17:27 - 17:31
    Maybe get that fed from debian-ports and,
  • 17:31 - 17:36
    then that's fine, we can be on
    debian-ports, as long as at least
  • 17:36 - 17:38
    there is some synchronization between
    something.
  • 17:39 - 17:44
    And also, getting exposed on the buildd
    package status page,
  • 17:44 - 17:49
    so that people are aware that there is
    some port which is failing,
  • 17:49 - 17:52
    and maybe they are keen on spending some
    time on it, maybe not,
  • 17:52 - 17:57
    but at least get them know about it.
  • 17:58 - 18:03
    And also, a corner thing, when we have
    a version upgrade, like gcc or perl,
  • 18:03 - 18:09
    the release team asks
    "OK, we'll have to upgrade the buildds",
  • 18:09 - 18:12
    and at the moment they don't even have
    an account on them,
  • 18:12 - 18:15
    so they can not check whether the version
    is good or not.
  • 18:18 - 18:20
    Maybe we should just provide an account,
  • 18:20 - 18:24
    we'd thus need to know who we need to give
    an account to.
  • 18:26 - 18:31
    Basically, my idea would be
    "OK, that's fine not being on ftp-master".
  • 18:32 - 18:36
    The thing is we still want to have most of
    the support of Debian,
  • 18:36 - 18:42
    to make our life less a burden,
    as much as possible,
  • 18:42 - 18:45
    without any extra load on
    the release team, etc.
  • 18:45 - 18:49
    We do understand well that we don't want
    to put work on people's hand.
  • 18:51 - 18:56
    But we would like to still get some benefit
    and probably there are solutions for this.
  • 18:57 - 19:05
    And conversely, all of this, I mean, not
    putting more work on us Hurd porters,
  • 19:05 - 19:10
    would actually be the same solutions that
    existing ports on debian-ports
  • 19:10 - 19:17
    would be really happy to have, to improve
    their life, to have less work to do,
  • 19:17 - 19:21
    than what they currently have,
    it's really a problem.
  • 19:21 - 19:26
    So maybe we want to think about a real
    status for Second Class Citizens,
  • 19:26 - 19:30
    like Hurd, but also the sparc, hppa, etc.
  • 19:30 - 19:36
    Maybe we want to have some BoF at some time,
    so we can gather and discuss about this.
  • 19:38 - 19:46
    Future work, the most interesting thing is
    probably using the Rump drivers,
  • 19:46 - 19:51
    because at the moment we use DDE but
    it's not really going forward.
  • 19:51 - 19:56
    We thought it would be a way to get newer
    drivers, Linux drivers,
  • 19:56 - 20:00
    without extra efforts, but it doesn't
    actually happen at the moment,
  • 20:00 - 20:06
    while Rump does go forward, we see work
    being done with Xen etc.
  • 20:07 - 20:09
    So this is probably a long-term solution.
  • 20:11 - 20:14
    Maybe we'll have another distribution
    through Guix.
  • 20:15 - 20:18
    This is progressing, we are quite far from
    doing this,
  • 20:18 - 20:24
    so for now Debian is really the only Hurd
    distribution that we have, so we'll see.
  • 20:25 - 20:32
    And of course, just come and have fun with
    your own pet project, just join, thanks!
  • 20:33 - 20:39
    [Applause]
  • 20:40 - 20:42
    [Michael Banck] Any quick questions before
    we run to lunch?
  • 20:53 - 20:55
    [Steve Chamberlain] Hello, I just wondered
  • 20:55 - 21:01
    if you're using Hurd on that laptop
    for the presentation?
  • 21:01 - 21:03
    [Samuel Thibault] Yeah, yeah,
    this is running Hurd, yes.
  • 21:03 - 21:05
    [SC] So it's quite, like, usable everyday?
  • 21:05 - 21:08
    [ST] Well, not everyday because
    without USB,
  • 21:08 - 21:12
    you can not mount a USB stick for instance,
    so that's quite inconvenient,
  • 21:12 - 21:15
    but yeah, I could probably use it everyday.
  • 21:16 - 21:20
    I don't, I mean, for work,
    I can not afford this, but yeah.
  • 21:20 - 21:23
    Also, we don't have wireless drivers
    at the moment.
  • 21:24 - 21:26
    We hope that with the Rump drivers
    we would get this.
  • 21:27 - 21:29
    So, yes.
  • 21:29 - 21:31
    Some people do use it everyday.
  • 21:31 - 21:32
    Not me.
  • 21:33 - 21:36
    [SC] But those would be the major thing
    missing for more people
  • 21:36 - 21:37
    to be able to use it.
  • 21:38 - 21:39
    OK, thanks.
  • 21:40 - 21:49
    [MB] Any more questions? We're run out of
    questions, then thanks again. Thanks.
  • 21:49 - 21:55
    [Applause]
Title:
Debian_GNUHurd_status_update.webm
Video Language:
English
Team:
Debconf
Projekt:
2015_debconf15

English subtitles

Revízie Compare revisions