marcoallegretti/WEFT_OS
marcoallegretti/WEFT_OS
1
0
Fork 0
mirror of https://github.com/marcoallegretti/WEFT_OS.git synced 2026-03-26 17:03:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
WEFT_OS/README.md
Marco Allegretti 2ae05312dc docs: correct openSUSE package names verified against rpmfind 
- Replace Mesa-libEGL-devel and Mesa-libGLES-devel (do not exist on
  openSUSE) with libglvnd-devel (Khronos EGL/GLES dispatch headers)
- Replace libseat-devel (does not exist on openSUSE) with seatd-devel

Package names confirmed via rpmfind.net against Tumbleweed and Leap
repositories.
2026-03-12 20:52:34 +01:00

100 lines
4.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# WEFT OS
WEFT OS is a Wayland compositor and application runtime where every app is a WebAssembly component rendered in an isolated Servo WebView. No capability is granted by default; all resource access is declared in a per-app manifest and enforced at runtime.
## What is implemented
**Compositor**`weft-compositor` is a Smithay-based Wayland compositor with DRM/KMS and winit backends. It implements the `zweft-shell-unstable-v1` protocol extension, which typed shell slots (panel, application) register against.
**System shell**`weft-servo-shell` embeds Servo (feature-gated, `--features servo-embed`) and renders `system-ui.html` as a Wayland panel. Without `servo-embed`, the binary builds as a no-op stub. Navigation gestures from the compositor are forwarded to `weft-appd` over WebSocket.
**App shell**`weft-app-shell` is a per-process Servo host for application WebViews. It resolves `weft-app://<id>/ui/index.html`, injects a `weftIpc` WebSocket bridge into the page, and registers with the compositor as an application surface. Also feature-gated behind `servo-embed`.
**App daemon**`weft-appd` supervises sessions: spawns `weft-runtime`, waits for READY, spawns `weft-app-shell`, manages the per-session IPC relay between the Wasm component and the WebView, and handles session teardown. Wraps processes in systemd scopes (`CPUQuota=200%`, `MemoryMax=512M`) when available.
**Runtime**`weft-runtime` runs WASI Component Model binaries under Wasmtime 30 (`--features wasmtime-runtime`). Provides `weft:app/notify`, `weft:app/ipc`, `weft:app/fetch`, `weft:app/notifications`, and `weft:app/clipboard` host imports. Preopens filesystem paths according to declared capabilities.
**Package management**`weft-pack` handles check, sign, verify, install, uninstall, list, build-image (EROFS dm-verity), and info. Validates capability strings at check time.
**File portal**`weft-file-portal` is a per-session file proxy with a path allowlist and `..` blocking.
**Mount helper**`weft-mount-helper` is a setuid helper for EROFS dm-verity mount/umount via `veritysetup`.
**Demo apps**`examples/org.weft.demo.counter` and `examples/org.weft.demo.notes` are pre-built Wasm Component binaries (`wasm32-wasip2`, wit-bindgen 0.53) with HTML UIs, signed with a committed demo keypair.
## Repository layout
```
crates/ Rust workspace members
examples/ Demo app packages (wasm32-wasip2, not workspace members)
keys/ Demo Ed25519 keypair
protocol/ zweft-shell-unstable-v1 Wayland protocol XML
infra/
nixos/ NixOS VM configuration and package derivations
scripts/ check.ps1, check.sh
shell/ system-ui.html, weft-ui-kit.js
systemd/ service unit files
vm/ build.sh, run.sh (QEMU)
docs/
architecture.md Component map, IPC, capability table, env vars
security.md Capability model, process isolation, SpiderMonkey security boundary
building.md Build instructions for all targets
```
## Building
Linux system packages required (openSUSE):
```sh
sudo zypper install -y \
libwayland-devel libxkbcommon-devel libglvnd-devel \
libgbm-devel libdrm-devel libinput-devel seatd-devel libudev-devel \
systemd-devel pkg-config clang cmake python3
```
Build non-Servo crates:
```sh
cargo build --workspace --exclude weft-servo-shell --exclude weft-app-shell
```
Build Linux-only crates (no Servo):
```sh
cargo build -p weft-compositor -p weft-servo-shell -p weft-app-shell
```
Build with Servo embedding (3060 min, requires clang + python3):
```sh
cargo build -p weft-servo-shell --features servo-embed
cargo build -p weft-app-shell --features servo-embed
```
See `docs/building.md` for full instructions including Wasm component builds, NixOS VM, and signing.
## CI
Three jobs on every push and pull request:
- `cross-platform` — fmt, clippy, tests on Ubuntu and Windows
- `linux-only` — clippy and tests for compositor and shell crates
- `servo-embed-linux``cargo check --features servo-embed` for both servo crates
## Security
See `docs/security.md`. Key points:
- Capabilities declared in `wapp.toml`, validated at install, enforced at runtime
- Per-app OS processes with systemd cgroup limits
- WASI filesystem isolation via preopened directories
- Ed25519 package signing; optional EROFS dm-verity
- Optional seccomp BPF blocklist in `weft-runtime`
- SpiderMonkey is not sandbox-isolated beyond process-level isolation (see `docs/security.md`)
## Servo fork
- Repository: `https://github.com/marcoallegretti/servo`, branch `servo-weft`
- Base revision: `04ca254f`
- Patches: keyboard input, backdrop-filter in stylo
- See `crates/weft-servo-shell/SERVO_PIN.md` for Servo integration status and known limitations
Reference in a new issue View git blame Copy permalink