firecracker icon indicating copy to clipboard operation
firecracker copied to clipboard

Published 20 hours ago verified publisher icon firecracker-microvm

feat: added selection of entropy crate

Open ShadowCurse opened this issue 1 year ago • 5 comments

Changes

Added ability to select between rand and aws-lc-rs crates for entropy device.

If build with default command: cargo build everything will be build with aws-lc-sys. If build with cargo build --no-default-features --features rand everything will be build with rand.

Reason

aws-lc-rs crate requires musl compatible c++ compiler which is not an easily obtainable dependency Without the musl c++ toolchain compiling Firecracker gives the error:

  CMake Error at CMakeLists.txt:9 (enable_language):
    The CMAKE_C_COMPILER:

      musl-gcc

    is not a full path and was not found in the PATH.

    Tell CMake where to find the compiler by setting either the environment
    variable "CC" or the CMake cache entry CMAKE_C_COMPILER to the full path to
    the compiler, or to the compiler name if it is in the PATH.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check CONTRIBUTING.md.

PR Checklist

  • [ ] If a specific issue led to this PR, this PR closes the issue.
  • [ ] The description of changes is clear and encompassing.
  • [ ] Any required documentation changes (code and docs) are included in this PR.
  • [ ] API changes follow the Runbook for Firecracker API changes.
  • [ ] User-facing changes are mentioned in CHANGELOG.md.
  • [ ] All added/changed functionality is tested.
  • [ ] New TODOs link to an issue.
  • [ ] Commits meet contribution quality standards.
  • [ ] This functionality cannot be added in rust-vmm.

ShadowCurse avatar Jun 02 '23 15:06 ShadowCurse

I thought hat aws-lc-rs published a version that doesn't require the musl g++ chain :thinking:

roypat avatar Jun 05 '23 15:06 roypat

Why do we need rand?

bchalios avatar Jun 12 '23 08:06 bchalios

@bchalios Basically with rand you can compile firecracker only using rust tool chain. It makes development easier, because it can eliminate container requirement.

ShadowCurse avatar Jun 12 '23 08:06 ShadowCurse

@bchalios Basically with rand you can compile firecracker only using rust tool chain. It makes development easier, because it can eliminate container requirement.

You should be able to do that with aws-lc-rs as well. Your only extra dependency is cmake.

bchalios avatar Jun 12 '23 08:06 bchalios

I'd also like to have this feature to allow something other than aws-lc, although I didn't have any issue building it without musl. From the side of distro packaging, at least Fedora requires crypto libraries undergo additional review, and it might also require unbundling the C++ library from the Rust crate. Since rand looks like it's the only functionality being used, avoiding packaging yet another SSL library would greatly simplify everything.

dm0- avatar Jun 22 '23 17:06 dm0-