Cyphar's Bloghttps://www.cyphar.com/blog/tag/free%20software/posts.atom2020-07-20T12:50:00ZAleksa SaraiThe wild ramblings of Aleksa Sarai.Copyright (C) 2014-2020 Aleksa Sarai. Licensed under CC-BY-SA 4.0.WerkzeugGenerating Coverage Profiles for Golang Integration Testshttps://www.cyphar.com/blog/post/20170412-golang-integration-coverage2020-07-20T12:50:00Z2017-04-12T15:30:00ZAleksa Sarai<p>While Go's system for unit tests is very seamless and full-featured, allowing for coverage reports to be generated as well as various other cool features, the integration testing story is far less full-featured. In particular, most projects don't use <code>go test</code> for integration tests and thus don't have a full picture of how their entire test suite stands in terms of code coverage.</p>umoci: a New Tool for OCI Imageshttps://www.cyphar.com/blog/post/20161129-umoci-new-oci-image-tool2016-12-16T18:15:00Z2016-11-29T15:30:00ZAleksa Sarai<p>Very recently, I've been working on implementing the required tooling for creating and modifying <a href="https://www.opencontainers.org/">Open Container Initiative</a> images without needing any external components. The tool I've written is called <code>umoci</code> and is probably one of the more exciting things I've worked on in the past couple of months. In particular, the applications of <code>umoci</code> when it comes to SUSE tooling like the <a href="http://openbuildservice.org/">Open Build Service</a> or <a href="https://suse.github.io/kiwi/">KIWI</a> is what really makes it exciting.</p>Adventures into ptrace(2) Hellhttps://www.cyphar.com/blog/post/20160703-remainroot-ptrace-hell2016-07-03T19:00:00Z2016-07-03T19:00:00ZAleksa Sarai<p>As part of my work on <a href="/blog/rootless-containers-with-runc">rootless containers</a>, I found that many tools try to drop privileges. This makes those tools break inside rootless containers, so I spent a week or two working on a tool that allows users to shim out all of the "drop privileges" syscalls. Here is documented the pain that I went through while figuring out how <code>ptrace(2)</code> is meant to work.</p>Rootless Containers with runChttps://www.cyphar.com/blog/post/20160627-rootless-containers-with-runc2016-06-27T17:00:00Z2016-06-27T21:05:00ZAleksa Sarai<p>There has been a lot of work within the runC community recently to get proper "rootless containers". I've been working on this for a couple of months now, and it looks like it's ready. This will be the topic of my talk at ContainerCon Japan 2016.</p>Debugging why ping was Broken in Docker Imageshttps://www.cyphar.com/blog/post/20160304-docker-broken-ping2016-12-20T19:20:00Z2016-03-04T21:05:00ZAleksa Sarai<p>All complicated bugs start with the simplest of observations. I recently was assigned a bug on our openSUSE Docker images complaining that <code>ping</code> didn't work. After a couple of days of debugging, I was taken into a deep and dark world where ancient Unix concepts, esoteric filesystem features and new kernel privilege models culminate to produce this bug. Strap yourself in, this is going to be a fun ride.</p>Dockerinit and Dead Codehttps://www.cyphar.com/blog/post/20160121-dockerinit-and-dead-code2016-01-21T17:30:00Z2016-01-21T17:30:00ZAleksa Sarai<p>After running into insane amounts of very weird issues with <code>gccgo</code> with Docker, some of which were actual compiler bugs, someone on my team at SUSE asked the very pertinent question "just exactly what is dockerinit, and why are we packaging it?". I've since written a patch to remove it, but I thought I'd take the time to talk about <code>dockerinit</code> and more generally dead code (or more importantly, code that won't die).</p>Docker Internals and Implementing Rebasehttps://www.cyphar.com/blog/post/20151212-hackweek-13-docker-rebase2015-12-12T22:30:00Z2015-12-12T22:30:00ZAleksa Sarai<p><a href="https://hackweek.suse.com/">SUSE's semi-annual Hackweek</a> was last week and I decided to work on implementing <code>docker rebase</code>, mainly to learn about the internal image format of Docker and see whether it was possible to improve how the updating of Docker images works in practice (either rebuilding or <a href="https://github.com/SUSE/zypper-docker">zypper-docker</a>).</p>Android Compilation Headacheshttps://www.cyphar.com/blog/post/20151128-android-compilation-headaches2015-12-07T22:30:00Z2015-11-28T03:20:00ZAleksa Sarai<p>I've spent the last week of my life trying to build <a href="https://twrp.me/">TWRP</a>, which requires having a full, and working Android build environment. With the emphasis on <strong>working</strong>, I've had just about enough of the stupidity of the Android build system. Every guide is incomplete or out of date, the build system is broken in every possible way and nobody can explain what is going on. Here's my experience with trying to build Android and hopefully will help somebody realise the futility of trying to build a project with such a complicated build system.</p>Getting into Linux Kernel Developmenthttps://www.cyphar.com/blog/post/20150715-getting-into-linux-kernel-development2015-12-07T22:30:00Z2015-07-15T14:20:00ZAleksa Sarai<p>I've been interested in kernel development for a <em>long</em> time, and recently got some patches merged into the Linux kernel. Here are my experiences about the process of kernel development and what newbies can do to get started.</p>