marcoallegretti/karapace
1
0
Fork 0
mirror of https://github.com/marcoallegretti/karapace.git synced 2026-03-26 21:43:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
12 commits 2 branches 0 tags 746 KiB
Commit graph

12 commits

This branch
This branch
All branches
Author SHA1 Message Date
Marco Allegretti
5306963cce docs: comprehensive public documentation 
- docs/getting-started.md — install per distro, first use, common workflows
- docs/architecture.md — 9-crate dependency graph, design decisions, data flow
- docs/manifest-spec.md — manifest v1 specification
- docs/lock-spec.md — lock file v2 specification
- docs/store-spec.md — store format v2 specification
- docs/hash-contract.md — two-phase identity hashing algorithm
- docs/security-model.md — threat model, mount/device/env policy, privilege model
- docs/cli-stability.md — 23 stable commands, exit codes, stability guarantees
- docs/protocol-v1.md — remote protocol v1 draft
- docs/layer-limitations-v1.md — phase 1 layer limitations
- docs/api-reference.md — public API reference (Engine, D-Bus)
- docs/versioning-policy.md — semantic versioning, deprecation policy
- docs/verification.md — release artifact verification (SHA256, cosign, SBOM)
- docs/e2e-testing.md — E2E test guide with distro-specific prerequisites
- README.md — project overview, features, quick start, installation
- CONTRIBUTING.md — development setup, architecture principles, code standards
- CHANGELOG.md — full changelog for 0.1.0 and 2.0 hardening
 2026-02-22 18:38:41 +01:00
Marco Allegretti
155efdf7c9 feat: example manifests and service files 
- examples/minimal.toml — bare openSUSE system
- examples/dev.toml — developer tools (git, vim, tmux, gcc, clang)
- examples/gui-dev.toml — GUI development with GPU + audio passthrough
- examples/ubuntu-dev.toml — Ubuntu-based with Node.js, Python, build-essential
- examples/rust-dev.toml — Rust development environment
- data/dbus/org.karapace.Manager1.service — D-Bus service activation file
- data/systemd/karapace-dbus.service — hardened systemd user unit
 2026-02-22 18:38:24 +01:00
Marco Allegretti
38be2c584d feat: karapace-dbus — socket-activated D-Bus service with 11 methods 
- org.karapace.Manager1 D-Bus interface
- 11 methods: ListEnvironments, GetEnvironmentStatus, GetEnvironmentHash,
  BuildEnvironment, BuildNamedEnvironment, DestroyEnvironment, RunEnvironment,
  RenameEnvironment, ListPresets, GarbageCollect, VerifyStore
- Name-aware resolution (env_id, short_id, name, prefix)
- Desktop notifications via notify-rust (non-fatal if daemon unavailable)
- Typed serde response structs (no hand-rolled JSON)
- 30-second idle timeout for socket activation
- Hardened systemd unit: ProtectSystem=strict, ProtectHome=read-only,
  PrivateTmp, NoNewPrivileges
 2026-02-22 18:38:09 +01:00
Marco Allegretti
1416b0fc99 feat: karapace-cli — 23 commands, thin dispatcher, progress indicators 
- 23 commands, each in its own module under commands/
- Thin main.rs dispatcher with clap subcommand routing
- Progress spinners (indicatif) and colored state output (console)
- Environment resolution by env_id, short_id, name, or prefix
- Structured JSON output (--json) on all query commands
- --verbose/-v for debug, --trace for trace-level logging
- KARAPACE_LOG env var for fine-grained log control
- Exit codes: 0 success, 1 failure, 2 manifest error, 3 store error
- Prerequisite check before runtime operations
- Shell completions (bash/zsh/fish/elvish/powershell) and man page generation
 2026-02-22 18:37:54 +01:00
Marco Allegretti
4a90300807 feat: karapace-tui — interactive terminal UI for environment management 
- ratatui + crossterm based TUI
- List/Detail/Help views with vim-style keybindings (j/k, g/G, Enter, q)
- Search/filter (/), sort cycling (s/S)
- Freeze, archive, rename actions from UI
- Destroy with confirmation dialog
- Color-coded environment states
 2026-02-22 18:37:39 +01:00
Marco Allegretti
23ac53ba4d feat: karapace-server — reference remote server implementing protocol v1 
- tiny_http-based HTTP server for blob storage and registry
- Dual URL routing: /blobs/Kind/key and /kind_plural/key
- Blob CRUD: PUT, GET, HEAD, list by kind
- Registry: GET/PUT for name@tag references
- TestServer helper for integration testing
- 7 HTTP E2E tests: roundtrip, push/pull, concurrent clients, restart persistence
 2026-02-22 18:37:27 +01:00
Marco Allegretti
11034ee27a feat: karapace-remote — remote content-addressable store, push/pull, registry 
- RemoteBackend trait: put/get/has blob, registry operations
- HTTP backend (ureq): blob transfer with X-Karapace-Protocol header
- Push/pull transfer with blake3 integrity verification on pull
- JSON registry for name@tag references
- RemoteConfig: persistent server URL configuration
- Auth token support via Bearer header
- Header-capturing mock server for protocol verification tests
 2026-02-22 18:37:14 +01:00
Marco Allegretti
f535020600 feat: karapace-core — engine orchestration, lifecycle state machine, drift control 
- Engine: init → resolve → lock → build → enter/exec → freeze → archive → destroy
- Cached store_root_str avoiding repeated to_string_lossy() allocations
- WAL-protected build, enter, exec, destroy, commit, restore, GC operations
- Overlay drift detection: diff/commit/export via upper_dir scanning
- Deterministic snapshot commit with composite identity hashing
- Atomic restore via staging directory swap
- StoreLock: compile-time enforcement via type parameter on gc()
- Signal handler: SIGINT/SIGTERM graceful shutdown with AtomicBool
- Push/pull delegation to karapace-remote backend
- Crash recovery: stale .running marker cleanup on Engine::new()
- Integration tests, E2E tests, crash injection tests, ENOSPC simulation
- Criterion benchmarks: build, rebuild, commit, restore, GC, verify
 2026-02-22 18:37:02 +01:00
Marco Allegretti
8493831222 feat: karapace-runtime — namespace/OCI/mock backends, sandbox, host integration 
- RuntimeBackend trait: resolve, build, enter, exec, destroy, status
- Namespace backend: unshare + fuse-overlayfs + chroot (unprivileged)
- OCI backend: crun/runc/youki support
- Mock backend: deterministic test backend with configurable resolution
- Image downloading from images.linuxcontainers.org with blake3 verification
- Sandbox script generation with POSIX shell-quote injection prevention
- Host integration: Wayland, X11, PipeWire, PulseAudio, D-Bus, GPU, audio, SSH agent
- Desktop app export as .desktop files on the host
- SecurityPolicy: mount whitelist, device policy, env var allow/deny, resource limits
- Prerequisite detection with distro-specific install instructions
- OSC 777 terminal markers for container-aware terminals
 2026-02-22 18:36:46 +01:00
Marco Allegretti
4de311ebc7 feat: karapace-store — content-addressable object store, layers, metadata, WAL 
- ObjectStore: blake3-addressed objects, atomic writes (NamedTempFile + persist)
- Integrity verification on every read (hash comparison without String allocation)
- LayerStore: layer manifests with Base/Dependency/Policy/Snapshot kinds
- MetadataStore: environment state machine, naming, ref-counting, blake3 checksum
- GarbageCollector: signal-cancellable orphan cleanup, protects live references
- WriteAheadLog: crash recovery with typed rollback steps (RemoveDir/RemoveFile/ResetState)
- StoreLayout: #[inline] path accessors, store format v2 versioning
- Store migration: v1→v2 with atomic version file rewrite
- Deterministic tar packing/unpacking (sorted entries, zero timestamps, uid/gid 0)
- fsync_dir() for POSIX-portable rename durability
 2026-02-22 18:36:31 +01:00
Marco Allegretti
cdd13755a0 feat: karapace-schema — manifest v1, normalization, identity hashing, lock file v2 
- TOML manifest parsing with strict schema validation (deny_unknown_fields)
- Deterministic normalization: sorted packages, deduplication, canonical JSON
- Two-phase identity: preliminary (from manifest) and canonical (from lock)
- Lock file v2: resolved packages with pinned versions, base image content digest
- Dual lock verification: integrity (hash) and manifest intent (drift detection)
- Built-in presets: dev, dev-rust, dev-python, gui-app, gaming, minimal
- Blake3 256-bit hashing throughout
 2026-02-22 18:36:15 +01:00
Marco Allegretti
78d40c0d0a chore: project skeleton — workspace root, license (EUPL-1.2), deny config 
- Cargo workspace with 9 crates
- EUPL-1.2 license
- cargo-deny configuration for license/advisory auditing
- .gitignore for target/, docu_dev/, editor files
 2026-02-22 18:36:03 +01:00