A project to get the DDS working on Linux. See also DESK_On_Docker_Project.

A similar, but unfunded, project exists for Mac OS X.

At this point it is possible to install many variations that all have similar capabilities as Cygwin including using OpenArbor:

1. Use run-docker on Linux. See also DESK_On_Docker_Project.
2. Install a WSLg DDS container
3. Install a WSLg Linux distribution and use run-docker from within that.
4. Run docker on windows – possible, but not recommended.

See DESK_On_Docker_Project.

1. When running in a VM that has windows file system mounted and is used by a docker container:
   1. Symbolic links don't work
   2. scripts can only be run once at a time (while the script is active the "x" bit is cleared).
2. Running OpenArbor generates this diagnostic:
   1. AppArmor policy prevents this sender from sending this message to this recipient
3. qemu network applications that depend on accessing external networks do not work.

On Windows the main issue is the deployment strategy, and secondarily image vs container.

The options:

1. docker in WSLg
2. side load DDCI DDS as a WSLg distribution

On Linux the main issue is image vs container.

The options involving additional layers of virtual machines are possible, but seem increasingly less probably desirable with each layer inserted.

Should the user see a docker Image or a Container? ('+'=='Pro', '-'=='Con')

1. File System Issues:
   1. On Linux file system access is equally fast and semantically equivalent for host vs docker file systems.
   2. On Windows host file (e.g., NTFS) access is slow and guest symbolic links don't work
      1. This means that there will be pressure to use the file system inside the container on windows.
      2. Windows WSL is optimized for using a container (not image)
2. Upgrades
   1. A container has user state and the contents of a distribution installed at a global location, e.g., /desk. When DDCI delivers a new DDS, how does the user upgrade?
3. Installed tools, e.g., editors, wireshark, etc.
   1. It would not be possible to add tools to a DDS based container – DDCI does not make the repository publicly available, and if a user were to install tools from the internet they would most likely render the container unusable due to version skew between DDS tools and net versions.
   2. On WSLg it is possible to run windows executables from within the WSLg container, but (maybe?) not from a docker container within the WSLg distribution.
4. Networking
   1. There is complexity going between a WSLg or docker container and the host network.
      1. Container initiated connections seem to work well.
      2. WSLg has issues with name resolution (Microsoft bug).
      3. containers (both Linux/Docker and WSLg) have special configurations for host to/from container networks.

File visibility

Host residient tools can't easily see into a dynamically created container's file system. A "static" container could be mounted on the host (at least for linux): Ref https://stackoverflow.com/questions/20813486/exploring-docker-containers-file-system#answer-55253209

 PID=$(docker inspect -f 'Template:.State.Pid' your-container-name-here)
 cd /proc/$PID/root

WSL has a way to deal with this (e.g., file explorer penguin) Host programs (e..g, PE .exe files) have access to docker container files.

An image has a fixed CRC, so we could tell whether the image was corrupt.

1. It is possible to verify the contents of a container match the original md5sums, however that is not robust (many failures):

   sudo dpkg --verify | grep -v /usr/share/man | grep -v /usr/share/doc | grep -v /usr/share/locale

Pros/Cons: Both:

- (windows) must have a GUI/X server installed (fixed with WSLg).

Image

+ Easy to ensure the image is unchanged from what was delivered by DDCI

- (windows) Referencing host file systems is slow

- Referencing image specific files from the host is difficult, e.g., /desk/help

-- Note especially editors and other "make" invoked tools.

Container

- Many of the problems of having a second PC, managing redundant tool configurations, etc

- Administrative activities hard to apply to container files, e.g., backups

- Must choose a name for the container and a path to access files from host

-- Protocol for having more than one container based on an image, note this is especially concerning for Linux since mount points are typically host, not user based.

Windows WSl{1,2,g} has chosen the container approach and have a means for host based tools to access the container using a host style mount point, e.g., \\wslfoo\container\pathname

On Windows it seems like WSLg is the likely best strategy, but then the question is does DDCI deliver a WSL distribution, or use a docker container started from within the WSL distribution?

docker from within WSL

+ One home directory and can share scm checkouts

+ Much easier to upgrade to a new distribution (or have multiple).

- Haven't been able to get GUI to work that way (yet).

WSL distro

- Have to create a side loaded distribution, which requires custom installer technology.

- Prototype support is in build-docker.

Docker on Windows (not seriously considered)

- DDCI would have to solve (all) the problems Microsoft resolved via WSLg, e.g., graphics and file system issues.

This section is mostly obsolete. The functionality described is implemented in the current subversion HEAD of wsl and docker

If we want to use the same docker .tar.gz file for both WSL and docker, we need to change the docker install command. "docker image load" does not work with .tar files created via "docker image export" so we must change the install command from:

 docker image load -i dds-docker-celestial-jupiter-20210216.tar.gz

To import an exported image:

 docker image import -c "CMD /bin/bash -i" dds-docker-celestial-jupiter-20210216.tar.gz dds-docker-celestial-jupiter-20210216

Could simplify run-docker and make wsl and docker more similar by making wsl/branches/mainline/ddci-dds.sh be the means of changing the path. This would require that the default /etc/profile be run by all shell startup scripts. This may be a problem for sophisticated customers since they probably have their own profile and .bashrc files, and run-docker shares a home dir with the host.

 - We could stop sharing home dir.
 - Tell users they must run /etc/profile

This would also simplify getting command completion for DESK commands.

WSl puts the license file info into /etc/profile.d/ddci-dds-license.sh

 - Currently there is no tool to change the license, but since this is
   a container the user could edit the license.sh file directly.

docker puts the license info on the run-docker generated command line.

 - That probably makes managing multiple user installs more difficult
   for the customers because each user must specify the environment
   variable.

1. Create a persistent container (note removal of --rm, and add of --detach)
2. This also sets the default working directory for all future exec cmds.
3. May also want --restart=unless-stopped

   run-docker -it --detach --name=customer-foo ubuntu-jupiter-dev

• Connect to the container. You can do this as many times as desired.

   docker exec -it customer-foo bash -il

or

   docker exec -it customer-foo /OpenArbor/OpenArbor

• Delete the container

   docker container stop customer-foo  # probably would be good to stop before a host shutdown
   docker container rm customer-foo

• Browse the container file system:

   xdg-open /proc/$(docker inspect -f 'Template:.State.Pid' customer-foo)/root/

• Aaron has a prototype script to dump processes, see ~alarson/bin/docker-processes

On windows, it probably makes more sense to use WSL2 rather than docker. Microsoft has made subsystems integrate well with the Windows file system, and has native GUI support on Windows 10 and Windows 11 (an integrated Windows Wayland server).

WSLg allows the user to run Linux GUI application on their Windows host. The host must be a recently up to date Windows 10 or 11 machine, see https://github.com/microsoft/wslg for specific pre-requisites.

1. Installation
   • Follow Readme https://deos.ddci.com/scm/Deos/maintainer-tools/wsl/branches/mainline/Readme.txt

The following are historical notes, issues, and observerations. They are not required to use the DDCI WSLg installation.

1. Versioning
   • software packages are bound by the version of the Ubuntu mirrored for the container image
     • tools may not be up to date which can cause issues
   • depending on the Linux flavor and version, certain programs may no longer be supported, e.g., Ubuntu 2020 supports both Firefox and Google Chrome while Ubuntu 2022 supports only Google Chrome
   • package manager like apt must be used to control versions
   • don't have a good way to move forward and backward between Deos component versions yet
     • maybe a script like https://deos.ddci.com/scm/Deos/maintainer-tools/docker/branches/mainline/unrelease to update versions
2. Graphics
   • bugs are distribution-wide, but infrequent
     • this means if any graphics program fails, they all fail on that distribution and require a full WSL reboot
   • requires some extra steps to get the minimize and maximize buttons to show up
   • some issues with right-click window sizing, double-clicking, and mouse flickering in OpenArbor
   • lose any Windows host abilities to organize open content on the screen
3. Linking
   • Windows Explorer has a separate section dedicated to WSL to give the host access to the entire WSL filesystem
   • can have multiple WSL distributions but cannot share files between them
   • host tools can modify WSL files and vice versa for the most part
     • it is recommended that all work done on the WSL filesystem remain in the WSL file system
     • best practice is to keep host and container work separate

Docker runs with privileges, podman runs as the user.

1. podman is likely going to be better accepted by our customers given its security advantages.
2. Haven't been able to get qemu to work (insufficient network privileges).

Get UID correct: https://stackoverflow.com/questions/70770437/mapping-of-user-ids

   cat /etc/subuid
   alarson:100000:65536
   mainline$ id
   uid=1000(alarson) gid=1000(alarson) groups=1000(alarson),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare),133(docker)

   uid=1000
   subuidStart=100000
   subuidSize=65536

   run-docker -it --rm  --uidmap $uid:0:1 --uidmap 0:1:$uid --uidmap $(($uid+1)):$(($uid+1)):$(($subuidSize-$uid)) --gidmap $uid:0:1 --gidmap 0:1:$uid --gidmap $(($uid+1)):$(($uid+1)):$(($subuidSize-$uid)) ubuntu-jupiter-dev
   https://stackoverflow.com/questions/70770437/mapping-of-user-ids

1. Customer installation
   1. Where does display/x-server get installed on Windows? (should be able to assume X is always installed on Linux)
   2. install docker
   3. docker image load from file, or DDCI server?
   4. docker security
      1. perhaps rootless: https://docs.docker.com/engine/security/rootless/
      2. current image might work with passwordless sudo.
2. Discuss/consider: security implications of deploying docker on
   1. DDCI workstations
   2. Customer installations
3. Debian packages/deos2cygwin issues
   1. Do we need signed repository for authentication (integrity is ensured via SHA)?
4. How to handle QA issues:
   1. Some packages have Linux specific content (a separate "zip" file for linux). Should that be versioned separately from the Cygwin package?
   2. None of the existing packages have test reports for Linux, how should that be handled?
   3. Some packages have no linux specific content, some have separate .zip files, some have linux specific logic. Are these separate cases for QA?

The following is a summary of the issues. A detailed deos2cygwin.py log file from a complete build of the ubuntu-ddci repository can be found at:

 Media:Deos2cygwin-2020-12-22.log.txt

1. ddci-desk has desk_menu_path which is used for creating distribution specific desktop links. No idea what to do with that.
2. gcc-ppc64-elf/package2cygwin.py uses "linux" for the name containing the windows compilers.
3. gdb-8.0.1.2-linux-x86-64-cross-debuggers doesn't have a test report, however the windows variant does. Will be the same for other packages containing Linux content.
4. The kernel's use of gcc-x86-pe-addons implicitly depended on the fact that the host workstation was running windows in order to get the GCC PE compiler. That is no longer true.

   suggest not porting kernel PE tests, wait for kernel 64-bit to obsolete PE.

1. The following files/components reference cygpath (only potentially inappropriate items listed):

   /desk/bin/desk_menu_path
   test-abcscat
   test-deos653cvt
   test-ioi-cvt
   test-registry-cvt
   ToMixed.pm
   abc examples
   platform/minnow-turbot-quad

These bogus postinstall scripts exist in current packages on the ftpserver:

 -rwxr-xr-x 1 root root  557 May  7  2019 deos-subversion.sh

The following are postinstall scripts that do something:

./afdx-driver-config/postinstall/afdxconfig-postinstall.sh		Can be used as is for Linux
./afdx-examples/postinstall/afdx-examples.sh				Can be used as is for Linux
./deosbook/postinstall/deosbook.sh					Updated for Linux
./deosbook-devel/postinstall/deosbook-devel.sh			        Updated for Linux

./deos-subversion/postinstall/deos-subversion.sh			ISSUE: Distributing maintainer subversion config file needs to be worked out.

./deos-maintainer-tools/postinstall/deos-maintainer-tools.sh		shortcuts
./desk/postinstall/desk.sh						shortcuts and removal of "confusing files"
./gcc-desk/postinstall/gcc-desk.sh					shortcuts
./graphviz/postinstall/graphviz.sh					Package obsoleted for Linux.
./heartos-desk/postinstall/heartos-desk.sh				shortcuts
./heartos-maintainer-tools/postinstall/heartos-maintainer-tools.sh	shortcuts
./pyPdf/postinstall/pyPdf.sh						Updated for Linux

OBSOLETE

./msvcr80/postinstall/msvcr80.sh
./msvcr90/postinstall/msvcr90.sh
./score-other-docs/postinstall/run_configure_score_other_docs.sh
./unused/integ-tool-classic/postinstall/integ-tool-classic.sh
./unused/status-monitor-mfc-gui/postinstall/status-monitor-mfc-gui.sh
./VMware-player/postinstall/VMware-player.sh


Following pacakge have standard library building post install scripts.
Most of these probably are not needed anymore since I think they are
only used by Honeywell.

./a653p1-runtime/postinstall/run_update_deos_libs.sh
./a653p4-runtime/postinstall/run_update_deos_libs.sh
./afdx-library/postinstall/run_update_deos_libs.sh
./apm-cale-prl/postinstall/run_update_deos_libs.sh
./arinc664-library/postinstall/run_update_deos_libs.sh
./cffs-server/postinstall/run_update_deos_libs.sh
./deos653p4-runtime/postinstall/run_update_deos_libs.sh
./gcc-aarch64-elf/postinstall/run_update_deos_libs.sh
./gcc-arm-eabi/postinstall/run_update_deos_libs.sh
./gcc-mips-elf/postinstall/run_update_deos_libs.sh
./gcc-ppc-elf/postinstall/run_update_deos_libs.sh
./gcc-ppc-elfspe/postinstall/run_update_deos_libs.sh
./gcc-ppc64-elf/postinstall/run_update_deos_libs.sh
./gcc-x86-elf/postinstall/run_update_deos_libs.sh
./gcc-x86_64-elf/postinstall/run_update_deos_libs.sh
./imageapi/postinstall/run_update_deos_libs.sh
./internet-api-library/postinstall/run_update_deos_libs.sh
./ioi-api/postinstall/run_update_deos_libs.sh
./ioi-pipcBuffer/postinstall/run_update_deos_libs.sh
./ioi-ringBuffer/postinstall/run_update_deos_libs.sh
./mailbox-transport-library-mips/postinstall/run_update_deos_libs.sh
./math-ppc/postinstall/run_update_deos_libs.sh
./math-x86/postinstall/run_update_deos_libs.sh
./produce/postinstall/run_update_deos_libs.sh
./rtl81xx-prl/postinstall/run_update_deos_libs.sh
./socket-api-library-mips/postinstall/run_update_deos_libs.sh
./tsec-durant-prl/postinstall/run_update_deos_libs.sh