Technical Documentation (Master) - Fulgurance/ISM GitHub Wiki

Welcome to the ISM documentation !

The documentation focus on master branch and will try to explain all last introduced features and technical aspects of the project

Introduction

The main goal of ISM is to bring the most tricky phases of building a Linux system (configure and build all packages from scratch, build the cross toolchain) in a simple manner and allow the user to configure in a very logic and simple way the system. The project aim to keep everything the most simple as possible, without compromising with all possible configurations.

This is where ISM try to shine !

The project want too to improve how we ensure system security and bring too new idea and technologies. It will be the bare metal soon of a new Linux distribution.

1 - Cross toolchain

If you ever tried a bit to build a linux system completely from scratch (LFS book is a good example), you may know that to build your system, you need first to build the cross toolchain. These tools are the very minimum needed to get a very minimal system, with the tools you need to build other packages.

During the cross toolchain, some software (example: gcc), need to be build 2 or 3 times to be fully installed. And this is where start the project, because actually there no package manager able to handle this (in a simple manner).

From this concept, ISM started to introduce the concept of pass. (pass 1, pass 2 ..etc). A pass is a building phase process of a software during the cross toolchain construction process.

ISM know how to calculate the dependencies if some software have passes.

Basically, during the pass building process, the dependencies are not always the same (because during the cross toolchain construction, everything need to be build in a particular order), ISM know too how to get the right dependencies at each different stage of construction of a software.

2 - Package options

Now, if you already compiled a software or you are a programmer, you may know that when you build a software, BEFORE compilation, you can enable or disable some option to make the final binary LIGHTER.

The main interest of this is simple: light binary, less vulnerable layers, because we remove the functionalities we do not need, and the system will be faster too, because when the program will be loaded in memory, it will need less space.

ISM know too how to calculate dependencies related to the enabled or disabled options.

3 - Kernel dependencies

This is a very new concept in the linux world, because as it mean, a package manager manage .... package. Not the kernel dependencies. If you ever have compiled the linux kernel by yourself, you may know that you can heavily light the kernel by just keeping the functionalities you need.

This is where ISM bring something new, and you will start to understand why ISM is not called a package manager, but a SYSTEM MANAGER, because the project go deeper.

ISM is bringing a new concept: it is able to calculate the KERNEL dependencies. Basically, every package can have kernel dependencies, due to some functionalities. For example, some virtualization softwares may require the use of the KVM features in the kernel.

Basically, ISM embed a Linux kconfig parsor, that generate a full database of the kernel feature, and record all the details about them (description, dependencies ...etc).

It's actually still in development.

4 - Optimization

Another point of interest in the project is, because we compile everything from scratch, we can optimize the final binaries for the targeted machine.

If you have low level knowledges of how work a computer, you may know that a processor have a set of instructions. But from one to another, the instruction set is not the same, and some improvement / features may not be available from one to another.

All operating systems that provide pre compiled binaries are compiled with generic instructions set to ensure that it work on all machine with the same CPU architecture. But the problem is, because of this, most of the pre compiled program don't take profit of the last CPU optimizations.

In a very simple manner, you can configure ISM to use all usable instruction set by your CPU too. You can also pass specific flags to the compiler to improve the performance or the security.

5 - Security

ISM introduce at different level security measures.

First ISM introduce the concept of security maps. Every package come with a security descriptor that summarize all default rights and permissions for each installed files.

Second, ISM use the immutable extended attribute. Via this functionnality, basically, except during an update, ISM will set as immutable the critical dirs, like /bin, /lib, /sbin, /libexec that contain vital binaries. These paths are very good candidates for this extended attribute because they are not modified regulary.

The ISM tasks too are set as immutable once they are generated, it mean that if a user try to alterate the task file, it will fail.

6 - System components

ISM actually have mainly 3 different kind of package:

  1. Software: downloaded from a repository, that install files, dirs and services
  2. Semi-Virtual software: these ones do not have any package to download, but still will generate or create file or directory locally (no download process)
  3. Virtual software: completely virtual, it just generally represent an installation step

Now there is a special one: component software. Component software represent every important part of your system, and they are a software selector to basically generate your desired configuration.

For example, there is a component software called: shell. Then, with the component shell, you can choose for example bash or another available shells.

Like this you can generate really accurately exactly what you need.