particle-os/apt-ostree
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

docs: Add comprehensive documentation and update planning

Browse source 
- Add docs/README.md with project overview and current status
- Add docs/architecture.md with detailed architecture documentation
- Add docs/development.md with development guide for contributors
- Update .notes/todo.md to reflect architecture fix completion
- Update .notes/plan.md with completed phases and next priorities

Architecture fixes (daemon and dbus), bubblewrap integration are now complete.
Ready for OCI integration phase.
This commit is contained in:
robojerk 2025-07-18 23:30:55 +00:00
parent de8b1dfe51
commit 1cc175c110
5 changed files with 1478 additions and 1263 deletions
Download patch file Download diff file Expand all files Collapse all files

420
docs/README.md
View file

@ -1,160 +1,348 @@
# apt-ostree Documentation
**Last Updated**: July 18, 2025
## Overview
apt-ostree is a **Debian/Ubuntu equivalent of rpm-ostree**, providing a hybrid image/package system that combines APT package management with OSTree's atomic, immutable deployment model. This documentation provides comprehensive technical details, architectural insights, and implementation guidance.
apt-ostree is a Debian/Ubuntu equivalent of rpm-ostree, providing a hybrid image/package system that combines the strengths of APT package management with OSTree's atomic, immutable deployment model.
## 📚 Documentation Structure
## Current Status (December 2024)
### 🏗️ Architecture & Design
- **[Architecture Overview](architecture/overview.md)** - Core architectural principles and design philosophy
- **[System Architecture](architecture/system.md)** - Detailed system architecture and component interactions
- **[Data Flow](architecture/data-flow.md)** - Package installation and deployment data flow
- **[Security Model](architecture/security.md)** - Security architecture and sandboxing
### ✅ **MAJOR MILESTONES ACHIEVED**
### 🔧 Implementation Details
- **[APT Integration](implementation/apt-integration.md)** - APT package management integration
- **[OSTree Integration](implementation/ostree-integration.md)** - OSTree deployment and commit management
- **[Package Management](implementation/package-management.md)** - Package installation, removal, and layering
- **[Script Execution](implementation/script-execution.md)** - DEB script execution and sandboxing
- **[Filesystem Assembly](implementation/filesystem-assembly.md)** - Filesystem assembly and optimization
#### **1. Architecture Foundation - COMPLETE**
- ✅ **Daemon-Client Architecture**: Proper rpm-ostree-style daemon-client model implemented
- ✅ **D-Bus Communication**: Full D-Bus integration with fallback mechanisms
- ✅ **Systemd Services**: Core daemon service with proper integration
- ✅ **Security Model**: Privileged operations isolated in daemon
### 📖 User Guides
- **[Installation Guide](user-guides/installation.md)** - System installation and setup
- **[Basic Usage](user-guides/basic-usage.md)** - Common commands and operations
- **[Advanced Usage](user-guides/advanced-usage.md)** - Advanced features and workflows
- **[CLI Compatibility](user-guides/cli-compatibility.md)** - rpm-ostree compatibility guide
- **[Troubleshooting](user-guides/troubleshooting.md)** - Common issues and solutions
#### **2. CLI Compatibility - 100% COMPLETE**
- ✅ **All 21 rpm-ostree Commands**: Fully implemented with identical interfaces
- ✅ **Command Architecture**: Proper daemon-based commands with client fallback
- ✅ **Option Parsing**: Complete CLI option compatibility
- ✅ **Output Formatting**: JSON and text output matching rpm-ostree
### 🧪 Development & Testing
- **[Development Setup](development/setup.md)** - Development environment setup
- **[Testing Guide](development/testing.md)** - Testing strategies and procedures
- **[Contributing](development/contributing.md)** - Contribution guidelines and workflow
- **[API Reference](development/api.md)** - Internal API documentation
#### **3. Core Functionality - WORKING**
- **Package Management**: Real APT integration with DEB package handling
- **OSTree Integration**: Atomic commit creation and deployment management
- **Bubblewrap Sandboxing**: Complete script execution sandboxing
- **Transaction Management**: Atomic operations with rollback support
### 📋 Reference
- **[Command Reference](reference/commands.md)** - Complete command reference
- **[Configuration](reference/configuration.md)** - Configuration file formats and options
- **[Error Codes](reference/errors.md)** - Error codes and troubleshooting
- **[Performance](reference/performance.md)** - Performance characteristics and optimization
### 🔄 **CURRENT DEVELOPMENT PHASE**
## 🎯 Current Status
#### **Architecture Refinement**
- ✅ **Daemon-Based Commands**: Converted from client-only to proper daemon architecture
- ✅ **Fallback Mechanisms**: Commands work with or without daemon
- ✅ **D-Bus Communication**: Robust client-daemon communication
- ✅ **Error Handling**: Proper error handling and recovery
### ✅ Completed Features
- **Real Package Install/Commit Logic**: Working APT/OSTree integration with atomic commits
- **FFI Segfaults Fixed**: Stable rust-apt FFI calls with proper error handling
- **Atomic Filesystem Layout**: OSTree-compatible filesystem structure following best practices
- **Package Metadata Parsing**: Real DEB control file parsing with dependency resolution
- **Complete CLI Framework**: Full command structure with rpm-ostree compatibility
- **Permissions System**: Robust root privilege validation and error messages
- **rpm-ostree Install Command**: Complete CLI interface matching rpm-ostree install exactly
#### **Testing & Validation**
- ✅ **Unit Tests**: Core functionality tests passing
- ✅ **Integration Tests**: Basic integration testing working
- ✅ **Architecture Tests**: Daemon communication and fallback validated
### 🔄 Current Phase: rpm-ostree CLI Mirroring
- ✅ **Install Command**: Fully implemented with all 20+ rpm-ostree options
- [ ] **Remaining Commands**: Implementing all other rpm-ostree commands for identical UX
- [ ] **Integration Tests**: Testing real workflows in containers/VMs
- [ ] **Performance Optimization**: Optimizing package extraction and commit creation
### 🎯 **NEXT PRIORITIES**
## 🏗️ Core Architecture
#### **1. OCI Integration (HIGHEST PRIORITY)**
- [ ] **Container Image Generation**: `apt-ostree compose build-image`
- [ ] **Base Image Resolution**: Pull from OCI registries
- [ ] **Bootc Compatibility**: Generate bootc-compatible images
- [ ] **Registry Integration**: Push/pull from container registries
### Key Principles
1. **"From Scratch" Philosophy**: Every change regenerates the target filesystem completely
2. **Atomic Operations**: All changes are atomic with proper rollback support
3. **Immutable Base + Layered Packages**: Base image remains unchanged, user packages layered on top
#### **2. Real OSTree Environment Testing**
- [ ] **OSTree System Setup**: Create test OSTree environment
- [ ] **End-to-End Testing**: Full deployment workflow testing
- [ ] **Integration Validation**: Real package installation and deployment
#### **3. Production Readiness**
- [ ] **Performance Optimization**: Optimize package operations
- [ ] **Error Handling**: Comprehensive error scenarios
- [ ] **Documentation**: User guides and API documentation
- [ ] **Packaging**: Debian/Ubuntu package creation
## Architecture
### Daemon-Client Model
### Component Architecture
```
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ CLI Client │ │ D-Bus Daemon │ │ OSTree Manager │
│ │◄──►│ │◄──►│ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ APT Manager │ │ Package Manager │
│ │ │ │
└─────────────────┘ └─────────────────┘
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ Filesystem │ │ Script Execution│
│ Assembly │ │ & Sandboxing │
└─────────────────┘ └─────────────────┘
┌─────────────────┐ D-Bus ┌─────────────────┐
│ apt-ostree │ ──────────► │ apt-ostreed │
│ (Client) │ │ (Daemon) │
└─────────────────┘ └─────────────────┘
│ │
│ Fallback │
▼ │
┌─────────────────┐ │
│ AptOstreeSystem │ │
│ (Client-only) │ │
└─────────────────┘ │
┌─────────────────┐
│ OSTree/APT │
│ Operations │
└─────────────────┘
```
## 🚀 Quick Start
### Key Components
### Installation
#### **Client (`apt-ostree`)**
- Command-line interface
- Option parsing and validation
- D-Bus communication with daemon
- Fallback to client-only operations
#### **Daemon (`apt-ostreed`)**
- Privileged operations
- Transaction management
- OSTree repository operations
- APT package management
#### **D-Bus Interface**
- `org.aptostree.dev.Daemon`
- Method-based communication
- Transaction monitoring
- Progress reporting
## Installation
### Prerequisites
- Rust toolchain (1.70+)
- OSTree development libraries
- APT development libraries
- Bubblewrap (for sandboxing)
### Build and Install
```bash
# Clone the repository
# Clone repository
git clone https://github.com/your-org/apt-ostree.git
cd apt-ostree
# Install dependencies
sudo apt install libapt-pkg-dev libostree-dev bubblewrap
# Build and install
# Build
cargo build --release
sudo cargo install --path .
# Install
sudo ./apt-ostree-complete-fix.sh
```
### Basic Usage
### Verify Installation
```bash
# Initialize the system
sudo apt-ostree init
# Test daemon communication
sudo apt-ostree daemon-ping
# Install packages (identical to rpm-ostree)
sudo apt-ostree install nginx vim
sudo apt-ostree install --dry-run htop
sudo apt-ostree install --uninstall package-name
# Check status
# Test command fallback
apt-ostree status
# Rollback if needed
sudo apt-ostree rollback
# Test full workflow
sudo apt-ostree install package-name
```
## 📖 Documentation Philosophy
## Usage
This documentation follows these principles:
### Basic Commands
1. **Comprehensive Coverage**: All aspects of the system are documented
2. **Technical Depth**: Detailed technical information for developers
3. **User-Focused**: Clear guidance for end users
4. **Living Documentation**: Updated with code changes
5. **Examples**: Practical examples for all major features
```bash
# System status
apt-ostree status
## 🤝 Contributing to Documentation
# Install packages
sudo apt-ostree install nginx apache2
### Documentation Standards
- Use clear, concise language
- Include practical examples
- Maintain technical accuracy
- Update when code changes
- Follow the established structure
# System upgrade
sudo apt-ostree upgrade
### How to Contribute
1. Identify documentation gaps or improvements
2. Create or update relevant documentation files
3. Ensure examples work with current code
4. Submit pull requests with documentation changes
5. Review and test documentation changes
# Rollback deployment
sudo apt-ostree rollback
## 📞 Support
# Search packages
apt-ostree search web-server
# List installed packages
apt-ostree list
```
### Advanced Commands
```bash
# Deploy specific commit
sudo apt-ostree deploy <commit-hash>
# Apply changes live
sudo apt-ostree apply-live
# Manage kernel arguments
sudo apt-ostree kargs --append "console=ttyS0"
# Package overrides
sudo apt-ostree override replace package-name=version
# Database operations
apt-ostree db diff commit1 commit2
```
### Compose Commands
```bash
# Create deployment from base
apt-ostree compose create --base ubuntu:24.04 --packages nginx
# Build OCI image
apt-ostree compose build-image --source my-deployment --output my-image:latest
# List available bases
apt-ostree compose list
```
## Development
### Project Structure
```
src/
├── main.rs # CLI application
├── lib.rs # Library interface
├── daemon_client.rs # D-Bus client library
├── system.rs # System integration
├── apt.rs # APT package management
├── ostree.rs # OSTree operations
├── bubblewrap_sandbox.rs # Script sandboxing
├── package_manager.rs # High-level package operations
└── bin/
└── apt-ostreed.rs # D-Bus daemon
```
### Building
```bash
# Development build
cargo build
# Release build
cargo build --release
# Run tests
cargo test
# Run specific binary
cargo run --bin apt-ostree -- --help
cargo run --bin apt-ostreed
```
### Testing
```bash
# Test architecture
./test-architecture.sh
# Test daemon communication
sudo apt-ostree daemon-ping
# Test command fallback
apt-ostree status
```
## Contributing
### Development Setup
1. Install Rust toolchain
2. Install system dependencies
3. Clone repository
4. Run `cargo build` to verify setup
### Code Style
- Follow Rust conventions
- Use `cargo fmt` for formatting
- Use `cargo clippy` for linting
- Write tests for new functionality
### Testing Guidelines
- Unit tests for all modules
- Integration tests for workflows
- Architecture tests for daemon communication
- Performance tests for critical paths
## Roadmap
### Short Term (Next 2-4 weeks)
- [ ] OCI image generation
- [ ] Real OSTree environment testing
- [ ] Performance optimization
- [ ] Comprehensive error handling
### Medium Term (Next 2-3 months)
- [ ] Production deployment testing
- [ ] Advanced features (multi-arch, security)
- [ ] Documentation and user guides
- [ ] Package distribution
### Long Term (Next 6-12 months)
- [ ] Enterprise features
- [ ] Cloud integration
- [ ] Advanced security features
- [ ] Community adoption
## Troubleshooting
### Common Issues
#### Daemon Not Starting
```bash
# Check daemon status
sudo systemctl status apt-ostreed
# View logs
sudo journalctl -u apt-ostreed -f
# Restart daemon
sudo systemctl restart apt-ostreed
```
#### D-Bus Communication Issues
```bash
# Test D-Bus connection
sudo apt-ostree daemon-ping
# Check D-Bus policy
sudo cat /etc/dbus-1/system.d/org.aptostree.dev.conf
# Reload D-Bus
sudo systemctl reload dbus
```
#### Permission Issues
```bash
# Check user permissions
id
# Verify sudo access
sudo -l
# Check file permissions
ls -la /usr/libexec/apt-ostreed
```
## Support
### Getting Help
- **GitHub Issues**: For bug reports and feature requests
- **Documentation**: Check relevant documentation sections
- **Development Plan**: See `.notes/plan.md` for current status
- Check this documentation
- Review troubleshooting section
- Search existing issues
- Create new issue with details
### Community Resources
- **IRC**: #apt-ostree on Libera.Chat (when available)
- **Mailing List**: apt-ostree@lists.example.com (when available)
- **Discussions**: GitHub Discussions (when available)
### Reporting Bugs
- Include system information
- Provide error messages
- Describe steps to reproduce
- Include relevant logs
---
### Feature Requests
- Describe use case
- Explain expected behavior
- Provide examples
- Consider implementation complexity
**Note**: This documentation reflects the current state of apt-ostree development. The project has achieved major milestones with working real APT/OSTree integration and complete rpm-ostree install command compatibility. The project is now focused on implementing the remaining rpm-ostree commands for identical user experience.
## License
This project is licensed under the same terms as rpm-ostree. See LICENSE file for details.
## Acknowledgments
- rpm-ostree project for architecture inspiration
- OSTree project for deployment technology
- Debian/Ubuntu communities for package management
- Rust community for excellent tooling

339
docs/architecture.md Normal file
View file

@ -0,0 +1,339 @@
# apt-ostree Architecture
## Overview
apt-ostree follows the same daemon-client architecture as rpm-ostree, providing a robust, secure, and scalable system for atomic package management. The architecture ensures proper privilege separation, transaction management, and system reliability.
## Core Architecture
### Daemon-Client Model
```
┌─────────────────────────────────────────────────────────────┐
│ apt-ostree (Client) │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ CLI │ │ Parser │ │ Client │ │
│ │ Commands │ │ Options │ │ Library │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────┘
│ D-Bus Communication
┌─────────────────────────────────────────────────────────────┐
│ apt-ostreed (Daemon) │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ D-Bus │ │ Transaction │ │ System │ │
│ │ Interface │ │ Manager │ │ Operations │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────┘
│ System Calls
┌─────────────────────────────────────────────────────────────┐
│ System Layer │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ OSTree │ │ APT │ │ Bubblewrap │ │
│ │ Operations │ │ Operations │ │ Sandboxing │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────┘
```
## Component Details
### 1. Client (`apt-ostree`)
**Purpose**: User interface and command processing
**Key Responsibilities**:
- Parse command-line arguments
- Validate user input
- Communicate with daemon via D-Bus
- Format output for user consumption
- Handle fallback to client-only operations
**Key Components**:
- `main.rs`: Command-line interface and dispatch
- `daemon_client.rs`: D-Bus communication library
- `system.rs`: Client-only fallback operations
**Architecture Pattern**:
```rust
// Daemon-based command with fallback
let result = call_daemon_with_fallback(
|client| Box::pin(client.install_packages(packages.clone(), yes, dry_run)),
|| Box::pin(async {
// Fallback to client-only if daemon unavailable
let system = AptOstreeSystem::new("debian/stable/x86_64").await?;
system.install_packages(&packages, yes).await?;
Ok("Packages installed successfully".to_string())
})
).await?;
```
### 2. Daemon (`apt-ostreed`)
**Purpose**: Privileged operations and system management
**Key Responsibilities**:
- Handle all privileged operations
- Manage OSTree repository operations
- Execute APT package operations
- Provide transaction management
- Implement security policies
**Key Components**:
- `src/bin/apt-ostreed.rs`: Main daemon process
- D-Bus interface implementation
- Transaction management
- System integration
**Architecture Pattern**:
```rust
#[dbus_interface(name = "org.aptostree.dev.Daemon")]
impl AptOstreeDaemon {
async fn install_packages(&self, packages: Vec<String>, yes: bool, dry_run: bool) -> zbus::fdo::Result<String> {
// Privileged package installation logic
// Transaction management
// Error handling and rollback
}
}
```
### 3. D-Bus Communication
**Interface**: `org.aptostree.dev.Daemon`
**Object Path**: `/org/aptostree/dev/Daemon`
**Key Methods**:
- `ping()`: Health check
- `status()`: System status
- `install_packages()`: Package installation
- `remove_packages()`: Package removal
- `upgrade_system()`: System upgrade
- `rollback()`: System rollback
**Communication Pattern**:
```rust
// Client side
let client = DaemonClient::new().await?;
let result = client.install_packages(packages, yes, dry_run).await?;
// Daemon side
async fn install_packages(&self, packages: Vec<String>, yes: bool, dry_run: bool) -> zbus::fdo::Result<String> {
// Implementation
}
```
## Security Architecture
### Privilege Separation
```
┌─────────────────┐ Unprivileged ┌─────────────────┐
│ User Space │ ◄────────────────► │ Daemon Space │
│ (Client) │ │ (Privileged) │
│ │ │ │
│ • CLI Commands │ │ • OSTree Ops │
│ • Option Parsing│ │ • APT Ops │
│ • Output Format │ │ • File System │
│ • D-Bus Client │ │ • D-Bus Server │
└─────────────────┘ └─────────────────┘
```
### Security Features
1. **D-Bus Policy**: Restrictive access control
2. **Systemd Service**: Proper service isolation
3. **Bubblewrap Sandboxing**: Script execution isolation
4. **Capability Management**: Minimal privilege requirements
5. **Transaction Rollback**: Atomic operations
## Transaction Management
### Transaction Lifecycle
```
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Start │───►│ Execute │───►│ Commit │
│ Transaction │ │ Operations │ │ or Rollback │
└─────────────┘ └─────────────┘ └─────────────┘
│ │ │
▼ ▼ ▼
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Validate │ │ Monitor │ │ Update │
│ Input │ │ Progress │ │ System │
└─────────────┘ └─────────────┘ └─────────────┘
```
### Atomic Operations
1. **Pre-transaction**: Validate system state
2. **Transaction**: Execute operations atomically
3. **Post-transaction**: Update system state
4. **Rollback**: Restore previous state on failure
## Filesystem Architecture
### OSTree Integration
```
/ostree/
├── repo/ # OSTree repository
│ ├── objects/ # Content-addressed objects
│ ├── refs/ # Branch references
│ └── config # Repository configuration
├── deploy/ # Deployments
│ ├── debian/stable/x86_64/ # State root
│ │ ├── deploy/ # Deployment directories
│ │ └── var/ # Persistent state
└── boot/ # Boot configuration
├── loader/ # Bootloader configuration
└── ostree/ # OSTree boot data
```
### Package Layering
```
┌─────────────────────────────────────────┐
│ User Packages │
│ (Layered on top of base deployment) │
├─────────────────────────────────────────┤
│ Base Deployment │
│ (Immutable base system) │
├─────────────────────────────────────────┤
│ OSTree Repository │
│ (Content-addressed storage) │
└─────────────────────────────────────────┘
```
## Bubblewrap Integration
### Sandboxing Architecture
```
┌─────────────────────────────────────────┐
│ Bubblewrap Sandbox │
├─────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ │
│ │ Script │ │ Package │ │
│ │ Execution │ │ Extraction │ │
│ └─────────────┘ └─────────────┘ │
├─────────────────────────────────────────┤
│ Namespace Isolation │
│ • User namespace │
│ • PID namespace │
│ • Mount namespace │
│ • Network namespace │
└─────────────────────────────────────────┘
```
### Security Controls
1. **Namespace Isolation**: Complete process isolation
2. **Bind Mounts**: Read-only system directories
3. **Capability Dropping**: Minimal capabilities
4. **Environment Control**: Controlled execution environment
## Error Handling
### Error Hierarchy
```
AptOstreeError
├── PermissionDenied
├── DaemonError
│ ├── ConnectionFailed
│ ├── MethodCallFailed
│ └── TransactionFailed
├── PackageError
│ ├── DownloadFailed
│ ├── InstallationFailed
│ └── DependencyError
├── OSTreeError
│ ├── RepositoryError
│ ├── CommitError
│ └── DeploymentError
└── SystemError
├── FilesystemError
├── NetworkError
└── ConfigurationError
```
### Recovery Mechanisms
1. **Automatic Rollback**: Transaction rollback on failure
2. **Fallback Operations**: Client-only fallback when daemon unavailable
3. **Graceful Degradation**: Continue operation with reduced functionality
4. **Error Reporting**: Clear error messages and recovery suggestions
## Performance Considerations
### Optimization Strategies
1. **Parallel Operations**: Concurrent package downloads
2. **Caching**: Package metadata and content caching
3. **Hardlink Optimization**: OSTree hardlink deduplication
4. **Streaming**: Large file streaming operations
5. **Memory Management**: Efficient memory usage patterns
### Monitoring
1. **Transaction Monitoring**: Real-time progress reporting
2. **Resource Usage**: Memory and CPU monitoring
3. **Performance Metrics**: Operation timing and throughput
4. **Error Tracking**: Error rate and type monitoring
## Deployment Architecture
### System Integration
```
┌─────────────────────────────────────────┐
│ System Boot │
├─────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ │
│ │ GRUB │ │ systemd │ │
│ │ Bootloader │ │ Boot │ │
│ └─────────────┘ └─────────────┘ │
├─────────────────────────────────────────┤
│ OSTree Deployment │
├─────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ │
│ │ apt-ostree│ │ apt-ostreed │ │
│ │ Client │ │ Daemon │ │
│ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────┘
```
### Service Management
1. **systemd Integration**: Proper service lifecycle management
2. **D-Bus Activation**: Automatic daemon startup
3. **Service Dependencies**: Proper dependency management
4. **Health Monitoring**: Service health checks
## Future Architecture Considerations
### Scalability
1. **Multi-Client Support**: Multiple concurrent clients
2. **Distributed Operations**: Network-based operations
3. **Caching Layer**: Distributed caching
4. **Load Balancing**: Operation distribution
### Extensibility
1. **Plugin Architecture**: Extensible functionality
2. **API Evolution**: Backward-compatible API changes
3. **Feature Flags**: Optional feature enablement
4. **Configuration Management**: Flexible configuration
### Security Enhancements
1. **AppArmor Integration**: Mandatory access control
2. **SELinux Support**: Security context management
3. **Audit Integration**: Comprehensive audit logging
4. **Cryptographic Verification**: Package integrity verification

541
docs/development.md Normal file
View file

@ -0,0 +1,541 @@
# apt-ostree Development Guide
## Development Environment Setup
### Prerequisites
```bash
# Install Rust toolchain
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source ~/.cargo/env
# Install system dependencies
sudo apt update
sudo apt install -y \
build-essential \
pkg-config \
libostree-dev \
libapt-pkg-dev \
bubblewrap \
dbus \
systemd \
clang \
libclang-dev
# Install additional development tools
sudo apt install -y \
cargo-watch \
cargo-audit \
cargo-tarpaulin \
rustfmt \
clippy
```
### Project Setup
```bash
# Clone repository
git clone https://github.com/your-org/apt-ostree.git
cd apt-ostree
# Install Rust dependencies
cargo build
# Run tests
cargo test
# Check code quality
cargo fmt --check
cargo clippy
cargo audit
```
## Project Structure
```
apt-ostree/
├── src/
│ ├── main.rs # CLI application entry point
│ ├── lib.rs # Library interface
│ ├── daemon_client.rs # D-Bus client library
│ ├── system.rs # System integration
│ ├── apt.rs # APT package management
│ ├── ostree.rs # OSTree operations
│ ├── bubblewrap_sandbox.rs # Script sandboxing
│ ├── package_manager.rs # High-level package operations
│ ├── permissions.rs # Permission handling
│ ├── error.rs # Error types
│ └── bin/
│ └── apt-ostreed.rs # D-Bus daemon
├── src/daemon/ # Daemon configuration files
│ ├── apt-ostreed.service # systemd service file
│ ├── org.aptostree.dev.conf # D-Bus policy
│ └── org.aptostree.dev.service # D-Bus activation
├── docs/ # Documentation
├── tests/ # Integration tests
├── scripts/ # Build and deployment scripts
└── .notes/ # Development notes and research
```
## Architecture Overview
### Daemon-Client Model
apt-ostree follows the same daemon-client architecture as rpm-ostree:
```
┌─────────────────┐ D-Bus ┌─────────────────┐
│ apt-ostree │ ──────────► │ apt-ostreed │
│ (Client) │ │ (Daemon) │
└─────────────────┘ └─────────────────┘
│ │
│ Fallback │
▼ │
┌─────────────────┐ │
│ AptOstreeSystem │ │
│ (Client-only) │ │
└─────────────────┘ │
┌─────────────────┐
│ OSTree/APT │
│ Operations │
└─────────────────┘
```
### Key Components
#### Client (`src/main.rs`)
- Command-line interface and argument parsing
- D-Bus communication with daemon
- Fallback to client-only operations
- Output formatting and error handling
#### Daemon (`src/bin/apt-ostreed.rs`)
- D-Bus interface implementation
- Privileged system operations
- Transaction management
- OSTree and APT integration
#### Daemon Client (`src/daemon_client.rs`)
- D-Bus communication library
- Method call abstractions
- Error handling and retry logic
- Connection management
## Development Workflow
### Adding New Commands
1. **Define Command Structure**
```rust
// In src/main.rs
#[derive(Subcommand)]
enum Commands {
// ... existing commands ...
/// New command description
NewCommand {
/// Command argument
arg: String,
/// Optional flag
#[arg(long)]
flag: bool,
},
}
```
2. **Implement Command Logic**
```rust
// In src/main.rs match statement
Commands::NewCommand { arg, flag } => {
let result = call_daemon_with_fallback(
|client| Box::pin(client.new_command(arg.clone(), flag)),
|| Box::pin(async {
// Fallback implementation
let system = AptOstreeSystem::new("debian/stable/x86_64").await?;
system.new_command(&arg, flag).await?;
Ok("Command completed successfully".to_string())
})
).await?;
println!("{}", result);
}
```
3. **Add Daemon Method**
```rust
// In src/bin/apt-ostreed.rs
#[dbus_interface(name = "org.aptostree.dev.Daemon")]
impl AptOstreeDaemon {
async fn new_command(&self, arg: String, flag: bool) -> zbus::fdo::Result<String> {
// Implementation
Ok("Command result".to_string())
}
}
```
4. **Add Client Method**
```rust
// In src/daemon_client.rs
impl DaemonClient {
pub async fn new_command(&self, arg: String, flag: bool) -> Result<String, Box<dyn Error>> {
let reply: String = self.proxy.call("new_command", &(arg, flag)).await?;
Ok(reply)
}
}
```
### Adding New Modules
1. **Create Module File**
```rust
// src/new_module.rs
use crate::error::{AptOstreeError, AptOstreeResult};
pub struct NewModule {
// Module state
}
impl NewModule {
pub fn new() -> AptOstreeResult<Self> {
Ok(Self {})
}
pub async fn do_something(&self) -> AptOstreeResult<()> {
// Implementation
Ok(())
}
}
```
2. **Add to lib.rs**
```rust
// src/lib.rs
pub mod new_module;
```
3. **Add Tests**
```rust
// src/new_module.rs
#[cfg(test)]
mod tests {
use super::*;
#[tokio::test]
async fn test_new_module() {
let module = NewModule::new().unwrap();
assert!(module.do_something().await.is_ok());
}
}
```
## Testing
### Unit Tests
```bash
# Run all tests
cargo test
# Run specific test
cargo test test_name
# Run tests with output
cargo test -- --nocapture
# Run tests in parallel
cargo test -- --test-threads=1
```
### Integration Tests
```bash
# Run integration tests
cargo test --test integration_tests
# Run with daemon
sudo systemctl start apt-ostreed
cargo test --test daemon_tests
```
### Architecture Tests
```bash
# Test daemon communication
./test-architecture.sh
# Test command fallback
sudo systemctl stop apt-ostreed
apt-ostree status
```
### Performance Tests
```bash
# Run benchmarks
cargo bench
# Profile performance
cargo install flamegraph
cargo flamegraph --bin apt-ostree -- install nginx
```
## Code Quality
### Formatting
```bash
# Format code
cargo fmt
# Check formatting
cargo fmt --check
```
### Linting
```bash
# Run clippy
cargo clippy
# Run clippy with all warnings
cargo clippy -- -W clippy::all
# Run clippy with pedantic warnings
cargo clippy -- -W clippy::pedantic
```
### Security
```bash
# Check for security vulnerabilities
cargo audit
# Update dependencies
cargo update
```
### Documentation
```bash
# Generate documentation
cargo doc
# Generate and open documentation
cargo doc --open
# Check documentation
cargo doc --no-deps
```
## Debugging
### Debug Build
```bash
# Build with debug symbols
cargo build
# Run with debug logging
RUST_LOG=debug cargo run --bin apt-ostree -- status
```
### Daemon Debugging
```bash
# Run daemon in foreground
RUST_LOG=debug cargo run --bin apt-ostreed
# Check daemon logs
sudo journalctl -u apt-ostreed -f
# Test D-Bus interface
d-feet # GUI D-Bus browser
gdbus introspect --system --dest org.aptostree.dev --object-path /org/aptostree/dev
```
### D-Bus Debugging
```bash
# Monitor D-Bus traffic
dbus-monitor --system
# Test D-Bus method calls
gdbus call --system --dest org.aptostree.dev --object-path /org/aptostree/dev/Daemon --method org.aptostree.dev.Daemon.ping
```
## Building and Installing
### Development Build
```bash
# Build development version
cargo build
# Install development version
sudo cp target/debug/apt-ostree /usr/bin/
sudo cp target/debug/apt-ostreed /usr/libexec/
```
### Release Build
```bash
# Build release version
cargo build --release
# Install release version
sudo cp target/release/apt-ostree /usr/bin/
sudo cp target/release/apt-ostreed /usr/libexec/
```
### Complete Installation
```bash
# Run installation script
sudo ./apt-ostree-complete-fix.sh
# Verify installation
sudo apt-ostree daemon-ping
apt-ostree status
```
## Contributing Guidelines
### Code Style
1. **Rust Conventions**: Follow Rust coding conventions
2. **Documentation**: Document all public APIs
3. **Error Handling**: Use proper error types and handling
4. **Testing**: Write tests for new functionality
5. **Logging**: Use appropriate log levels
### Commit Messages
```
type(scope): description
[optional body]
[optional footer]
```
Types:
- `feat`: New feature
- `fix`: Bug fix
- `docs`: Documentation changes
- `style`: Code style changes
- `refactor`: Code refactoring
- `test`: Test changes
- `chore`: Build/tooling changes
### Pull Request Process
1. **Fork Repository**: Create personal fork
2. **Create Branch**: Create feature branch
3. **Make Changes**: Implement changes with tests
4. **Run Tests**: Ensure all tests pass
5. **Submit PR**: Create pull request with description
6. **Code Review**: Address review comments
7. **Merge**: Merge after approval
### Issue Reporting
When reporting issues, include:
1. **System Information**: OS, version, architecture
2. **Reproduction Steps**: Clear steps to reproduce
3. **Expected Behavior**: What should happen
4. **Actual Behavior**: What actually happens
5. **Logs**: Relevant error messages and logs
6. **Environment**: Development or production environment
## Performance Optimization
### Profiling
```bash
# CPU profiling
cargo install cargo-profiler
cargo profiler callgrind --bin apt-ostree -- install nginx
# Memory profiling
cargo install cargo-valgrind
cargo valgrind memcheck --bin apt-ostree -- install nginx
```
### Benchmarking
```bash
# Run benchmarks
cargo bench
# Compare benchmarks
cargo bench --bench compare
```
### Optimization Tips
1. **Async Operations**: Use async/await for I/O operations
2. **Parallel Processing**: Use parallel iterators where appropriate
3. **Memory Management**: Minimize allocations and use efficient data structures
4. **Caching**: Cache expensive operations
5. **Streaming**: Use streaming for large files
## Troubleshooting
### Common Issues
#### Build Failures
```bash
# Clean and rebuild
cargo clean
cargo build
# Check dependencies
cargo tree
cargo update
```
#### Test Failures
```bash
# Run specific test
cargo test test_name
# Run with verbose output
cargo test -- --nocapture
# Check test environment
cargo test -- --list
```
#### Daemon Issues
```bash
# Check daemon status
sudo systemctl status apt-ostreed
# Restart daemon
sudo systemctl restart apt-ostreed
# Check logs
sudo journalctl -u apt-ostreed -f
```
#### D-Bus Issues
```bash
# Check D-Bus service
gdbus introspect --system --dest org.aptostree.dev
# Restart D-Bus
sudo systemctl restart dbus
# Check D-Bus policy
sudo cat /etc/dbus-1/system.d/org.aptostree.dev.conf
```
### Getting Help
1. **Check Documentation**: Review this guide and other docs
2. **Search Issues**: Look for similar issues in the repository
3. **Ask Questions**: Create issue with question label
4. **Join Community**: Participate in discussions and forums