Under the hood: Runtimes

Now that 3.24 is almost here, I want to take a little downtime and write some information about pieces of the design underneath Builder. Today, let’s lift the hood and take a look at Runtimes.

In Builder, an IdeRuntime is an abstraction around an environment to run programs. That could be build tooling, SDK management, your application, unit tests, and more. Unsurprisingly, it’s naming is similar to Flatpak runtimes because they have a very 1:1 relationship in the Flatpak plugin. But it’s not an uncommon term by any means.

Today, Builder supports 3 types of runtimes: host, jhbuild, and flatpak.

The host runtime simply executes processes on the host system. This is as close to if you just opened a shell with gnome-terminal as we can give you. We actually go through great pains to do so when the application is distributed via Flatpak. For example, we use the HostCommand² developer-mode interface of Flatpak to execute the subprocess from the host session¹ yet using a PTY master/slave from within the sandbox.

The jhbuild runtime is similar to the host runtime except that we first enter the jhbuild environment using jhbuild run. This ensures that we are using dependencies that you may have built locally. Psuedo terminals are also run this way, so ctrl+alt+shift+t will naturally give you the equivalent of jhbuild shell inside a new embedded terminal.

The flatpak runtime uses flatpak build to enter the runtime environment. Our build pipeline will have had to advance to the point at least the IDE_BUILD_PHASE_PREPARE phase to ensure that the manifest and build directories are setup. So there is just a bit extra complexity involved here. But the result is pretty nice. Your subprocess will see /usr, /app and such just like during the application build process. This makes exploring the build environment very simple. Just open a new terminal with ctrl+alt+shift+t.

Running your application naturally uses runtimes too. This allows us to setup the environment, DBus, network namespaces, Wayland access, and more in the way your application needs. We use information from the build configuration (such as your org.gnome.Foo.json flatpak manifest) to determine what that is.

So what’s next?

I’m relatively happy with this design so far and I think it could work for a few more scenarios. One might be a runtime accessible via adb to your phone. Or possibly a remote container. Or far more interesting to me, inside a GNOME virtual machine providing a simulator with GNOME continuous.

Until next time…

  1. Obviously this means Builder has a more relaxed sandboxing story than a general purpose application. This comes with the territory of developer tooling of this magnitude.
  2. If you want to see this feature land in MonoDevelop/Xamarin Studio, go help fix https://github.com/mono/dbus-sharp/issues/57

Simplifying newcomer setup

One thing we are striving for in 3.24 is to make it as simple as possible for newcomers to get their development environment setup. Hopefully in time so that our next round of Outreachy and GSoC interns have an easier time getting started.

A common installation issue we’ve seen is that people have flatpak, but not flatpak-builder. Without it, Builder can’t do builds inside of the target mount namespace with all your proper dependencies. So now Builder will detect this and install it for you if you like.

Builder Documentation

I’ve been slowly getting started on documentation for Builder in-between the 3.24 stabilization process and conference time. But there is a lot to do and we could use your help. Here is me publicly requesting that you help us get some documentation in place for 3.24.

We’re going to try an experiment of using readthedocs.io with reStructuredText for quickly writing documentation. It is what both OSTree and Flatpak are using for documentation which seem to be on the up and up. Given the experimental ethos behind Builder, it seems worth exploring.

Here is a bit of info on how to contribute documentation. Check out the Creating Plugins section for all the things we need to document.

We don’t yet have cross-referencing to API documentation, but I’ll try to have that in place soon.

Sharing your app with friends

It’s a rainy afternoon in Portland so I’m cozy with an espresso watching the rain. After a short hacking session you can now export your application as a Flatpak bundle quickly and easily. Just select the workbench menu in the top right corner of the workbench, followed by Flatpak, and then Export as Bundle.

A normal build will proceed but also includes a finalization step to populate the OSTree repository (flatpak build-export) and then create the bundle (flatpak build-bundle). Finally, Files will be opened with the bundle selected for your copy-and-paste ease. If you double-click the bundle, GNOME Software will be opened and allow you to quickly install the bundle.

Additionally, we’ve split off the update dependencies phase of the build pipeline for Flatpak-based configurations so you can work offline while still updating dependencies at your convenience. Just activate the menu item and the build pipeline will progress to download updates if the network is enabled.

Exploring your application runtime

In Builder, we landed a new feature for 3.24 that allows you to create a new terminal inside the application runtime. If you’re building against your host system, then this is nothing special. If you’re building against jhbuild you’ll get a shell inside of that (but again, nothing really special).

However, if you’re building for a flatpak runtime, such as org.gnome.Platform, your shell will look completely different from your host system. Instead, it will be what the application sees at runtime. (Okay, it’s actually what it sees at build time, but the SDK is just the Platform with compiler bits, headers, pkg-config, and such).

  • ctrl+shift+t for a terminal on your host
  • ctrl+alt+shift+t for a terminal inside your application runtime

So here is an image of a shell in the host system on left and the runtime on the right. This makes it very convenient to figure out what your application is seeing during execution and audit the files you need to remove in your cleanup phase. Or maybe you just want to explore!

If you are not using Builder, you can explore a SDK or runtime with flatpak run org.gnome.Sdk. Additionally, if you’re interested in exactly what your application sees after you have packaged and installed it, try:

flatpak run --command=bash com.example.MyApp

Adding -d to the above will give you the SDK instead of the runtime. This is much closer to what Builder will give you.

flatpak run -d --command=bash com.example.MyApp

Flatpak at SCaLE 15x

A decade ago I lived on the west side of Los Angeles. One of my favorite conferences was Southern California Linux Expo. Much like Karen, this is the conference where I performed my first technical talk. It’s also where I met and became friends with great people like Jono, Ted, Jeff, the fantastic organizing staff, and so many more.

I was happy to come back again this year and talk about what I’ve been working on in GNOME. The combination of Flatpak and Builder (and Sysprof).

The event was live streamed on youtube, and you can watch it here. I expect the rooms to be cut and uploaded as individual talks but I don’t know the timeline for that. I’ll update this if/when I discover that so you can youtube-dl if you prefer.

State of the Builder

We are really starting to be able to do cool things with Builder these days. Just install our Builder Nightly and you can build plenty of GNOME apps.

I should note that Builder doesn’t yet have the ability to install your application but I intend for this to land before 3.24.

Here is a screenshot sequence of me using Builder installed from flatpak to build and test GNOME ToDo, also in flatpak.

Profiling Flatpak’d applications

One of the great powers of namespace APIs on Linux (mount namespaces, user namespaces, etc) is that you can create a new view into the world of your computer that is very different from the host. This can make traditional profiling tools difficult.

To begin with, we need to ensure that we have access to ptrace or perf infrastructure. Easy enough, just don’t drop those privileges before calling execve(). This is the --allow=devel option to flatpak run. But after that, we need to do the detailed phase of translating instruction pointers to a function name.

Generally, the translation between an instruction pointer and a function name requires looking up what file is mapped over the address. Then you open that file with an ELF reader and locate the file containing debug information (which may be the same file). Then open that file and locate what function contains that instruction pointer. (We subtract the beginning of the map from the instruction pointer to get a relative offset).

Now, here is the trouble with mount namespaces. The “path” of the map might be something like “/newroot/usr/lib/libgtk-3.so“. Of course, “/newroot/” doesn’t actually exist.

So… what to do.

Well, we can find information about the mounts in the process by looking at /proc/$pid/mountinfo. Just look for the longest common prefix to get the translation from the mount namespace into the host. One caveat though. The translated path is relative to the root of the partition mounted. So the next step is to locate the file-system mount on the host (via /proc/mounts).

If you put this all together, you can profile and extract symbols from applications running inside of containers.

Now, most applications aren’t going to ship debug symbols with them. But we’ll need those for proper symbol extraction. So if you install the .Debug variant of a Flatpak runtime (org.gnome.Sdk.Debug for example) then we can setup symbol resolution specifically for /usr/lib/debug. Builder now does this.

I’m not sure, but I think this makes Builder and Sysprof one of the first (if not the first) profiler on Linux to support symbol extraction while profiling containerized applications from outside the container.

I’ve only tested with Flatpak, but I don’t see why this code can’t work with other tooling using mount namespaces.