From 8d9aed9c97b2b826a9b726a96e311c80d9a2e617 Mon Sep 17 00:00:00 2001 From: itowlson Date: Tue, 23 Jul 2024 11:18:26 +1200 Subject: [PATCH 1/5] Validate against target environments during build Signed-off-by: itowlson --- Cargo.lock | 186 +++++++- Cargo.toml | 1 + crates/build/Cargo.toml | 1 + crates/build/src/lib.rs | 105 ++++- crates/build/src/manifest.rs | 125 +++++- crates/compose/src/lib.rs | 111 +++-- crates/environments/Cargo.toml | 42 ++ crates/environments/src/environment.rs | 388 +++++++++++++++++ .../src/environment/definition.rs | 165 +++++++ .../src/environment/env_loader.rs | 336 +++++++++++++++ .../environments/src/environment/lockfile.rs | 210 +++++++++ crates/environments/src/lib.rs | 217 ++++++++++ crates/environments/src/loader.rs | 255 +++++++++++ .../environments/tests/simple-wit/world.wit | 35 ++ crates/loader/src/lib.rs | 2 + crates/loader/src/local.rs | 402 ++++++++++-------- crates/manifest/src/compat.rs | 1 + crates/manifest/src/schema/v2.rs | 32 +- src/commands/build.rs | 26 +- src/commands/registry.rs | 4 +- src/commands/up.rs | 4 +- src/commands/up/app_source.rs | 4 +- 22 files changed, 2415 insertions(+), 237 deletions(-) create mode 100644 crates/environments/Cargo.toml create mode 100644 crates/environments/src/environment.rs create mode 100644 crates/environments/src/environment/definition.rs create mode 100644 crates/environments/src/environment/env_loader.rs create mode 100644 crates/environments/src/environment/lockfile.rs create mode 100644 crates/environments/src/lib.rs create mode 100644 crates/environments/src/loader.rs create mode 100644 crates/environments/tests/simple-wit/world.wit diff --git a/Cargo.lock b/Cargo.lock index aa153aa090..459ff63e36 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5247,6 +5247,7 @@ checksum = "4edc8853320c2a0dab800fbda86253c8938f6ea88510dc92c5f1ed20e794afc1" dependencies = [ "cfg-if", "miette-derive 7.2.0", + "serde", "thiserror 1.0.69", "unicode-width 0.1.14", ] @@ -5754,6 +5755,30 @@ dependencies = [ "unicase", ] +[[package]] +name = "oci-distribution" +version = "0.11.0" +source = "git+https://github.com/fermyon/oci-distribution?rev=7e4ce9be9bcd22e78a28f06204931f10c44402ba#7e4ce9be9bcd22e78a28f06204931f10c44402ba" +dependencies = [ + "bytes", + "chrono", + "futures-util", + "http 1.1.0", + "http-auth", + "jwt 0.16.0 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 1.5.0", + "olpc-cjson", + "regex", + "reqwest 0.12.9", + "serde", + "serde_json", + "sha2", + "thiserror 1.0.69", + "tokio", + "tracing", + "unicase", +] + [[package]] name = "oci-spec" version = "0.7.1" @@ -8189,6 +8214,7 @@ dependencies = [ "anyhow", "serde", "spin-common", + "spin-environments", "spin-manifest", "subprocess", "terminal", @@ -8240,6 +8266,7 @@ dependencies = [ "spin-build", "spin-common", "spin-doctor", + "spin-environments", "spin-factor-outbound-networking", "spin-http", "spin-loader", @@ -8364,6 +8391,41 @@ dependencies = [ "ui-testing", ] +[[package]] +name = "spin-environments" +version = "3.4.0-pre0" +dependencies = [ + "anyhow", + "async-trait", + "bytes", + "chrono", + "futures", + "futures-util", + "id-arena", + "indexmap 2.7.1", + "oci-distribution 0.11.0 (git+https://github.com/fermyon/oci-distribution?rev=7e4ce9be9bcd22e78a28f06204931f10c44402ba)", + "semver", + "serde", + "serde_json", + "spin-common", + "spin-componentize", + "spin-compose", + "spin-loader", + "spin-manifest", + "spin-serde", + "tokio", + "toml", + "tracing", + "wac-parser", + "wac-resolver", + "wac-types", + "wasm-pkg-client", + "wasmparser 0.235.0", + "wit-component 0.235.0", + "wit-encoder", + "wit-parser 0.235.0", +] + [[package]] name = "spin-expressions" version = "3.4.0-pre0" @@ -8841,7 +8903,7 @@ dependencies = [ "docker_credential", "futures-util", "itertools 0.14.0", - "oci-distribution", + "oci-distribution 0.11.0 (git+https://github.com/fermyon/oci-distribution?rev=7b291a39f74d1a3c9499d934a56cae6580fc8e37)", "reqwest 0.12.9", "serde", "serde_json", @@ -10458,6 +10520,49 @@ dependencies = [ "wasmparser 0.202.0", ] +[[package]] +name = "wac-parser" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "616ec0c4f63641fa095b4a551263fe35a15c72c9680b650b8f08f70db0fdbd19" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "log", + "logos", + "miette 7.2.0", + "semver", + "serde", + "thiserror 1.0.69", + "wac-graph", + "wasm-encoder 0.202.0", + "wasm-metadata 0.202.0", + "wasmparser 0.202.0", +] + +[[package]] +name = "wac-resolver" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "688c4c9482d68574aec10b72fa26429d0f91c5065ecbcf38a3146caf9f0bd7db" +dependencies = [ + "anyhow", + "futures", + "indexmap 2.7.1", + "log", + "miette 7.2.0", + "semver", + "thiserror 1.0.69", + "tokio", + "wac-parser", + "wac-types", + "warg-client", + "warg-crypto", + "warg-protocol", + "wit-component 0.202.0", +] + [[package]] name = "wac-types" version = "0.6.1" @@ -10943,6 +11048,17 @@ dependencies = [ "semver", ] +[[package]] +name = "wasmparser" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc3b1f053f5d41aa55640a1fa9b6d1b8a9e4418d118ce308d20e24ff3575a8c" +dependencies = [ + "bitflags 2.6.0", + "indexmap 2.7.1", + "semver", +] + [[package]] name = "wasmparser" version = "0.235.0" @@ -11992,6 +12108,25 @@ dependencies = [ "bitflags 2.6.0", ] +[[package]] +name = "wit-component" +version = "0.202.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c836b1fd9932de0431c1758d8be08212071b6bba0151f7bac826dbc4312a2a9" +dependencies = [ + "anyhow", + "bitflags 2.6.0", + "indexmap 2.7.1", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder 0.202.0", + "wasm-metadata 0.202.0", + "wasmparser 0.202.0", + "wit-parser 0.202.0", +] + [[package]] name = "wit-component" version = "0.224.1" @@ -12031,6 +12166,37 @@ dependencies = [ "wit-parser 0.235.0", ] +[[package]] +name = "wit-encoder" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52b22120872fbeea51d41381dbd5c91395a9c8ceec77102d49a0bc6b503984ed" +dependencies = [ + "id-arena", + "pretty_assertions", + "semver", + "serde", + "wit-parser 0.229.0", +] + +[[package]] +name = "wit-parser" +version = "0.202.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "744237b488352f4f27bca05a10acb79474415951c450e52ebd0da784c1df2bcc" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser 0.202.0", +] + [[package]] name = "wit-parser" version = "0.224.1" @@ -12049,6 +12215,24 @@ dependencies = [ "wasmparser 0.224.1", ] +[[package]] +name = "wit-parser" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "459c6ba62bf511d6b5f2a845a2a736822e38059c1cfa0b644b467bbbfae4efa6" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser 0.229.0", +] + [[package]] name = "wit-parser" version = "0.235.0" diff --git a/Cargo.toml b/Cargo.toml index d72bae6ad3..a72fa96abd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -55,6 +55,7 @@ spin-app = { path = "crates/app" } spin-build = { path = "crates/build" } spin-common = { path = "crates/common" } spin-doctor = { path = "crates/doctor" } +spin-environments = { path = "crates/environments" } spin-factor-outbound-networking = { path = "crates/factor-outbound-networking" } spin-http = { path = "crates/http" } spin-loader = { path = "crates/loader" } diff --git a/crates/build/Cargo.toml b/crates/build/Cargo.toml index aa698b566c..29eb585ab1 100644 --- a/crates/build/Cargo.toml +++ b/crates/build/Cargo.toml @@ -8,6 +8,7 @@ edition = { workspace = true } anyhow = { workspace = true } serde = { workspace = true } spin-common = { path = "../common" } +spin-environments = { path = "../environments" } spin-manifest = { path = "../manifest" } subprocess = "0.2" terminal = { path = "../terminal" } diff --git a/crates/build/src/lib.rs b/crates/build/src/lib.rs index c122d183e6..2242536666 100644 --- a/crates/build/src/lib.rs +++ b/crates/build/src/lib.rs @@ -16,31 +16,87 @@ use subprocess::{Exec, Redirection}; use crate::manifest::component_build_configs; /// If present, run the build command of each component. -pub async fn build(manifest_file: &Path, component_ids: &[String]) -> Result<()> { - let (components, manifest_err) = - component_build_configs(manifest_file) - .await - .with_context(|| { - format!( - "Cannot read manifest file from {}", - quoted_path(manifest_file) - ) - })?; +pub async fn build( + manifest_file: &Path, + component_ids: &[String], + target_checks: TargetChecking, + cache_root: Option, +) -> Result<()> { + let build_info = component_build_configs(manifest_file) + .await + .with_context(|| { + format!( + "Cannot read manifest file from {}", + quoted_path(manifest_file) + ) + })?; let app_dir = parent_dir(manifest_file)?; - let build_result = build_components(component_ids, components, app_dir); + let build_result = build_components(component_ids, build_info.components(), &app_dir); - if let Some(e) = manifest_err { + // Emit any required warnings now, so that they don't bury any errors. + if let Some(e) = build_info.load_error() { + // The manifest had errors. We managed to attempt a build anyway, but we want to + // let the user know about them. terminal::warn!("The manifest has errors not related to the Wasm component build. Error details:\n{e:#}"); + // Checking deployment targets requires a healthy manifest (because trigger types etc.), + // if any of these were specified, warn they are being skipped. + let should_have_checked_targets = + target_checks.check() && build_info.has_deployment_targets(); + if should_have_checked_targets { + terminal::warn!( + "The manifest error(s) prevented Spin from checking the deployment targets." + ); + } + } + + // If the build failed, exit with an error at this point. + build_result?; + + let Some(manifest) = build_info.manifest() else { + // We can't proceed to checking (because that needs a full healthy manifest), and we've + // already emitted any necessary warning, so quit. + return Ok(()); + }; + + if target_checks.check() { + let application = spin_environments::ApplicationToValidate::new( + manifest.clone(), + manifest_file.parent().unwrap(), + ) + .await + .context("unable to load application for checking against deployment targets")?; + let target_validation = spin_environments::validate_application_against_environment_ids( + &application, + build_info.deployment_targets(), + cache_root.clone(), + &app_dir, + ) + .await + .context("unable to check if the application is compatible with deployment targets")?; + + if !target_validation.is_ok() { + for error in target_validation.errors() { + terminal::error!("{error}"); + } + anyhow::bail!("All components built successfully, but one or more was incompatible with one or more of the deployment targets."); + } } - build_result + Ok(()) +} + +/// Run all component build commands, using the default options (build all +/// components, perform target checking). We run a "default build" in several +/// places and this centralises the logic of what such a "default build" means. +pub async fn build_default(manifest_file: &Path, cache_root: Option) -> Result<()> { + build(manifest_file, &[], TargetChecking::Check, cache_root).await } fn build_components( component_ids: &[String], components: Vec, - app_dir: PathBuf, + app_dir: &Path, ) -> Result<(), anyhow::Error> { let components_to_build = if component_ids.is_empty() { components @@ -70,7 +126,7 @@ fn build_components( components_to_build .into_iter() - .map(|c| build_component(c, &app_dir)) + .map(|c| build_component(c, app_dir)) .collect::, _>>()?; terminal::step!("Finished", "building all Spin components"); @@ -159,6 +215,21 @@ fn construct_workdir(app_dir: &Path, workdir: Option>) -> Resul Ok(cwd) } +/// Specifies target environment checking behaviour +pub enum TargetChecking { + /// The build should check that all components are compatible with all target environments. + Check, + /// The build should not check target environments. + Skip, +} + +impl TargetChecking { + /// Should the build check target environments? + fn check(&self) -> bool { + matches!(self, Self::Check) + } +} + #[cfg(test)] mod tests { use super::*; @@ -171,6 +242,8 @@ mod tests { #[tokio::test] async fn can_load_even_if_trigger_invalid() { let bad_trigger_file = test_data_root().join("bad_trigger.toml"); - build(&bad_trigger_file, &[]).await.unwrap(); + build(&bad_trigger_file, &[], TargetChecking::Skip, None) + .await + .unwrap(); } } diff --git a/crates/build/src/manifest.rs b/crates/build/src/manifest.rs index 2fcd68dadb..db570e4145 100644 --- a/crates/build/src/manifest.rs +++ b/crates/build/src/manifest.rs @@ -4,37 +4,120 @@ use std::{collections::BTreeMap, path::Path}; use spin_manifest::{schema::v2, ManifestVersion}; +#[allow(clippy::large_enum_variant)] // only ever constructed once +pub enum ManifestBuildInfo { + Loadable { + components: Vec, + deployment_targets: Vec, + manifest: spin_manifest::schema::v2::AppManifest, + }, + Unloadable { + components: Vec, + has_deployment_targets: bool, + load_error: spin_manifest::Error, + }, +} + +impl ManifestBuildInfo { + pub fn components(&self) -> Vec { + match self { + Self::Loadable { components, .. } => components.clone(), + Self::Unloadable { components, .. } => components.clone(), + } + } + + pub fn load_error(&self) -> Option<&spin_manifest::Error> { + match self { + Self::Loadable { .. } => None, + Self::Unloadable { load_error, .. } => Some(load_error), + } + } + + pub fn deployment_targets(&self) -> &[spin_manifest::schema::v2::TargetEnvironmentRef] { + match self { + Self::Loadable { + deployment_targets, .. + } => deployment_targets, + Self::Unloadable { .. } => &[], + } + } + + pub fn has_deployment_targets(&self) -> bool { + match self { + Self::Loadable { + deployment_targets, .. + } => !deployment_targets.is_empty(), + Self::Unloadable { + has_deployment_targets, + .. + } => *has_deployment_targets, + } + } + + pub fn manifest(&self) -> Option<&spin_manifest::schema::v2::AppManifest> { + match self { + Self::Loadable { manifest, .. } => Some(manifest), + Self::Unloadable { .. } => None, + } + } +} + /// Returns a map of component IDs to [`v2::ComponentBuildConfig`]s for the /// given (v1 or v2) manifest path. If the manifest cannot be loaded, the /// function attempts fallback: if fallback succeeds, result is Ok but the load error /// is also returned via the second part of the return value tuple. -pub async fn component_build_configs( - manifest_file: impl AsRef, -) -> Result<(Vec, Option)> { +pub async fn component_build_configs(manifest_file: impl AsRef) -> Result { let manifest = spin_manifest::manifest_from_file(&manifest_file); match manifest { - Ok(manifest) => Ok((build_configs_from_manifest(manifest), None)), - Err(e) => fallback_load_build_configs(&manifest_file) - .await - .map(|bc| (bc, Some(e))), + Ok(mut manifest) => { + spin_manifest::normalize::normalize_manifest(&mut manifest); + let components = build_configs_from_manifest(&manifest); + let deployment_targets = deployment_targets_from_manifest(&manifest); + Ok(ManifestBuildInfo::Loadable { + components, + deployment_targets, + manifest, + }) + } + Err(load_error) => { + // The manifest didn't load, but the problem might not be build-affecting. + // Try to fall back by parsing out only the bits we need. And if something + // goes wrong with the fallback, give up and return the original manifest load + // error. + let Ok(components) = fallback_load_build_configs(&manifest_file).await else { + return Err(load_error.into()); + }; + let Ok(has_deployment_targets) = has_deployment_targets(&manifest_file).await else { + return Err(load_error.into()); + }; + Ok(ManifestBuildInfo::Unloadable { + components, + has_deployment_targets, + load_error, + }) + } } } fn build_configs_from_manifest( - mut manifest: spin_manifest::schema::v2::AppManifest, + manifest: &spin_manifest::schema::v2::AppManifest, ) -> Vec { - spin_manifest::normalize::normalize_manifest(&mut manifest); - manifest .components - .into_iter() + .iter() .map(|(id, c)| ComponentBuildInfo { id: id.to_string(), - build: c.build, + build: c.build.clone(), }) .collect() } +fn deployment_targets_from_manifest( + manifest: &spin_manifest::schema::v2::AppManifest, +) -> Vec { + manifest.application.targets.clone() +} + async fn fallback_load_build_configs( manifest_file: impl AsRef, ) -> Result> { @@ -57,7 +140,23 @@ async fn fallback_load_build_configs( }) } -#[derive(Deserialize)] +async fn has_deployment_targets(manifest_file: impl AsRef) -> Result { + let manifest_text = tokio::fs::read_to_string(manifest_file).await?; + Ok(match ManifestVersion::detect(&manifest_text)? { + ManifestVersion::V1 => false, + ManifestVersion::V2 => { + let table: toml::value::Table = toml::from_str(&manifest_text)?; + table + .get("application") + .and_then(|a| a.as_table()) + .and_then(|t| t.get("targets")) + .and_then(|arr| arr.as_array()) + .is_some_and(|arr| !arr.is_empty()) + } + }) +} + +#[derive(Clone, Deserialize)] pub struct ComponentBuildInfo { #[serde(default)] pub id: String, diff --git a/crates/compose/src/lib.rs b/crates/compose/src/lib.rs index a7bd7eed31..5fc52740bc 100644 --- a/crates/compose/src/lib.rs +++ b/crates/compose/src/lib.rs @@ -1,7 +1,7 @@ use anyhow::Context; use indexmap::IndexMap; use semver::Version; -use spin_app::locked::{self, InheritConfiguration, LockedComponent, LockedComponentDependency}; +use spin_app::locked::InheritConfiguration as LockedInheritConfiguration; use spin_common::{ui::quoted_path, url::parse_file_url}; use spin_serde::{DependencyName, KebabId}; use std::collections::BTreeMap; @@ -29,18 +29,72 @@ use wac_graph::{CompositionGraph, NodeId}; /// composition graph into a byte array and return it. pub async fn compose( loader: &L, - component: &LockedComponent, + component: &L::Component, ) -> Result, ComposeError> { Composer::new(loader).compose(component).await } +/// A Spin component dependency. This abstracts over the metadata associated with the +/// dependency. The abstraction allows both manifest and lockfile types to participate in composition. +#[async_trait::async_trait] +pub trait DependencyLike { + fn inherit(&self) -> InheritConfiguration; + fn export(&self) -> &Option; +} + +pub enum InheritConfiguration { + All, + Some(Vec), +} + +/// A Spin component. This abstracts over the list of dependencies for the component. +/// The abstraction allows both manifest and lockfile types to participate in composition. +#[async_trait::async_trait] +pub trait ComponentLike { + type Dependency: DependencyLike; + + fn dependencies( + &self, + ) -> impl std::iter::ExactSizeIterator; + fn id(&self) -> &str; +} + +#[async_trait::async_trait] +impl ComponentLike for spin_app::locked::LockedComponent { + type Dependency = spin_app::locked::LockedComponentDependency; + + fn dependencies( + &self, + ) -> impl std::iter::ExactSizeIterator { + self.dependencies.iter() + } + + fn id(&self) -> &str { + &self.id + } +} + +#[async_trait::async_trait] +impl DependencyLike for spin_app::locked::LockedComponentDependency { + fn inherit(&self) -> InheritConfiguration { + match &self.inherit { + LockedInheritConfiguration::All => InheritConfiguration::All, + LockedInheritConfiguration::Some(cfgs) => InheritConfiguration::Some(cfgs.clone()), + } + } + + fn export(&self) -> &Option { + &self.export + } +} + /// This trait is used to load component source code from a locked component source across various embdeddings. #[async_trait::async_trait] pub trait ComponentSourceLoader { - async fn load_component_source( - &self, - source: &locked::LockedComponentSource, - ) -> anyhow::Result>; + type Component: ComponentLike; + type Dependency: DependencyLike; + async fn load_component_source(&self, source: &Self::Component) -> anyhow::Result>; + async fn load_dependency_source(&self, source: &Self::Dependency) -> anyhow::Result>; } /// A ComponentSourceLoader that loads component sources from the filesystem. @@ -48,9 +102,21 @@ pub struct ComponentSourceLoaderFs; #[async_trait::async_trait] impl ComponentSourceLoader for ComponentSourceLoaderFs { - async fn load_component_source( - &self, - source: &locked::LockedComponentSource, + type Component = spin_app::locked::LockedComponent; + type Dependency = spin_app::locked::LockedComponentDependency; + + async fn load_component_source(&self, source: &Self::Component) -> anyhow::Result> { + Self::load_from_locked_source(&source.source).await + } + + async fn load_dependency_source(&self, source: &Self::Dependency) -> anyhow::Result> { + Self::load_from_locked_source(&source.source).await + } +} + +impl ComponentSourceLoaderFs { + async fn load_from_locked_source( + source: &spin_app::locked::LockedComponentSource, ) -> anyhow::Result> { let source = source .content @@ -129,19 +195,19 @@ struct Composer<'a, L> { } impl<'a, L: ComponentSourceLoader> Composer<'a, L> { - async fn compose(mut self, component: &LockedComponent) -> Result, ComposeError> { + async fn compose(mut self, component: &L::Component) -> Result, ComposeError> { let source = self .loader - .load_component_source(&component.source) + .load_component_source(component) .await .map_err(ComposeError::PrepareError)?; - if component.dependencies.is_empty() { + if component.dependencies().len() == 0 { return Ok(source); } let (world_id, instantiation_id) = self - .register_package(&component.id, None, source) + .register_package(component.id(), None, source) .map_err(ComposeError::PrepareError)?; let prepared = self.prepare_dependencies(world_id, component).await?; @@ -180,7 +246,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { async fn prepare_dependencies( &mut self, world_id: WorldId, - component: &LockedComponent, + component: &L::Component, ) -> Result, ComposeError> { let imports = self.graph.types()[world_id].imports.clone(); @@ -188,7 +254,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { let mut mappings: BTreeMap> = BTreeMap::new(); - for (dependency_name, dependency) in &component.dependencies { + for (dependency_name, dependency) in component.dependencies() { let mut matched = Vec::new(); for import_name in &import_keys { @@ -201,7 +267,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { if matched.is_empty() { return Err(ComposeError::UnmatchedDependencyName { - component_id: component.id.clone(), + component_id: component.id().to_owned(), dependency_name: dependency_name.clone(), }); } @@ -225,7 +291,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { if !conflicts.is_empty() { return Err(ComposeError::DependencyConflicts { - component_id: component.id.clone(), + component_id: component.id().to_owned(), conflicts: conflicts .into_iter() .map(|(import_name, infos)| { @@ -330,19 +396,16 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { async fn register_dependency( &mut self, dependency_name: DependencyName, - dependency: &LockedComponentDependency, + dependency: &L::Dependency, ) -> anyhow::Result { - let mut dependency_source = self - .loader - .load_component_source(&dependency.source) - .await?; + let mut dependency_source = self.loader.load_dependency_source(dependency).await?; let package_name = match &dependency_name { DependencyName::Package(name) => name.package.to_string(), DependencyName::Plain(name) => name.to_string(), }; - match &dependency.inherit { + match dependency.inherit() { InheritConfiguration::Some(configurations) => { if configurations.is_empty() { // Configuration inheritance is disabled, apply deny_all adapter @@ -363,7 +426,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { manifest_name: dependency_name, instantiation_id, world_id, - export_name: dependency.export.clone(), + export_name: dependency.export().clone(), }) } diff --git a/crates/environments/Cargo.toml b/crates/environments/Cargo.toml new file mode 100644 index 0000000000..189fc7d086 --- /dev/null +++ b/crates/environments/Cargo.toml @@ -0,0 +1,42 @@ +[package] +name = "spin-environments" +version = { workspace = true } +authors = { workspace = true } +edition = { workspace = true } + +[dependencies] +anyhow = { workspace = true } +async-trait = "0.1" +bytes = "1.1" +chrono = { workspace = true } +futures = "0.3" +futures-util = "0.3" +id-arena = "2" +indexmap = "2" +oci-distribution = { git = "https://github.com/fermyon/oci-distribution", rev = "7e4ce9be9bcd22e78a28f06204931f10c44402ba" } +semver = "1" +serde = { version = "1", features = ["derive"] } +serde_json = "1" +spin-common = { path = "../common" } +spin-componentize = { path = "../componentize" } +spin-compose = { path = "../compose" } +spin-loader = { path = "../loader" } +spin-manifest = { path = "../manifest" } +spin-serde = { path = "../serde" } +toml = { workspace = true } +tokio = { version = "1.23", features = ["fs"] } +tracing = { workspace = true } +wac-parser = "0.6.0" +wac-resolver = "0.6.0" +wac-types = "0.6.0" +wasm-pkg-client = { workspace = true } +wasmparser = { workspace = true } +wit-component = { workspace = true } +wit-parser = { workspace = true } + +[dev-dependencies] +wit-component = { workspace = true, features = ["dummy-module"] } +wit-encoder = "0.229" + +[lints] +workspace = true diff --git a/crates/environments/src/environment.rs b/crates/environments/src/environment.rs new file mode 100644 index 0000000000..2ca7e1e4ad --- /dev/null +++ b/crates/environments/src/environment.rs @@ -0,0 +1,388 @@ +use std::{collections::HashMap, path::Path}; + +use anyhow::Context; +use spin_common::ui::quoted_path; +use spin_manifest::schema::v2::TargetEnvironmentRef; + +mod definition; +mod env_loader; +mod lockfile; + +use definition::WorldName; + +/// A fully realised deployment environment, e.g. Spin 2.7, +/// SpinKube 3.1, Fermyon Cloud. The `TargetEnvironment` provides a mapping +/// from the Spin trigger types supported in the environment to the Component Model worlds +/// supported by that trigger type. (A trigger type may support more than one world, +/// for example when it supports multiple versions of the Spin or WASI interfaces.) +pub struct TargetEnvironment { + name: String, + trigger_worlds: HashMap, + unknown_trigger: UnknownTrigger, +} + +impl TargetEnvironment { + /// Loads the specified list of environments. This fetches all required + /// environment definitions from their references, and then chases packages + /// references until the entire target environment is fully loaded. + /// The function also caches registry references in the application directory, + /// to avoid loading from the network when the app is validated again. + pub async fn load_all( + env_ids: &[TargetEnvironmentRef], + cache_root: Option, + app_dir: &std::path::Path, + ) -> anyhow::Result> { + env_loader::load_environments(env_ids, cache_root, app_dir).await + } + + /// The environment name for UI purposes + pub fn name(&self) -> &str { + &self.name + } + + /// Returns true if the given trigger type can run in this environment. + pub fn supports_trigger_type(&self, trigger_type: &TriggerType) -> bool { + self.unknown_trigger.allows(trigger_type) || self.trigger_worlds.contains_key(trigger_type) + } + + /// Lists all worlds supported for the given trigger type in this environment. + pub fn worlds(&self, trigger_type: &TriggerType) -> &CandidateWorlds { + self.trigger_worlds + .get(trigger_type) + .or_else(|| self.unknown_trigger.worlds()) + .unwrap_or(NO_WORLDS) + } +} + +/// How a `TargetEnvironment` should validate components associated with trigger types +/// not listed in the/ environment definition. This is used for best-effort validation in +/// extensible environments. +/// +/// For example, a "forgiving" definition of Spin CLI environment would +/// validate that components associated with `cron` or `sqs` triggers adhere +/// to the platform world, even though it cannot validate that the exports are correct +/// or that the plugins are installed or up to date. This can result in failure at +/// runtime, but that may be better than refusing to let cron jobs run! +/// +/// On the other hand, the SpinKube environment rejects unknown triggers +/// because SpinKube does not allow arbitrary triggers to be linked at +/// runtime: the set of triggers is static for a given version. +enum UnknownTrigger { + /// Components for unknown trigger types fail validation. + Deny, + /// Components for unknown trigger types pass validation if they + /// conform to (at least) one of the listed worlds. + Allow(CandidateWorlds), +} + +impl UnknownTrigger { + fn allows(&self, _trigger_type: &TriggerType) -> bool { + matches!(self, Self::Allow(_)) + } + + fn worlds(&self) -> Option<&CandidateWorlds> { + match self { + Self::Deny => None, + Self::Allow(cw) => Some(cw), + } + } +} + +/// The set of worlds that a particular trigger type (in a given environment) +/// can accept. For example, the Spin 3.2 CLI `http` trigger accepts various +/// versions of the `spin:up/http-trigger` world. +/// +/// A component will pass target validation if it conforms to +/// at least one of these worlds. +#[derive(Default)] +pub struct CandidateWorlds { + worlds: Vec, +} + +impl<'a> IntoIterator for &'a CandidateWorlds { + type Item = &'a CandidateWorld; + + type IntoIter = std::slice::Iter<'a, CandidateWorld>; + + fn into_iter(self) -> Self::IntoIter { + self.worlds.iter() + } +} + +const NO_WORLDS: &CandidateWorlds = &CandidateWorlds { worlds: vec![] }; + +/// A WIT world; specifically, a WIT world provided by a Spin host, against which +/// a component can be validated. +pub struct CandidateWorld { + world: WorldName, + package: wit_parser::Package, + package_bytes: Vec, +} + +impl std::fmt::Display for CandidateWorld { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + self.world.fmt(f) + } +} + +impl CandidateWorld { + /// Namespaced but unversioned package name (e.g. spin:up) + pub fn package_namespaced_name(&self) -> String { + format!("{}:{}", self.package.name.namespace, self.package.name.name) + } + + /// The package version for the environment package. + pub fn package_version(&self) -> Option<&semver::Version> { + self.package.name.version.as_ref() + } + + /// The Wasm-encoded bytes of the environment package. + pub fn package_bytes(&self) -> &[u8] { + &self.package_bytes + } + + fn from_package_bytes(world: &WorldName, bytes: Vec) -> anyhow::Result { + let decoded = wit_component::decode(&bytes) + .with_context(|| format!("Failed to decode package for environment {world}"))?; + let package_id = decoded.package(); + let package = decoded + .resolve() + .packages + .get(package_id) + .with_context(|| { + format!("The {world} package is invalid (no package for decoded package ID)") + })? + .clone(); + + Ok(Self { + world: world.to_owned(), + package, + package_bytes: bytes, + }) + } + + fn from_decoded_wasm( + world: &WorldName, + source: &Path, + decoded: wit_parser::decoding::DecodedWasm, + ) -> anyhow::Result { + let package_id = decoded.package(); + let package = decoded + .resolve() + .packages + .get(package_id) + .with_context(|| { + format!( + "The {} environment is invalid (no package for decoded package ID)", + quoted_path(source) + ) + })? + .clone(); + + let bytes = wit_component::encode(decoded.resolve(), package_id)?; + + Ok(Self { + world: world.to_owned(), + package, + package_bytes: bytes, + }) + } +} + +pub(super) fn is_versioned(env_id: &str) -> bool { + env_id.contains(':') +} + +pub type TriggerType = String; + +#[cfg(test)] +mod test { + use super::*; + + use std::path::PathBuf; + + const SIMPLE_WIT_DIR: &str = concat!(env!("CARGO_MANIFEST_DIR"), "/tests/simple-wit"); + + /// Construct a CandidateWorlds that matches only the named" world. + fn load_simple_world(wit_path: &Path, world: &str) -> CandidateWorlds { + let mut resolve = wit_parser::Resolve::default(); + let (id, _) = resolve + .push_dir(wit_path) + .expect("should have pushed WIT dir"); + let package_bytes = + wit_component::encode(&resolve, id).expect("should have encoded world package"); + + let world_name = WorldName::try_from(world.to_owned()).unwrap(); + let simple_world = CandidateWorld::from_package_bytes(&world_name, package_bytes) + .expect("should have loaded world package"); + + CandidateWorlds { + worlds: vec![simple_world], + } + } + + /// Build an environment using the given WIT that maps the "s" trigger + /// to the "spin:test/simple@1.0.0" world (and denies all other triggers). + fn target_simple_world(wit_path: &Path) -> TargetEnvironment { + let candidate_worlds = load_simple_world(wit_path, "spin:test/simple@1.0.0"); + + TargetEnvironment { + name: "test".to_owned(), + trigger_worlds: [("s".to_owned(), candidate_worlds)].into_iter().collect(), + unknown_trigger: UnknownTrigger::Deny, + } + } + + /// Build an environment using the given WIT that maps all triggers to + /// the "spin:test/simple-import-only@1.0.0" world. (This isn't a very realistic example + /// because a fallback world would usually be imports-only.) + fn target_import_only_forgiving(wit_path: &Path) -> TargetEnvironment { + let candidate_worlds = load_simple_world(wit_path, "spin:test/simple-import-only@1.0.0"); + + TargetEnvironment { + name: "test".to_owned(), + trigger_worlds: [].into_iter().collect(), + unknown_trigger: UnknownTrigger::Allow(candidate_worlds), + } + } + + #[tokio::test] + async fn can_validate_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + assert!(env.supports_trigger_type(&"s".to_owned())); + assert!(!env.supports_trigger_type(&"t".to_owned())); + + let component = crate::ComponentToValidate::new("scomp", "scomp.wasm", wasm); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!( + errs.is_empty(), + "{}", + errs.iter() + .map(|e| e.to_string()) + .collect::>() + .join("\n") + ); + } + + #[tokio::test] + async fn can_validate_component_for_unknown_trigger() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + // The actual component has an export, although the target world can't check that + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let env = target_import_only_forgiving(&wit_path); + + // E.g. a plugin trigger that isn't part of the Spin CLI + let non_existent_trigger = "farmer-buckleys-trousers-explode".to_owned(); + + assert!(env.supports_trigger_type(&non_existent_trigger)); + + let component = crate::ComponentToValidate::new("comp", "comp.wasm", wasm); + let errs = crate::validate_component_against_environments( + &[env], + &non_existent_trigger, + &component, + ) + .await; + assert!( + errs.is_empty(), + "{}", + errs.iter() + .map(|e| e.to_string()) + .collect::>() + .join("\n") + ); + } + + #[tokio::test] + async fn unavailable_import_invalidates_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/not-so-simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + let component = crate::ComponentToValidate::new("nscomp", "nscomp.wasm", wasm); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!(!errs.is_empty()); + + let err = errs[0].to_string(); + assert!( + err.contains("Component nscomp (nscomp.wasm) can't run in environment test"), + "unexpected error {err}" + ); + assert!(err.contains( + "world spin:test/simple@1.0.0 does not provide an import named spin:test/evil@1.0.0" + ), "unexpected error {err}"); + } + + #[tokio::test] + async fn unprovided_export_invalidates_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/too-darn-simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + let component = crate::ComponentToValidate::new("tdscomp", "tdscomp.wasm", wasm); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!(!errs.is_empty()); + + let err = errs[0].to_string(); + assert!( + err.contains("Component tdscomp (tdscomp.wasm) can't run in environment test"), + "unexpected error {err}" + ); + } + + fn generate_dummy_component(wit: &str, world: &str) -> Vec { + let mut resolve = wit_parser::Resolve::default(); + let package_id = resolve.push_str("test", wit).expect("should parse WIT"); + let world_id = resolve + .select_world(package_id, Some(world)) + .expect("should select world"); + + let mut wasm = wit_component::dummy_module( + &resolve, + world_id, + wit_parser::ManglingAndAbi::Legacy(wit_parser::LiftLowerAbi::Sync), + ); + wit_component::embed_component_metadata( + &mut wasm, + &resolve, + world_id, + wit_component::StringEncoding::UTF8, + ) + .expect("should embed component metadata"); + + let mut encoder = wit_component::ComponentEncoder::default() + .validate(true) + .module(&wasm) + .expect("should set module"); + encoder.encode().expect("should encode component") + } +} diff --git a/crates/environments/src/environment/definition.rs b/crates/environments/src/environment/definition.rs new file mode 100644 index 0000000000..1e439b14cb --- /dev/null +++ b/crates/environments/src/environment/definition.rs @@ -0,0 +1,165 @@ +//! Environment definition types and serialisation (TOML) formats +//! +//! This module does *not* cover loading those definitions from remote +//! sources, or materialising WIT packages from files or registry references - +//! only the types. + +use std::collections::HashMap; + +use anyhow::Context; + +/// An environment definition, usually deserialised from a TOML document. +/// Example: +/// +/// ```ignore +/// # spin-up.3.2.toml +/// [triggers] +/// http = ["spin:up/http-trigger@3.2.0", "spin:up/http-trigger-rc20231018@3.2.0"] +/// redis = ["spin:up/redis-trigger@3.2.0"] +/// ``` +#[derive(Debug, serde::Deserialize)] +#[serde(deny_unknown_fields)] +pub struct EnvironmentDefinition { + triggers: HashMap>, + default: Option>, +} + +impl EnvironmentDefinition { + pub fn triggers(&self) -> &HashMap> { + &self.triggers + } + + pub fn default(&self) -> Option<&Vec> { + self.default.as_ref() + } +} + +/// A reference to a world in an [EnvironmentDefinition]. This is formed +/// of a fully qualified (ns:pkg/id) world name, optionally with +/// a location from which to get the package (a registry or WIT directory). +#[derive(Clone, Debug, serde::Deserialize)] +#[serde(untagged, deny_unknown_fields)] +pub enum WorldRef { + DefaultRegistry(WorldName), + Registry { + registry: String, + world: WorldName, + }, + WitDirectory { + path: std::path::PathBuf, + world: WorldName, + }, +} + +/// The qualified name of a world, e.g. spin:up/http-trigger@3.2.0. +/// +/// (Internally it is represented as a PackageName plus unqualified +/// world name, but it stringises to the standard WIT qualified name.) +#[derive(Clone, Debug, serde::Deserialize)] +#[serde(try_from = "String")] +pub struct WorldName { + package: wit_parser::PackageName, + world: String, +} + +impl WorldName { + pub fn package(&self) -> &wit_parser::PackageName { + &self.package + } + + pub fn package_namespaced_name(&self) -> String { + format!("{}:{}", self.package.namespace, self.package.name) + } + + pub fn package_ref(&self) -> anyhow::Result { + let pkg_name = self.package_namespaced_name(); + pkg_name + .parse() + .with_context(|| format!("Environment {pkg_name} is not a valid package name")) + } + + pub fn package_version(&self) -> Option<&semver::Version> { + self.package.version.as_ref() + } +} + +impl TryFrom for WorldName { + type Error = anyhow::Error; + + fn try_from(value: String) -> Result { + use wasmparser::names::{ComponentName, ComponentNameKind}; + + // World qnames have the same syntactic form as interface qnames + let parsed = ComponentName::new(&value, 0)?; + let ComponentNameKind::Interface(itf) = parsed.kind() else { + anyhow::bail!("{value} is not a well-formed world name"); + }; + + let package = wit_parser::PackageName { + namespace: itf.namespace().to_string(), + name: itf.package().to_string(), + version: itf.version(), + }; + + let world = itf.interface().to_string(); + + Ok(Self { package, world }) + } +} + +impl std::fmt::Display for WorldName { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.write_str(&self.package.namespace)?; + f.write_str(":")?; + f.write_str(&self.package.name)?; + f.write_str("/")?; + f.write_str(&self.world)?; + + if let Some(v) = self.package.version.as_ref() { + f.write_str("@")?; + f.write_str(&v.to_string())?; + } + + Ok(()) + } +} + +#[cfg(test)] +mod test { + use super::*; + + #[test] + fn can_parse_versioned_world_name() { + let text = "ns:name/world@1.0.0"; + let w = WorldName::try_from(text.to_owned()).unwrap(); + + assert_eq!("ns", w.package().namespace); + assert_eq!("name", w.package().name); + assert_eq!("ns:name", w.package_namespaced_name()); + assert_eq!("ns", w.package_ref().unwrap().namespace().to_string()); + assert_eq!("name", w.package_ref().unwrap().name().to_string()); + assert_eq!("world", w.world); + assert_eq!( + &semver::Version::new(1, 0, 0), + w.package().version.as_ref().unwrap() + ); + + assert_eq!(text, w.to_string()); + } + + #[test] + fn can_parse_unversioned_world_name() { + let text = "ns:name/world"; + let w = WorldName::try_from("ns:name/world".to_owned()).unwrap(); + + assert_eq!("ns", w.package().namespace); + assert_eq!("name", w.package().name); + assert_eq!("ns:name", w.package_namespaced_name()); + assert_eq!("ns", w.package_ref().unwrap().namespace().to_string()); + assert_eq!("name", w.package_ref().unwrap().name().to_string()); + assert_eq!("world", w.world); + assert!(w.package().version.is_none()); + + assert_eq!(text, w.to_string()); + } +} diff --git a/crates/environments/src/environment/env_loader.rs b/crates/environments/src/environment/env_loader.rs new file mode 100644 index 0000000000..217d063521 --- /dev/null +++ b/crates/environments/src/environment/env_loader.rs @@ -0,0 +1,336 @@ +//! Loading target environments, from a list of references through to +//! a fully realised collection of WIT packages with their worlds and +//! mappings. + +use std::{collections::HashMap, path::Path}; + +use anyhow::{anyhow, Context}; +use futures::future::try_join_all; +use spin_common::ui::quoted_path; +use spin_manifest::schema::v2::TargetEnvironmentRef; + +use super::definition::{EnvironmentDefinition, WorldName, WorldRef}; +use super::lockfile::TargetEnvironmentLockfile; +use super::{is_versioned, CandidateWorld, CandidateWorlds, TargetEnvironment, UnknownTrigger}; + +const DEFAULT_ENV_DEF_REGISTRY_PREFIX: &str = "ghcr.io/spinframework/environments"; +const DEFAULT_PACKAGE_REGISTRY: &str = "spinframework.dev"; + +/// Load all the listed environments from their registries or paths. +/// Registry data will be cached, with a lockfile under `.spin` mapping +/// environment IDs to digests (to allow cache lookup without needing +/// to fetch the digest from the registry). +pub async fn load_environments( + env_ids: &[TargetEnvironmentRef], + cache_root: Option, + app_dir: &std::path::Path, +) -> anyhow::Result> { + if env_ids.is_empty() { + return Ok(Default::default()); + } + + let cache = spin_loader::cache::Cache::new(cache_root) + .await + .context("Unable to create cache")?; + let lockfile_dir = app_dir.join(".spin"); + let lockfile_path = lockfile_dir.join("target-environments.lock"); + + let orig_lockfile: TargetEnvironmentLockfile = tokio::fs::read_to_string(&lockfile_path) + .await + .ok() + .and_then(|s| serde_json::from_str(&s).ok()) + .unwrap_or_default(); + let lockfile = std::sync::Arc::new(tokio::sync::RwLock::new(orig_lockfile.clone())); + + let envs = try_join_all( + env_ids + .iter() + .map(|e| load_environment(e, &cache, &lockfile)), + ) + .await?; + + let final_lockfile = &*lockfile.read().await; + if *final_lockfile != orig_lockfile { + if let Ok(lockfile_json) = serde_json::to_string_pretty(&final_lockfile) { + _ = tokio::fs::create_dir_all(lockfile_dir).await; + _ = tokio::fs::write(&lockfile_path, lockfile_json).await; // failure to update lockfile is not an error + } + } + + Ok(envs) +} + +/// Loads the given `TargetEnvironment` from a registry or directory. +async fn load_environment( + env_id: &TargetEnvironmentRef, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + match env_id { + TargetEnvironmentRef::DefaultRegistry(id) => { + load_environment_from_registry(DEFAULT_ENV_DEF_REGISTRY_PREFIX, id, cache, lockfile) + .await + } + TargetEnvironmentRef::Registry { registry, id } => { + load_environment_from_registry(registry, id, cache, lockfile).await + } + TargetEnvironmentRef::File { path } => { + load_environment_from_file(path, cache, lockfile).await + } + } +} + +/// Loads a `TargetEnvironment` from the environment definition at the given +/// registry location. The environment and any remote packages it references will be used +/// from cache if available; otherwise, they will be saved to the cache, and the +/// in-memory lockfile object updated. +async fn load_environment_from_registry( + registry: &str, + env_id: &str, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let env_def_toml = load_env_def_toml_from_registry(registry, env_id, cache, lockfile).await?; + load_environment_from_toml(env_id, &env_def_toml, cache, lockfile).await +} + +/// Loads a `TargetEnvironment` from the given TOML file. Any remote packages +/// it references will be used from cache if available; otherwise, they will be saved +/// to the cache, and the in-memory lockfile object updated. +async fn load_environment_from_file( + path: &Path, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let name = path + .file_stem() + .and_then(|s| s.to_str()) + .map(|s| s.to_owned()) + .unwrap(); + let toml_text = tokio::fs::read_to_string(path).await.with_context(|| { + format!( + "unable to read target environment from {}", + quoted_path(path) + ) + })?; + load_environment_from_toml(&name, &toml_text, cache, lockfile).await +} + +/// Loads a `TargetEnvironment` from the given TOML text. Any remote packages +/// it references will be used from cache if available; otherwise, they will be saved +/// to the cache, and the in-memory lockfile object updated. +async fn load_environment_from_toml( + name: &str, + toml_text: &str, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let env: EnvironmentDefinition = toml::from_str(toml_text)?; + + let mut trigger_worlds = HashMap::new(); + + // TODO: parallel all the things + // TODO: this loads _all_ triggers not just the ones we need + for (trigger_type, world_refs) in env.triggers() { + trigger_worlds.insert( + trigger_type.to_owned(), + load_worlds(world_refs, cache, lockfile).await?, + ); + } + + let unknown_trigger = match env.default() { + None => UnknownTrigger::Deny, + Some(world_refs) => UnknownTrigger::Allow(load_worlds(world_refs, cache, lockfile).await?), + }; + + Ok(TargetEnvironment { + name: name.to_owned(), + trigger_worlds, + unknown_trigger, + }) +} + +/// Loads the text (assumed to be TOML) from the environment definition at the given +/// registry location. The environment will be used from cache if available; otherwise, +/// it be saved to the cache, and the in-memory lockfile object updated. +async fn load_env_def_toml_from_registry( + registry: &str, + env_id: &str, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + if let Some(digest) = lockfile.read().await.env_digest(registry, env_id) { + if let Ok(cache_file) = cache.data_file(digest) { + if let Ok(bytes) = tokio::fs::read(&cache_file).await { + return Ok(String::from_utf8_lossy(&bytes).to_string()); + } + } + } + + let (bytes, digest) = download_env_def_file(registry, env_id) + .await + .with_context(|| format!("downloading target environment {env_id} from {registry}"))?; + + let toml_text = String::from_utf8_lossy(&bytes).to_string(); + + _ = cache.write_data(bytes, &digest).await; + lockfile + .write() + .await + .set_env_digest(registry, env_id, &digest); + + Ok(toml_text) +} + +/// Downloads a single-layer document from the given registry. +/// (You can create a suitable document with e.g. `oras push ghcr.io/my/envs/sample:1.0 sample.toml`.) +/// The image must be publicly accessible (which is *NOT* the default with GHCR). +/// +/// The return value is a tuple of (content, digest). +async fn download_env_def_file(registry: &str, env_id: &str) -> anyhow::Result<(Vec, String)> { + // This implies env_id is in the format spin-up:3.2 + let registry_id = if is_versioned(env_id) { + env_id.to_string() + } else { + // Testing versionless tags with GHCR it didn't work + // TODO: is this expected or am I being a dolt + // TODO: is this a suitable workaround + format!("{env_id}:latest") + }; + + let reference = format!("{registry}/{registry_id}"); + let reference = oci_distribution::Reference::try_from(reference)?; + + let config = oci_distribution::client::ClientConfig::default(); + let client = oci_distribution::client::Client::new(config); + let auth = oci_distribution::secrets::RegistryAuth::Anonymous; + + let (manifest, digest) = client.pull_manifest(&reference, &auth).await?; + + let im = match manifest { + oci_distribution::manifest::OciManifest::Image(im) => im, + oci_distribution::manifest::OciManifest::ImageIndex(_) => { + anyhow::bail!("unexpected registry format for {reference}") + } + }; + + let count = im.layers.len(); + + if count != 1 { + anyhow::bail!("artifact {reference} should have had exactly one layer"); + } + + let the_layer = &im.layers[0]; + let mut out = Vec::with_capacity(the_layer.size.try_into().unwrap_or_default()); + client.pull_blob(&reference, the_layer, &mut out).await?; + + Ok((out, digest)) +} + +async fn load_worlds( + world_refs: &[WorldRef], + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let mut worlds = vec![]; + + for world_ref in world_refs { + worlds.push(load_world(world_ref, cache, lockfile).await?); + } + + Ok(CandidateWorlds { worlds }) +} + +async fn load_world( + world_ref: &WorldRef, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + match world_ref { + WorldRef::DefaultRegistry(world) => { + load_world_from_registry(DEFAULT_PACKAGE_REGISTRY, world, cache, lockfile).await + } + WorldRef::Registry { registry, world } => { + load_world_from_registry(registry, world, cache, lockfile).await + } + WorldRef::WitDirectory { path, world } => load_world_from_dir(path, world), + } +} + +fn load_world_from_dir(path: &Path, world: &WorldName) -> anyhow::Result { + let mut resolve = wit_parser::Resolve::default(); + let (pkg_id, _) = resolve.push_dir(path)?; + let decoded = wit_parser::decoding::DecodedWasm::WitPackage(resolve, pkg_id); + CandidateWorld::from_decoded_wasm(world, path, decoded) +} + +/// Loads the given `TargetEnvironment` from the given registry, or +/// from cache if available. If the environment is not in cache, the +/// encoded WIT will be cached, and the in-memory lockfile object +/// updated. +async fn load_world_from_registry( + registry: &str, + world_name: &WorldName, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + use futures_util::TryStreamExt; + + if let Some(digest) = lockfile + .read() + .await + .package_digest(registry, world_name.package()) + { + if let Ok(cache_file) = cache.wasm_file(digest) { + if let Ok(bytes) = tokio::fs::read(&cache_file).await { + return CandidateWorld::from_package_bytes(world_name, bytes); + } + } + } + + let pkg_name = world_name.package_namespaced_name(); + let pkg_ref = world_name.package_ref()?; + + let wkg_registry: wasm_pkg_client::Registry = registry + .parse() + .with_context(|| format!("Registry {registry} is not a valid registry name"))?; + + let mut wkg_config = wasm_pkg_client::Config::global_defaults().await?; + wkg_config.set_package_registry_override( + pkg_ref, + wasm_pkg_client::RegistryMapping::Registry(wkg_registry), + ); + + let client = wasm_pkg_client::Client::new(wkg_config); + + let package = pkg_name + .to_owned() + .try_into() + .with_context(|| format!("Failed to parse environment name {pkg_name} as package name"))?; + let version = world_name + .package_version() // TODO: surely we can cope with worlds from unversioned packages? surely? + .ok_or_else(|| anyhow!("{world_name} is unversioned: this is not currently supported"))?; + + let release = client + .get_release(&package, version) + .await + .with_context(|| format!("Failed to get {} from registry", world_name.package()))?; + let stm = client + .stream_content(&package, &release) + .await + .with_context(|| format!("Failed to get {} from registry", world_name.package()))?; + let bytes = stm + .try_collect::() + .await + .with_context(|| format!("Failed to get {} from registry", world_name.package()))? + .to_vec(); + + let digest = release.content_digest.to_string(); + _ = cache.write_wasm(&bytes, &digest).await; // Failure to cache is not fatal + lockfile + .write() + .await + .set_package_digest(registry, world_name.package(), &digest); + + CandidateWorld::from_package_bytes(world_name, bytes) +} diff --git a/crates/environments/src/environment/lockfile.rs b/crates/environments/src/environment/lockfile.rs new file mode 100644 index 0000000000..e9019b23a8 --- /dev/null +++ b/crates/environments/src/environment/lockfile.rs @@ -0,0 +1,210 @@ +use std::collections::HashMap; + +use super::is_versioned; + +const DIGEST_TTL_HOURS: i64 = 24; + +/// Serialisation format for the lockfile: registry -> env|pkg -> { name -> digest } +#[derive(Clone, Debug, Default, PartialEq, Eq, serde::Serialize, serde::Deserialize)] +pub struct TargetEnvironmentLockfile(HashMap); + +#[derive(Clone, Debug, Default, PartialEq, Eq, serde::Serialize, serde::Deserialize)] +struct Digests { + env: HashMap, + package: HashMap, +} + +#[derive(Clone, Debug, PartialEq, Eq, serde::Serialize, serde::Deserialize)] +#[serde(untagged)] +enum ExpirableDigest { + Forever(String), + Expiring { + digest: String, + correct_at: chrono::DateTime, + }, +} + +impl TargetEnvironmentLockfile { + pub fn env_digest(&self, registry: &str, env_id: &str) -> Option<&str> { + self.0 + .get(registry) + .and_then(|ds| ds.env.get(env_id)) + .and_then(|s| s.current()) + } + + pub fn set_env_digest(&mut self, registry: &str, env_id: &str, digest: &str) { + // If the environment is versioned, we assume it will not change (that is, any changes will + // be reflected as a new version). If the environment is *not* versioned, it represents + // a hosted service which may change over time: allow the cached definition to expire every day or + // so that we do not use a definition that is out of sync with the actual service. + let expirable_digest = if is_versioned(env_id) { + ExpirableDigest::forever(digest) + } else { + ExpirableDigest::expiring(digest) + }; + + match self.0.get_mut(registry) { + Some(ds) => { + ds.env.insert(env_id.to_string(), expirable_digest); + } + None => { + let map = vec![(env_id.to_string(), expirable_digest)] + .into_iter() + .collect(); + let ds = Digests { + env: map, + package: Default::default(), + }; + self.0.insert(registry.to_string(), ds); + } + } + } + + pub fn package_digest( + &self, + registry: &str, + package: &wit_parser::PackageName, + ) -> Option<&str> { + self.0 + .get(registry) + .and_then(|ds| ds.package.get(&package.to_string())) + .map(|s| s.as_str()) + } + + pub fn set_package_digest( + &mut self, + registry: &str, + package: &wit_parser::PackageName, + digest: &str, + ) { + match self.0.get_mut(registry) { + Some(ds) => { + ds.package.insert(package.to_string(), digest.to_string()); + } + None => { + let map = vec![(package.to_string(), digest.to_string())] + .into_iter() + .collect(); + let ds = Digests { + env: Default::default(), + package: map, + }; + self.0.insert(registry.to_string(), ds); + } + } + } +} + +impl ExpirableDigest { + fn current(&self) -> Option<&str> { + match self { + Self::Forever(digest) => Some(digest), + Self::Expiring { digest, correct_at } => { + let now = chrono::Utc::now(); + let time_since = now - correct_at; + if time_since.abs().num_hours() > DIGEST_TTL_HOURS { + None + } else { + Some(digest) + } + } + } + } + + fn forever(digest: &str) -> Self { + Self::Forever(digest.to_string()) + } + + fn expiring(digest: &str) -> Self { + Self::Expiring { + digest: digest.to_string(), + correct_at: chrono::Utc::now(), + } + } +} + +#[cfg(test)] +mod test { + use super::*; + + const DUMMY_REG: &str = "reggy-mc-regface"; + + #[test] + fn versioned_envs_have_no_expiry() { + const TEST_ENV: &str = "my-env:1.0"; + const TEST_DIGEST: &str = "12345"; + + let mut lockfile = TargetEnvironmentLockfile::default(); + lockfile.set_env_digest(DUMMY_REG, TEST_ENV, TEST_DIGEST); + + let json = serde_json::to_value(&lockfile).unwrap(); + + let saved_digest = json + .get(DUMMY_REG) + .and_then(|j| j.get("env")) + .and_then(|j| j.get(TEST_ENV)) + .expect("should have had recorded a digest"); + let saved_digest = saved_digest + .as_str() + .expect("saved digest should have been a string"); + assert_eq!(TEST_DIGEST, saved_digest); + } + + #[test] + fn unversioned_envs_expire() { + const TEST_ENV: &str = "my-env"; + const TEST_DIGEST: &str = "12345"; + + let mut lockfile = TargetEnvironmentLockfile::default(); + lockfile.set_env_digest(DUMMY_REG, TEST_ENV, TEST_DIGEST); + + let json = serde_json::to_value(&lockfile).unwrap(); + + let saved_digest = json + .get(DUMMY_REG) + .and_then(|j| j.get("env")) + .and_then(|j| j.get(TEST_ENV)) + .expect("should have recorded a digest"); + let saved_digest = saved_digest + .as_object() + .expect("saved digest should have been an object"); + assert_eq!(TEST_DIGEST, saved_digest.get("digest").unwrap()); + assert!(saved_digest + .get("correct_at") + .is_some_and(|v| v.is_string())); + } + + #[test] + fn expired_env_digests_are_not_returned() { + const TEST_ENV: &str = "my-env"; + const TEST_DIGEST: &str = "12345"; + + let mut lockfile = TargetEnvironmentLockfile::default(); + lockfile.set_env_digest(DUMMY_REG, TEST_ENV, TEST_DIGEST); + assert_eq!( + TEST_DIGEST, + lockfile + .env_digest(DUMMY_REG, TEST_ENV) + .expect("should have returned env digest") + ); + + // Pass this legit lockfile through JSON and massage the digest date to be old. NEARLY AS OLD AS ME + let mut json = serde_json::to_value(&lockfile).unwrap(); + let digest = json + .get_mut(DUMMY_REG) + .and_then(|j| j.get_mut("env")) + .and_then(|j| j.get_mut(TEST_ENV)) + .expect("should have recorded a digest"); + let digest = digest + .as_object_mut() + .expect("saved digest should have been an object"); + digest.insert( + "correct_at".to_string(), + serde_json::to_value("1969-12-31T01:01:01.001001001Z").unwrap(), + ); + let stale_lockfile: TargetEnvironmentLockfile = serde_json::from_value(json).unwrap(); + + // It should not give us the potentially stale digest + assert!(stale_lockfile.env_digest(DUMMY_REG, TEST_ENV).is_none()); + } +} diff --git a/crates/environments/src/lib.rs b/crates/environments/src/lib.rs new file mode 100644 index 0000000000..5e8371b206 --- /dev/null +++ b/crates/environments/src/lib.rs @@ -0,0 +1,217 @@ +use anyhow::{anyhow, Context}; + +mod environment; +mod loader; + +use environment::{CandidateWorld, CandidateWorlds, TargetEnvironment, TriggerType}; +pub use loader::ApplicationToValidate; +use loader::ComponentToValidate; +use spin_manifest::schema::v2::TargetEnvironmentRef; + +/// The result of validating an application against a list of target environments. +/// If `is_ok` returns true (or equivalently if the `errors` collection is empty), +/// the application passed validation, and can run in all the environments against +/// which it was checked. Otherwise, at least one component cannot run in at least +/// one target environment, and the `errors` collection contains the details. +#[derive(Default)] +pub struct TargetEnvironmentValidation(Vec); + +impl TargetEnvironmentValidation { + pub fn is_ok(&self) -> bool { + self.0.is_empty() + } + + pub fn errors(&self) -> &[anyhow::Error] { + &self.0 + } +} + +/// Validates *all* application components against the list of referenced target enviroments. Each component must conform +/// to *all* environments to pass. +/// +/// If the return value is `Ok(...)`, this means only that we were able to perform the validation. +/// The caller **MUST** still check the returned [TargetEnvironmentValidation] to determine the +/// outcome of validation. +/// +/// If the return value is `Err(...)`, then we weren't able even to attempt validation. +pub async fn validate_application_against_environment_ids( + application: &ApplicationToValidate, + env_ids: &[TargetEnvironmentRef], + cache_root: Option, + app_dir: &std::path::Path, +) -> anyhow::Result { + if env_ids.is_empty() { + return Ok(Default::default()); + } + + let envs = TargetEnvironment::load_all(env_ids, cache_root, app_dir).await?; + validate_application_against_environments(application, &envs).await +} + +/// Validates *all* application components against the list of (realised) target enviroments. Each component must conform +/// to *all* environments to pass. +/// +/// For the slightly funky return type, see [validate_application_against_environment_ids]. +async fn validate_application_against_environments( + application: &ApplicationToValidate, + envs: &[TargetEnvironment], +) -> anyhow::Result { + for trigger_type in application.trigger_types() { + if let Some(env) = envs.iter().find(|e| !e.supports_trigger_type(trigger_type)) { + anyhow::bail!( + "Environment {} does not support trigger type {trigger_type}", + env.name() + ); + } + } + + let components_by_trigger_type = application.components_by_trigger_type().await?; + + let mut errs = vec![]; + + for (trigger_type, component) in components_by_trigger_type { + for component in &component { + errs.extend( + validate_component_against_environments(envs, &trigger_type, component).await, + ); + } + } + + Ok(TargetEnvironmentValidation(errs)) +} + +/// Validates the component against the list of target enviroments. The component must conform +/// to *all* environments to pass. +/// +/// The return value contains the list of validation errors. There may be up to one error per +/// target environment, explaining why the component cannot run in that environment. +/// An empty list means the component has passed validation and is compatible with +/// all target environments. +async fn validate_component_against_environments( + envs: &[TargetEnvironment], + trigger_type: &TriggerType, + component: &ComponentToValidate<'_>, +) -> Vec { + let mut errs = vec![]; + + for env in envs { + let worlds = env.worlds(trigger_type); + if let Some(e) = validate_wasm_against_any_world(env, worlds, component) + .await + .err() + { + errs.push(e); + } + } + + if errs.is_empty() { + tracing::info!( + "Validated component {} {} against all target worlds", + component.id(), + component.source_description() + ); + } + + errs +} + +/// Validates the component against the list of candidate worlds. The component must conform +/// to *at least one* candidate world to pass (since if it can run in one world provided by +/// the target environment, it can run in the target environment). +async fn validate_wasm_against_any_world( + env: &TargetEnvironment, + worlds: &CandidateWorlds, + component: &ComponentToValidate<'_>, +) -> anyhow::Result<()> { + let mut result = Ok(()); + for target_world in worlds { + tracing::debug!( + "Trying component {} {} against target world {target_world}", + component.id(), + component.source_description(), + ); + match validate_wasm_against_world(env, target_world, component).await { + Ok(()) => { + tracing::info!( + "Validated component {} {} against target world {target_world}", + component.id(), + component.source_description(), + ); + return Ok(()); + } + Err(e) => { + // Record the error, but continue in case a different world succeeds + tracing::info!( + "Rejecting component {} {} for target world {target_world} because {e:?}", + component.id(), + component.source_description(), + ); + result = Err(e); + } + } + } + result +} + +async fn validate_wasm_against_world( + env: &TargetEnvironment, + target_world: &CandidateWorld, + component: &ComponentToValidate<'_>, +) -> anyhow::Result<()> { + // Because we are abusing a composition tool to do validation, we have to + // provide a name by which to refer to the component in the dummy composition. + let component_name = "root:component"; + let component_key = wac_types::BorrowedPackageKey::from_name_and_version(component_name, None); + + // wac is going to get the world from the environment package bytes. + // This constructs a key for that mapping. + let env_pkg_name = target_world.package_namespaced_name(); + let env_pkg_key = wac_types::BorrowedPackageKey::from_name_and_version( + &env_pkg_name, + target_world.package_version(), + ); + + let env_name = env.name(); + + let wac_text = format!( + r#" + package validate:component@1.0.0 targets {target_world}; + let c = new {component_name} {{ ... }}; + export c...; + "# + ); + + let doc = wac_parser::Document::parse(&wac_text) + .context("Internal error constructing WAC document for target checking")?; + + let mut packages: indexmap::IndexMap> = + Default::default(); + + packages.insert(env_pkg_key, target_world.package_bytes().to_vec()); + packages.insert(component_key, component.wasm_bytes().to_vec()); + + match doc.resolve(packages) { + Ok(_) => Ok(()), + Err(wac_parser::resolution::Error::TargetMismatch { kind, name, world, .. }) => { + // This one doesn't seem to get hit at the moment - we get MissingTargetExport or ImportNotInTarget instead + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} expects an {} named {name}", component.id(), component.source_description(), kind.to_string().to_lowercase())) + } + Err(wac_parser::resolution::Error::MissingTargetExport { name, world, .. }) => { + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} requires an export named {name}, which the component does not provide", component.id(), component.source_description())) + } + Err(wac_parser::resolution::Error::PackageMissingExport { export, .. }) => { + // TODO: The export here seems wrong - it seems to contain the world name rather than the interface name + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {target_world} requires an export named {export}, which the component does not provide", component.id(), component.source_description())) + } + Err(wac_parser::resolution::Error::ImportNotInTarget { name, world, .. }) => { + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} does not provide an import named {name}, which the component requires", component.id(), component.source_description())) + } + Err(wac_parser::resolution::Error::SpreadExportNoEffect { .. }) => { + // We don't have any name info in this case, but it *may* indicate that the component doesn't provide any export at all + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because it requires an export which the component does not provide", component.id(), component.source_description())) + } + Err(e) => { + Err(anyhow!(e)) + }, + } +} diff --git a/crates/environments/src/loader.rs b/crates/environments/src/loader.rs new file mode 100644 index 0000000000..dc31f600a0 --- /dev/null +++ b/crates/environments/src/loader.rs @@ -0,0 +1,255 @@ +//! Loading an application for validation. + +use std::path::Path; + +use anyhow::{anyhow, Context}; +use futures::future::try_join_all; +use spin_common::ui::quoted_path; + +pub(crate) struct ComponentToValidate<'a> { + id: &'a str, + source_description: String, + wasm: Vec, +} + +impl ComponentToValidate<'_> { + pub fn id(&self) -> &str { + self.id + } + + pub fn source_description(&self) -> &str { + &self.source_description + } + + pub fn wasm_bytes(&self) -> &[u8] { + &self.wasm + } + + #[cfg(test)] + pub(crate) fn new(id: &'static str, description: &str, wasm: Vec) -> Self { + Self { + id, + source_description: description.to_owned(), + wasm, + } + } +} + +pub struct ApplicationToValidate { + manifest: spin_manifest::schema::v2::AppManifest, + wasm_loader: spin_loader::WasmLoader, +} + +impl ApplicationToValidate { + pub async fn new( + manifest: spin_manifest::schema::v2::AppManifest, + base_dir: impl AsRef, + ) -> anyhow::Result { + let wasm_loader = + spin_loader::WasmLoader::new(base_dir.as_ref().to_owned(), None, None).await?; + Ok(Self { + manifest, + wasm_loader, + }) + } + + fn component_source<'a>( + &'a self, + trigger: &'a spin_manifest::schema::v2::Trigger, + ) -> anyhow::Result> { + let component_spec = trigger + .component + .as_ref() + .ok_or_else(|| anyhow!("No component specified for trigger {}", trigger.id))?; + let (id, source, dependencies) = match component_spec { + spin_manifest::schema::v2::ComponentSpec::Inline(c) => { + (trigger.id.as_str(), &c.source, &c.dependencies) + } + spin_manifest::schema::v2::ComponentSpec::Reference(r) => { + let id = r.as_ref(); + let Some(component) = self.manifest.components.get(r) else { + anyhow::bail!( + "Component {id} specified for trigger {} does not exist", + trigger.id + ); + }; + (id, &component.source, &component.dependencies) + } + }; + + Ok(ComponentSource { + id, + source, + dependencies: WrappedComponentDependencies::new(dependencies), + }) + } + + pub fn trigger_types(&self) -> impl Iterator { + self.manifest.triggers.keys() + } + + pub fn triggers( + &self, + ) -> impl Iterator)> { + self.manifest.triggers.iter() + } + + pub(crate) async fn components_by_trigger_type( + &self, + ) -> anyhow::Result>)>> { + use futures::FutureExt; + + let components_by_trigger_type_futs = self.triggers().map(|(ty, ts)| { + self.components_for_trigger(ts) + .map(|css| css.map(|css| (ty.to_owned(), css))) + }); + let components_by_trigger_type = try_join_all(components_by_trigger_type_futs) + .await + .context("Failed to prepare components for target environment checking")?; + Ok(components_by_trigger_type) + } + + async fn components_for_trigger<'a>( + &'a self, + triggers: &'a [spin_manifest::schema::v2::Trigger], + ) -> anyhow::Result>> { + let component_futures = triggers.iter().map(|t| self.load_and_resolve_trigger(t)); + try_join_all(component_futures).await + } + + async fn load_and_resolve_trigger<'a>( + &'a self, + trigger: &'a spin_manifest::schema::v2::Trigger, + ) -> anyhow::Result> { + let component = self.component_source(trigger)?; + + let loader = ComponentSourceLoader::new(&self.wasm_loader); + + let wasm = spin_compose::compose(&loader, &component).await.with_context(|| format!("Spin needed to compose dependencies for {} as part of target checking, but composition failed", component.id))?; + + Ok(ComponentToValidate { + id: component.id, + source_description: source_description(component.source), + wasm, + }) + } +} + +struct ComponentSource<'a> { + id: &'a str, + source: &'a spin_manifest::schema::v2::ComponentSource, + dependencies: WrappedComponentDependencies, +} + +struct ComponentSourceLoader<'a> { + wasm_loader: &'a spin_loader::WasmLoader, +} + +impl<'a> ComponentSourceLoader<'a> { + pub fn new(wasm_loader: &'a spin_loader::WasmLoader) -> Self { + Self { wasm_loader } + } +} + +#[async_trait::async_trait] +impl<'a> spin_compose::ComponentSourceLoader for ComponentSourceLoader<'a> { + type Component = ComponentSource<'a>; + type Dependency = WrappedComponentDependency; + async fn load_component_source(&self, source: &Self::Component) -> anyhow::Result> { + let path = self + .wasm_loader + .load_component_source(source.id, source.source) + .await?; + let bytes = tokio::fs::read(&path).await?; + let component = spin_componentize::componentize_if_necessary(&bytes)?; + Ok(component.into()) + } + + async fn load_dependency_source(&self, source: &Self::Dependency) -> anyhow::Result> { + let (path, _) = self + .wasm_loader + .load_component_dependency(&source.name, &source.dependency) + .await?; + let bytes = tokio::fs::read(&path).await?; + let component = spin_componentize::componentize_if_necessary(&bytes)?; + Ok(component.into()) + } +} + +// This exists only to thwart the orphan rule +struct WrappedComponentDependency { + name: spin_serde::DependencyName, + dependency: spin_manifest::schema::v2::ComponentDependency, +} + +// To manage lifetimes around the thwarting of the orphan rule +struct WrappedComponentDependencies { + dependencies: indexmap::IndexMap, +} + +impl WrappedComponentDependencies { + fn new(deps: &spin_manifest::schema::v2::ComponentDependencies) -> Self { + let dependencies = deps + .inner + .clone() + .into_iter() + .map(|(k, v)| { + ( + k.clone(), + WrappedComponentDependency { + name: k, + dependency: v, + }, + ) + }) + .collect(); + Self { dependencies } + } +} + +#[async_trait::async_trait] +impl spin_compose::ComponentLike for ComponentSource<'_> { + type Dependency = WrappedComponentDependency; + + fn dependencies( + &self, + ) -> impl std::iter::ExactSizeIterator + { + self.dependencies.dependencies.iter() + } + + fn id(&self) -> &str { + self.id + } +} + +#[async_trait::async_trait] +impl spin_compose::DependencyLike for WrappedComponentDependency { + fn inherit(&self) -> spin_compose::InheritConfiguration { + // We don't care because this never runs - it is only used to + // verify import satisfaction. Choosing All avoids the compose + // algorithm meddling with it using the deny adapter. + spin_compose::InheritConfiguration::All + } + + fn export(&self) -> &Option { + match &self.dependency { + spin_manifest::schema::v2::ComponentDependency::Version(_) => &None, + spin_manifest::schema::v2::ComponentDependency::Package { export, .. } => export, + spin_manifest::schema::v2::ComponentDependency::Local { export, .. } => export, + spin_manifest::schema::v2::ComponentDependency::HTTP { export, .. } => export, + } + } +} + +fn source_description(source: &spin_manifest::schema::v2::ComponentSource) -> String { + match source { + spin_manifest::schema::v2::ComponentSource::Local(path) => { + format!("file {}", quoted_path(path)) + } + spin_manifest::schema::v2::ComponentSource::Remote { url, .. } => format!("URL {url}"), + spin_manifest::schema::v2::ComponentSource::Registry { package, .. } => { + format!("package {package}") + } + } +} diff --git a/crates/environments/tests/simple-wit/world.wit b/crates/environments/tests/simple-wit/world.wit new file mode 100644 index 0000000000..a726dce9cb --- /dev/null +++ b/crates/environments/tests/simple-wit/world.wit @@ -0,0 +1,35 @@ +package spin:test@1.0.0; + +interface getter { + get: func() -> u32; +} + +interface trigger { + run: func(); +} + +world simple { + import getter; + export trigger; +} + +world simple-import-only { + import getter; +} + +// These worlds and interface are used for constructing components that +// *don't* comply with the 'simple' world. + +interface evil { + cackle: func(); +} + +world not-so-simple { + import getter; + import evil; + export trigger; +} + +world too-darn-simple { + import getter; +} diff --git a/crates/loader/src/lib.rs b/crates/loader/src/lib.rs index ea64bac40d..0142425bfd 100644 --- a/crates/loader/src/lib.rs +++ b/crates/loader/src/lib.rs @@ -23,6 +23,8 @@ mod fs; mod http; mod local; +pub use local::WasmLoader; + /// Maximum number of files to copy (or download) concurrently pub(crate) const MAX_FILE_LOADING_CONCURRENCY: usize = 16; diff --git a/crates/loader/src/local.rs b/crates/loader/src/local.rs index 34659fc65b..4ded229f22 100644 --- a/crates/loader/src/local.rs +++ b/crates/loader/src/local.rs @@ -24,8 +24,8 @@ use crate::{cache::Cache, FilesMountStrategy}; pub struct LocalLoader { app_root: PathBuf, files_mount_strategy: FilesMountStrategy, - cache: Cache, - file_loading_permits: Semaphore, + file_loading_permits: std::sync::Arc, + wasm_loader: WasmLoader, } impl LocalLoader { @@ -36,12 +36,14 @@ impl LocalLoader { ) -> Result { let app_root = safe_canonicalize(app_root) .with_context(|| format!("Invalid manifest dir `{}`", app_root.display()))?; + let file_loading_permits = + std::sync::Arc::new(Semaphore::new(crate::MAX_FILE_LOADING_CONCURRENCY)); Ok(Self { - app_root, + app_root: app_root.clone(), files_mount_strategy, - cache: Cache::new(cache_root).await?, // Limit concurrency to avoid hitting system resource limits - file_loading_permits: Semaphore::new(crate::MAX_FILE_LOADING_CONCURRENCY), + file_loading_permits: file_loading_permits.clone(), + wasm_loader: WasmLoader::new(app_root, cache_root, Some(file_loading_permits)).await?, }) } @@ -272,74 +274,15 @@ impl LocalLoader { dependency_name: DependencyName, dependency: v2::ComponentDependency, ) -> Result { - let (content, export) = match dependency { - v2::ComponentDependency::Version(version) => { - let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; - - // This `unwrap()` should be OK because we've already validated - // this form of dependency requires a package name, i.e. the - // dependency name is not a kebab id. - let package = dependency_name.package().unwrap(); - - let content = self.load_registry_source(None, package, &version).await?; - (content, None) - } - v2::ComponentDependency::Package { - version, - registry, - package, - export, - } => { - let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; - - let package = match package { - Some(package) => { - package.parse().with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid package name ({package:?})"))? - } - None => { - // This `unwrap()` should be OK because we've already validated - // this form of dependency requires a package name, i.e. the - // dependency name is not a kebab id. - dependency_name - .package() - .cloned() - .unwrap() - } - }; - - let registry = match registry { - Some(registry) => { - registry - .parse() - .map(Some) - .with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid registry name ({registry:?})"))? - } - None => None, - }; - - let content = self - .load_registry_source(registry.as_ref(), &package, &version) - .await?; - (content, export) - } - v2::ComponentDependency::Local { path, export } => { - let content = file_content_ref(self.app_root.join(path))?; - (content, export) - } - v2::ComponentDependency::HTTP { - url, - digest, - export, - } => { - let content = self.load_http_source(&url, &digest).await?; - (content, export) - } - }; + let (content, export) = self + .wasm_loader + .load_component_dependency(&dependency_name, &dependency) + .await?; Ok(LockedComponentDependency { source: LockedComponentSource { content_type: "application/wasm".into(), - content, + content: file_content_ref(content)?, }, export, inherit: if inherit_configuration { @@ -357,116 +300,16 @@ impl LocalLoader { component_id: &KebabId, source: v2::ComponentSource, ) -> Result { - let content = match source { - v2::ComponentSource::Local(path) => file_content_ref(self.app_root.join(path))?, - v2::ComponentSource::Remote { url, digest } => { - self.load_http_source(&url, &digest).await? - } - v2::ComponentSource::Registry { - registry, - package, - version, - } => { - let version = semver::Version::parse(&version).with_context(|| format!("Component {component_id} specifies an invalid semantic version ({version:?}) for its package version"))?; - let version_req = format!("={version}").parse().expect("version"); - - self.load_registry_source(registry.as_ref(), &package, &version_req) - .await? - } - }; + let path = self + .wasm_loader + .load_component_source(component_id.as_ref(), &source) + .await?; Ok(LockedComponentSource { content_type: "application/wasm".into(), - content, + content: file_content_ref(path)?, }) } - // Load a Wasm source from the given HTTP ContentRef source URL and - // return a ContentRef an absolute path to the local copy. - async fn load_http_source(&self, url: &str, digest: &str) -> Result { - ensure!( - digest.starts_with("sha256:"), - "invalid `digest` {digest:?}; must start with 'sha256:'" - ); - let path = if let Ok(cached_path) = self.cache.wasm_file(digest) { - cached_path - } else { - let _loading_permit = self.file_loading_permits.acquire().await?; - - self.cache.ensure_dirs().await?; - let dest = self.cache.wasm_path(digest); - verified_download( - url, - digest, - &dest, - crate::http::DestinationConvention::ContentIndexed, - ) - .await - .with_context(|| format!("Error fetching source URL {url:?}"))?; - dest - }; - file_content_ref(path) - } - - async fn load_registry_source( - &self, - registry: Option<&wasm_pkg_client::Registry>, - package: &wasm_pkg_client::PackageRef, - version: &semver::VersionReq, - ) -> Result { - let mut client_config = wasm_pkg_client::Config::global_defaults().await?; - - if let Some(registry) = registry.cloned() { - let mapping = wasm_pkg_client::RegistryMapping::Registry(registry); - client_config.set_package_registry_override(package.clone(), mapping); - } - let pkg_loader = wasm_pkg_client::Client::new(client_config); - - let mut releases = pkg_loader.list_all_versions(package).await.map_err(|e| { - if matches!(e, wasm_pkg_client::Error::NoRegistryForNamespace(_)) && registry.is_none() { - anyhow!("No default registry specified for wasm-pkg-loader. Create a default config, or set `registry` for package {package:?}") - } else { - e.into() - } - })?; - - releases.sort(); - - let release_version = releases - .iter() - .rev() - .find(|release| version.matches(&release.version) && !release.yanked) - .with_context(|| format!("No matching version found for {package} {version}",))?; - - let release = pkg_loader - .get_release(package, &release_version.version) - .await?; - - let digest = match &release.content_digest { - wasm_pkg_client::ContentDigest::Sha256 { hex } => format!("sha256:{hex}"), - }; - - let path = if let Ok(cached_path) = self.cache.wasm_file(&digest) { - cached_path - } else { - let mut stm = pkg_loader.stream_content(package, &release).await?; - - self.cache.ensure_dirs().await?; - let dest = self.cache.wasm_path(&digest); - - let mut file = tokio::fs::File::create(&dest).await?; - while let Some(block) = stm.next().await { - let bytes = block.context("Failed to get content from registry")?; - file.write_all(&bytes) - .await - .context("Failed to save registry content to cache")?; - } - - dest - }; - - file_content_ref(path) - } - // Copy content(s) from the given `mount` async fn copy_file_mounts( &self, @@ -817,6 +660,217 @@ fn locked_trigger(trigger_type: String, trigger: v2::Trigger) -> Result, +} + +impl WasmLoader { + /// Create a new instance of WasmLoader. + pub async fn new( + app_root: PathBuf, + cache_root: Option, + file_loading_permits: Option>, + ) -> Result { + let file_loading_permits = file_loading_permits.unwrap_or_else(|| { + std::sync::Arc::new(Semaphore::new(crate::MAX_FILE_LOADING_CONCURRENCY)) + }); + Ok(Self { + app_root, + cache: Cache::new(cache_root).await?, + file_loading_permits, + }) + } + + /// Load a Wasm source from the given ComponentSource and return a path + /// to a file location from where it can be read. + pub async fn load_component_source( + &self, + component_id: &str, + source: &v2::ComponentSource, + ) -> Result { + let content = match source { + v2::ComponentSource::Local(path) => self.app_root.join(path), + v2::ComponentSource::Remote { url, digest } => { + self.load_http_source(url, digest).await? + } + v2::ComponentSource::Registry { + registry, + package, + version, + } => { + let version = semver::Version::parse(version).with_context(|| format!("Component {component_id} specifies an invalid semantic version ({version:?}) for its package version"))?; + let version_req = format!("={version}").parse().expect("version"); + + self.load_registry_source(registry.as_ref(), package, &version_req) + .await? + } + }; + Ok(content) + } + + // Load a Wasm source from the given HTTP ContentRef source URL and + // return a ContentRef an absolute path to the local copy. + async fn load_http_source(&self, url: &str, digest: &str) -> Result { + ensure!( + digest.starts_with("sha256:"), + "invalid `digest` {digest:?}; must start with 'sha256:'" + ); + let path = if let Ok(cached_path) = self.cache.wasm_file(digest) { + cached_path + } else { + let _loading_permit = self.file_loading_permits.acquire().await?; + + self.cache.ensure_dirs().await?; + let dest = self.cache.wasm_path(digest); + verified_download( + url, + digest, + &dest, + crate::http::DestinationConvention::ContentIndexed, + ) + .await + .with_context(|| format!("Error fetching source URL {url:?}"))?; + dest + }; + Ok(path) + } + + async fn load_registry_source( + &self, + registry: Option<&wasm_pkg_client::Registry>, + package: &wasm_pkg_client::PackageRef, + version: &semver::VersionReq, + ) -> Result { + let mut client_config = wasm_pkg_client::Config::global_defaults().await?; + + if let Some(registry) = registry.cloned() { + let mapping = wasm_pkg_client::RegistryMapping::Registry(registry); + client_config.set_package_registry_override(package.clone(), mapping); + } + let pkg_loader = wasm_pkg_client::Client::new(client_config); + + let mut releases = pkg_loader.list_all_versions(package).await.map_err(|e| { + if matches!(e, wasm_pkg_client::Error::NoRegistryForNamespace(_)) && registry.is_none() { + anyhow!("No default registry specified for wasm-pkg-loader. Create a default config, or set `registry` for package {package:?}") + } else { + e.into() + } + })?; + + releases.sort(); + + let release_version = releases + .iter() + .rev() + .find(|release| version.matches(&release.version) && !release.yanked) + .with_context(|| format!("No matching version found for {package} {version}",))?; + + let release = pkg_loader + .get_release(package, &release_version.version) + .await?; + + let digest = match &release.content_digest { + wasm_pkg_client::ContentDigest::Sha256 { hex } => format!("sha256:{hex}"), + }; + + let path = if let Ok(cached_path) = self.cache.wasm_file(&digest) { + cached_path + } else { + let mut stm = pkg_loader.stream_content(package, &release).await?; + + self.cache.ensure_dirs().await?; + let dest = self.cache.wasm_path(&digest); + + let mut file = tokio::fs::File::create(&dest).await?; + while let Some(block) = stm.next().await { + let bytes = block.context("Failed to get content from registry")?; + file.write_all(&bytes) + .await + .context("Failed to save registry content to cache")?; + } + + dest + }; + + Ok(path) + } + + /// Loads a dependency + pub async fn load_component_dependency( + &self, + dependency_name: &DependencyName, + dependency: &v2::ComponentDependency, + ) -> Result<(PathBuf, Option)> { + match dependency.clone() { + v2::ComponentDependency::Version(version) => { + let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; + + // This `unwrap()` should be OK because we've already validated + // this form of dependency requires a package name, i.e. the + // dependency name is not a kebab id. + let package = dependency_name.package().unwrap(); + + let content = self.load_registry_source(None, package, &version).await?; + Ok((content, None)) + } + v2::ComponentDependency::Package { + version, + registry, + package, + export, + } => { + let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; + + let package = match package { + Some(package) => { + package.parse().with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid package name ({package:?})"))? + } + None => { + // This `unwrap()` should be OK because we've already validated + // this form of dependency requires a package name, i.e. the + // dependency name is not a kebab id. + dependency_name + .package() + .cloned() + .unwrap() + } + }; + + let registry = match registry { + Some(registry) => { + registry + .parse() + .map(Some) + .with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid registry name ({registry:?})"))? + } + None => None, + }; + + let content = self + .load_registry_source(registry.as_ref(), &package, &version) + .await?; + Ok((content, export)) + } + v2::ComponentDependency::Local { path, export } => { + let content = self.app_root.join(path); + Ok((content, export)) + } + v2::ComponentDependency::HTTP { + url, + digest, + export, + } => { + let content = self.load_http_source(&url, &digest).await?; + Ok((content, export)) + } + } + } +} + fn looks_like_glob_pattern(s: impl AsRef) -> bool { let s = s.as_ref(); glob::Pattern::escape(s) != s diff --git a/crates/manifest/src/compat.rs b/crates/manifest/src/compat.rs index b16dd0bf63..4cca17cd3a 100644 --- a/crates/manifest/src/compat.rs +++ b/crates/manifest/src/compat.rs @@ -20,6 +20,7 @@ pub fn v1_to_v2_app(manifest: v1::AppManifestV1) -> Result, + /// The Spin environments with which the application must be compatible. + /// + /// Example: `targets = ["spin-up:3.3", "spinkube:0.4"]` + #[serde(default, skip_serializing_if = "Vec::is_empty")] + pub targets: Vec, /// Application-level settings for the trigger types used in the application. /// The possible values are trigger type-specific. /// @@ -494,7 +499,7 @@ impl ComponentDependencies { } } - anyhow::bail!("{this:?} dependency conflicts with {other:?}") + Err(anyhow!("{this:?} dependency conflicts with {other:?}")) } /// Normalize version to perform a compatibility check against another version. @@ -525,6 +530,29 @@ impl ComponentDependencies { } } +/// Identifies a deployment target. +#[derive(Clone, Debug, Serialize, Deserialize, JsonSchema)] +#[serde(untagged, deny_unknown_fields)] +pub enum TargetEnvironmentRef { + /// Environment definition doc reference e.g. `spin-up:3.2`, `my-host`. This is looked up + /// in the default environment catalogue (registry). + DefaultRegistry(String), + /// An environment definition doc in an OCI registry other than the default + Registry { + /// Registry or prefix hosting the environment document e.g. `ghcr.io/my/environments`. + registry: String, + /// Environment definition document name e.g. `my-spin-env:1.2`. For hosted environments + /// where you always want `latest`, omit the version tag e.g. `my-host`. + id: String, + }, + /// A local environment document file. This is expected to contain a serialised + /// EnvironmentDefinition in TOML format. + File { + /// The file path of the document. + path: PathBuf, + }, +} + mod kebab_or_snake_case { use serde::{Deserialize, Serialize}; pub use spin_serde::{KebabId, SnakeId}; diff --git a/src/commands/build.rs b/src/commands/build.rs index 16270640e9..042dfbf337 100644 --- a/src/commands/build.rs +++ b/src/commands/build.rs @@ -29,6 +29,16 @@ pub struct BuildCommand { #[clap(short = 'c', long, multiple = true)] pub component_id: Vec, + /// By default, if the application manifest specifies one or more deployment targets, Spin + /// checks that all components are compatible with those deployment targets. Specify + /// this option to bypass those target checks. + #[clap( + long = "skip-target-checks", + alias = "skip-target-check", + takes_value = false + )] + skip_target_checks: bool, + /// Run the application after building. #[clap(name = BUILD_UP_OPT, short = 'u', long = "up")] pub up: bool, @@ -43,7 +53,13 @@ impl BuildCommand { spin_common::paths::find_manifest_file_path(self.app_source.as_ref())?; notify_if_nondefault_rel(&manifest_file, distance); - spin_build::build(&manifest_file, &self.component_id).await?; + spin_build::build( + &manifest_file, + &self.component_id, + self.target_checking(), + None, + ) + .await?; if self.up { let mut cmd = UpCommand::parse_from( @@ -59,4 +75,12 @@ impl BuildCommand { Ok(()) } } + + fn target_checking(&self) -> spin_build::TargetChecking { + if self.skip_target_checks { + spin_build::TargetChecking::Skip + } else { + spin_build::TargetChecking::Check + } + } } diff --git a/src/commands/registry.rs b/src/commands/registry.rs index 39a9cc4800..8370f4b1bb 100644 --- a/src/commands/registry.rs +++ b/src/commands/registry.rs @@ -58,7 +58,7 @@ pub struct Push { #[clap(long = "compose", default_value_t = true)] pub compose: bool, - /// Specifies to perform `spin build` before pushing the application. + /// Specifies to perform `spin build` (with the default options) before pushing the application. #[clap(long, takes_value = false, env = ALWAYS_BUILD_ENV)] pub build: bool, @@ -84,7 +84,7 @@ impl Push { notify_if_nondefault_rel(&app_file, distance); if self.build { - spin_build::build(&app_file, &[]).await?; + spin_build::build_default(&app_file, self.cache_dir.clone()).await?; } let annotations = if self.annotations.is_empty() { diff --git a/src/commands/up.rs b/src/commands/up.rs index 9e11fb58cf..d0d565dcf0 100644 --- a/src/commands/up.rs +++ b/src/commands/up.rs @@ -108,7 +108,7 @@ pub struct UpCommand { #[clap(long, takes_value = false)] pub direct_mounts: bool, - /// For local apps, specifies to perform `spin build` before running the application. + /// For local apps, specifies to perform `spin build` (with the default options) before running the application. /// /// This is ignored on remote applications, as they are already built. #[clap(long, takes_value = false, env = ALWAYS_BUILD_ENV)] @@ -191,7 +191,7 @@ impl UpCommand { } if self.build { - app_source.build().await?; + app_source.build(&self.cache_dir).await?; } let mut locked_app = self .load_resolved_app_source(resolved_app_source, &working_dir) diff --git a/src/commands/up/app_source.rs b/src/commands/up/app_source.rs index 29088f0ddd..dc5e0a179a 100644 --- a/src/commands/up/app_source.rs +++ b/src/commands/up/app_source.rs @@ -56,9 +56,9 @@ impl AppSource { } } - pub async fn build(&self) -> anyhow::Result<()> { + pub async fn build(&self, cache_root: &Option) -> anyhow::Result<()> { match self { - Self::File(path) => spin_build::build(path, &[]).await, + Self::File(path) => spin_build::build_default(path, cache_root.clone()).await, _ => Ok(()), } } From 2373d4fba1ea4ead5a0241f1b3ff0031a17eee8a Mon Sep 17 00:00:00 2001 From: itowlson Date: Mon, 23 Jun 2025 16:03:43 +1200 Subject: [PATCH 2/5] Validate host requirements as part of target environments Signed-off-by: itowlson --- Cargo.lock | 138 ++++++++++++------ crates/environments/Cargo.toml | 8 +- crates/environments/src/environment.rs | 94 +++++++++++- .../src/environment/definition.rs | 34 ++++- .../src/environment/env_loader.rs | 14 +- crates/environments/src/lib.rs | 27 ++++ crates/environments/src/loader.rs | 40 ++++- crates/loader/src/lib.rs | 1 + crates/loader/src/local.rs | 4 +- crates/manifest/src/schema/v2.rs | 2 +- 10 files changed, 291 insertions(+), 71 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 459ff63e36..17400cd4e1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8349,7 +8349,7 @@ dependencies = [ "spin-serde", "thiserror 2.0.12", "tokio", - "wac-graph", + "wac-graph 0.6.1", ] [[package]] @@ -8418,7 +8418,7 @@ dependencies = [ "tracing", "wac-parser", "wac-resolver", - "wac-types", + "wac-types 0.7.0", "wasm-pkg-client", "wasmparser 0.235.0", "wit-component 0.235.0", @@ -10514,17 +10514,36 @@ dependencies = [ "petgraph", "semver", "thiserror 1.0.69", - "wac-types", + "wac-types 0.6.1", "wasm-encoder 0.202.0", "wasm-metadata 0.202.0", "wasmparser 0.202.0", ] +[[package]] +name = "wac-graph" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dcc86eda3243819bb0b8cd37ec1ac3c104e8dd3a63303efaae3f598a325b11c" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "log", + "petgraph", + "semver", + "thiserror 1.0.69", + "wac-types 0.7.0", + "wasm-encoder 0.229.0", + "wasm-metadata 0.229.0", + "wasmparser 0.229.0", +] + [[package]] name = "wac-parser" -version = "0.6.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "616ec0c4f63641fa095b4a551263fe35a15c72c9680b650b8f08f70db0fdbd19" +checksum = "82a2cc4df92a70e611e6cf6525cfde180a6bd472e559380152cead78ecc9a097" dependencies = [ "anyhow", "id-arena", @@ -10535,17 +10554,17 @@ dependencies = [ "semver", "serde", "thiserror 1.0.69", - "wac-graph", - "wasm-encoder 0.202.0", - "wasm-metadata 0.202.0", - "wasmparser 0.202.0", + "wac-graph 0.7.0", + "wasm-encoder 0.229.0", + "wasm-metadata 0.229.0", + "wasmparser 0.229.0", ] [[package]] name = "wac-resolver" -version = "0.6.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "688c4c9482d68574aec10b72fa26429d0f91c5065ecbcf38a3146caf9f0bd7db" +checksum = "f66dec428bef6544e119f8e45361f768bf840765e4e05697774f7a29e4693453" dependencies = [ "anyhow", "futures", @@ -10556,11 +10575,11 @@ dependencies = [ "thiserror 1.0.69", "tokio", "wac-parser", - "wac-types", + "wac-types 0.7.0", "warg-client", "warg-crypto", "warg-protocol", - "wit-component 0.202.0", + "wit-component 0.229.0", ] [[package]] @@ -10577,6 +10596,20 @@ dependencies = [ "wasmparser 0.202.0", ] +[[package]] +name = "wac-types" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271949d040a6b9a20bda4942bad2c85fb10636a9e86d10fda8092b3dd9467f7c" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "semver", + "wasm-encoder 0.229.0", + "wasmparser 0.229.0", +] + [[package]] name = "waker-fn" version = "1.2.0" @@ -10884,6 +10917,16 @@ dependencies = [ "wasmparser 0.224.1", ] +[[package]] +name = "wasm-encoder" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38ba1d491ecacb085a2552025c10a675a6fddcbd03b1fc9b36c536010ce265d2" +dependencies = [ + "leb128fmt", + "wasmparser 0.229.0", +] + [[package]] name = "wasm-encoder" version = "0.235.0" @@ -10927,6 +10970,25 @@ dependencies = [ "wasmparser 0.224.1", ] +[[package]] +name = "wasm-metadata" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78fdb7d29a79191ab363dc90c1ddd3a1e880ffd5348d92d48482393a9e6c5f4d" +dependencies = [ + "anyhow", + "auditable-serde", + "flate2", + "indexmap 2.7.1", + "serde", + "serde_derive", + "serde_json", + "spdx", + "url", + "wasm-encoder 0.229.0", + "wasmparser 0.229.0", +] + [[package]] name = "wasm-metadata" version = "0.235.0" @@ -11055,8 +11117,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0cc3b1f053f5d41aa55640a1fa9b6d1b8a9e4418d118ce308d20e24ff3575a8c" dependencies = [ "bitflags 2.6.0", + "hashbrown 0.15.2", "indexmap 2.7.1", "semver", + "serde", ] [[package]] @@ -12110,9 +12174,9 @@ dependencies = [ [[package]] name = "wit-component" -version = "0.202.0" +version = "0.224.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c836b1fd9932de0431c1758d8be08212071b6bba0151f7bac826dbc4312a2a9" +checksum = "923637fe647372efbbb654757f8c884ba280924477e1d265eca7e35d4cdcea8b" dependencies = [ "anyhow", "bitflags 2.6.0", @@ -12121,17 +12185,17 @@ dependencies = [ "serde", "serde_derive", "serde_json", - "wasm-encoder 0.202.0", - "wasm-metadata 0.202.0", - "wasmparser 0.202.0", - "wit-parser 0.202.0", + "wasm-encoder 0.224.1", + "wasm-metadata 0.224.1", + "wasmparser 0.224.1", + "wit-parser 0.224.1", ] [[package]] name = "wit-component" -version = "0.224.1" +version = "0.229.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "923637fe647372efbbb654757f8c884ba280924477e1d265eca7e35d4cdcea8b" +checksum = "7f550067740e223bfe6c4878998e81cdbe2529dd9a793dc49248dd6613394e8b" dependencies = [ "anyhow", "bitflags 2.6.0", @@ -12140,10 +12204,10 @@ dependencies = [ "serde", "serde_derive", "serde_json", - "wasm-encoder 0.224.1", - "wasm-metadata 0.224.1", - "wasmparser 0.224.1", - "wit-parser 0.224.1", + "wasm-encoder 0.229.0", + "wasm-metadata 0.229.0", + "wasmparser 0.229.0", + "wit-parser 0.229.0", ] [[package]] @@ -12168,33 +12232,15 @@ dependencies = [ [[package]] name = "wit-encoder" -version = "0.229.0" +version = "0.235.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52b22120872fbeea51d41381dbd5c91395a9c8ceec77102d49a0bc6b503984ed" +checksum = "5abc86f193399192a2aced6ca89ad4e2ac11420092ea981578ab674fe4de11eb" dependencies = [ "id-arena", "pretty_assertions", "semver", "serde", - "wit-parser 0.229.0", -] - -[[package]] -name = "wit-parser" -version = "0.202.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "744237b488352f4f27bca05a10acb79474415951c450e52ebd0da784c1df2bcc" -dependencies = [ - "anyhow", - "id-arena", - "indexmap 2.7.1", - "log", - "semver", - "serde", - "serde_derive", - "serde_json", - "unicode-xid", - "wasmparser 0.202.0", + "wit-parser 0.235.0", ] [[package]] diff --git a/crates/environments/Cargo.toml b/crates/environments/Cargo.toml index 189fc7d086..92b187a522 100644 --- a/crates/environments/Cargo.toml +++ b/crates/environments/Cargo.toml @@ -26,9 +26,9 @@ spin-serde = { path = "../serde" } toml = { workspace = true } tokio = { version = "1.23", features = ["fs"] } tracing = { workspace = true } -wac-parser = "0.6.0" -wac-resolver = "0.6.0" -wac-types = "0.6.0" +wac-parser = "0.7.0" +wac-resolver = "0.7.0" +wac-types = "0.7.0" wasm-pkg-client = { workspace = true } wasmparser = { workspace = true } wit-component = { workspace = true } @@ -36,7 +36,7 @@ wit-parser = { workspace = true } [dev-dependencies] wit-component = { workspace = true, features = ["dummy-module"] } -wit-encoder = "0.229" +wit-encoder = "0.235" [lints] workspace = true diff --git a/crates/environments/src/environment.rs b/crates/environments/src/environment.rs index 2ca7e1e4ad..757c4f09f6 100644 --- a/crates/environments/src/environment.rs +++ b/crates/environments/src/environment.rs @@ -18,7 +18,9 @@ use definition::WorldName; pub struct TargetEnvironment { name: String, trigger_worlds: HashMap, + trigger_capabilities: HashMap>, unknown_trigger: UnknownTrigger, + unknown_capabilities: Vec, } impl TargetEnvironment { @@ -52,6 +54,13 @@ impl TargetEnvironment { .or_else(|| self.unknown_trigger.worlds()) .unwrap_or(NO_WORLDS) } + + /// Lists all host capabilities supported for the given trigger type in this environment. + pub fn capabilities(&self, trigger_type: &TriggerType) -> &[String] { + self.trigger_capabilities + .get(trigger_type) + .unwrap_or(&self.unknown_capabilities) + } } /// How a `TargetEnvironment` should validate components associated with trigger types @@ -229,7 +238,9 @@ mod test { TargetEnvironment { name: "test".to_owned(), trigger_worlds: [("s".to_owned(), candidate_worlds)].into_iter().collect(), + trigger_capabilities: Default::default(), unknown_trigger: UnknownTrigger::Deny, + unknown_capabilities: Default::default(), } } @@ -242,7 +253,9 @@ mod test { TargetEnvironment { name: "test".to_owned(), trigger_worlds: [].into_iter().collect(), + trigger_capabilities: Default::default(), unknown_trigger: UnknownTrigger::Allow(candidate_worlds), + unknown_capabilities: Default::default(), } } @@ -260,7 +273,7 @@ mod test { assert!(env.supports_trigger_type(&"s".to_owned())); assert!(!env.supports_trigger_type(&"t".to_owned())); - let component = crate::ComponentToValidate::new("scomp", "scomp.wasm", wasm); + let component = crate::ComponentToValidate::new("scomp", "scomp.wasm", wasm, vec![]); let errs = crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) .await; @@ -291,7 +304,7 @@ mod test { assert!(env.supports_trigger_type(&non_existent_trigger)); - let component = crate::ComponentToValidate::new("comp", "comp.wasm", wasm); + let component = crate::ComponentToValidate::new("comp", "comp.wasm", wasm, vec![]); let errs = crate::validate_component_against_environments( &[env], &non_existent_trigger, @@ -308,6 +321,46 @@ mod test { ); } + #[tokio::test] + async fn can_validate_component_with_host_requirement() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let mut env = target_simple_world(&wit_path); + env.trigger_capabilities.insert( + "s".to_owned(), + vec![ + "local_spline_reticulation".to_owned(), + "nice_cup_of_tea".to_owned(), + ], + ); + + assert!(env.supports_trigger_type(&"s".to_owned())); + assert!(!env.supports_trigger_type(&"t".to_owned())); + + let component = crate::ComponentToValidate::new( + "cscomp", + "cscomp.wasm", + wasm, + vec!["nice_cup_of_tea".to_string()], + ); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!( + errs.is_empty(), + "{}", + errs.iter() + .map(|e| e.to_string()) + .collect::>() + .join("\n") + ); + } + #[tokio::test] async fn unavailable_import_invalidates_component() { let wit_path = PathBuf::from(SIMPLE_WIT_DIR); @@ -319,7 +372,7 @@ mod test { let env = target_simple_world(&wit_path); - let component = crate::ComponentToValidate::new("nscomp", "nscomp.wasm", wasm); + let component = crate::ComponentToValidate::new("nscomp", "nscomp.wasm", wasm, vec![]); let errs = crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) .await; @@ -346,7 +399,7 @@ mod test { let env = target_simple_world(&wit_path); - let component = crate::ComponentToValidate::new("tdscomp", "tdscomp.wasm", wasm); + let component = crate::ComponentToValidate::new("tdscomp", "tdscomp.wasm", wasm, vec![]); let errs = crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) .await; @@ -359,6 +412,39 @@ mod test { ); } + #[tokio::test] + async fn unsupported_host_req_invalidates_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + assert!(env.supports_trigger_type(&"s".to_owned())); + assert!(!env.supports_trigger_type(&"t".to_owned())); + + let component = crate::ComponentToValidate::new( + "cscomp", + "cscomp.wasm", + wasm, + vec!["nice_cup_of_tea".to_string()], + ); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!(!errs.is_empty()); + + let err = errs[0].to_string(); + assert!( + err.contains("Component cscomp can't run in environment test"), + "unexpected error {err}" + ); + assert!(err.contains("nice_cup_of_tea"), "unexpected error {err}"); + } + fn generate_dummy_component(wit: &str, world: &str) -> Vec { let mut resolve = wit_parser::Resolve::default(); let package_id = resolve.push_str("test", wit).expect("should parse WIT"); diff --git a/crates/environments/src/environment/definition.rs b/crates/environments/src/environment/definition.rs index 1e439b14cb..2bdf4a3645 100644 --- a/crates/environments/src/environment/definition.rs +++ b/crates/environments/src/environment/definition.rs @@ -14,22 +14,44 @@ use anyhow::Context; /// ```ignore /// # spin-up.3.2.toml /// [triggers] -/// http = ["spin:up/http-trigger@3.2.0", "spin:up/http-trigger-rc20231018@3.2.0"] -/// redis = ["spin:up/redis-trigger@3.2.0"] +/// http = { worlds = ["spin:up/http-trigger@3.2.0", "spin:up/http-trigger-rc20231018@3.2.0"], capabilities = ["local_service_chaining"] } +/// redis = { worlds = ["spin:up/redis-trigger@3.2.0"] } /// ``` #[derive(Debug, serde::Deserialize)] #[serde(deny_unknown_fields)] pub struct EnvironmentDefinition { - triggers: HashMap>, - default: Option>, + triggers: HashMap, + #[serde(default)] + default: Option, +} + +/// The environment definition for a trigger, comprising the worlds which are +/// compatible with that trigger and the host capabilities which the trigger +/// supports. +#[derive(Debug, serde::Deserialize)] +#[serde(deny_unknown_fields)] +pub struct TriggerEnvironment { + worlds: Vec, + #[serde(default)] + capabilities: Vec, +} + +impl TriggerEnvironment { + pub fn world_refs(&self) -> &[WorldRef] { + &self.worlds + } + + pub fn capabilities(&self) -> Vec { + self.capabilities.clone() + } } impl EnvironmentDefinition { - pub fn triggers(&self) -> &HashMap> { + pub fn triggers(&self) -> &HashMap { &self.triggers } - pub fn default(&self) -> Option<&Vec> { + pub fn default(&self) -> Option<&TriggerEnvironment> { self.default.as_ref() } } diff --git a/crates/environments/src/environment/env_loader.rs b/crates/environments/src/environment/env_loader.rs index 217d063521..b0b60cfa37 100644 --- a/crates/environments/src/environment/env_loader.rs +++ b/crates/environments/src/environment/env_loader.rs @@ -128,25 +128,33 @@ async fn load_environment_from_toml( let env: EnvironmentDefinition = toml::from_str(toml_text)?; let mut trigger_worlds = HashMap::new(); + let mut trigger_capabilities = HashMap::new(); // TODO: parallel all the things // TODO: this loads _all_ triggers not just the ones we need - for (trigger_type, world_refs) in env.triggers() { + for (trigger_type, trigger_env) in env.triggers() { trigger_worlds.insert( trigger_type.to_owned(), - load_worlds(world_refs, cache, lockfile).await?, + load_worlds(trigger_env.world_refs(), cache, lockfile).await?, ); + trigger_capabilities.insert(trigger_type.to_owned(), trigger_env.capabilities()); } let unknown_trigger = match env.default() { None => UnknownTrigger::Deny, - Some(world_refs) => UnknownTrigger::Allow(load_worlds(world_refs, cache, lockfile).await?), + Some(env) => UnknownTrigger::Allow(load_worlds(env.world_refs(), cache, lockfile).await?), + }; + let unknown_capabilities = match env.default() { + None => vec![], + Some(env) => env.capabilities(), }; Ok(TargetEnvironment { name: name.to_owned(), trigger_worlds, + trigger_capabilities, unknown_trigger, + unknown_capabilities, }) } diff --git a/crates/environments/src/lib.rs b/crates/environments/src/lib.rs index 5e8371b206..7b0c83f9b6 100644 --- a/crates/environments/src/lib.rs +++ b/crates/environments/src/lib.rs @@ -102,6 +102,11 @@ async fn validate_component_against_environments( { errs.push(e); } + + let host_caps = env.capabilities(trigger_type); + if let Some(e) = validate_host_reqs(env, host_caps, component).err() { + errs.push(e); + } } if errs.is_empty() { @@ -215,3 +220,25 @@ async fn validate_wasm_against_world( }, } } + +fn validate_host_reqs( + env: &TargetEnvironment, + host_caps: &[String], + component: &ComponentToValidate, +) -> anyhow::Result<()> { + let unsatisfied: Vec<_> = component + .host_requirements() + .iter() + .filter(|host_req| !satisfies(host_caps, host_req)) + .cloned() + .collect(); + if unsatisfied.is_empty() { + Ok(()) + } else { + Err(anyhow!("Component {} can't run in environment {} because it requires the feature(s) '{}' which the environment does not support", component.id(), env.name(), unsatisfied.join(", "))) + } +} + +fn satisfies(host_caps: &[String], host_req: &String) -> bool { + host_caps.contains(host_req) +} diff --git a/crates/environments/src/loader.rs b/crates/environments/src/loader.rs index dc31f600a0..d3f634f696 100644 --- a/crates/environments/src/loader.rs +++ b/crates/environments/src/loader.rs @@ -10,6 +10,7 @@ pub(crate) struct ComponentToValidate<'a> { id: &'a str, source_description: String, wasm: Vec, + host_requirements: Vec, } impl ComponentToValidate<'_> { @@ -25,12 +26,22 @@ impl ComponentToValidate<'_> { &self.wasm } + pub fn host_requirements(&self) -> &[String] { + &self.host_requirements + } + #[cfg(test)] - pub(crate) fn new(id: &'static str, description: &str, wasm: Vec) -> Self { + pub(crate) fn new( + id: &'static str, + description: &str, + wasm: Vec, + host_requirements: Vec, + ) -> Self { Self { id, source_description: description.to_owned(), wasm, + host_requirements, } } } @@ -61,10 +72,13 @@ impl ApplicationToValidate { .component .as_ref() .ok_or_else(|| anyhow!("No component specified for trigger {}", trigger.id))?; - let (id, source, dependencies) = match component_spec { - spin_manifest::schema::v2::ComponentSpec::Inline(c) => { - (trigger.id.as_str(), &c.source, &c.dependencies) - } + let (id, source, dependencies, service_chaining) = match component_spec { + spin_manifest::schema::v2::ComponentSpec::Inline(c) => ( + trigger.id.as_str(), + &c.source, + &c.dependencies, + spin_loader::requires_service_chaining(c), + ), spin_manifest::schema::v2::ComponentSpec::Reference(r) => { let id = r.as_ref(); let Some(component) = self.manifest.components.get(r) else { @@ -73,7 +87,12 @@ impl ApplicationToValidate { trigger.id ); }; - (id, &component.source, &component.dependencies) + ( + id, + &component.source, + &component.dependencies, + spin_loader::requires_service_chaining(component), + ) } }; @@ -81,6 +100,7 @@ impl ApplicationToValidate { id, source, dependencies: WrappedComponentDependencies::new(dependencies), + requires_service_chaining: service_chaining, }) } @@ -127,10 +147,17 @@ impl ApplicationToValidate { let wasm = spin_compose::compose(&loader, &component).await.with_context(|| format!("Spin needed to compose dependencies for {} as part of target checking, but composition failed", component.id))?; + let host_requirements = if component.requires_service_chaining { + vec!["local_service_chaining".to_string()] + } else { + vec![] + }; + Ok(ComponentToValidate { id: component.id, source_description: source_description(component.source), wasm, + host_requirements, }) } } @@ -139,6 +166,7 @@ struct ComponentSource<'a> { id: &'a str, source: &'a spin_manifest::schema::v2::ComponentSource, dependencies: WrappedComponentDependencies, + requires_service_chaining: bool, } struct ComponentSourceLoader<'a> { diff --git a/crates/loader/src/lib.rs b/crates/loader/src/lib.rs index 0142425bfd..31dc952fea 100644 --- a/crates/loader/src/lib.rs +++ b/crates/loader/src/lib.rs @@ -23,6 +23,7 @@ mod fs; mod http; mod local; +pub use local::requires_service_chaining; pub use local::WasmLoader; /// Maximum number of files to copy (or download) concurrently diff --git a/crates/loader/src/local.rs b/crates/loader/src/local.rs index 4ded229f22..abcd9015e6 100644 --- a/crates/loader/src/local.rs +++ b/crates/loader/src/local.rs @@ -890,7 +890,9 @@ fn file_url(path: impl AsRef) -> Result { Ok(Url::from_file_path(abs_path).unwrap().to_string()) } -fn requires_service_chaining(component: &spin_manifest::schema::v2::Component) -> bool { +/// Determines if a component requires the host to support local +/// service chaining. +pub fn requires_service_chaining(component: &spin_manifest::schema::v2::Component) -> bool { component .normalized_allowed_outbound_hosts() .unwrap_or_default() diff --git a/crates/manifest/src/schema/v2.rs b/crates/manifest/src/schema/v2.rs index 404ac609f3..b656169387 100644 --- a/crates/manifest/src/schema/v2.rs +++ b/crates/manifest/src/schema/v2.rs @@ -78,7 +78,7 @@ pub struct AppDetails { #[serde(default, skip_serializing_if = "Vec::is_empty")] pub authors: Vec, /// The Spin environments with which the application must be compatible. - /// + /// /// Example: `targets = ["spin-up:3.3", "spinkube:0.4"]` #[serde(default, skip_serializing_if = "Vec::is_empty")] pub targets: Vec, From 13b9f8760c7a9e8130a0f83e9979cb1523c33a83 Mon Sep 17 00:00:00 2001 From: itowlson Date: Tue, 12 Aug 2025 14:00:45 +1200 Subject: [PATCH 3/5] Tests and contexting some file-not-found errors Signed-off-by: itowlson --- crates/build/src/lib.rs | 52 ++ crates/build/tests/bad_target_env.toml | 8 + crates/build/tests/env/wasi-all.toml | 2 + crates/build/tests/env/wasi-minimal.toml | 2 + crates/build/tests/good_target_env.toml | 8 + crates/build/tests/test-components/README.md | 10 + .../source/test-command/Cargo.toml | 8 + .../source/test-command/src/main.rs | 3 + .../tests/test-components/test-command.wasm | Bin 0 -> 68346 bytes crates/build/tests/wit/cmd-full/command.wit | 7 + .../cmd-full/deps/clocks/monotonic-clock.wit | 45 ++ .../wit/cmd-full/deps/clocks/wall-clock.wit | 42 ++ .../tests/wit/cmd-full/deps/clocks/world.wit | 6 + .../wit/cmd-full/deps/filesystem/preopens.wit | 8 + .../wit/cmd-full/deps/filesystem/types.wit | 634 ++++++++++++++++++ .../wit/cmd-full/deps/filesystem/world.wit | 6 + .../tests/wit/cmd-full/deps/io/error.wit | 34 + .../build/tests/wit/cmd-full/deps/io/poll.wit | 41 ++ .../tests/wit/cmd-full/deps/io/streams.wit | 262 ++++++++ .../tests/wit/cmd-full/deps/io/world.wit | 6 + .../cmd-full/deps/random/insecure-seed.wit | 25 + .../wit/cmd-full/deps/random/insecure.wit | 22 + .../tests/wit/cmd-full/deps/random/random.wit | 26 + .../tests/wit/cmd-full/deps/random/world.wit | 7 + .../deps/sockets/instance-network.wit | 9 + .../cmd-full/deps/sockets/ip-name-lookup.wit | 51 ++ .../wit/cmd-full/deps/sockets/network.wit | 145 ++++ .../deps/sockets/tcp-create-socket.wit | 27 + .../tests/wit/cmd-full/deps/sockets/tcp.wit | 353 ++++++++++ .../deps/sockets/udp-create-socket.wit | 27 + .../tests/wit/cmd-full/deps/sockets/udp.wit | 266 ++++++++ .../tests/wit/cmd-full/deps/sockets/world.wit | 11 + .../build/tests/wit/cmd-full/environment.wit | 18 + crates/build/tests/wit/cmd-full/exit.wit | 4 + crates/build/tests/wit/cmd-full/imports.wit | 20 + crates/build/tests/wit/cmd-full/run.wit | 4 + crates/build/tests/wit/cmd-full/stdio.wit | 17 + crates/build/tests/wit/cmd-full/terminal.wit | 49 ++ .../build/tests/wit/cmd-minimal/command.wit | 7 + .../deps/clocks/monotonic-clock.wit | 45 ++ .../cmd-minimal/deps/clocks/wall-clock.wit | 42 ++ .../wit/cmd-minimal/deps/clocks/world.wit | 6 + .../cmd-minimal/deps/filesystem/preopens.wit | 8 + .../wit/cmd-minimal/deps/filesystem/types.wit | 634 ++++++++++++++++++ .../wit/cmd-minimal/deps/filesystem/world.wit | 6 + .../tests/wit/cmd-minimal/deps/io/error.wit | 34 + .../tests/wit/cmd-minimal/deps/io/poll.wit | 41 ++ .../tests/wit/cmd-minimal/deps/io/streams.wit | 262 ++++++++ .../tests/wit/cmd-minimal/deps/io/world.wit | 6 + .../cmd-minimal/deps/random/insecure-seed.wit | 25 + .../wit/cmd-minimal/deps/random/insecure.wit | 22 + .../wit/cmd-minimal/deps/random/random.wit | 26 + .../wit/cmd-minimal/deps/random/world.wit | 7 + .../deps/sockets/instance-network.wit | 9 + .../deps/sockets/ip-name-lookup.wit | 51 ++ .../wit/cmd-minimal/deps/sockets/network.wit | 145 ++++ .../deps/sockets/tcp-create-socket.wit | 27 + .../wit/cmd-minimal/deps/sockets/tcp.wit | 353 ++++++++++ .../deps/sockets/udp-create-socket.wit | 27 + .../wit/cmd-minimal/deps/sockets/udp.wit | 266 ++++++++ .../wit/cmd-minimal/deps/sockets/world.wit | 11 + .../tests/wit/cmd-minimal/environment.wit | 18 + crates/build/tests/wit/cmd-minimal/exit.wit | 4 + .../build/tests/wit/cmd-minimal/imports.wit | 5 + crates/build/tests/wit/cmd-minimal/run.wit | 4 + crates/build/tests/wit/cmd-minimal/stdio.wit | 17 + .../build/tests/wit/cmd-minimal/terminal.wit | 49 ++ crates/compose/src/lib.rs | 3 +- .../src/environment/env_loader.rs | 38 +- crates/environments/src/loader.rs | 14 +- 70 files changed, 4462 insertions(+), 15 deletions(-) create mode 100644 crates/build/tests/bad_target_env.toml create mode 100644 crates/build/tests/env/wasi-all.toml create mode 100644 crates/build/tests/env/wasi-minimal.toml create mode 100644 crates/build/tests/good_target_env.toml create mode 100644 crates/build/tests/test-components/README.md create mode 100644 crates/build/tests/test-components/source/test-command/Cargo.toml create mode 100644 crates/build/tests/test-components/source/test-command/src/main.rs create mode 100755 crates/build/tests/test-components/test-command.wasm create mode 100644 crates/build/tests/wit/cmd-full/command.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/clocks/monotonic-clock.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/clocks/wall-clock.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/clocks/world.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/filesystem/preopens.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/filesystem/types.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/filesystem/world.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/io/error.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/io/poll.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/io/streams.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/io/world.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/random/insecure-seed.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/random/insecure.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/random/random.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/random/world.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/instance-network.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/ip-name-lookup.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/network.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/tcp-create-socket.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/tcp.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/udp-create-socket.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/udp.wit create mode 100644 crates/build/tests/wit/cmd-full/deps/sockets/world.wit create mode 100644 crates/build/tests/wit/cmd-full/environment.wit create mode 100644 crates/build/tests/wit/cmd-full/exit.wit create mode 100644 crates/build/tests/wit/cmd-full/imports.wit create mode 100644 crates/build/tests/wit/cmd-full/run.wit create mode 100644 crates/build/tests/wit/cmd-full/stdio.wit create mode 100644 crates/build/tests/wit/cmd-full/terminal.wit create mode 100644 crates/build/tests/wit/cmd-minimal/command.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/clocks/monotonic-clock.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/clocks/wall-clock.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/clocks/world.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/filesystem/preopens.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/filesystem/types.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/filesystem/world.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/io/error.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/io/poll.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/io/streams.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/io/world.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/random/insecure-seed.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/random/insecure.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/random/random.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/random/world.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/instance-network.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/ip-name-lookup.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/network.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/tcp-create-socket.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/tcp.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/udp-create-socket.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/udp.wit create mode 100644 crates/build/tests/wit/cmd-minimal/deps/sockets/world.wit create mode 100644 crates/build/tests/wit/cmd-minimal/environment.wit create mode 100644 crates/build/tests/wit/cmd-minimal/exit.wit create mode 100644 crates/build/tests/wit/cmd-minimal/imports.wit create mode 100644 crates/build/tests/wit/cmd-minimal/run.wit create mode 100644 crates/build/tests/wit/cmd-minimal/stdio.wit create mode 100644 crates/build/tests/wit/cmd-minimal/terminal.wit diff --git a/crates/build/src/lib.rs b/crates/build/src/lib.rs index 2242536666..1c0f33c55d 100644 --- a/crates/build/src/lib.rs +++ b/crates/build/src/lib.rs @@ -246,4 +246,56 @@ mod tests { .await .unwrap(); } + + #[tokio::test] + async fn succeeds_if_target_env_matches() { + let manifest_path = test_data_root().join("good_target_env.toml"); + build(&manifest_path, &[], TargetChecking::Check, None) + .await + .unwrap(); + } + + #[tokio::test] + async fn fails_if_target_env_does_not_match() { + let manifest_path = test_data_root().join("bad_target_env.toml"); + let err = build(&manifest_path, &[], TargetChecking::Check, None) + .await + .expect_err("should have failed") + .to_string(); + + // build prints validation errors rather than returning them to top level + // (because there could be multiple errors) - see has_meaningful_error_if_target_env_does_not_match + assert!( + err.contains("one or more was incompatible with one or more of the deployment targets") + ); + } + + #[tokio::test] + async fn has_meaningful_error_if_target_env_does_not_match() { + let manifest_file = test_data_root().join("bad_target_env.toml"); + let manifest = spin_manifest::manifest_from_file(&manifest_file).unwrap(); + let application = spin_environments::ApplicationToValidate::new( + manifest.clone(), + manifest_file.parent().unwrap(), + ) + .await + .context("unable to load application for checking against deployment targets") + .unwrap(); + + let target_validation = spin_environments::validate_application_against_environment_ids( + &application, + &manifest.application.targets, + None, + manifest_file.parent().unwrap(), + ) + .await + .context("unable to check if the application is compatible with deployment targets") + .unwrap(); + + assert_eq!(1, target_validation.errors().len()); + + let err = target_validation.errors()[0].to_string(); + + assert!(err.contains("world wasi:cli/command@0.2.0 does not provide an import named")); + } } diff --git a/crates/build/tests/bad_target_env.toml b/crates/build/tests/bad_target_env.toml new file mode 100644 index 0000000000..591d66aa30 --- /dev/null +++ b/crates/build/tests/bad_target_env.toml @@ -0,0 +1,8 @@ +spin_manifest_version = 2 + +[application] +name = "bad" +targets = [{ path = "env/wasi-minimal.toml" }] + +[[trigger.command]] +component = { source = "test-components/test-command.wasm" } diff --git a/crates/build/tests/env/wasi-all.toml b/crates/build/tests/env/wasi-all.toml new file mode 100644 index 0000000000..9f00d1c374 --- /dev/null +++ b/crates/build/tests/env/wasi-all.toml @@ -0,0 +1,2 @@ +[triggers] +command = { worlds = [{ path = "../wit/cmd-full", world = "wasi:cli/command@0.2.0"}] } diff --git a/crates/build/tests/env/wasi-minimal.toml b/crates/build/tests/env/wasi-minimal.toml new file mode 100644 index 0000000000..6dd9bc6fef --- /dev/null +++ b/crates/build/tests/env/wasi-minimal.toml @@ -0,0 +1,2 @@ +[triggers] +command = { worlds = [{ path = "../wit/cmd-minimal", world = "wasi:cli/command@0.2.0"}] } diff --git a/crates/build/tests/good_target_env.toml b/crates/build/tests/good_target_env.toml new file mode 100644 index 0000000000..dc2acc941c --- /dev/null +++ b/crates/build/tests/good_target_env.toml @@ -0,0 +1,8 @@ +spin_manifest_version = 2 + +[application] +name = "good" +targets = [{ path = "env/wasi-all.toml" }] + +[[trigger.command]] +component = { source = "test-components/test-command.wasm" } diff --git a/crates/build/tests/test-components/README.md b/crates/build/tests/test-components/README.md new file mode 100644 index 0000000000..c33c4df938 --- /dev/null +++ b/crates/build/tests/test-components/README.md @@ -0,0 +1,10 @@ +# Recreating the test components + +``` +cd source/test-command +cargo build --release --target wasm32-wasip1 +``` + +then copy from `target/wasm32-wasip1/release/` to this directory. + +**IMPORTANT:** Do not use the `wasm32-wasip2` target. It generates to the 0.2.x world (0.2.3 at time of writing), and Component Model tooling does not yet accept that as compatible with the 0.2.0 world. diff --git a/crates/build/tests/test-components/source/test-command/Cargo.toml b/crates/build/tests/test-components/source/test-command/Cargo.toml new file mode 100644 index 0000000000..904e9ac781 --- /dev/null +++ b/crates/build/tests/test-components/source/test-command/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "test-command" +version = "0.1.0" +edition = "2024" + +[dependencies] + +[workspace] diff --git a/crates/build/tests/test-components/source/test-command/src/main.rs b/crates/build/tests/test-components/source/test-command/src/main.rs new file mode 100644 index 0000000000..e7a11a969c --- /dev/null +++ b/crates/build/tests/test-components/source/test-command/src/main.rs @@ -0,0 +1,3 @@ +fn main() { + println!("Hello, world!"); +} diff --git a/crates/build/tests/test-components/test-command.wasm b/crates/build/tests/test-components/test-command.wasm new file mode 100755 index 0000000000000000000000000000000000000000..cc6df8850a873d5a1b8d549a56b26f527e366889 GIT binary patch literal 68346 zcmd?S3!Ge6edl=}Rn^s9-BKA85SEB<6$;3~lKTBnc<9Q=;Mic^lg(z+?nkxN-BPzy z-7Q%JtOg4(1PIAE!6cA42{SkZ6WDl&6G+e|PQqrG#5>DOm>rgQ5+)1tAqmNniDyFM z`TqXr+*`N0TQ)fUWM_9}SJ%Dgp2z?E-~azP=T#fuc^FE^A2x0blhz9S zW#-J<$<_7gGws&7#n$caf=`S#*^E2v(fMy<7SZn3?(GJRWXJ&3MQ>8h;K+Tt5p zYmZyC_e^_rZn|~*;(8Fq4~4%8I^r-6dZSXcQmI7lUpeZF%2AKqg!)&h^hHrQq$I2b zr64SodMZ&*Pux@K3F1;%;nUMoDwlhMu(v0oKHZf{rI?11y6vk_SrP?=s^pJ}fL<=XW0>6yiq>2s@# z^Fd$ltHU4-YuEQyD|h#LZ*N^Y6pKLAMc5r@n?z@NoS@=JPzZCv*_(1qC!cT^MfAlxe zZ-!A&dsPVik449x^XARX%^-dBlb1JxrGrs05OkHK;dm6(FR4!bo%-7d>UYs3NP>ZI zcP*$TLH#Yd4{Ez9ql5a}twVQz71x`A{n_^XCLnl@JxY`1W^lkR6L2#g?d6Ms`}w+W z^YSJo)g(AxnuzL@RF~@ilDdqRCQGhW?S?SQ`l=WEvdOuQ`j=9$ze)f4ul|6#XoPf9 z_njnR?dgD&1W8!`KkR9gM7s^_But|EzgOAr+B1EfBue7?7p-0?DebNe01z#|?rJr- zJO1wb{^GOm`O`oB>X(CwSQGfGkNw6+{`hY{^x6FraZqcj#-IJ#{h$0-Z~gpV|B0{h z=v&_Z>p%YIzw_I_dQnwgVncz`Mi3oK!h_MCW|Y>?4(KjQ6E1AXj|l&}p#;PKX5sp` zbX{BRpc&Le4q>9aQL7mo3ZQusrXRd?8RV4ezp7S^pg*iJL&&fs^o8lqy2p$QB0ncY z)<5NHQm=!DGdfMg2#Q=;(Kt?=i=D83lp;mJRk!=*_kjaXm%8zpPl0QYG; zPU9%OPe8zsNpw7(0IVpzBy`_@Jb7CZ-hXK#-b>M2v!Z4hxciq>evrB7u4;D)cTu{R znN^cg5<}acv#DsL!45aP5X^z5E8_j5YUJ_$P~rOHHpM%moe<9mOrYQJk2(l%G-7g9 z&#yL1TmoU3zW6LP+DC)kcK5V%>DP6~w0TxJmp|TR1^u0Zfwa^J`(qKX(@9?IksUi3 zNMqVW-E9W4p)OmSG@^>}MF<#a*x(vS!7+rr$3#IWEC|$R(2CI6ebS&2+r*<2;@pE# zwOP70t~Sa^NjzTBSE<=^f1?^7OM3XP{9%Yzef_>>?~MadQb~FlhvMGlW*>m@xp7~! zul^39`)UYTPWtYDW3!B`K{cw~Aihremc&6xA3Qdo3DyKg8eAJc`lB#YvwZxq@Xq6< zS2>7EjUIzgQh}_MZW1NZ_@x8Pv`0Yps_V2QP1%g}r%!X~P5Q0^ip_uzB1avbmGWo0 ztJdFT&uHC`l=+(=DNjTJn1om{tklcn&))@H^$%)RLG8DqF3sk}_aBXm;wQmH@e^}V z+{Hz)5N7Ovs6jF@MzEa3w;26`Bu>LLtpB9YXAc`#9V($7mK^iN84rXBwN0!$T!^jx zNlZChSTr}~14b$lo55j_r6$6{h;T;*==8;dI4Lcq7nf4HT|Rq1Y$R3I1f2C|4|hE` z?So6IDFz@7Z`hZY_1u3)vwA$a>%%aIrds`Qvp3a%x6=k;xByJ#xm8D?Iw}^6pu=!&ml^69S9tr!J zmE-$f#nTEVjq0ccYB~*8UKUqGa1=_63f+1uw6S;6TN0{98NkA#-YPlXEA6DWvS(d- z3sYLuTNS6bO6aW)CQG$@<5IItz3fB;TUtlaPgJX8CXdx-B2!)m3Ojy zc`dVi+d3)lWci?u8_FzSsmt;q>#}?Z{*olN%2i1g@TVOUB+;RuijFAB{z#(nXCm1- zH+LfuaLTkWw3!w-#p@eSBIG$}_J~B4q-P6>c!rhq&m`ZuX^Fc@gujfYEHZjpdTH%* zy>Ydu3~|0nj@upoZv87&iP^AW1iBH zurB2nB-KV=!rjxFwX}MJL@EuA21!y&_uVj1N@{Wo8~w6I0JorV80cb(0ml>rTbKfy>6xPPqg$w7$&`}u#gE_6j!sNyWYC3=qnH0Davklhf*Lx~$VOarxE|3B4~$Dv8q z0bQlnfQC`KI>6PST_s#y$1~J$Q2%V!h(4P*D3hup-vbK1z^U^jIsu-7m!56LPIUr& z6~7Ufj|NrhM@NI}F%{trsDLoN4ww|@fBJn)tNtbHpXRP=J|Ivdyz;~wz%15z2|Y3B z%aTB1ZF5o>brEP4N14YOrk@R#>c6Bu9ZDE1O#diYO21qf4UJu3-AB-Xa=m=0WYxqMd?go3YQmz?49f zr(>S_B#bd;db4i$eONaS#z#;|l0u1Sg zk6jSI6)@CKZVXgaebe7R>GTJ0_FK-yi3Lhiv+qcTCXik<9=GY@eoN_?@VM#h&4ZWP zr$XzPHc=Y9Oe)-10w-L755-)OnzBp6t%U3hrZhzh{GGDoS4*eMW5<6J*btnI=F_I3Bl%+)0Hc6MZofP?CbQCvvwe6<>4dRD2F##MZcU>P(j~ zOXB z42c>-_t0Ul`>$~I_rle#QV@l`0mw+PFjgeHN%{i_uqTXi!YmHg&x?+!-F;?CW6?59 zpSM*1--Wj%JQO@nwxA0B6is!~+vh@3QWrG;DAyn`s45n@~n=tuEA( zFL0NEX6%RxLsA+x0(!=t2>yf7dsRt&rvy}Xqhao~QhCBWIT(Gwda9flpyXh5kM0^h z@iDlrlHiP3+@yqP;NvD`yVDS~?HD(OM?zu~7dN3_j)c3Ked+B>yY_@ytLpw&lA~&= zC75@sV_d@FC)KL3qSP-X007J}Ay~a-phuBV`k}6HAT;M!;wpzOOz-(=W@3CP?~=$v za6c@^tDbq6Tbq30gHO~Xz2|OqaKE@WsMY_4*ao0VAGTDR=&YP@9^6R|qitr7X_u6@ zYl3eVkxPWQcFEqVdZ{GUE#}>lz1g#_qzP&((>s!7$maCn7BANE#N9@2L7J0W{Ns&( z8XRXzn*>}|56;Qh$ds|?Ar%^%q5tInxohekbc68_C zEJHr6*-C2fAKdr)yW#3(JHqeefgNQ02+N#Rd!uwvi;M2Is!!JC+RIr(}A!eoD z_%-%9B#S8Ia>|hqPX>|r*72l#(55Bp&~{sRl4qs-nedfoiBRw1Cjt7>0<-2}Koe#v0?+!*^{uICwAUq`R#d20h@ zj^^c_#I;yT6hkZ1NbW9@bCSC!LKd!&VKDLo5g=!Slx&d5^qfFS-zD9YC)^>0;}cC& zW15Lma)?o!EDJQ|RKHtuXi^;q6fIhMx${L5Tn{Wwd218v0oT_Yj%NA9fMtgbB_snF zR4O>UHd5XXh9Wzu$?*-F$mQlX6M)?{>_jR3KoRoGg;@9AIOkwT7wO7K%or;*1nx42 z&F&+@P-EZpZv0GFgjTA5SQ8Y79gOadGuP^#xc)YqcqmHo@AgJS4g#ZxKjm=}$uTqH z%A*o8z*&K1Lh1^gj!8g;QXL(z8emuCtvk8193bqBC-CEtik0IO0Bl_2b76`Z{TgLV z5bBd?*R&bJ>N&qMzBVGOrECv9OG2oC==4iEty$fSgr(ZIODMj_6(y8sSCUY9YK9{t zV4U6?FFE zjvyd|%MLxkgc1%+%dv&6t^y1OcMFPO&P)bsm&#G^#VFf^fNCl^)H)<(e?=Mc-$tOO zQd?MXP*{O2@enkK6osWPtEd&_w5!X?W0$z@Nvf9VL@6kemCWs!(6-e)){z^`{s^l; z{VsQj7o_$6ewVxKHGs zgZKgIe7riADwi7Qk!n&={!(+fk-nAW%{%UF4CGV_63Q-tX|Z_Dg})nxr7Wtt7tV<~OqhhQFY;fl z|FDD?^Ty>r)uqL)JlsTev6saOWc@xT;&K!=4Q*O^!XMOX6#A5k2ct{bI+V2U4tf>4 zmy4`3F{YiIx>vxIrDn|T*d214-dpYHCC0gyaVFw>s_B>Bb{S}&PmO!v{||gXcMt1t z{TBr+s9=UfKw3n@&$y)TZ|M0rQ%E9t8h5FTiKgGQcDb(spk3PU$K#GCcbV|0fJi6H z7I_kpviC^ix0JhucI?5h-kHK*eFro=kuu=LpRge^NUCOo+rMBVC zm%0r`Y(t`kHW-nvWx+&$5=ss(`JG0fOil(W&L|`|B-3(A*c=MNhOi1o3=pkV$rp=` zhYpZS1wi&1ARs9T(rBGb$rlt}IitVdN;mJ#3mjzC$AL`h1z)FRA&^~VX$H3`tn)0i zr$mW`oSWjnD7~EJVw0fuKU%Uy7%-JVV#VoDn46XKEpAr>J1%v~whJKdED^YE3)TYA z6;{h#u6;=cPsB~|F62N+{Ngk|DTu~#iY$W z?7g|&@=87F8UKCKzDrB|gZF#VM2)31N=wZOma}I15Zy*myiVqd2Nt4Re_X2(>Ibu@ zfDC)8WkRZIpHTrP<>f?>f)k{zgA;LS4+>c|iHd*|wqYh&+n!|=l$vZPP+N^6Mk;KT zL0uX?dzR42<;-cbs!L6_gh;k9QBhL0*?7bz=ERn2B~(Q1wNC{BU3ildu+}RBZZ!O* zQd}vnM-zl?v%_XSfE0vce1tv>3|wH;loJEZoT^xTSOuK(|YcUOF(d6lpJ3XYJXHlIYCJYG1R@*_a^dLl?+&vJaSc zGFOn8nPmpcJxh88IZ>`4kNN6?T%Io!734`3*qae17jR^WfgA9lToNtY)R_gWj-i$b zXH{LZ;A@$xy~cw~0Z=HCU#CbKB`&uE{h?(%G)g~TpMS4u6t+LQaMq^$MHOb@Y|<;n zV&ofH^``5jyev)Gt8()4NTGEP5XRGonWqvK5Z^Y7d^cun5Ox z73Ofr%y)HiDe7ePI}y9&UH>UaxKCLE6nzkfS?bY>3IW6>eBq-9lrZK|2@hXM7S57w zsY|(RZiW-F&#!DrmsrA1nG>H=(WOtKxKhi%$ZzeS1rcTRM`c_x$6XxLwd>hu$WU~S zK8ohj`z*ob?ccAHup<@o969Iop2yYF$+o*psCdFWX_UgzPdZNuqhY?Tjg=+Uu9yCX z87;Z2VFDh=Op5tzHI6J_z8WWU=U3ykUHxOZLjnC{4#~?RDPfL!?dHz%f}brgQ88O%I=TMaLaNvu1LCqbT)^^{z|pKl z4!2VL-$4o|PvC&`EP;cHll+2wEQd@F4!5?&5>0~Ol zA}^+Q8WF=Ondvw(hH!LkcW8km-bauvf&7YuwZXVb*x8LzEnl-znkZ7R8?lrnY%Cch zB3R${$A)OiB4~uzWx17AcI(Vyg52MpGjm3JIlxGYV0cVx6|gD*2@1QF{CMb8vHrW_ z2`Xf;(NK!QU_-zKC*HBmvG&12%Bv%q8ZA>%enf-diAEA`n7YG)&6>1>R_~c;zIxA2 zIj!D9aCnm^?8y%5zbBZ*0!XGt)-noP1l&q?wy)U~Mu~^$aJf4!)s5LeH6-ONNekz0 z_-7`W*-CaH)opA9WZlRj^2-RBF{ApisD!1Qt;FM)hiwudQ>A^6-D3O?(<$%1g79a; z4p|GSTDQC8zXLgkL?ZlCo~r#XAtK=o$-_a%l5ohtWk|oN)g03w;*$FRDy~uzL;~V$ zrc&R1l4{`z1~&hf%KM z>x&Kmx^aLM{%p7P59KoE*Ce)=_An(|ikp%5#YpF`N)3=Y_qi{IDH<&9=%k0-UhPZkQ_O`EnZ;c8IChRYZn}%P z%0A{Qr!MBISj>gn33=tlqtb}Elxnq@tCt|JX$h`Ap5VF5!!Bo?R?KIX2dw}A>qj=k znxP59@E*7)G5@Nm1I zD1MtBWsm#mXjcg<6yW1T2ZJE})Bp5|KOuMznW$}c(pIp14?x(!Cfar+#alr-h{uQO z*r8@XO>JC~>*O?ap__<@F;taf=_f=A2*U3>>ZX^lo+WRY-bx`|E*l{L0uCJSL?k_OoFyO>CQ^T*=s~I{^BaeGYwCl95?Qrdi zdjYusGq}F}yTnCo~sot*3_i$O9N8S#@ z$&e7jYgk0+XmEt*?+`7_J1V6|e4d(|D&1>M6rj0AD5I+`sUn|EeErVa{qMQ+a{00Z z5)e5FknK!JVew_>bK$`T)*tS#KWM#>`8OGMc}dUuGA!<#Wz2RhF15p^B5@Y#luYHi zX}K@+CfNS5MV!slX3u1Jb8)T|#Mz5gDgA;H0_jzXf%}{BRc{q&e4N(`nr%~YDgCNd z`vNMeSj7(iY28sRI@@O>tQ8Wq{Q+!T{;*g$i-Zar=SsC2%Ax)RjUCh;3U>;XUGPd^ z)$fkSnrcv-wJTz<(>@HzMr6Ni$xckQ*pWv!g}AqkzjGRtOyWSULU1`@w`pAT|YS zI_^zU=}^#H|EhzDs$>Q?#z95eQ`5lnwxk3r zKE`C>*6oRFmS4%tvxIL_c9Rv`3EO|95#$QU7fV0)HacMom@75^0cBiu z?vi6{tHE*A)8eTuTV{#dMNms)K3EtW$^9BWguhcX2i~L#_1RDp`NsoZDq4vLI$*r zQ8bEpsepvKaL`z|f=5B+%u?5WxMF)EbHYAc$|);SroBj}rIO*CFKb-8R~I4<`^Vhk z{?))D7e+Z}ZF74U7gmQooUq22)SJFa;*j(nDe3X(UMlHL7#~&Ta(YP^lLl&5F6li8 zpH*=weP>pDsacwcFRPH{v->YK*--hQ?&9=8Ww-C+I%Vh&>H8j5VB_>I`+G0u{rA<0 zs2Cj+jqZ_OYX<_s&UB66eWjS<==015&UAUYz%+u*yV?+$ccfKDoQxh%Kne8&6_T)vIW>_CjS!@W zM!5q|IU1!u9xg38S5TQcI5qvccse`F_=EV)m<;*IAmbs^R*@~(*fm6mZ0kxIs?MR{ z%c>#8rR5^KaV;NFxwUgwk)2nqO-8&AD_irza)k~Qr#Vsj-s?%&u3>g^ss4vzxS;m= zt^@vEyF(05&exNl3fAz$0CT@~PBzW-VPUhq*KDXz5)saZjg+;nE}^wqM{(sOIi>Tn zBJ77A;@PM>cK}iC-7b);DdwOveJQkU;)cMBSdbeaa; zlleK9vs`WMOQ`V}caXXrqpZt| zMnY3JMt7Rvpy%+~PlX*X4SSt?y0EcSl4Bah^`Y)TkrYGm{Yea`5h+In1_)?@TX>|S zpG9tw1E4oWLCAc|5Du^%YjqoIGOLpWweK@g%V|s-^LrRaZn9oV(nacOk<_wB=J$)j zpY5iwoiN%~*iTLEEf%Y*hRv8VnMRv&?MEt|xcQNwc%%tla-=DKQQR4XK47Jj zj8;x3v23s8dr-&P?T^l%x}c(bC>WIMHtL-XWke1}51QJlq!+)}-~fEV@vu9zA~=u} z;IQso-;+D{4FCtD7jzsM9Y7EoIg?#*LDdt-8PI`z)tmAbuA_{g&pd^LjN?&p>8G}$ z;*zlEQQ?BArwSEvs6-2}XZR4wgq%+cISQSWe0G!B(>)oMCte5qq#}eQ$PM6N9A%ku&t3w^<=(zR@X3O7J-%td?*vaA#2_*oZQxYH6&q0OW%tXhuoI(>=>-+ff zME+a{!{ndDHs19{U~tJ^#W=3^gF6ocd?DXmwU%ND{8Gn&vZ zdOu*23o3;;vY7>*s{d<89jC49f8p+8==DGC1g_XU2?Z?irT!tQUVb?wn>!&BM(=v?GUG;Wwe?{1xlid9 zFw)@o#fj((y5(|n^AaN{-}taAF-w=8Ih%grBmd?jINO9zEhJ>GI>ctYOI> zqNDeInj5#@J1Q0}r~i&(nrgeGt2G`y;5)HK?A#Tgs0>EB$6e}V;NNXqBWj=O;*(zq~+ia{-! z$z=0j8O1=D2vQnCtW-9Sc~h zIwS*)trxM;_pHYcsT?4`OT_T$MU0+yYMxtf_VVrt0g?1FaT`A=H+s!F0b_&n620Os zy{~{TvI*j*e!g_dLMo93Xw4aTZ2&F-%CH2^H14B@F?$J4-${0Fryu$?0I>w7Qr>`R zYyU~L0hMFp5cvok5R>b*M+f}K>VPp{wTS>Gd~W2JGf_-QSlY+l&=PyMweCu%do8r) zf^=HKYm)%ac*1B-3vocd&X0gBp6qFwwXbsQ%T1lKy2@ybmIDbf3;hku0pwL3K|>?@ zl@@gOG|+-HQ-&tIJSn|M6cePMxu`s+n47j|*tFe+k|4dt0(4~JvB!E;vz$IxNIiEO zd&tj;-(kS@<@80Y(bKhID$}G;unU`v@6?w~LYHFM^jXvk&n@%!nj7}5+m7(w49yuz z$(3kfv;sZ@rc<$=+%?_U+jAT-DsT$eOrL!&EuEEjFM+Gwun(kG_Aww^P8lMpHG-t3 zRd5i@hT69E*NcSos^bI} z`1b+6W-emDyYk}VTy8<1rpfl+y$ylJg*e3CqRBN{ql-fXzN_Uqq*v6p4F}Zr9MUTe zs0!LDI}<#Iz>QrTV)vdy*cu`Z>7(-;Fo0kaGUV$PQ%aHXRIlui;1#5tTjii6{ycEX zK|(A0k*P2=G>%WM!e9tivB6l{5m7EP!39kcWjNQtWx5-LlyweDyL9MG{D)pMWlmG2 z@SJ^+Zpf5%c0<9BpbRyyOsx24DMJRNj zG=w=B$izU|iKkm#HU~nlY;cT=ZA#n;Q=X9HXfC(UD_T=k?wLbSs;PFiu&IY z^KwpgjF*u^?`bkHh1(KhWe4wK*SmYs2}xY-a&ix8R9SXUuhyA2N;Seu2Pzy*5Lerq z8te;9fIuZ$Arv$A#KFQjUy%JY9zmQIbX`g|{FSsAfNKHSz8FSl@hFCcnBC-(V}l%* zKq+s>@G3&A7=ywbM1tnFMSLrBFpkZT5mzd?(KwC}HbBjm;5t zC*K`#%u|AF<%S6%tK)+5D05{C4l5m*NOrtg^vUIK**`Vqll!OsZmWN4#c-MVDd`pb zQ{VQA{wegh9prnj6Q+=R36faW%XE>j((SSe?WU4I1;ZP@#m?sBmTaL&XDoS`$nh7R zIgzS2am9=l+h}MH*n*RW=Ep*1TmUI#Q-CsTw(U#WVEgb)DjOd3yWwNrZYLjGXSiS# z>)U7s97PHOCybwShPWm^=6D0^W~`ZUh2E1|(g|%T1$3WhChtjkcJi;P6IYqc-{d_i zMAo@XMf@VH!Y@uvj$h#Eb$|<7=>%AS7)xoYYWRnkKwS3T^f^pzM`RReQOl4a!^uKh z^l5RNva-FpGx%8z1RcE?ka72zyPeq?EE~sC`2f~SSW4|Jz}i41iv?-Tg_RR%2YX8C z9fSjR%11T<+K2`4Tjcl)(_BAhZ@Gi(au3>`h{`Ttfd!~0|5+RZbckQ>Kg$tSpaF^G zpBVdbAW2+UWet`ck^C>dDpL+K9^2+a{X|LFzoh<3MJ*#;MYuqpsr1<{ZlNrDkH;~yeL_=hFuAA&POJoy4_eKi-*wz)KWg=l;+hffW_8%vpNKTYBWaKLMfNRM!xgA3iI`idr)9Iy~c z>~&2vVP1t!H%1-8WUkO`UKXLO{1V-JMJfjcA(n%ZD}|y8pr=d*GY2Jh4vJoTWkG*# z(PfgQPSu}e#!0z^fa8UKtvm;Fu~%X7&Qn9bW3ByYi<~aPoqNrg!OjaWNZ+vW^^T-U zu-E5lAw5(}>*=1PhDV7fy3bA3xxkE%xa^G}h4(iF5>wFzCor-X*3QEhd%(Ud_rN$g zPIoJ&fB;Fk4PKmQ2noAAL(zq)$-RudZquu{U2V$TdIC_yUNX>-SCS0Uj8v0k#7;7Z z8w-+Q*(8$;ZT1$DB^i7v*kwljd`V6KiO>kC)0kd9V&nsw?GPFvAJ%$*Qr#{eWjg6| zA`wU=*e(reMT;cJMWU*(b}zknPz0FJ67M7+K)S;h)U85pl}bn*Y!-RjMDfg|9ZjT|9{W-p8&a8d6*Td; zz=pj_ie>sMp$X zmI6&mwGULo9+I?JQfD0H>U-!z3PZD)P?lo0#xFay4X0!(%q4>u-qe({qR#KY3xNRc zn#Bf(9C!taSaZv}4p64{nt1qP4tI;xBlowCRwVW8CnIZ zvqB*uPz6m+s?9d`TGmBxUQrp#M{WZ@ad(g6?j9^m*o+jLGn6%=XDuDLdm5M%;Norz z-~dkBAlxwObbqsuOlh)uWvV+g3?-2ro&}*MEzGp1OLWK)AvzKc=7i`7s}f1T<;;i^ zoeXXsxIItSHTt_VNqfK%Qnlv+xddE5I8wm{)Y0w$E%-a{1=ZrMqm+#IUAS_d3tX7% zXCt4u!FeuPa$^$;`dP{l4(B%4&yn+7wE4q%E+!2G|01KUb4e*76J9^lx5o7PnPaNl zNk2y}bp@-s)D`Hq)~t;>{Ty`^ls0z=Jm9C;W%jDg!5^j@sTS3T8WyR#3?SyP!*(UFV zDKeGW{3Y+;3eDifx`QlxpbhO#-f^2O8r7WfAF@RcPgWd$n1POC(br6b)A%swP6h*{ zID-*ph$(OeDH9RjqtIO%%j}j-u@MS3g%NhLDOq#y=~1sMr<5Rq6E$ftsMy7W48cl? zqz5jP*fOEaglyx&Zdxi1>aeA~1JOF_X3N+Nh-!MajB~c6%-9kDo+MksNy@Q0Eu2qS zQ}=e+@{dJ+vt^{Gh~MHX@mn^rZT!~3!Zv=(EJzM}7mGlbT*{0uz6Ij~--3sNaX~p< z*|@-1QYC!Zu_>oWVXG={?z_fTaK1&`5=w;FO|;#%phw+*Vlro81S1xv?5rP3J~J&u zs{!FBtl_tC!wr9l*g29h{xEbkH_T3%w+}DOZJOLPK4Ytv>n;HXq#%R zpjKP9{e;4T)UK=Acm)f#@TrG>TpH~VA)W3YdP0n6~Lo8uyYgA%ztBdJm zErl6ME2CrEX$1AjEy*Vb5#C?tciH4CxGW#V_5Uivod7d)!#ougaF!e-aA6=4!&^HC zMbX78%i{DHyae}m1g65C1owxjEQU;me*cl z1F16B7|R_*P&btI^3#W3@F-veQ93sS>dXfhsCpqwnGexOIWvvd>yXaZGCyELjehxg zpwB1QxWeh$*$61H))hx&?v=@iz^0)s;JIGpow%;70v&rF&9e{B_PC=kJ^A__Wp$Ow z^TYq}>vuS9AXRI8LII8F+58u~r-A&F{z4o9EO`pZxTZS=q(lKW4uU%o-Wo@c2`Yr( zg*;G?^t@|haYUHqfik$I1(;>sbxpX?nWR17M^n^(uQ;~PWq~}cdpopdX{$(U@!!tO z6w-&w2I&V1krceQOg?zlB_CeywVy{)4sRmW1i(%aBFXzuj<=sRmK2cr8JaNjkWq}F zIjFtAKdjicCteU>yo2Cz7~Q$Wv3H9pLtEJI6ghG;VWK8w>3L*gB>v#qj-J8qE=0m_ z^xPLY{dq+fgnG^qrit%Lj&LDynK{DL^d3i$dmNN`M_Aini;l4KO1zr_h|VL?y={Id zI>JIX6VDuBc`unGoJ*n^QYH$+n%o;LU07nUI!73wW)W!Nh^!hsmp zwK0Zek;XZ~+5DxZydz9C7`B5fdtfI!9mD2yv}xy_FLWv@UO6Y*Jl_zG&h%=I2^f%; zUZXyq=W8Q$G_OXmJI5eS;kgmK^2=~7tUGxH>*o3LMzc^-(#3SqF^SjCN^hIzYa4A8 zb&Jv9Fg48h&^8fUN8NnrJzt)9KD4BW1!Rv29fdotW*eQtDjLIiJ^(^6O2r(6||hHW1=MWUep$Ae;Ombq10Egq1P< zxWEiZQYCgt6>y2hm1`CkonU({Q|z2z0cabuawiy4I44-vK#HX}p5`u0NOU9{9z6yp z=y5p}Ymi~7R(m7+@SU0f#=13)Xi=$2eWl7ip7`=)(Lw&O>}yi#m`?CTFz>r`6qyh$Zhy?Y=EGbvJ9Cn>s4-Qbg zNo|1$39PI7o3%H`(lGSVue5Ud6@?yfokAt*q6;xWq?*jVaL1IJTAtxass5U6-=9(yc4o0Yt! zQ)0Nd(~TE1<{bONO^FE~nU@8yQT;~*2wNJ%?Of_##mr2T&=z6ShmhYdTMQ z=FW|KMIamw1TO~GbIsOq#7NaMrmbb*AoU6W4!S9g1XP-H_(# z3yJYfJwa-eh*~62AF4}9V(eucYphW33hHlHYxlSI=RE)$(KCHVX@byGUAzu~^@m%! z*J)d+540ANV||N_B#(MOJe!12o2to+IB1yO;c7;%Cj7s>Cci`^mGmZ8Gj=ugPNr>r za)t$wLT%XSZf17;o5^X^B>H9_@R=*GDwen?J8oBC?l$g6=(@CS2~0~c*!>wKGp$Rf zkPy+iD)fn6@skm(waFh=ro`ocrCX`3P(5x$@v)uTs2_eFM)_2(_PXC~%#9j47Pl*r@?Sk;wwydu})V`cP$+ZvC7=p&zY->^3t^dT`&*V#a?w$RTpC6t6Ud+ zh3SBGF|c$nP#3%H9UKOqC#eqIm7NbmUw(q>H3-KYyw?WhiNHoW5)6D#FrYCH1-td@ zG)87Y3z?O1&>k!O76w%`Bk^hX)O#G!$>6^_IK z0dtfn0Vnu>^W9kGa%@m5+SE`$)lBv=QlYQ-uN^!LXqwCyFw7Ygkt+?7~ zl)N@dW=r3uTG#?1)#5PA)KN4FNHi^*oZ8#`wB25~(H2*24UqPAvr%0K6Pm%&R$1LU zzKyzX`Zns~M3HR`p;$&+QjSP4kZ1;aJHYMhJN&popli3Jon)7|Y>M7fqeZ@?9V}bjhFmo(2M}()}R1tFE;o-~n8)||RStPpH}?Xp zy@{h;nW)(n2L^3khl29a0CK8DOGI{9{s9dBvW*qF&7L#=N}O%2T>t zmT0j zrD3e1HWCniD_hE!vZ)q~OMZm00y`y0^`a2PD93e0;yX7_EMXj1w3# zUnbHIyXki+_~PuUzIexmz9g;&`lLr>GB9^2 z-Gq(`jevVuNBK4(EJ+pnvgE2$@R1|9J2~MRp@}%-dBsL@R&kVIYYo?o8fZk{aCzG> zQj5}nvD5-`*NlY=i@V@kF&v=;mEzjl<3gsv*=Ok>$*%WvjW}kFLp#rsxTj5IGvJwI z--05Ew}>V=&+rSBGG`bDjW4&*JNxo6T;&ciu3Q<*>neBXaplUQ1wcqmLK2T65hPkB zA+(JkvH5-A2}YH1al}-XT3(^lZIgL}PNQtJBd%%cks;K2gqXgAT3$XJ1?2vUAl9Q0 zmITg-)pj#9(e1kxT=81Y+F_$h#^l0jSd6w!0r{T-0m1yr2W{L79_sH^AGOyJ`Z9l* z=8}#CTQL7M7t9lY+7$;X^hj%8n)v5}oA%+krI+ugaOp@Gq#yZNUCCbTssE_;s&nBc zutELDRM7NNsI&!Ihe%mdlh7fi#)M7(Gjpg4o!nOyq*+ge2tS3CW@5)b2vG{)EOcWy z*C{$?nm~9(aazDEbhwAcsupTWuD2J$GTRG9RGP~}HDfRB^h4MR*udFYPi>R5D++VX zsynMDc@dWwO`QkC6qjpn4;>v56NT<>S|$uC@B*b)4q4)JdeuH;R*hAU_cNiuG{GqK zJG&5U0c- zn{BVdN7n2W3Z~_-SSfFRljdNBM{kMY6qxk5^8NMqt2OP&-*K$LlA~m+bW4&m>sz;a z2@s*IiM6^{`|Ry2wP&jfq>p6IPdIR>%kS>E>;G5(zBH2xq1t;yZI&71E~>>D)x?YX z52WZA8+;@DKtm4IzD#+s?7cLQ0&1q&Z>`wtrTHy65cdut%XYCxsh#dc@?&}w=UR^y z4zkf47hFGVU>+LDLp)w9VwuN^Xhr;EMeKR9B6tGd--_5rYefh_DJ@%3*%#r4mePt9 zReTZ9*?C_1fZ{cv{0%`Vjn0->*i3v;!4FSA^h=jF^B)@)!=`sziRVr{4%>EvVRnu& ztf*J|X+5d_0qc`q?Tt%{j3iLE!)h{kmSXPbiwJ1*gzPlzt6yR#uk?W~ zT$nUb?7YTMQ_%)-gj)<_8iPTb6gVw!pb|CU?Io}ekVeOnG7}LmnGJNWcoVklmXjy% z7Qf0RCiJ~5S_IyLa{s@$`v)s5uQRGsPWob5yKRAsz_y^A zDHA6eusrW?Rt(iWfNVQ}*`uUOG_qF2;kwAGmaaoFbB2=Kt|7oGGg39ZRT&Y>owre<9<2C`XZha*bbeI&$lVWhxP2qXG=2V4nW2+ZsYFVK~d zHE+}A8@aS4RqMYZ+-CGNqvl2;IATM+uWfIerWT;t4lv$)V=o49C16vK^l%(U@P6jv z_b!2^(17jtS*_Hqyl_NWA{J+gKh}UTLj#hfOBwSsvS<4P=Xw~ho$;p-s$^W%?TR7tB7hW*ghDt`=>vC`jmzJKh z9|P%QK+{5?Ly$A8U2zyhC~*C5VuNjC4IQ)VUux<_c>`g>7ZzOhU!kTp%;+tx9Qflv zfkTVa80v6qZ|aE`8*pe)J@Msx>hnE`*EnOihicl;Mm15<4z^qo@i3V~yne+m$(4xV z)lR@0@^f74w? z=1M=U@nt%2&1uN5)^%4RYgO%TSfVokt)!2A^p8t7q21(k^~gX;mT;4LWz{K^@%CWD zsqj^~17)Rq*q-iTT`MwX)knBe=g$iO6pnm7suHFfg~;q>+$ zToS4};B=VA90euo>536#kMS*?ePoTskfTScm)%nlE7@yUjI*CLl>zT_n8Zp-uUiQm z5z=EH(v%rBc4ii=WIyq4;YqrBdBn*1r@)9(}Bv?qj)6;GYg|*nzCkxg4A>e z^@BD$*<;A1!@6ZXFHR$yBVuNw>eWzn+xxlWtQ$2^leu<03@|4TBLoh47-7f55Uo2N z291E(dl=vX@HIO_f;;6XHmO1e|M?(Ehb24=GF|Q(abToJeav4j9W>X07;2o(U zITap~D-2`Ebroy1W*}X@KYduyL%K^hNjElYKhW_9u5<8Y ztr4BzMKkgz6mCh7xKX;j$-(?k>$|!kSc;FiWRXH2x3|Bt%)1DD;?esJme=)ZVE@Gl zHOvei0F=Nbl?MQ^EQh3%)`ZaTYeb~1B02ghB2vcFwjw)^O_6p_5Gkt`k+RidE)kKk ziijtyh)6jiQdSX>vK66SZLyJQ5p)>YHHSkA-4i;rIhsRhAt*K+v9mx{Uv9ZX*s%{5&S3-+bQUN&GqN@7>W5nG0{0pH7j+HwVD1*>JYOpW;5xs)fS;@%bDlj~eXDCio2-K@qNZ5kVTUadbJiU3K>?rjJm}NdW z*^nCF%=N9;*B6^*RWH-dwSvYlGU||*=O?|F^pf!)V^%3&_#Q-xt}ZzXM-sq$mXf_y zZcLU&l$Tx*8^L&P`y)N?!0(U7QK|Ee?aOT1Dm$%*z-wb7#(}JdzBodvdw8~4JrwM5 zeunaA1ate-|4W`*`eprv1b8Mr`%=_F(z8#`x9C}*R3p&AA?+(YO&_o>uTX>cS7^6m ze<6A?W97jX2!L&%ebxG*!44xyuW2I-Hv5@;xwnMt9Ru1j70U~AF9_GW2#ZB~<(c|e zL{eVmt?G(7`4+428ZHew9`TCiq*u$2azLL+_^EYHZG#$*M(tZTs6QZgMcRS~*|hUQ zt#32jmdUC%FP2Wf=8?qBWVbO>CII%)LNwM=E7Rrla`tZZB&hv%*h%npf?w0%P&;T6 zv5MYlANmL^!AA50iE;Bw{FUF1FyXeBiyrT8s+EgQ^Dg8|{h&+zi&dg@fHhosJ=(S) zr}^*csOb8eSvRlQ)n&5>denQ(0MhZA>w5N@@ANZ;Quo83gGNX9resH-ET^Eopa@BdA*=tq2wQu4 zkUnZY$MbOp?p0AxTk1f)HG|NP$QsbdvC9{H*7+TTsCsoXDUAX^F+8JJHMg!?c;G&`0<6WqlkL^Gm?aI zzesnAlI%?rQb=z=NwJn=FEOK8J~IJ7|MAO`zP-38WLjht{#mgE<=>NjI4kMV4pJLr zKa8r4h_Gr;O8-B=*CVdl_a#00C6sweau#VSSa(eFGCI(mqlHXbhh;cR>KTb+YWBYP zTlxM1Xsl#B!+m1!>(^F2uV<_X|4~XID@trDXPi(UEC{^29R~|Ml3rH=@0DHP0c?6X z=V*=NUUL6!0=?gHOA?CTx2Pw3hrg+KlrCIvzcEnz?NT_v0a?#8G!oB%Z*7Mn;bplT z94B5wg%ah1Pl0vg1wwXi0OF8fB1$uh*Spj(&0^$_lHTQJzxSt;Uad<;xI2EUY|XjS z&4Hx0+}!1yX?22rG@q&OhJkXj3+}~iY9n)vn|`^|yS+QDo5t?kogR=44AOVrec!{u z+OnPC)z*pu?@$+?Z1<}NAZKGB*~M3LSHcL+y$%{%Ac~UyB1D>wIZJ@1@WkVG)j3=OcVDtbC=DCvyY87q@SrvS%{7EAuMM8wvD}pH- zX5HB44(67%r{(k_iq;KD5o7aPB8E74>FYhbOjV*! z0NMzJ66mM132SN3IS^kt*S76R#KlJMoge78igs)vvEBY4vfqMMqOPu_H|j%pWG2f@ z2e(NK8nJyleeBKO>^aM&eJ`bN-YlJB8?{h~qYDBRhgZ^X;>|=Pe3h*wm+i*m$Idg* zjVW+Yg+l6F0a)c%crTK#q~Ef29T6mF9SPA08CeE_wqIxYw?Sq*&_XeqB}?)gA6af< z2M`?#*_IW`em~nvKs|!0U4~)CKy+W=#;};aV7|3B?UMd>-m+^Gd za^1Xo6Y+D(80)3lr{=x#Q>!kBVwQmJnTtXjtx>Oh_x_{ zN5Mj+l!vyA@TIrc)_%XFS0A7Rsp=7Acv)sUxmxQ7GV=5}gTOObFD_(49a^ynBmfC; zt3s4PB?!uLeBFs~vS_@g1Ai!_AsMgjRXJ#8RSUH^MX|L*4w-GO#kT#ewfwmcoVt9( zAKG4vU4~oxdc*cwZ`fXo^yt#IOZss%U@xa zUawy0LPOSjGIrtRCcNZCGOi8D1&+a)%1W!tybidVV_*&JIVk|n{XkNPpe!z9YHNlF zXNFMw!Nkvu=P8v`L_Sa!+nbuTT=x|TSN(%7hF6#AqgL|Mt_03g)+OU7mX(9rg<@R0 zHP#mzOku_D7mefe(>e~SKsQ!OLc0atnuThTP3&qG?Q^HgM3^LoQ({BOfKK55ZI1lK zr*7o;hF8cgfY1h_)d*rqrxLP+!EqtGFi}V@;H$~?vK^=LuFv6Gl-%(`=vPcH(2+|o z1XoHg{OFU0s4L&`RD$%LD}e-mKYj|Ph@_`31M^(GA=!L<5KQSc8_j49#m6O%=QZc@ zY*y`^oF&COyByTM#__!%DEUvsckDkeYn?i^dR=mUwS8*7(H8`JgL<%wXQvit+cWJ8 zN7mNokF2%lj+~iUS)5y5T)FLVdyU6=Ujw@F|FZto{z!XcZGG;@;Ml^{n7)@je~!3sO9o#>I&olY#<&)JH&93Gn92D#C=l|YHQXnB8hkRo$oR0m?ilbv;L~_-<0Bs2T5tViyEQZKiM%kgc&as@tgj}wwN_f~ zne|q(v9fq}qm{U7$&D{Ln#?Y)ubr8hYbCAQPtL%+t@*!W435SIkMJ!xe}TzstkW}# zE3batYhF8jJiY#=*S#_bznK)UIdW!ldWWSV_~7yri1yJ^_d`eM_jkL3y)jpwYYjDtE~&`qYX+jx;=o0=I2&dR$6oGDrmPBHrBS3thLrp zuCA>^8)!Foa%L9DTI;B$DGD+?c|EZZ0n1Rovd!GJ7#=CtG&9in!{!Cu-0lVi;Xu{bS3=REY5DM zuFrs^xmIhwHE*M?udXJiX4<#G%4@3|ZA58yW9>rg_SW3Sdfv{;=0S)MIoDoYTRSx0 zI)|!fg3O3Xw_7U$l+I4itX#0-wG3vBqo<6raTZS66Q95NmOTiMBV+z#YK7 zapsIM%En6T_A}6oDYsUb_JYlX+3WIj>$GSIFSJ*06AP^(n(f4t`Y+5j}@C;{UhvD zLj9Tfb2BS*8etJ$kQrV}W?L6lK^Z7nY)fO@wth0Wj&{$Ze%Ag!&|dnn)BeWQ*Qj~c z8V#GZJw@B+P;kwKZ&N0zDBpT z+Na=^+Yl9m`!v!&FL4iodT%{=y~brs*}df+bSvM^e^PJj$u4ih5Z$-8rQMm; z#kJLyBdaUUx%vieM2DZ^Gt4Ku|F>KV*OF3{>jt8>dal)8IJJ6Ssb0lpvXs|U}e&ub72*%(tAl4fb|b&RS*c0o#C@w%In*$eBfAh?^h-|b=I%jkNU zGL#dd) zDy~48Gt=4CHTWs(_i&$64~hAwjzQ2F2HaZWn6WRdIiKY9e9H&!ddhwFe4Xdw;jLJ+ zzQNPoJeU782cAU7CZEig60HvK`7S=frQ}cgMLH<^M>E6K^Z6D(2-k=C@Q#jPkdH&r z6%jFXE86kgB9_23?75ltqG@l`&HUopnNu?`YX>v<&HerL;1%@yf{hhXbN)p(j+4QC z0Hd+{yr=cN=V6ExN;pyI+oY}L_zu2>vvv}<|aC3eZ7*t1+z!Z99}0_Sy^25f6g{Q8@YCDkA|39|4@1-t7ePvS4dG@7Tb_0gPk zuepk+H7C(seu1v_QH-W%sw+7b46+xpS*k0UK(wqsm8q^i>Qj1IJTG5CWg7DteAKVT z(6#F6S|5!ukFUPY=dFC+$LGU*eudBP@%bX3uk!gDKK*5M51;4ondI|wK0m-`iO-w( z{5+q3&*vL_YL$BMOg=271mDf)D4$pHndWnv&l~u>htE&&`2?TO@c9Ei|B=ssCb0m1p#+*bbxRH?RHuzimKUr%Lt-%e!OI8(qIbIH2xMlQhx8RXA8E+ia z;1zQBllAor!7I1MAi*uUM=!qM##sj1Bx@UUC(R|48=Cv^`4cbP!3~mh7ajz!S4`&| zP_IIsNx{Gy1^|)ms8W|xXZzf9oH2<-$Dh2mz`P!54f{v zWu#$aC68)o==^%Q>B03|J!{$*gAm_!@RBTuF)UiN5?o&l(+J8S0eEV)3#iNEhVIH1 z(*-Y65Jyl{h~t8^D=Z6+cfzjV#v`|QdS)c>0f9`hYnGG1IaC&wX4>rl8EhE19ELqSIyf%we2tQVASc^U# z?F6|>&O8YcHN5;se$!5)F>epjQNF=doJMVNB*TV`7yuL>TYc&|6>OLLw-LP}__yI7mwvUhH+)a| z&!T6P{wm;zTs&F+rSL7`E%A}kcLtv?|6K62_&ej@48IgtgO8Sja6bCWuvH$7-WB~p zbSS>L^e5$?i5@NOFIUT-h;Ax>M|6Ae>gWaWU&db!ek*=c>2twH;tS;i(MotaZkB$r z^pfCj!;b}b#nG%OWwaq5MrmvQX!0fcmJgC;CT}?-N!^;6Om0=`*JmbQ_`=2uiHPS;w$^6W)>>^7 z?OV-qCGExAPOcLjSt7MBA&OsEKbrKpawQ=S@2#63@*=+Fue^?L`7qrr)x@{uS=Q!u z-}WxwCTpvHv-v*2GsOk^C;v!3eah!JpX>P~`u9W0b^PhOuJ29Bn+_iAyKeCI!NI|y z!QsJ?!O_97!STU~!O6j?p~0b{q2ZyCq0ynSq4A-Kp~<1C;lbgd;o;$t;nCr-;ql># z;mP5tk-?Fnk>Qb%kGV7$;G;wl#YIbmBd}wsC zH8?ssGc$1_JTyIxiMBN8^v><4ebmoL>(R)!UVV+E=$abE&wt`ZX9$p|@txO8S4|6! z)6>#W)5@c-l`E)52vd0(Gan&qIow_!8axHXT>0?i^ns0u*#q`x?$qiUQ6|^(DwsdO ztfz)2TC)>#ljE)7*^!B$b&}X|UMlI?MIY(fq{h z*zC;M#NgQ2=-kBY%!%svix?8Rk<~M6lMCMS8NXpg!RqLsO+q=f4uIz@6gjM=mM$Pi zTf<{h3u6nD^Jt;5@u?HN-%Z~`!$r0jRgeQ53zK8BW23|4Gp)hNnZcp)6MePmX+4`h zx4JlA>-W1z*6$Yq*doCms*xzX{~)Y#C(%>3j$%JD?~Np-U@KRB{5 zHN#r)@Z2EE@5EK2+UT%BbKuoC>;%!m>Gi{hU(%Z0xJ@vPa0@)GxsipT+2M(q$cOxEoB4tZbYf zbJ&+tU*LlR*2N>}N_)5=4Nw4eY+_<|aBgU7aByZ~aAlXwk|&JT``&0vt{z{&WDXFV~XGlPSZbHft|S!-x)es=i8)lv;( zCSntQeSUcG)idW`-v4bGj|_r&nDMi+*L$H!*I=SJseCx?bk?EgnV-2Cv|)Z_v(HZ}~!1}9ED`&$6C zHP)J#otR%(m>C|PnVdZFowtIx@u6-CyT!1>udyYon~7421nuU70y)9HcnF4WP2$td zj?d4*-zTma+|GBN0pJQ+49(BX3{B19@XgGOO->D;NS>(0@X%CiVFaX4%}lk1W`|BR zo~Q*r=LGv-TJys*BU6);b0?Zl)M9>QbQ~9OVhGn0%QAA}IZxDLVQgk%ZhmfLba-xd zVQPNn#DNiJE)zQC64c}@hlc0bd_d$ieR6emnaPi$-de*`Ep!T48y!0FUGEQbe4Rl+ zh9>9Rt7oRMHYEKqZ5W4c3S3DN^ICqZz~Sp{%YZtNK4;0usCr;yZ1%v$Bwv_t$*%th zwz-LgxrwR4xslfF@a)9siRYR(WGV{KMu)dSW&(KlFoMlo55qwER*&?Cl^UFFjbLa7 zp#Y5WyjK<{Iy!!(-n7@|FoG<|0ki|(f9vhc{vy3NwIrl^O_YrbmM2(^4Sa;h@Wu>UVMpN z;J-`j-Hge=Y!=8QwNej(VF1E?n|=KM*}+DL0wi_>(z>i# z@S$zpGw+n<*eCbWu=c*}*C%S5#`Y6xX6pQa>&7M249fhfLL+jqynhhzPmesN;AxajD z1Lo!FMdz}KwPgC0k&ZK&D9UI)6)gR`^oQN6vJ5~YoRWgE=dhNdhCbxl#Y>fMtG7F6jXV&o|8 zP}x|hGE#xl!D`*-jj4vRsyZ`bx8qpE*1HC z$JWoIeL?3Eu&QgF9jc}aL#QjQZP&WDzdW|e^3+QqT(c6wsruQ&A?A89?fP(Zo@Gk; zVyC-10$c)C7<4mqxdv7h#=T>?VPYn$Rn*K(C!EB{(uk@eR~~rShAJrb!hOr+Y^>tm zhCe;spPW1!WN`xlrSCZ*J~Y9-^VRiajilm>Djk$nTE6Nq<+szMJg(zxb}WL8E<)DD z#ARVMhTMa^Y~D6ar+lZ}yFMd%Km_0z;eGE|jT^$yK>fXJh(!u)YSI?~WzmC3-u>A( zcL>$?B5@@mr(KUC__Foh!WF{k6)?Ujaao;0FKx=EbI-oHn?LLv zF0Rop)@JjeC#xu#G)Li5J(+VfD^;%#&}6lYX>#v#5;faMq;Ss(AQh{Lezp-m8vG0wyF=Se=acwB&=Lft!Yr)hE)~;Y4hB+8z?X116ebuqf4)d+#gbn8Zgw z*F={t6U4PaTODj)*ZGV7jibw$6O}K?FHW0l?FXH=CB$)MU@1!XzIPm-tJVkmM|1ez zIYUOe2}QPt7EM-a=o-8>oN?EITtn|(h?EO+k$4g3TBs-xMBhD64syOdEL)h1!bF;> zTgZ({bsbyo+s=LKmk&EbQ{o^xlUIc=t?%5oT|7Q$3lB+5r17#Jng*iVH#MN%TKD3u z8c(M0Yil8Z$S>uQ-nwtUQxlX7-1@d1h=nj2wR``qdP;Dwhhw!$`wBeZd#&9E9spLZ zbVpDu>b_^WLy^0e9zdt<;2U3%HmVwMS2ym1cHFQrac|&j*OVt|`_WE3iAAAFpR6aC z*Fo3rLr;&-Rl?j-PQ_ecOWEc=;H~n!YL)MM3Kj11J)i%o^L00HCc;p{{`Bt3avwK& z+vVvmZLT1C%N9zsF~HrIB`IE}d260m70)h7U2#8VX`#3c>@08F7Fte-f>%Dx^GyN; z(JyesfoRKzXS0oVX0zB31Z2u@SAU$kmuZ%IA`KRXV(2SX_6-bSZrq2L$9QwX+K!wp z#fDR8Y9mfN_wArP`6GDgBOe*pVS=)nQ;_Cune2 z#5`lkCMRN{C^=&uvtV>x<#YEPu-5xwC*^kE`B?g8q^UnP{yMVM9~Yn~J2{y_xtE~u ze1$LDpoNz;y45-uK-YH(P(1e72H$bp8P}B+JYN@pIAP!1ToC=eH+kC*tF|A=n43O_ zLMs~MzI(aElc}pj5JUlPy?wJ|l@@YNTim$qdasqOy+Abo#H65+dGuNk)3 zTD-+|=lsKo^ffjzn@y3w#Ps^WU+?Gb?&~rA!TypAx|huW z(t^0#t^+|4_IfwO{QiNAW84Trki`r@xzyc_8Qj&F-#?HctXV0NOahxH-K}k?O6{&4 z$$s3$`MCXl+`<+rxcRE58q!x)*=ggpPabxi$0M9hd<4WJQ40@RDJq7yhSC+}l_r-D7xl<-`w*OGYPLLCwI{w?GZUgc2u1L_hITZ=R# zce_&Tm8g>9XdO3lclQR~3IU4oy6GA?zo1A8_AU@9ug>}FC%<;g0{|M7s-ubQm$Y=6 zK47W?Fl}wR3aJa_8r!$QEzSx1vfCY82s`Q3;bRC0P%efPo?m@<;Nr$>=faNseEpmd zW4qna`7u7f@tE8J;BEwkyThB;zvruYz5V(e{R#IEojdCN-}m*g z-jBqqMF4=nYrkI#4nF;s$)DE1aQWxYWXwKF7A69P@6W#O*qbXE!VhF$GyZ8MHu!9I zHm0qg%gzxQy4S+zvxgV${`DV>ztijwWoN_TjT=WloNdSwg2)oSkew5G&ECj89TN(*yFQ5o}H7o_l|xdz6ghVKRI^sQ`sZ)`A#Rd zXBI!5UEouZE&7@4(dEne{?EpTke~cqcAj@{b~pBZJ`+@QjJPFnPU5rqQhXMp9;vYq ztOj%!sO$VfcIo7!O)60)m^#uzwGhB_6k)VNf=b}3IF_NsWf$%jGoeC{4M3;bWy=3} zs`726EUGDzKj4FPzm(mcZ!REheGA-xM<}SRxnItt&XBrF|EhZIXp(Nyowhv!4GNJx z2oM#5`;}~uC#$t~fYqD&y!iNRh7NBwOG3QarORW<2yPZP$^F3h_piMmg>RA?RV;X8 z&Ywg*BSa18ae$zq3{PQ$0*Cw6?77uo3mP`D-D+%BHS=MA_lD3+b3`L(6u3$t&45}- zU{&*0 zvY9e9BggziBfiT;qoyd^my}>S_ZykuuazL6No6VcZm7{n*Oe@}E^uk&SGw2kH!~rT z;{)sDbwrx5xD^J0gbmT%&=z^`ek)rQG}j+bujV6CFQBDV-3|mkpjzdAJNw3E52E&1 zk(bny>jq8*5T#n6j{BYUI?4w{%uuj(I@OtF6QeyG7FzbV9Q(`5p@j^F<0h^4>xirdo=r!gGn4%4G|fQDNipXEb3;N-16$N?fQYyVCt(bOWgg4p)s-7{T_zB0Yb| z*9^pt?LcW6TCYQfR`%|XGGVz^%L#Rlz+DOyDvEd*z+rb_kcCHn-gg`fa`pzXfTqgs z{y6i~$CsOGj&1668Ar@LrNmPOcN7azNwu}gd%PP(c`D3*5jI^& zm=Y$e3J^S^Q1_=JU!$>qTVC`|s;tkEdcOEZW{!7YI{a0qJ|!n<8-3|0I8P<~x z^X~7m?fcf#u@X5>90jy#3Y4h6cv@FmQ(Uh2LWGu6Y@5RU)2;f~Hi)a2>=EBLkG@ay zLn`s~pToHqb>)i!@FxtPTw&b5PLB}txK&6y!GD4&6#{%;Bg9g+_e?DpX5-n4MApW5y%)34K7h1Tm?9#63a zSzlMX|H|%0p!xD1rT-JIG^&@z2-7!R3%RR(Qz2T=*8TTgb#S_`o^}8^oI~X6ss=(- z#Q*=ft6*^Y3^sznU^Ck3;v%a0`aH} z%(;Xt8j$Q8-ur1V!bthe-Gt37(?Y!{^`s+p;o*%C0kwFuXreCpc4 z!QSF+&pdOLjP0w;m-A~ zH06tr-jLf}Ttz+XFFuacPi_=$UESGjxx#Ysaoj7{`=|$RiH>}6@xp?0y~Taa{{z1E Bn{EIA literal 0 HcmV?d00001 diff --git a/crates/build/tests/wit/cmd-full/command.wit b/crates/build/tests/wit/cmd-full/command.wit new file mode 100644 index 0000000000..d8005bd388 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/command.wit @@ -0,0 +1,7 @@ +package wasi:cli@0.2.0; + +world command { + include imports; + + export run; +} diff --git a/crates/build/tests/wit/cmd-full/deps/clocks/monotonic-clock.wit b/crates/build/tests/wit/cmd-full/deps/clocks/monotonic-clock.wit new file mode 100644 index 0000000000..4e4dc3a199 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/clocks/monotonic-clock.wit @@ -0,0 +1,45 @@ +package wasi:clocks@0.2.0; +/// WASI Monotonic Clock is a clock API intended to let users measure elapsed +/// time. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A monotonic clock is a clock which has an unspecified initial value, and +/// successive reads of the clock will produce non-decreasing values. +/// +/// It is intended for measuring elapsed time. +interface monotonic-clock { + use wasi:io/poll@0.2.0.{pollable}; + + /// An instant in time, in nanoseconds. An instant is relative to an + /// unspecified initial value, and can only be compared to instances from + /// the same monotonic-clock. + type instant = u64; + + /// A duration of time, in nanoseconds. + type duration = u64; + + /// Read the current value of the clock. + /// + /// The clock is monotonic, therefore calling this function repeatedly will + /// produce a sequence of non-decreasing values. + now: func() -> instant; + + /// Query the resolution of the clock. Returns the duration of time + /// corresponding to a clock tick. + resolution: func() -> duration; + + /// Create a `pollable` which will resolve once the specified instant + /// occured. + subscribe-instant: func( + when: instant, + ) -> pollable; + + /// Create a `pollable` which will resolve once the given duration has + /// elapsed, starting at the time at which this function was called. + /// occured. + subscribe-duration: func( + when: duration, + ) -> pollable; +} diff --git a/crates/build/tests/wit/cmd-full/deps/clocks/wall-clock.wit b/crates/build/tests/wit/cmd-full/deps/clocks/wall-clock.wit new file mode 100644 index 0000000000..440ca0f336 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/clocks/wall-clock.wit @@ -0,0 +1,42 @@ +package wasi:clocks@0.2.0; +/// WASI Wall Clock is a clock API intended to let users query the current +/// time. The name "wall" makes an analogy to a "clock on the wall", which +/// is not necessarily monotonic as it may be reset. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A wall clock is a clock which measures the date and time according to +/// some external reference. +/// +/// External references may be reset, so this clock is not necessarily +/// monotonic, making it unsuitable for measuring elapsed time. +/// +/// It is intended for reporting the current date and time for humans. +interface wall-clock { + /// A time and date in seconds plus nanoseconds. + record datetime { + seconds: u64, + nanoseconds: u32, + } + + /// Read the current value of the clock. + /// + /// This clock is not monotonic, therefore calling this function repeatedly + /// will not necessarily produce a sequence of non-decreasing values. + /// + /// The returned timestamps represent the number of seconds since + /// 1970-01-01T00:00:00Z, also known as [POSIX's Seconds Since the Epoch], + /// also known as [Unix Time]. + /// + /// The nanoseconds field of the output is always less than 1000000000. + /// + /// [POSIX's Seconds Since the Epoch]: https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap04.html#tag_21_04_16 + /// [Unix Time]: https://en.wikipedia.org/wiki/Unix_time + now: func() -> datetime; + + /// Query the resolution of the clock. + /// + /// The nanoseconds field of the output is always less than 1000000000. + resolution: func() -> datetime; +} diff --git a/crates/build/tests/wit/cmd-full/deps/clocks/world.wit b/crates/build/tests/wit/cmd-full/deps/clocks/world.wit new file mode 100644 index 0000000000..c0224572a5 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/clocks/world.wit @@ -0,0 +1,6 @@ +package wasi:clocks@0.2.0; + +world imports { + import monotonic-clock; + import wall-clock; +} diff --git a/crates/build/tests/wit/cmd-full/deps/filesystem/preopens.wit b/crates/build/tests/wit/cmd-full/deps/filesystem/preopens.wit new file mode 100644 index 0000000000..da801f6d60 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/filesystem/preopens.wit @@ -0,0 +1,8 @@ +package wasi:filesystem@0.2.0; + +interface preopens { + use types.{descriptor}; + + /// Return the set of preopened directories, and their path. + get-directories: func() -> list>; +} diff --git a/crates/build/tests/wit/cmd-full/deps/filesystem/types.wit b/crates/build/tests/wit/cmd-full/deps/filesystem/types.wit new file mode 100644 index 0000000000..11108fcda2 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/filesystem/types.wit @@ -0,0 +1,634 @@ +package wasi:filesystem@0.2.0; +/// WASI filesystem is a filesystem API primarily intended to let users run WASI +/// programs that access their files on their existing filesystems, without +/// significant overhead. +/// +/// It is intended to be roughly portable between Unix-family platforms and +/// Windows, though it does not hide many of the major differences. +/// +/// Paths are passed as interface-type `string`s, meaning they must consist of +/// a sequence of Unicode Scalar Values (USVs). Some filesystems may contain +/// paths which are not accessible by this API. +/// +/// The directory separator in WASI is always the forward-slash (`/`). +/// +/// All paths in WASI are relative paths, and are interpreted relative to a +/// `descriptor` referring to a base directory. If a `path` argument to any WASI +/// function starts with `/`, or if any step of resolving a `path`, including +/// `..` and symbolic link steps, reaches a directory outside of the base +/// directory, or reaches a symlink to an absolute or rooted path in the +/// underlying filesystem, the function fails with `error-code::not-permitted`. +/// +/// For more information about WASI path resolution and sandboxing, see +/// [WASI filesystem path resolution]. +/// +/// [WASI filesystem path resolution]: https://github.com/WebAssembly/wasi-filesystem/blob/main/path-resolution.md +interface types { + use wasi:io/streams@0.2.0.{input-stream, output-stream, error}; + use wasi:clocks/wall-clock@0.2.0.{datetime}; + + /// File size or length of a region within a file. + type filesize = u64; + + /// The type of a filesystem object referenced by a descriptor. + /// + /// Note: This was called `filetype` in earlier versions of WASI. + enum descriptor-type { + /// The type of the descriptor or file is unknown or is different from + /// any of the other types specified. + unknown, + /// The descriptor refers to a block device inode. + block-device, + /// The descriptor refers to a character device inode. + character-device, + /// The descriptor refers to a directory inode. + directory, + /// The descriptor refers to a named pipe. + fifo, + /// The file refers to a symbolic link inode. + symbolic-link, + /// The descriptor refers to a regular file inode. + regular-file, + /// The descriptor refers to a socket. + socket, + } + + /// Descriptor flags. + /// + /// Note: This was called `fdflags` in earlier versions of WASI. + flags descriptor-flags { + /// Read mode: Data can be read. + read, + /// Write mode: Data can be written to. + write, + /// Request that writes be performed according to synchronized I/O file + /// integrity completion. The data stored in the file and the file's + /// metadata are synchronized. This is similar to `O_SYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + file-integrity-sync, + /// Request that writes be performed according to synchronized I/O data + /// integrity completion. Only the data stored in the file is + /// synchronized. This is similar to `O_DSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + data-integrity-sync, + /// Requests that reads be performed at the same level of integrety + /// requested for writes. This is similar to `O_RSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + requested-write-sync, + /// Mutating directories mode: Directory contents may be mutated. + /// + /// When this flag is unset on a descriptor, operations using the + /// descriptor which would create, rename, delete, modify the data or + /// metadata of filesystem objects, or obtain another handle which + /// would permit any of those, shall fail with `error-code::read-only` if + /// they would otherwise succeed. + /// + /// This may only be set on directories. + mutate-directory, + } + + /// File attributes. + /// + /// Note: This was called `filestat` in earlier versions of WASI. + record descriptor-stat { + /// File type. + %type: descriptor-type, + /// Number of hard links to the file. + link-count: link-count, + /// For regular files, the file size in bytes. For symbolic links, the + /// length in bytes of the pathname contained in the symbolic link. + size: filesize, + /// Last data access timestamp. + /// + /// If the `option` is none, the platform doesn't maintain an access + /// timestamp for this file. + data-access-timestamp: option, + /// Last data modification timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// modification timestamp for this file. + data-modification-timestamp: option, + /// Last file status-change timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// status-change timestamp for this file. + status-change-timestamp: option, + } + + /// Flags determining the method of how paths are resolved. + flags path-flags { + /// As long as the resolved path corresponds to a symbolic link, it is + /// expanded. + symlink-follow, + } + + /// Open flags used by `open-at`. + flags open-flags { + /// Create file if it does not exist, similar to `O_CREAT` in POSIX. + create, + /// Fail if not a directory, similar to `O_DIRECTORY` in POSIX. + directory, + /// Fail if file already exists, similar to `O_EXCL` in POSIX. + exclusive, + /// Truncate file to size 0, similar to `O_TRUNC` in POSIX. + truncate, + } + + /// Number of hard links to an inode. + type link-count = u64; + + /// When setting a timestamp, this gives the value to set it to. + variant new-timestamp { + /// Leave the timestamp set to its previous value. + no-change, + /// Set the timestamp to the current time of the system clock associated + /// with the filesystem. + now, + /// Set the timestamp to the given value. + timestamp(datetime), + } + + /// A directory entry. + record directory-entry { + /// The type of the file referred to by this directory entry. + %type: descriptor-type, + + /// The name of the object. + name: string, + } + + /// Error codes returned by functions, similar to `errno` in POSIX. + /// Not all of these error codes are returned by the functions provided by this + /// API; some are used in higher-level library layers, and others are provided + /// merely for alignment with POSIX. + enum error-code { + /// Permission denied, similar to `EACCES` in POSIX. + access, + /// Resource unavailable, or operation would block, similar to `EAGAIN` and `EWOULDBLOCK` in POSIX. + would-block, + /// Connection already in progress, similar to `EALREADY` in POSIX. + already, + /// Bad descriptor, similar to `EBADF` in POSIX. + bad-descriptor, + /// Device or resource busy, similar to `EBUSY` in POSIX. + busy, + /// Resource deadlock would occur, similar to `EDEADLK` in POSIX. + deadlock, + /// Storage quota exceeded, similar to `EDQUOT` in POSIX. + quota, + /// File exists, similar to `EEXIST` in POSIX. + exist, + /// File too large, similar to `EFBIG` in POSIX. + file-too-large, + /// Illegal byte sequence, similar to `EILSEQ` in POSIX. + illegal-byte-sequence, + /// Operation in progress, similar to `EINPROGRESS` in POSIX. + in-progress, + /// Interrupted function, similar to `EINTR` in POSIX. + interrupted, + /// Invalid argument, similar to `EINVAL` in POSIX. + invalid, + /// I/O error, similar to `EIO` in POSIX. + io, + /// Is a directory, similar to `EISDIR` in POSIX. + is-directory, + /// Too many levels of symbolic links, similar to `ELOOP` in POSIX. + loop, + /// Too many links, similar to `EMLINK` in POSIX. + too-many-links, + /// Message too large, similar to `EMSGSIZE` in POSIX. + message-size, + /// Filename too long, similar to `ENAMETOOLONG` in POSIX. + name-too-long, + /// No such device, similar to `ENODEV` in POSIX. + no-device, + /// No such file or directory, similar to `ENOENT` in POSIX. + no-entry, + /// No locks available, similar to `ENOLCK` in POSIX. + no-lock, + /// Not enough space, similar to `ENOMEM` in POSIX. + insufficient-memory, + /// No space left on device, similar to `ENOSPC` in POSIX. + insufficient-space, + /// Not a directory or a symbolic link to a directory, similar to `ENOTDIR` in POSIX. + not-directory, + /// Directory not empty, similar to `ENOTEMPTY` in POSIX. + not-empty, + /// State not recoverable, similar to `ENOTRECOVERABLE` in POSIX. + not-recoverable, + /// Not supported, similar to `ENOTSUP` and `ENOSYS` in POSIX. + unsupported, + /// Inappropriate I/O control operation, similar to `ENOTTY` in POSIX. + no-tty, + /// No such device or address, similar to `ENXIO` in POSIX. + no-such-device, + /// Value too large to be stored in data type, similar to `EOVERFLOW` in POSIX. + overflow, + /// Operation not permitted, similar to `EPERM` in POSIX. + not-permitted, + /// Broken pipe, similar to `EPIPE` in POSIX. + pipe, + /// Read-only file system, similar to `EROFS` in POSIX. + read-only, + /// Invalid seek, similar to `ESPIPE` in POSIX. + invalid-seek, + /// Text file busy, similar to `ETXTBSY` in POSIX. + text-file-busy, + /// Cross-device link, similar to `EXDEV` in POSIX. + cross-device, + } + + /// File or memory access pattern advisory information. + enum advice { + /// The application has no advice to give on its behavior with respect + /// to the specified data. + normal, + /// The application expects to access the specified data sequentially + /// from lower offsets to higher offsets. + sequential, + /// The application expects to access the specified data in a random + /// order. + random, + /// The application expects to access the specified data in the near + /// future. + will-need, + /// The application expects that it will not access the specified data + /// in the near future. + dont-need, + /// The application expects to access the specified data once and then + /// not reuse it thereafter. + no-reuse, + } + + /// A 128-bit hash value, split into parts because wasm doesn't have a + /// 128-bit integer type. + record metadata-hash-value { + /// 64 bits of a 128-bit hash value. + lower: u64, + /// Another 64 bits of a 128-bit hash value. + upper: u64, + } + + /// A descriptor is a reference to a filesystem object, which may be a file, + /// directory, named pipe, special file, or other object on which filesystem + /// calls may be made. + resource descriptor { + /// Return a stream for reading from a file, if available. + /// + /// May fail with an error-code describing why the file cannot be read. + /// + /// Multiple read, write, and append streams may be active on the same open + /// file and they do not interfere with each other. + /// + /// Note: This allows using `read-stream`, which is similar to `read` in POSIX. + read-via-stream: func( + /// The offset within the file at which to start reading. + offset: filesize, + ) -> result; + + /// Return a stream for writing to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be written. + /// + /// Note: This allows using `write-stream`, which is similar to `write` in + /// POSIX. + write-via-stream: func( + /// The offset within the file at which to start writing. + offset: filesize, + ) -> result; + + /// Return a stream for appending to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be appended. + /// + /// Note: This allows using `write-stream`, which is similar to `write` with + /// `O_APPEND` in in POSIX. + append-via-stream: func() -> result; + + /// Provide file advisory information on a descriptor. + /// + /// This is similar to `posix_fadvise` in POSIX. + advise: func( + /// The offset within the file to which the advisory applies. + offset: filesize, + /// The length of the region to which the advisory applies. + length: filesize, + /// The advice. + advice: advice + ) -> result<_, error-code>; + + /// Synchronize the data of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fdatasync` in POSIX. + sync-data: func() -> result<_, error-code>; + + /// Get flags associated with a descriptor. + /// + /// Note: This returns similar flags to `fcntl(fd, F_GETFL)` in POSIX. + /// + /// Note: This returns the value that was the `fs_flags` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-flags: func() -> result; + + /// Get the dynamic type of a descriptor. + /// + /// Note: This returns the same value as the `type` field of the `fd-stat` + /// returned by `stat`, `stat-at` and similar. + /// + /// Note: This returns similar flags to the `st_mode & S_IFMT` value provided + /// by `fstat` in POSIX. + /// + /// Note: This returns the value that was the `fs_filetype` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-type: func() -> result; + + /// Adjust the size of an open file. If this increases the file's size, the + /// extra bytes are filled with zeros. + /// + /// Note: This was called `fd_filestat_set_size` in earlier versions of WASI. + set-size: func(size: filesize) -> result<_, error-code>; + + /// Adjust the timestamps of an open file or directory. + /// + /// Note: This is similar to `futimens` in POSIX. + /// + /// Note: This was called `fd_filestat_set_times` in earlier versions of WASI. + set-times: func( + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Read from a descriptor, without using and updating the descriptor's offset. + /// + /// This function returns a list of bytes containing the data that was + /// read, along with a bool which, when true, indicates that the end of the + /// file was reached. The returned list will contain up to `length` bytes; it + /// may return fewer than requested, if the end of the file is reached or + /// if the I/O operation is interrupted. + /// + /// In the future, this may change to return a `stream`. + /// + /// Note: This is similar to `pread` in POSIX. + read: func( + /// The maximum number of bytes to read. + length: filesize, + /// The offset within the file at which to read. + offset: filesize, + ) -> result, bool>, error-code>; + + /// Write to a descriptor, without using and updating the descriptor's offset. + /// + /// It is valid to write past the end of a file; the file is extended to the + /// extent of the write, with bytes between the previous end and the start of + /// the write set to zero. + /// + /// In the future, this may change to take a `stream`. + /// + /// Note: This is similar to `pwrite` in POSIX. + write: func( + /// Data to write + buffer: list, + /// The offset within the file at which to write. + offset: filesize, + ) -> result; + + /// Read directory entries from a directory. + /// + /// On filesystems where directories contain entries referring to themselves + /// and their parents, often named `.` and `..` respectively, these entries + /// are omitted. + /// + /// This always returns a new stream which starts at the beginning of the + /// directory. Multiple streams may be active on the same directory, and they + /// do not interfere with each other. + read-directory: func() -> result; + + /// Synchronize the data and metadata of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fsync` in POSIX. + sync: func() -> result<_, error-code>; + + /// Create a directory. + /// + /// Note: This is similar to `mkdirat` in POSIX. + create-directory-at: func( + /// The relative path at which to create the directory. + path: string, + ) -> result<_, error-code>; + + /// Return the attributes of an open file or directory. + /// + /// Note: This is similar to `fstat` in POSIX, except that it does not return + /// device and inode information. For testing whether two descriptors refer to + /// the same underlying filesystem object, use `is-same-object`. To obtain + /// additional data that can be used do determine whether a file has been + /// modified, use `metadata-hash`. + /// + /// Note: This was called `fd_filestat_get` in earlier versions of WASI. + stat: func() -> result; + + /// Return the attributes of a file or directory. + /// + /// Note: This is similar to `fstatat` in POSIX, except that it does not + /// return device and inode information. See the `stat` description for a + /// discussion of alternatives. + /// + /// Note: This was called `path_filestat_get` in earlier versions of WASI. + stat-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + + /// Adjust the timestamps of a file or directory. + /// + /// Note: This is similar to `utimensat` in POSIX. + /// + /// Note: This was called `path_filestat_set_times` in earlier versions of + /// WASI. + set-times-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to operate on. + path: string, + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Create a hard link. + /// + /// Note: This is similar to `linkat` in POSIX. + link-at: func( + /// Flags determining the method of how the path is resolved. + old-path-flags: path-flags, + /// The relative source path from which to link. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path at which to create the hard link. + new-path: string, + ) -> result<_, error-code>; + + /// Open a file or directory. + /// + /// The returned descriptor is not guaranteed to be the lowest-numbered + /// descriptor not currently open/ it is randomized to prevent applications + /// from depending on making assumptions about indexes, since this is + /// error-prone in multi-threaded contexts. The returned descriptor is + /// guaranteed to be less than 2**31. + /// + /// If `flags` contains `descriptor-flags::mutate-directory`, and the base + /// descriptor doesn't have `descriptor-flags::mutate-directory` set, + /// `open-at` fails with `error-code::read-only`. + /// + /// If `flags` contains `write` or `mutate-directory`, or `open-flags` + /// contains `truncate` or `create`, and the base descriptor doesn't have + /// `descriptor-flags::mutate-directory` set, `open-at` fails with + /// `error-code::read-only`. + /// + /// Note: This is similar to `openat` in POSIX. + open-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the object to open. + path: string, + /// The method by which to open the file. + open-flags: open-flags, + /// Flags to use for the resulting descriptor. + %flags: descriptor-flags, + ) -> result; + + /// Read the contents of a symbolic link. + /// + /// If the contents contain an absolute or rooted path in the underlying + /// filesystem, this function fails with `error-code::not-permitted`. + /// + /// Note: This is similar to `readlinkat` in POSIX. + readlink-at: func( + /// The relative path of the symbolic link from which to read. + path: string, + ) -> result; + + /// Remove a directory. + /// + /// Return `error-code::not-empty` if the directory is not empty. + /// + /// Note: This is similar to `unlinkat(fd, path, AT_REMOVEDIR)` in POSIX. + remove-directory-at: func( + /// The relative path to a directory to remove. + path: string, + ) -> result<_, error-code>; + + /// Rename a filesystem object. + /// + /// Note: This is similar to `renameat` in POSIX. + rename-at: func( + /// The relative source path of the file or directory to rename. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path to which to rename the file or directory. + new-path: string, + ) -> result<_, error-code>; + + /// Create a symbolic link (also known as a "symlink"). + /// + /// If `old-path` starts with `/`, the function fails with + /// `error-code::not-permitted`. + /// + /// Note: This is similar to `symlinkat` in POSIX. + symlink-at: func( + /// The contents of the symbolic link. + old-path: string, + /// The relative destination path at which to create the symbolic link. + new-path: string, + ) -> result<_, error-code>; + + /// Unlink a filesystem object that is not a directory. + /// + /// Return `error-code::is-directory` if the path refers to a directory. + /// Note: This is similar to `unlinkat(fd, path, 0)` in POSIX. + unlink-file-at: func( + /// The relative path to a file to unlink. + path: string, + ) -> result<_, error-code>; + + /// Test whether two descriptors refer to the same filesystem object. + /// + /// In POSIX, this corresponds to testing whether the two descriptors have the + /// same device (`st_dev`) and inode (`st_ino` or `d_ino`) numbers. + /// wasi-filesystem does not expose device and inode numbers, so this function + /// may be used instead. + is-same-object: func(other: borrow) -> bool; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a descriptor. + /// + /// This returns a hash of the last-modification timestamp and file size, and + /// may also include the inode number, device number, birth timestamp, and + /// other metadata fields that may change when the file is modified or + /// replaced. It may also include a secret value chosen by the + /// implementation and not otherwise exposed. + /// + /// Implementations are encourated to provide the following properties: + /// + /// - If the file is not modified or replaced, the computed hash value should + /// usually not change. + /// - If the object is modified or replaced, the computed hash value should + /// usually change. + /// - The inputs to the hash should not be easily computable from the + /// computed hash. + /// + /// However, none of these is required. + metadata-hash: func() -> result; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a directory descriptor and a relative path. + /// + /// This performs the same hash computation as `metadata-hash`. + metadata-hash-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + } + + /// A stream of directory entries. + resource directory-entry-stream { + /// Read a single directory entry from a `directory-entry-stream`. + read-directory-entry: func() -> result, error-code>; + } + + /// Attempts to extract a filesystem-related `error-code` from the stream + /// `error` provided. + /// + /// Stream operations which return `stream-error::last-operation-failed` + /// have a payload with more information about the operation that failed. + /// This payload can be passed through to this function to see if there's + /// filesystem-related information about the error to return. + /// + /// Note that this function is fallible because not all stream-related + /// errors are filesystem-related errors. + filesystem-error-code: func(err: borrow) -> option; +} diff --git a/crates/build/tests/wit/cmd-full/deps/filesystem/world.wit b/crates/build/tests/wit/cmd-full/deps/filesystem/world.wit new file mode 100644 index 0000000000..663f57920d --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/filesystem/world.wit @@ -0,0 +1,6 @@ +package wasi:filesystem@0.2.0; + +world imports { + import types; + import preopens; +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/error.wit b/crates/build/tests/wit/cmd-full/deps/io/error.wit new file mode 100644 index 0000000000..22e5b64894 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/error.wit @@ -0,0 +1,34 @@ +package wasi:io@0.2.0; + + +interface error { + /// A resource which represents some error information. + /// + /// The only method provided by this resource is `to-debug-string`, + /// which provides some human-readable information about the error. + /// + /// In the `wasi:io` package, this resource is returned through the + /// `wasi:io/streams/stream-error` type. + /// + /// To provide more specific error information, other interfaces may + /// provide functions to further "downcast" this error into more specific + /// error information. For example, `error`s returned in streams derived + /// from filesystem types to be described using the filesystem's own + /// error-code type, using the function + /// `wasi:filesystem/types/filesystem-error-code`, which takes a parameter + /// `borrow` and returns + /// `option`. + /// + /// The set of functions which can "downcast" an `error` into a more + /// concrete type is open. + resource error { + /// Returns a string that is suitable to assist humans in debugging + /// this error. + /// + /// WARNING: The returned string should not be consumed mechanically! + /// It may change across platforms, hosts, or other implementation + /// details. Parsing this string is a major platform-compatibility + /// hazard. + to-debug-string: func() -> string; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/poll.wit b/crates/build/tests/wit/cmd-full/deps/io/poll.wit new file mode 100644 index 0000000000..ddc67f8b7a --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/poll.wit @@ -0,0 +1,41 @@ +package wasi:io@0.2.0; + +/// A poll API intended to let users wait for I/O events on multiple handles +/// at once. +interface poll { + /// `pollable` represents a single I/O event which may be ready, or not. + resource pollable { + + /// Return the readiness of a pollable. This function never blocks. + /// + /// Returns `true` when the pollable is ready, and `false` otherwise. + ready: func() -> bool; + + /// `block` returns immediately if the pollable is ready, and otherwise + /// blocks until ready. + /// + /// This function is equivalent to calling `poll.poll` on a list + /// containing only this pollable. + block: func(); + } + + /// Poll for completion on a set of pollables. + /// + /// This function takes a list of pollables, which identify I/O sources of + /// interest, and waits until one or more of the events is ready for I/O. + /// + /// The result `list` contains one or more indices of handles in the + /// argument list that is ready for I/O. + /// + /// If the list contains more elements than can be indexed with a `u32` + /// value, this function traps. + /// + /// A timeout can be implemented by adding a pollable from the + /// wasi-clocks API to the list. + /// + /// This function does not return a `result`; polling in itself does not + /// do any I/O so it doesn't fail. If any of the I/O sources identified by + /// the pollables has an error, it is indicated by marking the source as + /// being reaedy for I/O. + poll: func(in: list>) -> list; +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/streams.wit b/crates/build/tests/wit/cmd-full/deps/io/streams.wit new file mode 100644 index 0000000000..6d2f871e3b --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/streams.wit @@ -0,0 +1,262 @@ +package wasi:io@0.2.0; + +/// WASI I/O is an I/O abstraction API which is currently focused on providing +/// stream types. +/// +/// In the future, the component model is expected to add built-in stream types; +/// when it does, they are expected to subsume this API. +interface streams { + use error.{error}; + use poll.{pollable}; + + /// An error for input-stream and output-stream operations. + variant stream-error { + /// The last operation (a write or flush) failed before completion. + /// + /// More information is available in the `error` payload. + last-operation-failed(error), + /// The stream is closed: no more input will be accepted by the + /// stream. A closed output-stream will return this error on all + /// future operations. + closed + } + + /// An input bytestream. + /// + /// `input-stream`s are *non-blocking* to the extent practical on underlying + /// platforms. I/O operations always return promptly; if fewer bytes are + /// promptly available than requested, they return the number of bytes promptly + /// available, which could even be zero. To wait for data to be available, + /// use the `subscribe` function to obtain a `pollable` which can be polled + /// for using `wasi:io/poll`. + resource input-stream { + /// Perform a non-blocking read from the stream. + /// + /// When the source of a `read` is binary data, the bytes from the source + /// are returned verbatim. When the source of a `read` is known to the + /// implementation to be text, bytes containing the UTF-8 encoding of the + /// text are returned. + /// + /// This function returns a list of bytes containing the read data, + /// when successful. The returned list will contain up to `len` bytes; + /// it may return fewer than requested, but not more. The list is + /// empty when no bytes are available for reading at this time. The + /// pollable given by `subscribe` will be ready when more bytes are + /// available. + /// + /// This function fails with a `stream-error` when the operation + /// encounters an error, giving `last-operation-failed`, or when the + /// stream is closed, giving `closed`. + /// + /// When the caller gives a `len` of 0, it represents a request to + /// read 0 bytes. If the stream is still open, this call should + /// succeed and return an empty list, or otherwise fail with `closed`. + /// + /// The `len` parameter is a `u64`, which could represent a list of u8 which + /// is not possible to allocate in wasm32, or not desirable to allocate as + /// as a return value by the callee. The callee may return a list of bytes + /// less than `len` in size while more bytes are available for reading. + read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Read bytes from a stream, after blocking until at least one byte can + /// be read. Except for blocking, behavior is identical to `read`. + blocking-read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Skip bytes from a stream. Returns number of bytes skipped. + /// + /// Behaves identical to `read`, except instead of returning a list + /// of bytes, returns the number of bytes consumed from the stream. + skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Skip bytes from a stream, after blocking until at least one byte + /// can be skipped. Except for blocking behavior, identical to `skip`. + blocking-skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Create a `pollable` which will resolve once either the specified stream + /// has bytes available to read or the other end of the stream has been + /// closed. + /// The created `pollable` is a child resource of the `input-stream`. + /// Implementations may trap if the `input-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + } + + + /// An output bytestream. + /// + /// `output-stream`s are *non-blocking* to the extent practical on + /// underlying platforms. Except where specified otherwise, I/O operations also + /// always return promptly, after the number of bytes that can be written + /// promptly, which could even be zero. To wait for the stream to be ready to + /// accept data, the `subscribe` function to obtain a `pollable` which can be + /// polled for using `wasi:io/poll`. + resource output-stream { + /// Check readiness for writing. This function never blocks. + /// + /// Returns the number of bytes permitted for the next call to `write`, + /// or an error. Calling `write` with more bytes than this function has + /// permitted will trap. + /// + /// When this function returns 0 bytes, the `subscribe` pollable will + /// become ready when this function will report at least 1 byte, or an + /// error. + check-write: func() -> result; + + /// Perform a write. This function never blocks. + /// + /// When the destination of a `write` is binary data, the bytes from + /// `contents` are written verbatim. When the destination of a `write` is + /// known to the implementation to be text, the bytes of `contents` are + /// transcoded from UTF-8 into the encoding of the destination and then + /// written. + /// + /// Precondition: check-write gave permit of Ok(n) and contents has a + /// length of less than or equal to n. Otherwise, this function will trap. + /// + /// returns Err(closed) without writing if the stream has closed since + /// the last call to check-write provided a permit. + write: func( + contents: list + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 bytes, and then flush the stream. Block + /// until all of these operations are complete, or an error occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write`, and `flush`, and is implemented with the + /// following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while !contents.is_empty() { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, contents.len()); + /// let (chunk, rest) = contents.split_at(len); + /// this.write(chunk ); // eliding error handling + /// contents = rest; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-and-flush: func( + contents: list + ) -> result<_, stream-error>; + + /// Request to flush buffered output. This function never blocks. + /// + /// This tells the output-stream that the caller intends any buffered + /// output to be flushed. the output which is expected to be flushed + /// is all that has been passed to `write` prior to this call. + /// + /// Upon calling this function, the `output-stream` will not accept any + /// writes (`check-write` will return `ok(0)`) until the flush has + /// completed. The `subscribe` pollable will become ready when the + /// flush has completed and the stream can accept more writes. + flush: func() -> result<_, stream-error>; + + /// Request to flush buffered output, and block until flush completes + /// and stream is ready for writing again. + blocking-flush: func() -> result<_, stream-error>; + + /// Create a `pollable` which will resolve once the output-stream + /// is ready for more writing, or an error has occured. When this + /// pollable is ready, `check-write` will return `ok(n)` with n>0, or an + /// error. + /// + /// If the stream is closed, this pollable is always ready immediately. + /// + /// The created `pollable` is a child resource of the `output-stream`. + /// Implementations may trap if the `output-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + + /// Write zeroes to a stream. + /// + /// This should be used precisely like `write` with the exact same + /// preconditions (must use check-write first), but instead of + /// passing a list of bytes, you simply pass the number of zero-bytes + /// that should be written. + write-zeroes: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 zeroes, and then flush the stream. + /// Block until all of these operations are complete, or an error + /// occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write-zeroes`, and `flush`, and is implemented with + /// the following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while num_zeroes != 0 { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, num_zeroes); + /// this.write-zeroes(len); // eliding error handling + /// num_zeroes -= len; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-zeroes-and-flush: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Read from one stream and write to another. + /// + /// The behavior of splice is equivelant to: + /// 1. calling `check-write` on the `output-stream` + /// 2. calling `read` on the `input-stream` with the smaller of the + /// `check-write` permitted length and the `len` provided to `splice` + /// 3. calling `write` on the `output-stream` with that read data. + /// + /// Any error reported by the call to `check-write`, `read`, or + /// `write` ends the splice and reports that error. + /// + /// This function returns the number of bytes transferred; it may be less + /// than `len`. + splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + + /// Read from one stream and write to another, with blocking. + /// + /// This is similar to `splice`, except that it blocks until the + /// `output-stream` is ready for writing, and the `input-stream` + /// is ready for reading, before performing the `splice`. + blocking-splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/world.wit b/crates/build/tests/wit/cmd-full/deps/io/world.wit new file mode 100644 index 0000000000..5f0b43fe50 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/world.wit @@ -0,0 +1,6 @@ +package wasi:io@0.2.0; + +world imports { + import streams; + import poll; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/insecure-seed.wit b/crates/build/tests/wit/cmd-full/deps/random/insecure-seed.wit new file mode 100644 index 0000000000..47210ac6bd --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/insecure-seed.wit @@ -0,0 +1,25 @@ +package wasi:random@0.2.0; +/// The insecure-seed interface for seeding hash-map DoS resistance. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure-seed { + /// Return a 128-bit value that may contain a pseudo-random value. + /// + /// The returned value is not required to be computed from a CSPRNG, and may + /// even be entirely deterministic. Host implementations are encouraged to + /// provide pseudo-random values to any program exposed to + /// attacker-controlled content, to enable DoS protection built into many + /// languages' hash-map implementations. + /// + /// This function is intended to only be called once, by a source language + /// to initialize Denial Of Service (DoS) protection in its hash-map + /// implementation. + /// + /// # Expected future evolution + /// + /// This will likely be changed to a value import, to prevent it from being + /// called multiple times and potentially used for purposes other than DoS + /// protection. + insecure-seed: func() -> tuple; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/insecure.wit b/crates/build/tests/wit/cmd-full/deps/random/insecure.wit new file mode 100644 index 0000000000..c58f4ee852 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/insecure.wit @@ -0,0 +1,22 @@ +package wasi:random@0.2.0; +/// The insecure interface for insecure pseudo-random numbers. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure { + /// Return `len` insecure pseudo-random bytes. + /// + /// This function is not cryptographically secure. Do not use it for + /// anything related to security. + /// + /// There are no requirements on the values of the returned bytes, however + /// implementations are encouraged to return evenly distributed values with + /// a long period. + get-insecure-random-bytes: func(len: u64) -> list; + + /// Return an insecure pseudo-random `u64` value. + /// + /// This function returns the same type of pseudo-random data as + /// `get-insecure-random-bytes`, represented as a `u64`. + get-insecure-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/random.wit b/crates/build/tests/wit/cmd-full/deps/random/random.wit new file mode 100644 index 0000000000..0c017f0934 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/random.wit @@ -0,0 +1,26 @@ +package wasi:random@0.2.0; +/// WASI Random is a random data API. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface random { + /// Return `len` cryptographically-secure random or pseudo-random bytes. + /// + /// This function must produce data at least as cryptographically secure and + /// fast as an adequately seeded cryptographically-secure pseudo-random + /// number generator (CSPRNG). It must not block, from the perspective of + /// the calling program, under any circumstances, including on the first + /// request and on requests for numbers of bytes. The returned data must + /// always be unpredictable. + /// + /// This function must always return fresh data. Deterministic environments + /// must omit this function, rather than implementing it with deterministic + /// data. + get-random-bytes: func(len: u64) -> list; + + /// Return a cryptographically-secure random or pseudo-random `u64` value. + /// + /// This function returns the same type of data as `get-random-bytes`, + /// represented as a `u64`. + get-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/world.wit b/crates/build/tests/wit/cmd-full/deps/random/world.wit new file mode 100644 index 0000000000..3da34914a4 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/world.wit @@ -0,0 +1,7 @@ +package wasi:random@0.2.0; + +world imports { + import random; + import insecure; + import insecure-seed; +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/instance-network.wit b/crates/build/tests/wit/cmd-full/deps/sockets/instance-network.wit new file mode 100644 index 0000000000..e455d0ff7b --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/instance-network.wit @@ -0,0 +1,9 @@ + +/// This interface provides a value-export of the default network handle.. +interface instance-network { + use network.{network}; + + /// Get a handle to the default network. + instance-network: func() -> network; + +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/ip-name-lookup.wit b/crates/build/tests/wit/cmd-full/deps/sockets/ip-name-lookup.wit new file mode 100644 index 0000000000..8e639ec596 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/ip-name-lookup.wit @@ -0,0 +1,51 @@ + +interface ip-name-lookup { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-address}; + + + /// Resolve an internet host name to a list of IP addresses. + /// + /// Unicode domain names are automatically converted to ASCII using IDNA encoding. + /// If the input is an IP address string, the address is parsed and returned + /// as-is without making any external requests. + /// + /// See the wasi-socket proposal README.md for a comparison with getaddrinfo. + /// + /// This function never blocks. It either immediately fails or immediately + /// returns successfully with a `resolve-address-stream` that can be used + /// to (asynchronously) fetch the results. + /// + /// # Typical errors + /// - `invalid-argument`: `name` is a syntactically invalid domain name or IP address. + /// + /// # References: + /// - + /// - + /// - + /// - + resolve-addresses: func(network: borrow, name: string) -> result; + + resource resolve-address-stream { + /// Returns the next address from the resolver. + /// + /// This function should be called multiple times. On each call, it will + /// return the next address in connection order preference. If all + /// addresses have been exhausted, this function returns `none`. + /// + /// This function never returns IPv4-mapped IPv6 addresses. + /// + /// # Typical errors + /// - `name-unresolvable`: Name does not exist or has no suitable associated IP addresses. (EAI_NONAME, EAI_NODATA, EAI_ADDRFAMILY) + /// - `temporary-resolver-failure`: A temporary failure in name resolution occurred. (EAI_AGAIN) + /// - `permanent-resolver-failure`: A permanent failure in name resolution occurred. (EAI_FAIL) + /// - `would-block`: A result is not available yet. (EWOULDBLOCK, EAGAIN) + resolve-next-address: func() -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/network.wit b/crates/build/tests/wit/cmd-full/deps/sockets/network.wit new file mode 100644 index 0000000000..9cadf0650a --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/network.wit @@ -0,0 +1,145 @@ + +interface network { + /// An opaque resource that represents access to (a subset of) the network. + /// This enables context-based security for networking. + /// There is no need for this to map 1:1 to a physical network interface. + resource network; + + /// Error codes. + /// + /// In theory, every API can return any error code. + /// In practice, API's typically only return the errors documented per API + /// combined with a couple of errors that are always possible: + /// - `unknown` + /// - `access-denied` + /// - `not-supported` + /// - `out-of-memory` + /// - `concurrency-conflict` + /// + /// See each individual API for what the POSIX equivalents are. They sometimes differ per API. + enum error-code { + /// Unknown error + unknown, + + /// Access denied. + /// + /// POSIX equivalent: EACCES, EPERM + access-denied, + + /// The operation is not supported. + /// + /// POSIX equivalent: EOPNOTSUPP + not-supported, + + /// One of the arguments is invalid. + /// + /// POSIX equivalent: EINVAL + invalid-argument, + + /// Not enough memory to complete the operation. + /// + /// POSIX equivalent: ENOMEM, ENOBUFS, EAI_MEMORY + out-of-memory, + + /// The operation timed out before it could finish completely. + timeout, + + /// This operation is incompatible with another asynchronous operation that is already in progress. + /// + /// POSIX equivalent: EALREADY + concurrency-conflict, + + /// Trying to finish an asynchronous operation that: + /// - has not been started yet, or: + /// - was already finished by a previous `finish-*` call. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + not-in-progress, + + /// The operation has been aborted because it could not be completed immediately. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + would-block, + + + /// The operation is not valid in the socket's current state. + invalid-state, + + /// A new socket resource could not be created because of a system limit. + new-socket-limit, + + /// A bind operation failed because the provided address is not an address that the `network` can bind to. + address-not-bindable, + + /// A bind operation failed because the provided address is already in use or because there are no ephemeral ports available. + address-in-use, + + /// The remote address is not reachable + remote-unreachable, + + + /// The TCP connection was forcefully rejected + connection-refused, + + /// The TCP connection was reset. + connection-reset, + + /// A TCP connection was aborted. + connection-aborted, + + + /// The size of a datagram sent to a UDP socket exceeded the maximum + /// supported size. + datagram-too-large, + + + /// Name does not exist or has no suitable associated IP addresses. + name-unresolvable, + + /// A temporary failure in name resolution occurred. + temporary-resolver-failure, + + /// A permanent failure in name resolution occurred. + permanent-resolver-failure, + } + + enum ip-address-family { + /// Similar to `AF_INET` in POSIX. + ipv4, + + /// Similar to `AF_INET6` in POSIX. + ipv6, + } + + type ipv4-address = tuple; + type ipv6-address = tuple; + + variant ip-address { + ipv4(ipv4-address), + ipv6(ipv6-address), + } + + record ipv4-socket-address { + /// sin_port + port: u16, + /// sin_addr + address: ipv4-address, + } + + record ipv6-socket-address { + /// sin6_port + port: u16, + /// sin6_flowinfo + flow-info: u32, + /// sin6_addr + address: ipv6-address, + /// sin6_scope_id + scope-id: u32, + } + + variant ip-socket-address { + ipv4(ipv4-socket-address), + ipv6(ipv6-socket-address), + } + +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/tcp-create-socket.wit b/crates/build/tests/wit/cmd-full/deps/sockets/tcp-create-socket.wit new file mode 100644 index 0000000000..c7ddf1f228 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/tcp-create-socket.wit @@ -0,0 +1,27 @@ + +interface tcp-create-socket { + use network.{network, error-code, ip-address-family}; + use tcp.{tcp-socket}; + + /// Create a new TCP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_STREAM, IPPROTO_TCP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind`/`connect` + /// is called, the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + create-tcp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/tcp.wit b/crates/build/tests/wit/cmd-full/deps/sockets/tcp.wit new file mode 100644 index 0000000000..5902b9ee05 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/tcp.wit @@ -0,0 +1,353 @@ + +interface tcp { + use wasi:io/streams@0.2.0.{input-stream, output-stream}; + use wasi:io/poll@0.2.0.{pollable}; + use wasi:clocks/monotonic-clock@0.2.0.{duration}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + enum shutdown-type { + /// Similar to `SHUT_RD` in POSIX. + receive, + + /// Similar to `SHUT_WR` in POSIX. + send, + + /// Similar to `SHUT_RDWR` in POSIX. + both, + } + + /// A TCP socket resource. + /// + /// The socket can be in one of the following states: + /// - `unbound` + /// - `bind-in-progress` + /// - `bound` (See note below) + /// - `listen-in-progress` + /// - `listening` + /// - `connect-in-progress` + /// - `connected` + /// - `closed` + /// See + /// for a more information. + /// + /// Note: Except where explicitly mentioned, whenever this documentation uses + /// the term "bound" without backticks it actually means: in the `bound` state *or higher*. + /// (i.e. `bound`, `listen-in-progress`, `listening`, `connect-in-progress` or `connected`) + /// + /// In addition to the general error codes documented on the + /// `network::error-code` type, TCP socket methods may always return + /// `error(invalid-state)` when in the `closed` state. + resource tcp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the TCP/UDP port is zero, the socket will be bound to a random free port. + /// + /// Bind can be attempted multiple times on the same socket, even with + /// different arguments on each iteration. But never concurrently and + /// only as long as the previous bind failed. Once a bind succeeds, the + /// binding can't be changed anymore. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-argument`: `local-address` is not a unicast address. (EINVAL) + /// - `invalid-argument`: `local-address` is an IPv4-mapped IPv6 address. (EINVAL) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// When binding to a non-zero port, this bind operation shouldn't be affected by the TIME_WAIT + /// state of a recently closed socket on the same local address. In practice this means that the SO_REUSEADDR + /// socket option should be set implicitly on all platforms, except on Windows where this is the default behavior + /// and SO_REUSEADDR performs something different entirely. + /// + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Connect to a remote endpoint. + /// + /// On success: + /// - the socket is transitioned into the `connection` state. + /// - a pair of streams is returned that can be used to read & write to the connection + /// + /// After a failed connection attempt, the socket will be in the `closed` + /// state and the only valid action left is to `drop` the socket. A single + /// socket can not be used to connect more than once. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: `remote-address` is not a unicast address. (EINVAL, ENETUNREACH on Linux, EAFNOSUPPORT on MacOS) + /// - `invalid-argument`: `remote-address` is an IPv4-mapped IPv6 address. (EINVAL, EADDRNOTAVAIL on Illumos) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The socket is already attached to a different network. The `network` passed to `connect` must be identical to the one passed to `bind`. + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN) + /// - `invalid-state`: The socket is already in the `listening` state. (EOPNOTSUPP, EINVAL on Windows) + /// - `timeout`: Connection timed out. (ETIMEDOUT) + /// - `connection-refused`: The connection was forcefully rejected. (ECONNREFUSED) + /// - `connection-reset`: The connection was reset. (ECONNRESET) + /// - `connection-aborted`: The connection was aborted. (ECONNABORTED) + /// - `remote-unreachable`: The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `not-in-progress`: A connect operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// The POSIX equivalent of `start-connect` is the regular `connect` syscall. + /// Because all WASI sockets are non-blocking this is expected to return + /// EINPROGRESS, which should be translated to `ok()` in WASI. + /// + /// The POSIX equivalent of `finish-connect` is a `poll` for event `POLLOUT` + /// with a timeout of 0 on the socket descriptor. Followed by a check for + /// the `SO_ERROR` socket option, in case the poll signaled readiness. + /// + /// # References + /// - + /// - + /// - + /// - + start-connect: func(network: borrow, remote-address: ip-socket-address) -> result<_, error-code>; + finish-connect: func() -> result, error-code>; + + /// Start listening for new connections. + /// + /// Transitions the socket into the `listening` state. + /// + /// Unlike POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. (EDESTADDRREQ) + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN, EINVAL on BSD) + /// - `invalid-state`: The socket is already in the `listening` state. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE) + /// - `not-in-progress`: A listen operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the listen operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `listen` as part of either `start-listen` or `finish-listen`. + /// + /// # References + /// - + /// - + /// - + /// - + start-listen: func() -> result<_, error-code>; + finish-listen: func() -> result<_, error-code>; + + /// Accept a new client socket. + /// + /// The returned socket is bound and in the `connected` state. The following properties are inherited from the listener socket: + /// - `address-family` + /// - `keep-alive-enabled` + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// - `hop-limit` + /// - `receive-buffer-size` + /// - `send-buffer-size` + /// + /// On success, this function returns the newly accepted client socket along with + /// a pair of streams that can be used to read & write to the connection. + /// + /// # Typical errors + /// - `invalid-state`: Socket is not in the `listening` state. (EINVAL) + /// - `would-block`: No pending connections at the moment. (EWOULDBLOCK, EAGAIN) + /// - `connection-aborted`: An incoming connection was pending, but was terminated by the client before this listener could accept it. (ECONNABORTED) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + accept: func() -> result, error-code>; + + /// Get the bound local address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the remote address. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not connected to a remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether the socket is in the `listening` state. + /// + /// Equivalent to the SO_ACCEPTCONN socket option. + is-listening: func() -> bool; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Hints the desired listen queue size. Implementations are free to ignore this. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// + /// # Typical errors + /// - `not-supported`: (set) The platform does not support changing the backlog size after the initial listen. + /// - `invalid-argument`: (set) The provided value was 0. + /// - `invalid-state`: (set) The socket is in the `connect-in-progress` or `connected` state. + set-listen-backlog-size: func(value: u64) -> result<_, error-code>; + + /// Enables or disables keepalive. + /// + /// The keepalive behavior can be adjusted using: + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// These properties can be configured while `keep-alive-enabled` is false, but only come into effect when `keep-alive-enabled` is true. + /// + /// Equivalent to the SO_KEEPALIVE socket option. + keep-alive-enabled: func() -> result; + set-keep-alive-enabled: func(value: bool) -> result<_, error-code>; + + /// Amount of time the connection has to be idle before TCP starts sending keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPIDLE socket option. (TCP_KEEPALIVE on MacOS) + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-idle-time: func() -> result; + set-keep-alive-idle-time: func(value: duration) -> result<_, error-code>; + + /// The time between keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPINTVL socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-interval: func() -> result; + set-keep-alive-interval: func(value: duration) -> result<_, error-code>; + + /// The maximum amount of keepalive packets TCP should send before aborting the connection. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPCNT socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-count: func() -> result; + set-keep-alive-count: func(value: u32) -> result<_, error-code>; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + hop-limit: func() -> result; + set-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which can be used to poll for, or block on, + /// completion of any of the asynchronous operations of this socket. + /// + /// When `finish-bind`, `finish-listen`, `finish-connect` or `accept` + /// return `error(would-block)`, this pollable can be used to wait for + /// their success or failure, after which the method can be retried. + /// + /// The pollable is not limited to the async operation that happens to be + /// in progress at the time of calling `subscribe` (if any). Theoretically, + /// `subscribe` only has to be called once per socket and can then be + /// (re)used for the remainder of the socket's lifetime. + /// + /// See + /// for a more information. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + + /// Initiate a graceful shutdown. + /// + /// - `receive`: The socket is not expecting to receive any data from + /// the peer. The `input-stream` associated with this socket will be + /// closed. Any data still in the receive queue at time of calling + /// this method will be discarded. + /// - `send`: The socket has no more data to send to the peer. The `output-stream` + /// associated with this socket will be closed and a FIN packet will be sent. + /// - `both`: Same effect as `receive` & `send` combined. + /// + /// This function is idempotent. Shutting a down a direction more than once + /// has no effect and returns `ok`. + /// + /// The shutdown function does not close (drop) the socket. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not in the `connected` state. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + shutdown: func(shutdown-type: shutdown-type) -> result<_, error-code>; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/udp-create-socket.wit b/crates/build/tests/wit/cmd-full/deps/sockets/udp-create-socket.wit new file mode 100644 index 0000000000..0482d1fe73 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/udp-create-socket.wit @@ -0,0 +1,27 @@ + +interface udp-create-socket { + use network.{network, error-code, ip-address-family}; + use udp.{udp-socket}; + + /// Create a new UDP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_DGRAM, IPPROTO_UDP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind` is called, + /// the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References: + /// - + /// - + /// - + /// - + create-udp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/udp.wit b/crates/build/tests/wit/cmd-full/deps/sockets/udp.wit new file mode 100644 index 0000000000..d987a0a908 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/udp.wit @@ -0,0 +1,266 @@ + +interface udp { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + /// A received datagram. + record incoming-datagram { + /// The payload. + /// + /// Theoretical max size: ~64 KiB. In practice, typically less than 1500 bytes. + data: list, + + /// The source address. + /// + /// This field is guaranteed to match the remote address the stream was initialized with, if any. + /// + /// Equivalent to the `src_addr` out parameter of `recvfrom`. + remote-address: ip-socket-address, + } + + /// A datagram to be sent out. + record outgoing-datagram { + /// The payload. + data: list, + + /// The destination address. + /// + /// The requirements on this field depend on how the stream was initialized: + /// - with a remote address: this field must be None or match the stream's remote address exactly. + /// - without a remote address: this field is required. + /// + /// If this value is None, the send operation is equivalent to `send` in POSIX. Otherwise it is equivalent to `sendto`. + remote-address: option, + } + + + + /// A UDP socket handle. + resource udp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the port is zero, the socket will be bound to a random free port. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Set up inbound & outbound communication channels, optionally to a specific peer. + /// + /// This function only changes the local socket configuration and does not generate any network traffic. + /// On success, the `remote-address` of the socket is updated. The `local-address` may be updated as well, + /// based on the best network path to `remote-address`. + /// + /// When a `remote-address` is provided, the returned streams are limited to communicating with that specific peer: + /// - `send` can only be used to send to this destination. + /// - `receive` will only return datagrams sent from the provided `remote-address`. + /// + /// This method may be called multiple times on the same socket to change its association, but + /// only the most recently returned pair of streams will be operational. Implementations may trap if + /// the streams returned by a previous invocation haven't been dropped yet before calling `stream` again. + /// + /// The POSIX equivalent in pseudo-code is: + /// ```text + /// if (was previously connected) { + /// connect(s, AF_UNSPEC) + /// } + /// if (remote_address is Some) { + /// connect(s, remote_address) + /// } + /// ``` + /// + /// Unlike in POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-state`: The socket is not bound. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + %stream: func(remote-address: option) -> result, error-code>; + + /// Get the current bound address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the address the socket is currently streaming to. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not streaming to a specific remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + unicast-hop-limit: func() -> result; + set-unicast-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which will resolve once the socket is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource incoming-datagram-stream { + /// Receive messages on the socket. + /// + /// This function attempts to receive up to `max-results` datagrams on the socket without blocking. + /// The returned list may contain fewer elements than requested, but never more. + /// + /// This function returns successfully with an empty list when either: + /// - `max-results` is 0, or: + /// - `max-results` is greater than 0, but no results are immediately available. + /// This function never returns `error(would-block)`. + /// + /// # Typical errors + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + receive: func(max-results: u64) -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready to receive again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource outgoing-datagram-stream { + /// Check readiness for sending. This function never blocks. + /// + /// Returns the number of datagrams permitted for the next call to `send`, + /// or an error. Calling `send` with more datagrams than this function has + /// permitted will trap. + /// + /// When this function returns ok(0), the `subscribe` pollable will + /// become ready when this function will report at least ok(1), or an + /// error. + /// + /// Never returns `would-block`. + check-send: func() -> result; + + /// Send messages on the socket. + /// + /// This function attempts to send all provided `datagrams` on the socket without blocking and + /// returns how many messages were actually sent (or queued for sending). This function never + /// returns `error(would-block)`. If none of the datagrams were able to be sent, `ok(0)` is returned. + /// + /// This function semantically behaves the same as iterating the `datagrams` list and sequentially + /// sending each individual datagram until either the end of the list has been reached or the first error occurred. + /// If at least one datagram has been sent successfully, this function never returns an error. + /// + /// If the input list is empty, the function returns `ok(0)`. + /// + /// Each call to `send` must be permitted by a preceding `check-send`. Implementations must trap if + /// either `check-send` was not called or `datagrams` contains more items than `check-send` permitted. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The socket is in "connected" mode and `remote-address` is `some` value that does not match the address passed to `stream`. (EISCONN) + /// - `invalid-argument`: The socket is not "connected" and no value for `remote-address` was provided. (EDESTADDRREQ) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// - `datagram-too-large`: The datagram is too large. (EMSGSIZE) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + send: func(datagrams: list) -> result; + + /// Create a `pollable` which will resolve once the stream is ready to send again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/world.wit b/crates/build/tests/wit/cmd-full/deps/sockets/world.wit new file mode 100644 index 0000000000..f8bb92ae04 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/world.wit @@ -0,0 +1,11 @@ +package wasi:sockets@0.2.0; + +world imports { + import instance-network; + import network; + import udp; + import udp-create-socket; + import tcp; + import tcp-create-socket; + import ip-name-lookup; +} diff --git a/crates/build/tests/wit/cmd-full/environment.wit b/crates/build/tests/wit/cmd-full/environment.wit new file mode 100644 index 0000000000..70065233e8 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/environment.wit @@ -0,0 +1,18 @@ +interface environment { + /// Get the POSIX-style environment variables. + /// + /// Each environment variable is provided as a pair of string variable names + /// and string value. + /// + /// Morally, these are a value import, but until value imports are available + /// in the component model, this import function should return the same + /// values each time it is called. + get-environment: func() -> list>; + + /// Get the POSIX-style arguments to the program. + get-arguments: func() -> list; + + /// Return a path that programs should use as their initial current working + /// directory, interpreting `.` as shorthand for this. + initial-cwd: func() -> option; +} diff --git a/crates/build/tests/wit/cmd-full/exit.wit b/crates/build/tests/wit/cmd-full/exit.wit new file mode 100644 index 0000000000..d0c2b82ae2 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/exit.wit @@ -0,0 +1,4 @@ +interface exit { + /// Exit the current instance and any linked instances. + exit: func(status: result); +} diff --git a/crates/build/tests/wit/cmd-full/imports.wit b/crates/build/tests/wit/cmd-full/imports.wit new file mode 100644 index 0000000000..083b84a036 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/imports.wit @@ -0,0 +1,20 @@ +package wasi:cli@0.2.0; + +world imports { + include wasi:clocks/imports@0.2.0; + include wasi:filesystem/imports@0.2.0; + include wasi:sockets/imports@0.2.0; + include wasi:random/imports@0.2.0; + include wasi:io/imports@0.2.0; + + import environment; + import exit; + import stdin; + import stdout; + import stderr; + import terminal-input; + import terminal-output; + import terminal-stdin; + import terminal-stdout; + import terminal-stderr; +} diff --git a/crates/build/tests/wit/cmd-full/run.wit b/crates/build/tests/wit/cmd-full/run.wit new file mode 100644 index 0000000000..a70ee8c038 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/run.wit @@ -0,0 +1,4 @@ +interface run { + /// Run the program. + run: func() -> result; +} diff --git a/crates/build/tests/wit/cmd-full/stdio.wit b/crates/build/tests/wit/cmd-full/stdio.wit new file mode 100644 index 0000000000..31ef35b5a7 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/stdio.wit @@ -0,0 +1,17 @@ +interface stdin { + use wasi:io/streams@0.2.0.{input-stream}; + + get-stdin: func() -> input-stream; +} + +interface stdout { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stdout: func() -> output-stream; +} + +interface stderr { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stderr: func() -> output-stream; +} diff --git a/crates/build/tests/wit/cmd-full/terminal.wit b/crates/build/tests/wit/cmd-full/terminal.wit new file mode 100644 index 0000000000..38c724efc8 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/terminal.wit @@ -0,0 +1,49 @@ +/// Terminal input. +/// +/// In the future, this may include functions for disabling echoing, +/// disabling input buffering so that keyboard events are sent through +/// immediately, querying supported features, and so on. +interface terminal-input { + /// The input side of a terminal. + resource terminal-input; +} + +/// Terminal output. +/// +/// In the future, this may include functions for querying the terminal +/// size, being notified of terminal size changes, querying supported +/// features, and so on. +interface terminal-output { + /// The output side of a terminal. + resource terminal-output; +} + +/// An interface providing an optional `terminal-input` for stdin as a +/// link-time authority. +interface terminal-stdin { + use terminal-input.{terminal-input}; + + /// If stdin is connected to a terminal, return a `terminal-input` handle + /// allowing further interaction with it. + get-terminal-stdin: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stdout as a +/// link-time authority. +interface terminal-stdout { + use terminal-output.{terminal-output}; + + /// If stdout is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stdout: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stderr as a +/// link-time authority. +interface terminal-stderr { + use terminal-output.{terminal-output}; + + /// If stderr is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stderr: func() -> option; +} diff --git a/crates/build/tests/wit/cmd-minimal/command.wit b/crates/build/tests/wit/cmd-minimal/command.wit new file mode 100644 index 0000000000..d8005bd388 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/command.wit @@ -0,0 +1,7 @@ +package wasi:cli@0.2.0; + +world command { + include imports; + + export run; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/clocks/monotonic-clock.wit b/crates/build/tests/wit/cmd-minimal/deps/clocks/monotonic-clock.wit new file mode 100644 index 0000000000..4e4dc3a199 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/clocks/monotonic-clock.wit @@ -0,0 +1,45 @@ +package wasi:clocks@0.2.0; +/// WASI Monotonic Clock is a clock API intended to let users measure elapsed +/// time. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A monotonic clock is a clock which has an unspecified initial value, and +/// successive reads of the clock will produce non-decreasing values. +/// +/// It is intended for measuring elapsed time. +interface monotonic-clock { + use wasi:io/poll@0.2.0.{pollable}; + + /// An instant in time, in nanoseconds. An instant is relative to an + /// unspecified initial value, and can only be compared to instances from + /// the same monotonic-clock. + type instant = u64; + + /// A duration of time, in nanoseconds. + type duration = u64; + + /// Read the current value of the clock. + /// + /// The clock is monotonic, therefore calling this function repeatedly will + /// produce a sequence of non-decreasing values. + now: func() -> instant; + + /// Query the resolution of the clock. Returns the duration of time + /// corresponding to a clock tick. + resolution: func() -> duration; + + /// Create a `pollable` which will resolve once the specified instant + /// occured. + subscribe-instant: func( + when: instant, + ) -> pollable; + + /// Create a `pollable` which will resolve once the given duration has + /// elapsed, starting at the time at which this function was called. + /// occured. + subscribe-duration: func( + when: duration, + ) -> pollable; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/clocks/wall-clock.wit b/crates/build/tests/wit/cmd-minimal/deps/clocks/wall-clock.wit new file mode 100644 index 0000000000..440ca0f336 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/clocks/wall-clock.wit @@ -0,0 +1,42 @@ +package wasi:clocks@0.2.0; +/// WASI Wall Clock is a clock API intended to let users query the current +/// time. The name "wall" makes an analogy to a "clock on the wall", which +/// is not necessarily monotonic as it may be reset. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A wall clock is a clock which measures the date and time according to +/// some external reference. +/// +/// External references may be reset, so this clock is not necessarily +/// monotonic, making it unsuitable for measuring elapsed time. +/// +/// It is intended for reporting the current date and time for humans. +interface wall-clock { + /// A time and date in seconds plus nanoseconds. + record datetime { + seconds: u64, + nanoseconds: u32, + } + + /// Read the current value of the clock. + /// + /// This clock is not monotonic, therefore calling this function repeatedly + /// will not necessarily produce a sequence of non-decreasing values. + /// + /// The returned timestamps represent the number of seconds since + /// 1970-01-01T00:00:00Z, also known as [POSIX's Seconds Since the Epoch], + /// also known as [Unix Time]. + /// + /// The nanoseconds field of the output is always less than 1000000000. + /// + /// [POSIX's Seconds Since the Epoch]: https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap04.html#tag_21_04_16 + /// [Unix Time]: https://en.wikipedia.org/wiki/Unix_time + now: func() -> datetime; + + /// Query the resolution of the clock. + /// + /// The nanoseconds field of the output is always less than 1000000000. + resolution: func() -> datetime; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/clocks/world.wit b/crates/build/tests/wit/cmd-minimal/deps/clocks/world.wit new file mode 100644 index 0000000000..c0224572a5 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/clocks/world.wit @@ -0,0 +1,6 @@ +package wasi:clocks@0.2.0; + +world imports { + import monotonic-clock; + import wall-clock; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/filesystem/preopens.wit b/crates/build/tests/wit/cmd-minimal/deps/filesystem/preopens.wit new file mode 100644 index 0000000000..da801f6d60 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/filesystem/preopens.wit @@ -0,0 +1,8 @@ +package wasi:filesystem@0.2.0; + +interface preopens { + use types.{descriptor}; + + /// Return the set of preopened directories, and their path. + get-directories: func() -> list>; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/filesystem/types.wit b/crates/build/tests/wit/cmd-minimal/deps/filesystem/types.wit new file mode 100644 index 0000000000..11108fcda2 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/filesystem/types.wit @@ -0,0 +1,634 @@ +package wasi:filesystem@0.2.0; +/// WASI filesystem is a filesystem API primarily intended to let users run WASI +/// programs that access their files on their existing filesystems, without +/// significant overhead. +/// +/// It is intended to be roughly portable between Unix-family platforms and +/// Windows, though it does not hide many of the major differences. +/// +/// Paths are passed as interface-type `string`s, meaning they must consist of +/// a sequence of Unicode Scalar Values (USVs). Some filesystems may contain +/// paths which are not accessible by this API. +/// +/// The directory separator in WASI is always the forward-slash (`/`). +/// +/// All paths in WASI are relative paths, and are interpreted relative to a +/// `descriptor` referring to a base directory. If a `path` argument to any WASI +/// function starts with `/`, or if any step of resolving a `path`, including +/// `..` and symbolic link steps, reaches a directory outside of the base +/// directory, or reaches a symlink to an absolute or rooted path in the +/// underlying filesystem, the function fails with `error-code::not-permitted`. +/// +/// For more information about WASI path resolution and sandboxing, see +/// [WASI filesystem path resolution]. +/// +/// [WASI filesystem path resolution]: https://github.com/WebAssembly/wasi-filesystem/blob/main/path-resolution.md +interface types { + use wasi:io/streams@0.2.0.{input-stream, output-stream, error}; + use wasi:clocks/wall-clock@0.2.0.{datetime}; + + /// File size or length of a region within a file. + type filesize = u64; + + /// The type of a filesystem object referenced by a descriptor. + /// + /// Note: This was called `filetype` in earlier versions of WASI. + enum descriptor-type { + /// The type of the descriptor or file is unknown or is different from + /// any of the other types specified. + unknown, + /// The descriptor refers to a block device inode. + block-device, + /// The descriptor refers to a character device inode. + character-device, + /// The descriptor refers to a directory inode. + directory, + /// The descriptor refers to a named pipe. + fifo, + /// The file refers to a symbolic link inode. + symbolic-link, + /// The descriptor refers to a regular file inode. + regular-file, + /// The descriptor refers to a socket. + socket, + } + + /// Descriptor flags. + /// + /// Note: This was called `fdflags` in earlier versions of WASI. + flags descriptor-flags { + /// Read mode: Data can be read. + read, + /// Write mode: Data can be written to. + write, + /// Request that writes be performed according to synchronized I/O file + /// integrity completion. The data stored in the file and the file's + /// metadata are synchronized. This is similar to `O_SYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + file-integrity-sync, + /// Request that writes be performed according to synchronized I/O data + /// integrity completion. Only the data stored in the file is + /// synchronized. This is similar to `O_DSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + data-integrity-sync, + /// Requests that reads be performed at the same level of integrety + /// requested for writes. This is similar to `O_RSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + requested-write-sync, + /// Mutating directories mode: Directory contents may be mutated. + /// + /// When this flag is unset on a descriptor, operations using the + /// descriptor which would create, rename, delete, modify the data or + /// metadata of filesystem objects, or obtain another handle which + /// would permit any of those, shall fail with `error-code::read-only` if + /// they would otherwise succeed. + /// + /// This may only be set on directories. + mutate-directory, + } + + /// File attributes. + /// + /// Note: This was called `filestat` in earlier versions of WASI. + record descriptor-stat { + /// File type. + %type: descriptor-type, + /// Number of hard links to the file. + link-count: link-count, + /// For regular files, the file size in bytes. For symbolic links, the + /// length in bytes of the pathname contained in the symbolic link. + size: filesize, + /// Last data access timestamp. + /// + /// If the `option` is none, the platform doesn't maintain an access + /// timestamp for this file. + data-access-timestamp: option, + /// Last data modification timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// modification timestamp for this file. + data-modification-timestamp: option, + /// Last file status-change timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// status-change timestamp for this file. + status-change-timestamp: option, + } + + /// Flags determining the method of how paths are resolved. + flags path-flags { + /// As long as the resolved path corresponds to a symbolic link, it is + /// expanded. + symlink-follow, + } + + /// Open flags used by `open-at`. + flags open-flags { + /// Create file if it does not exist, similar to `O_CREAT` in POSIX. + create, + /// Fail if not a directory, similar to `O_DIRECTORY` in POSIX. + directory, + /// Fail if file already exists, similar to `O_EXCL` in POSIX. + exclusive, + /// Truncate file to size 0, similar to `O_TRUNC` in POSIX. + truncate, + } + + /// Number of hard links to an inode. + type link-count = u64; + + /// When setting a timestamp, this gives the value to set it to. + variant new-timestamp { + /// Leave the timestamp set to its previous value. + no-change, + /// Set the timestamp to the current time of the system clock associated + /// with the filesystem. + now, + /// Set the timestamp to the given value. + timestamp(datetime), + } + + /// A directory entry. + record directory-entry { + /// The type of the file referred to by this directory entry. + %type: descriptor-type, + + /// The name of the object. + name: string, + } + + /// Error codes returned by functions, similar to `errno` in POSIX. + /// Not all of these error codes are returned by the functions provided by this + /// API; some are used in higher-level library layers, and others are provided + /// merely for alignment with POSIX. + enum error-code { + /// Permission denied, similar to `EACCES` in POSIX. + access, + /// Resource unavailable, or operation would block, similar to `EAGAIN` and `EWOULDBLOCK` in POSIX. + would-block, + /// Connection already in progress, similar to `EALREADY` in POSIX. + already, + /// Bad descriptor, similar to `EBADF` in POSIX. + bad-descriptor, + /// Device or resource busy, similar to `EBUSY` in POSIX. + busy, + /// Resource deadlock would occur, similar to `EDEADLK` in POSIX. + deadlock, + /// Storage quota exceeded, similar to `EDQUOT` in POSIX. + quota, + /// File exists, similar to `EEXIST` in POSIX. + exist, + /// File too large, similar to `EFBIG` in POSIX. + file-too-large, + /// Illegal byte sequence, similar to `EILSEQ` in POSIX. + illegal-byte-sequence, + /// Operation in progress, similar to `EINPROGRESS` in POSIX. + in-progress, + /// Interrupted function, similar to `EINTR` in POSIX. + interrupted, + /// Invalid argument, similar to `EINVAL` in POSIX. + invalid, + /// I/O error, similar to `EIO` in POSIX. + io, + /// Is a directory, similar to `EISDIR` in POSIX. + is-directory, + /// Too many levels of symbolic links, similar to `ELOOP` in POSIX. + loop, + /// Too many links, similar to `EMLINK` in POSIX. + too-many-links, + /// Message too large, similar to `EMSGSIZE` in POSIX. + message-size, + /// Filename too long, similar to `ENAMETOOLONG` in POSIX. + name-too-long, + /// No such device, similar to `ENODEV` in POSIX. + no-device, + /// No such file or directory, similar to `ENOENT` in POSIX. + no-entry, + /// No locks available, similar to `ENOLCK` in POSIX. + no-lock, + /// Not enough space, similar to `ENOMEM` in POSIX. + insufficient-memory, + /// No space left on device, similar to `ENOSPC` in POSIX. + insufficient-space, + /// Not a directory or a symbolic link to a directory, similar to `ENOTDIR` in POSIX. + not-directory, + /// Directory not empty, similar to `ENOTEMPTY` in POSIX. + not-empty, + /// State not recoverable, similar to `ENOTRECOVERABLE` in POSIX. + not-recoverable, + /// Not supported, similar to `ENOTSUP` and `ENOSYS` in POSIX. + unsupported, + /// Inappropriate I/O control operation, similar to `ENOTTY` in POSIX. + no-tty, + /// No such device or address, similar to `ENXIO` in POSIX. + no-such-device, + /// Value too large to be stored in data type, similar to `EOVERFLOW` in POSIX. + overflow, + /// Operation not permitted, similar to `EPERM` in POSIX. + not-permitted, + /// Broken pipe, similar to `EPIPE` in POSIX. + pipe, + /// Read-only file system, similar to `EROFS` in POSIX. + read-only, + /// Invalid seek, similar to `ESPIPE` in POSIX. + invalid-seek, + /// Text file busy, similar to `ETXTBSY` in POSIX. + text-file-busy, + /// Cross-device link, similar to `EXDEV` in POSIX. + cross-device, + } + + /// File or memory access pattern advisory information. + enum advice { + /// The application has no advice to give on its behavior with respect + /// to the specified data. + normal, + /// The application expects to access the specified data sequentially + /// from lower offsets to higher offsets. + sequential, + /// The application expects to access the specified data in a random + /// order. + random, + /// The application expects to access the specified data in the near + /// future. + will-need, + /// The application expects that it will not access the specified data + /// in the near future. + dont-need, + /// The application expects to access the specified data once and then + /// not reuse it thereafter. + no-reuse, + } + + /// A 128-bit hash value, split into parts because wasm doesn't have a + /// 128-bit integer type. + record metadata-hash-value { + /// 64 bits of a 128-bit hash value. + lower: u64, + /// Another 64 bits of a 128-bit hash value. + upper: u64, + } + + /// A descriptor is a reference to a filesystem object, which may be a file, + /// directory, named pipe, special file, or other object on which filesystem + /// calls may be made. + resource descriptor { + /// Return a stream for reading from a file, if available. + /// + /// May fail with an error-code describing why the file cannot be read. + /// + /// Multiple read, write, and append streams may be active on the same open + /// file and they do not interfere with each other. + /// + /// Note: This allows using `read-stream`, which is similar to `read` in POSIX. + read-via-stream: func( + /// The offset within the file at which to start reading. + offset: filesize, + ) -> result; + + /// Return a stream for writing to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be written. + /// + /// Note: This allows using `write-stream`, which is similar to `write` in + /// POSIX. + write-via-stream: func( + /// The offset within the file at which to start writing. + offset: filesize, + ) -> result; + + /// Return a stream for appending to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be appended. + /// + /// Note: This allows using `write-stream`, which is similar to `write` with + /// `O_APPEND` in in POSIX. + append-via-stream: func() -> result; + + /// Provide file advisory information on a descriptor. + /// + /// This is similar to `posix_fadvise` in POSIX. + advise: func( + /// The offset within the file to which the advisory applies. + offset: filesize, + /// The length of the region to which the advisory applies. + length: filesize, + /// The advice. + advice: advice + ) -> result<_, error-code>; + + /// Synchronize the data of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fdatasync` in POSIX. + sync-data: func() -> result<_, error-code>; + + /// Get flags associated with a descriptor. + /// + /// Note: This returns similar flags to `fcntl(fd, F_GETFL)` in POSIX. + /// + /// Note: This returns the value that was the `fs_flags` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-flags: func() -> result; + + /// Get the dynamic type of a descriptor. + /// + /// Note: This returns the same value as the `type` field of the `fd-stat` + /// returned by `stat`, `stat-at` and similar. + /// + /// Note: This returns similar flags to the `st_mode & S_IFMT` value provided + /// by `fstat` in POSIX. + /// + /// Note: This returns the value that was the `fs_filetype` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-type: func() -> result; + + /// Adjust the size of an open file. If this increases the file's size, the + /// extra bytes are filled with zeros. + /// + /// Note: This was called `fd_filestat_set_size` in earlier versions of WASI. + set-size: func(size: filesize) -> result<_, error-code>; + + /// Adjust the timestamps of an open file or directory. + /// + /// Note: This is similar to `futimens` in POSIX. + /// + /// Note: This was called `fd_filestat_set_times` in earlier versions of WASI. + set-times: func( + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Read from a descriptor, without using and updating the descriptor's offset. + /// + /// This function returns a list of bytes containing the data that was + /// read, along with a bool which, when true, indicates that the end of the + /// file was reached. The returned list will contain up to `length` bytes; it + /// may return fewer than requested, if the end of the file is reached or + /// if the I/O operation is interrupted. + /// + /// In the future, this may change to return a `stream`. + /// + /// Note: This is similar to `pread` in POSIX. + read: func( + /// The maximum number of bytes to read. + length: filesize, + /// The offset within the file at which to read. + offset: filesize, + ) -> result, bool>, error-code>; + + /// Write to a descriptor, without using and updating the descriptor's offset. + /// + /// It is valid to write past the end of a file; the file is extended to the + /// extent of the write, with bytes between the previous end and the start of + /// the write set to zero. + /// + /// In the future, this may change to take a `stream`. + /// + /// Note: This is similar to `pwrite` in POSIX. + write: func( + /// Data to write + buffer: list, + /// The offset within the file at which to write. + offset: filesize, + ) -> result; + + /// Read directory entries from a directory. + /// + /// On filesystems where directories contain entries referring to themselves + /// and their parents, often named `.` and `..` respectively, these entries + /// are omitted. + /// + /// This always returns a new stream which starts at the beginning of the + /// directory. Multiple streams may be active on the same directory, and they + /// do not interfere with each other. + read-directory: func() -> result; + + /// Synchronize the data and metadata of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fsync` in POSIX. + sync: func() -> result<_, error-code>; + + /// Create a directory. + /// + /// Note: This is similar to `mkdirat` in POSIX. + create-directory-at: func( + /// The relative path at which to create the directory. + path: string, + ) -> result<_, error-code>; + + /// Return the attributes of an open file or directory. + /// + /// Note: This is similar to `fstat` in POSIX, except that it does not return + /// device and inode information. For testing whether two descriptors refer to + /// the same underlying filesystem object, use `is-same-object`. To obtain + /// additional data that can be used do determine whether a file has been + /// modified, use `metadata-hash`. + /// + /// Note: This was called `fd_filestat_get` in earlier versions of WASI. + stat: func() -> result; + + /// Return the attributes of a file or directory. + /// + /// Note: This is similar to `fstatat` in POSIX, except that it does not + /// return device and inode information. See the `stat` description for a + /// discussion of alternatives. + /// + /// Note: This was called `path_filestat_get` in earlier versions of WASI. + stat-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + + /// Adjust the timestamps of a file or directory. + /// + /// Note: This is similar to `utimensat` in POSIX. + /// + /// Note: This was called `path_filestat_set_times` in earlier versions of + /// WASI. + set-times-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to operate on. + path: string, + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Create a hard link. + /// + /// Note: This is similar to `linkat` in POSIX. + link-at: func( + /// Flags determining the method of how the path is resolved. + old-path-flags: path-flags, + /// The relative source path from which to link. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path at which to create the hard link. + new-path: string, + ) -> result<_, error-code>; + + /// Open a file or directory. + /// + /// The returned descriptor is not guaranteed to be the lowest-numbered + /// descriptor not currently open/ it is randomized to prevent applications + /// from depending on making assumptions about indexes, since this is + /// error-prone in multi-threaded contexts. The returned descriptor is + /// guaranteed to be less than 2**31. + /// + /// If `flags` contains `descriptor-flags::mutate-directory`, and the base + /// descriptor doesn't have `descriptor-flags::mutate-directory` set, + /// `open-at` fails with `error-code::read-only`. + /// + /// If `flags` contains `write` or `mutate-directory`, or `open-flags` + /// contains `truncate` or `create`, and the base descriptor doesn't have + /// `descriptor-flags::mutate-directory` set, `open-at` fails with + /// `error-code::read-only`. + /// + /// Note: This is similar to `openat` in POSIX. + open-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the object to open. + path: string, + /// The method by which to open the file. + open-flags: open-flags, + /// Flags to use for the resulting descriptor. + %flags: descriptor-flags, + ) -> result; + + /// Read the contents of a symbolic link. + /// + /// If the contents contain an absolute or rooted path in the underlying + /// filesystem, this function fails with `error-code::not-permitted`. + /// + /// Note: This is similar to `readlinkat` in POSIX. + readlink-at: func( + /// The relative path of the symbolic link from which to read. + path: string, + ) -> result; + + /// Remove a directory. + /// + /// Return `error-code::not-empty` if the directory is not empty. + /// + /// Note: This is similar to `unlinkat(fd, path, AT_REMOVEDIR)` in POSIX. + remove-directory-at: func( + /// The relative path to a directory to remove. + path: string, + ) -> result<_, error-code>; + + /// Rename a filesystem object. + /// + /// Note: This is similar to `renameat` in POSIX. + rename-at: func( + /// The relative source path of the file or directory to rename. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path to which to rename the file or directory. + new-path: string, + ) -> result<_, error-code>; + + /// Create a symbolic link (also known as a "symlink"). + /// + /// If `old-path` starts with `/`, the function fails with + /// `error-code::not-permitted`. + /// + /// Note: This is similar to `symlinkat` in POSIX. + symlink-at: func( + /// The contents of the symbolic link. + old-path: string, + /// The relative destination path at which to create the symbolic link. + new-path: string, + ) -> result<_, error-code>; + + /// Unlink a filesystem object that is not a directory. + /// + /// Return `error-code::is-directory` if the path refers to a directory. + /// Note: This is similar to `unlinkat(fd, path, 0)` in POSIX. + unlink-file-at: func( + /// The relative path to a file to unlink. + path: string, + ) -> result<_, error-code>; + + /// Test whether two descriptors refer to the same filesystem object. + /// + /// In POSIX, this corresponds to testing whether the two descriptors have the + /// same device (`st_dev`) and inode (`st_ino` or `d_ino`) numbers. + /// wasi-filesystem does not expose device and inode numbers, so this function + /// may be used instead. + is-same-object: func(other: borrow) -> bool; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a descriptor. + /// + /// This returns a hash of the last-modification timestamp and file size, and + /// may also include the inode number, device number, birth timestamp, and + /// other metadata fields that may change when the file is modified or + /// replaced. It may also include a secret value chosen by the + /// implementation and not otherwise exposed. + /// + /// Implementations are encourated to provide the following properties: + /// + /// - If the file is not modified or replaced, the computed hash value should + /// usually not change. + /// - If the object is modified or replaced, the computed hash value should + /// usually change. + /// - The inputs to the hash should not be easily computable from the + /// computed hash. + /// + /// However, none of these is required. + metadata-hash: func() -> result; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a directory descriptor and a relative path. + /// + /// This performs the same hash computation as `metadata-hash`. + metadata-hash-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + } + + /// A stream of directory entries. + resource directory-entry-stream { + /// Read a single directory entry from a `directory-entry-stream`. + read-directory-entry: func() -> result, error-code>; + } + + /// Attempts to extract a filesystem-related `error-code` from the stream + /// `error` provided. + /// + /// Stream operations which return `stream-error::last-operation-failed` + /// have a payload with more information about the operation that failed. + /// This payload can be passed through to this function to see if there's + /// filesystem-related information about the error to return. + /// + /// Note that this function is fallible because not all stream-related + /// errors are filesystem-related errors. + filesystem-error-code: func(err: borrow) -> option; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/filesystem/world.wit b/crates/build/tests/wit/cmd-minimal/deps/filesystem/world.wit new file mode 100644 index 0000000000..663f57920d --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/filesystem/world.wit @@ -0,0 +1,6 @@ +package wasi:filesystem@0.2.0; + +world imports { + import types; + import preopens; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/error.wit b/crates/build/tests/wit/cmd-minimal/deps/io/error.wit new file mode 100644 index 0000000000..22e5b64894 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/error.wit @@ -0,0 +1,34 @@ +package wasi:io@0.2.0; + + +interface error { + /// A resource which represents some error information. + /// + /// The only method provided by this resource is `to-debug-string`, + /// which provides some human-readable information about the error. + /// + /// In the `wasi:io` package, this resource is returned through the + /// `wasi:io/streams/stream-error` type. + /// + /// To provide more specific error information, other interfaces may + /// provide functions to further "downcast" this error into more specific + /// error information. For example, `error`s returned in streams derived + /// from filesystem types to be described using the filesystem's own + /// error-code type, using the function + /// `wasi:filesystem/types/filesystem-error-code`, which takes a parameter + /// `borrow` and returns + /// `option`. + /// + /// The set of functions which can "downcast" an `error` into a more + /// concrete type is open. + resource error { + /// Returns a string that is suitable to assist humans in debugging + /// this error. + /// + /// WARNING: The returned string should not be consumed mechanically! + /// It may change across platforms, hosts, or other implementation + /// details. Parsing this string is a major platform-compatibility + /// hazard. + to-debug-string: func() -> string; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/poll.wit b/crates/build/tests/wit/cmd-minimal/deps/io/poll.wit new file mode 100644 index 0000000000..ddc67f8b7a --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/poll.wit @@ -0,0 +1,41 @@ +package wasi:io@0.2.0; + +/// A poll API intended to let users wait for I/O events on multiple handles +/// at once. +interface poll { + /// `pollable` represents a single I/O event which may be ready, or not. + resource pollable { + + /// Return the readiness of a pollable. This function never blocks. + /// + /// Returns `true` when the pollable is ready, and `false` otherwise. + ready: func() -> bool; + + /// `block` returns immediately if the pollable is ready, and otherwise + /// blocks until ready. + /// + /// This function is equivalent to calling `poll.poll` on a list + /// containing only this pollable. + block: func(); + } + + /// Poll for completion on a set of pollables. + /// + /// This function takes a list of pollables, which identify I/O sources of + /// interest, and waits until one or more of the events is ready for I/O. + /// + /// The result `list` contains one or more indices of handles in the + /// argument list that is ready for I/O. + /// + /// If the list contains more elements than can be indexed with a `u32` + /// value, this function traps. + /// + /// A timeout can be implemented by adding a pollable from the + /// wasi-clocks API to the list. + /// + /// This function does not return a `result`; polling in itself does not + /// do any I/O so it doesn't fail. If any of the I/O sources identified by + /// the pollables has an error, it is indicated by marking the source as + /// being reaedy for I/O. + poll: func(in: list>) -> list; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/streams.wit b/crates/build/tests/wit/cmd-minimal/deps/io/streams.wit new file mode 100644 index 0000000000..6d2f871e3b --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/streams.wit @@ -0,0 +1,262 @@ +package wasi:io@0.2.0; + +/// WASI I/O is an I/O abstraction API which is currently focused on providing +/// stream types. +/// +/// In the future, the component model is expected to add built-in stream types; +/// when it does, they are expected to subsume this API. +interface streams { + use error.{error}; + use poll.{pollable}; + + /// An error for input-stream and output-stream operations. + variant stream-error { + /// The last operation (a write or flush) failed before completion. + /// + /// More information is available in the `error` payload. + last-operation-failed(error), + /// The stream is closed: no more input will be accepted by the + /// stream. A closed output-stream will return this error on all + /// future operations. + closed + } + + /// An input bytestream. + /// + /// `input-stream`s are *non-blocking* to the extent practical on underlying + /// platforms. I/O operations always return promptly; if fewer bytes are + /// promptly available than requested, they return the number of bytes promptly + /// available, which could even be zero. To wait for data to be available, + /// use the `subscribe` function to obtain a `pollable` which can be polled + /// for using `wasi:io/poll`. + resource input-stream { + /// Perform a non-blocking read from the stream. + /// + /// When the source of a `read` is binary data, the bytes from the source + /// are returned verbatim. When the source of a `read` is known to the + /// implementation to be text, bytes containing the UTF-8 encoding of the + /// text are returned. + /// + /// This function returns a list of bytes containing the read data, + /// when successful. The returned list will contain up to `len` bytes; + /// it may return fewer than requested, but not more. The list is + /// empty when no bytes are available for reading at this time. The + /// pollable given by `subscribe` will be ready when more bytes are + /// available. + /// + /// This function fails with a `stream-error` when the operation + /// encounters an error, giving `last-operation-failed`, or when the + /// stream is closed, giving `closed`. + /// + /// When the caller gives a `len` of 0, it represents a request to + /// read 0 bytes. If the stream is still open, this call should + /// succeed and return an empty list, or otherwise fail with `closed`. + /// + /// The `len` parameter is a `u64`, which could represent a list of u8 which + /// is not possible to allocate in wasm32, or not desirable to allocate as + /// as a return value by the callee. The callee may return a list of bytes + /// less than `len` in size while more bytes are available for reading. + read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Read bytes from a stream, after blocking until at least one byte can + /// be read. Except for blocking, behavior is identical to `read`. + blocking-read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Skip bytes from a stream. Returns number of bytes skipped. + /// + /// Behaves identical to `read`, except instead of returning a list + /// of bytes, returns the number of bytes consumed from the stream. + skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Skip bytes from a stream, after blocking until at least one byte + /// can be skipped. Except for blocking behavior, identical to `skip`. + blocking-skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Create a `pollable` which will resolve once either the specified stream + /// has bytes available to read or the other end of the stream has been + /// closed. + /// The created `pollable` is a child resource of the `input-stream`. + /// Implementations may trap if the `input-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + } + + + /// An output bytestream. + /// + /// `output-stream`s are *non-blocking* to the extent practical on + /// underlying platforms. Except where specified otherwise, I/O operations also + /// always return promptly, after the number of bytes that can be written + /// promptly, which could even be zero. To wait for the stream to be ready to + /// accept data, the `subscribe` function to obtain a `pollable` which can be + /// polled for using `wasi:io/poll`. + resource output-stream { + /// Check readiness for writing. This function never blocks. + /// + /// Returns the number of bytes permitted for the next call to `write`, + /// or an error. Calling `write` with more bytes than this function has + /// permitted will trap. + /// + /// When this function returns 0 bytes, the `subscribe` pollable will + /// become ready when this function will report at least 1 byte, or an + /// error. + check-write: func() -> result; + + /// Perform a write. This function never blocks. + /// + /// When the destination of a `write` is binary data, the bytes from + /// `contents` are written verbatim. When the destination of a `write` is + /// known to the implementation to be text, the bytes of `contents` are + /// transcoded from UTF-8 into the encoding of the destination and then + /// written. + /// + /// Precondition: check-write gave permit of Ok(n) and contents has a + /// length of less than or equal to n. Otherwise, this function will trap. + /// + /// returns Err(closed) without writing if the stream has closed since + /// the last call to check-write provided a permit. + write: func( + contents: list + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 bytes, and then flush the stream. Block + /// until all of these operations are complete, or an error occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write`, and `flush`, and is implemented with the + /// following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while !contents.is_empty() { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, contents.len()); + /// let (chunk, rest) = contents.split_at(len); + /// this.write(chunk ); // eliding error handling + /// contents = rest; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-and-flush: func( + contents: list + ) -> result<_, stream-error>; + + /// Request to flush buffered output. This function never blocks. + /// + /// This tells the output-stream that the caller intends any buffered + /// output to be flushed. the output which is expected to be flushed + /// is all that has been passed to `write` prior to this call. + /// + /// Upon calling this function, the `output-stream` will not accept any + /// writes (`check-write` will return `ok(0)`) until the flush has + /// completed. The `subscribe` pollable will become ready when the + /// flush has completed and the stream can accept more writes. + flush: func() -> result<_, stream-error>; + + /// Request to flush buffered output, and block until flush completes + /// and stream is ready for writing again. + blocking-flush: func() -> result<_, stream-error>; + + /// Create a `pollable` which will resolve once the output-stream + /// is ready for more writing, or an error has occured. When this + /// pollable is ready, `check-write` will return `ok(n)` with n>0, or an + /// error. + /// + /// If the stream is closed, this pollable is always ready immediately. + /// + /// The created `pollable` is a child resource of the `output-stream`. + /// Implementations may trap if the `output-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + + /// Write zeroes to a stream. + /// + /// This should be used precisely like `write` with the exact same + /// preconditions (must use check-write first), but instead of + /// passing a list of bytes, you simply pass the number of zero-bytes + /// that should be written. + write-zeroes: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 zeroes, and then flush the stream. + /// Block until all of these operations are complete, or an error + /// occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write-zeroes`, and `flush`, and is implemented with + /// the following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while num_zeroes != 0 { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, num_zeroes); + /// this.write-zeroes(len); // eliding error handling + /// num_zeroes -= len; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-zeroes-and-flush: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Read from one stream and write to another. + /// + /// The behavior of splice is equivelant to: + /// 1. calling `check-write` on the `output-stream` + /// 2. calling `read` on the `input-stream` with the smaller of the + /// `check-write` permitted length and the `len` provided to `splice` + /// 3. calling `write` on the `output-stream` with that read data. + /// + /// Any error reported by the call to `check-write`, `read`, or + /// `write` ends the splice and reports that error. + /// + /// This function returns the number of bytes transferred; it may be less + /// than `len`. + splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + + /// Read from one stream and write to another, with blocking. + /// + /// This is similar to `splice`, except that it blocks until the + /// `output-stream` is ready for writing, and the `input-stream` + /// is ready for reading, before performing the `splice`. + blocking-splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/world.wit b/crates/build/tests/wit/cmd-minimal/deps/io/world.wit new file mode 100644 index 0000000000..5f0b43fe50 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/world.wit @@ -0,0 +1,6 @@ +package wasi:io@0.2.0; + +world imports { + import streams; + import poll; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/insecure-seed.wit b/crates/build/tests/wit/cmd-minimal/deps/random/insecure-seed.wit new file mode 100644 index 0000000000..47210ac6bd --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/insecure-seed.wit @@ -0,0 +1,25 @@ +package wasi:random@0.2.0; +/// The insecure-seed interface for seeding hash-map DoS resistance. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure-seed { + /// Return a 128-bit value that may contain a pseudo-random value. + /// + /// The returned value is not required to be computed from a CSPRNG, and may + /// even be entirely deterministic. Host implementations are encouraged to + /// provide pseudo-random values to any program exposed to + /// attacker-controlled content, to enable DoS protection built into many + /// languages' hash-map implementations. + /// + /// This function is intended to only be called once, by a source language + /// to initialize Denial Of Service (DoS) protection in its hash-map + /// implementation. + /// + /// # Expected future evolution + /// + /// This will likely be changed to a value import, to prevent it from being + /// called multiple times and potentially used for purposes other than DoS + /// protection. + insecure-seed: func() -> tuple; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/insecure.wit b/crates/build/tests/wit/cmd-minimal/deps/random/insecure.wit new file mode 100644 index 0000000000..c58f4ee852 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/insecure.wit @@ -0,0 +1,22 @@ +package wasi:random@0.2.0; +/// The insecure interface for insecure pseudo-random numbers. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure { + /// Return `len` insecure pseudo-random bytes. + /// + /// This function is not cryptographically secure. Do not use it for + /// anything related to security. + /// + /// There are no requirements on the values of the returned bytes, however + /// implementations are encouraged to return evenly distributed values with + /// a long period. + get-insecure-random-bytes: func(len: u64) -> list; + + /// Return an insecure pseudo-random `u64` value. + /// + /// This function returns the same type of pseudo-random data as + /// `get-insecure-random-bytes`, represented as a `u64`. + get-insecure-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/random.wit b/crates/build/tests/wit/cmd-minimal/deps/random/random.wit new file mode 100644 index 0000000000..0c017f0934 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/random.wit @@ -0,0 +1,26 @@ +package wasi:random@0.2.0; +/// WASI Random is a random data API. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface random { + /// Return `len` cryptographically-secure random or pseudo-random bytes. + /// + /// This function must produce data at least as cryptographically secure and + /// fast as an adequately seeded cryptographically-secure pseudo-random + /// number generator (CSPRNG). It must not block, from the perspective of + /// the calling program, under any circumstances, including on the first + /// request and on requests for numbers of bytes. The returned data must + /// always be unpredictable. + /// + /// This function must always return fresh data. Deterministic environments + /// must omit this function, rather than implementing it with deterministic + /// data. + get-random-bytes: func(len: u64) -> list; + + /// Return a cryptographically-secure random or pseudo-random `u64` value. + /// + /// This function returns the same type of data as `get-random-bytes`, + /// represented as a `u64`. + get-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/world.wit b/crates/build/tests/wit/cmd-minimal/deps/random/world.wit new file mode 100644 index 0000000000..3da34914a4 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/world.wit @@ -0,0 +1,7 @@ +package wasi:random@0.2.0; + +world imports { + import random; + import insecure; + import insecure-seed; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/instance-network.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/instance-network.wit new file mode 100644 index 0000000000..e455d0ff7b --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/instance-network.wit @@ -0,0 +1,9 @@ + +/// This interface provides a value-export of the default network handle.. +interface instance-network { + use network.{network}; + + /// Get a handle to the default network. + instance-network: func() -> network; + +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/ip-name-lookup.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/ip-name-lookup.wit new file mode 100644 index 0000000000..8e639ec596 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/ip-name-lookup.wit @@ -0,0 +1,51 @@ + +interface ip-name-lookup { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-address}; + + + /// Resolve an internet host name to a list of IP addresses. + /// + /// Unicode domain names are automatically converted to ASCII using IDNA encoding. + /// If the input is an IP address string, the address is parsed and returned + /// as-is without making any external requests. + /// + /// See the wasi-socket proposal README.md for a comparison with getaddrinfo. + /// + /// This function never blocks. It either immediately fails or immediately + /// returns successfully with a `resolve-address-stream` that can be used + /// to (asynchronously) fetch the results. + /// + /// # Typical errors + /// - `invalid-argument`: `name` is a syntactically invalid domain name or IP address. + /// + /// # References: + /// - + /// - + /// - + /// - + resolve-addresses: func(network: borrow, name: string) -> result; + + resource resolve-address-stream { + /// Returns the next address from the resolver. + /// + /// This function should be called multiple times. On each call, it will + /// return the next address in connection order preference. If all + /// addresses have been exhausted, this function returns `none`. + /// + /// This function never returns IPv4-mapped IPv6 addresses. + /// + /// # Typical errors + /// - `name-unresolvable`: Name does not exist or has no suitable associated IP addresses. (EAI_NONAME, EAI_NODATA, EAI_ADDRFAMILY) + /// - `temporary-resolver-failure`: A temporary failure in name resolution occurred. (EAI_AGAIN) + /// - `permanent-resolver-failure`: A permanent failure in name resolution occurred. (EAI_FAIL) + /// - `would-block`: A result is not available yet. (EWOULDBLOCK, EAGAIN) + resolve-next-address: func() -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/network.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/network.wit new file mode 100644 index 0000000000..9cadf0650a --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/network.wit @@ -0,0 +1,145 @@ + +interface network { + /// An opaque resource that represents access to (a subset of) the network. + /// This enables context-based security for networking. + /// There is no need for this to map 1:1 to a physical network interface. + resource network; + + /// Error codes. + /// + /// In theory, every API can return any error code. + /// In practice, API's typically only return the errors documented per API + /// combined with a couple of errors that are always possible: + /// - `unknown` + /// - `access-denied` + /// - `not-supported` + /// - `out-of-memory` + /// - `concurrency-conflict` + /// + /// See each individual API for what the POSIX equivalents are. They sometimes differ per API. + enum error-code { + /// Unknown error + unknown, + + /// Access denied. + /// + /// POSIX equivalent: EACCES, EPERM + access-denied, + + /// The operation is not supported. + /// + /// POSIX equivalent: EOPNOTSUPP + not-supported, + + /// One of the arguments is invalid. + /// + /// POSIX equivalent: EINVAL + invalid-argument, + + /// Not enough memory to complete the operation. + /// + /// POSIX equivalent: ENOMEM, ENOBUFS, EAI_MEMORY + out-of-memory, + + /// The operation timed out before it could finish completely. + timeout, + + /// This operation is incompatible with another asynchronous operation that is already in progress. + /// + /// POSIX equivalent: EALREADY + concurrency-conflict, + + /// Trying to finish an asynchronous operation that: + /// - has not been started yet, or: + /// - was already finished by a previous `finish-*` call. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + not-in-progress, + + /// The operation has been aborted because it could not be completed immediately. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + would-block, + + + /// The operation is not valid in the socket's current state. + invalid-state, + + /// A new socket resource could not be created because of a system limit. + new-socket-limit, + + /// A bind operation failed because the provided address is not an address that the `network` can bind to. + address-not-bindable, + + /// A bind operation failed because the provided address is already in use or because there are no ephemeral ports available. + address-in-use, + + /// The remote address is not reachable + remote-unreachable, + + + /// The TCP connection was forcefully rejected + connection-refused, + + /// The TCP connection was reset. + connection-reset, + + /// A TCP connection was aborted. + connection-aborted, + + + /// The size of a datagram sent to a UDP socket exceeded the maximum + /// supported size. + datagram-too-large, + + + /// Name does not exist or has no suitable associated IP addresses. + name-unresolvable, + + /// A temporary failure in name resolution occurred. + temporary-resolver-failure, + + /// A permanent failure in name resolution occurred. + permanent-resolver-failure, + } + + enum ip-address-family { + /// Similar to `AF_INET` in POSIX. + ipv4, + + /// Similar to `AF_INET6` in POSIX. + ipv6, + } + + type ipv4-address = tuple; + type ipv6-address = tuple; + + variant ip-address { + ipv4(ipv4-address), + ipv6(ipv6-address), + } + + record ipv4-socket-address { + /// sin_port + port: u16, + /// sin_addr + address: ipv4-address, + } + + record ipv6-socket-address { + /// sin6_port + port: u16, + /// sin6_flowinfo + flow-info: u32, + /// sin6_addr + address: ipv6-address, + /// sin6_scope_id + scope-id: u32, + } + + variant ip-socket-address { + ipv4(ipv4-socket-address), + ipv6(ipv6-socket-address), + } + +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp-create-socket.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp-create-socket.wit new file mode 100644 index 0000000000..c7ddf1f228 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp-create-socket.wit @@ -0,0 +1,27 @@ + +interface tcp-create-socket { + use network.{network, error-code, ip-address-family}; + use tcp.{tcp-socket}; + + /// Create a new TCP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_STREAM, IPPROTO_TCP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind`/`connect` + /// is called, the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + create-tcp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp.wit new file mode 100644 index 0000000000..5902b9ee05 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp.wit @@ -0,0 +1,353 @@ + +interface tcp { + use wasi:io/streams@0.2.0.{input-stream, output-stream}; + use wasi:io/poll@0.2.0.{pollable}; + use wasi:clocks/monotonic-clock@0.2.0.{duration}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + enum shutdown-type { + /// Similar to `SHUT_RD` in POSIX. + receive, + + /// Similar to `SHUT_WR` in POSIX. + send, + + /// Similar to `SHUT_RDWR` in POSIX. + both, + } + + /// A TCP socket resource. + /// + /// The socket can be in one of the following states: + /// - `unbound` + /// - `bind-in-progress` + /// - `bound` (See note below) + /// - `listen-in-progress` + /// - `listening` + /// - `connect-in-progress` + /// - `connected` + /// - `closed` + /// See + /// for a more information. + /// + /// Note: Except where explicitly mentioned, whenever this documentation uses + /// the term "bound" without backticks it actually means: in the `bound` state *or higher*. + /// (i.e. `bound`, `listen-in-progress`, `listening`, `connect-in-progress` or `connected`) + /// + /// In addition to the general error codes documented on the + /// `network::error-code` type, TCP socket methods may always return + /// `error(invalid-state)` when in the `closed` state. + resource tcp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the TCP/UDP port is zero, the socket will be bound to a random free port. + /// + /// Bind can be attempted multiple times on the same socket, even with + /// different arguments on each iteration. But never concurrently and + /// only as long as the previous bind failed. Once a bind succeeds, the + /// binding can't be changed anymore. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-argument`: `local-address` is not a unicast address. (EINVAL) + /// - `invalid-argument`: `local-address` is an IPv4-mapped IPv6 address. (EINVAL) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// When binding to a non-zero port, this bind operation shouldn't be affected by the TIME_WAIT + /// state of a recently closed socket on the same local address. In practice this means that the SO_REUSEADDR + /// socket option should be set implicitly on all platforms, except on Windows where this is the default behavior + /// and SO_REUSEADDR performs something different entirely. + /// + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Connect to a remote endpoint. + /// + /// On success: + /// - the socket is transitioned into the `connection` state. + /// - a pair of streams is returned that can be used to read & write to the connection + /// + /// After a failed connection attempt, the socket will be in the `closed` + /// state and the only valid action left is to `drop` the socket. A single + /// socket can not be used to connect more than once. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: `remote-address` is not a unicast address. (EINVAL, ENETUNREACH on Linux, EAFNOSUPPORT on MacOS) + /// - `invalid-argument`: `remote-address` is an IPv4-mapped IPv6 address. (EINVAL, EADDRNOTAVAIL on Illumos) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The socket is already attached to a different network. The `network` passed to `connect` must be identical to the one passed to `bind`. + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN) + /// - `invalid-state`: The socket is already in the `listening` state. (EOPNOTSUPP, EINVAL on Windows) + /// - `timeout`: Connection timed out. (ETIMEDOUT) + /// - `connection-refused`: The connection was forcefully rejected. (ECONNREFUSED) + /// - `connection-reset`: The connection was reset. (ECONNRESET) + /// - `connection-aborted`: The connection was aborted. (ECONNABORTED) + /// - `remote-unreachable`: The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `not-in-progress`: A connect operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// The POSIX equivalent of `start-connect` is the regular `connect` syscall. + /// Because all WASI sockets are non-blocking this is expected to return + /// EINPROGRESS, which should be translated to `ok()` in WASI. + /// + /// The POSIX equivalent of `finish-connect` is a `poll` for event `POLLOUT` + /// with a timeout of 0 on the socket descriptor. Followed by a check for + /// the `SO_ERROR` socket option, in case the poll signaled readiness. + /// + /// # References + /// - + /// - + /// - + /// - + start-connect: func(network: borrow, remote-address: ip-socket-address) -> result<_, error-code>; + finish-connect: func() -> result, error-code>; + + /// Start listening for new connections. + /// + /// Transitions the socket into the `listening` state. + /// + /// Unlike POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. (EDESTADDRREQ) + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN, EINVAL on BSD) + /// - `invalid-state`: The socket is already in the `listening` state. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE) + /// - `not-in-progress`: A listen operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the listen operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `listen` as part of either `start-listen` or `finish-listen`. + /// + /// # References + /// - + /// - + /// - + /// - + start-listen: func() -> result<_, error-code>; + finish-listen: func() -> result<_, error-code>; + + /// Accept a new client socket. + /// + /// The returned socket is bound and in the `connected` state. The following properties are inherited from the listener socket: + /// - `address-family` + /// - `keep-alive-enabled` + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// - `hop-limit` + /// - `receive-buffer-size` + /// - `send-buffer-size` + /// + /// On success, this function returns the newly accepted client socket along with + /// a pair of streams that can be used to read & write to the connection. + /// + /// # Typical errors + /// - `invalid-state`: Socket is not in the `listening` state. (EINVAL) + /// - `would-block`: No pending connections at the moment. (EWOULDBLOCK, EAGAIN) + /// - `connection-aborted`: An incoming connection was pending, but was terminated by the client before this listener could accept it. (ECONNABORTED) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + accept: func() -> result, error-code>; + + /// Get the bound local address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the remote address. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not connected to a remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether the socket is in the `listening` state. + /// + /// Equivalent to the SO_ACCEPTCONN socket option. + is-listening: func() -> bool; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Hints the desired listen queue size. Implementations are free to ignore this. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// + /// # Typical errors + /// - `not-supported`: (set) The platform does not support changing the backlog size after the initial listen. + /// - `invalid-argument`: (set) The provided value was 0. + /// - `invalid-state`: (set) The socket is in the `connect-in-progress` or `connected` state. + set-listen-backlog-size: func(value: u64) -> result<_, error-code>; + + /// Enables or disables keepalive. + /// + /// The keepalive behavior can be adjusted using: + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// These properties can be configured while `keep-alive-enabled` is false, but only come into effect when `keep-alive-enabled` is true. + /// + /// Equivalent to the SO_KEEPALIVE socket option. + keep-alive-enabled: func() -> result; + set-keep-alive-enabled: func(value: bool) -> result<_, error-code>; + + /// Amount of time the connection has to be idle before TCP starts sending keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPIDLE socket option. (TCP_KEEPALIVE on MacOS) + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-idle-time: func() -> result; + set-keep-alive-idle-time: func(value: duration) -> result<_, error-code>; + + /// The time between keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPINTVL socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-interval: func() -> result; + set-keep-alive-interval: func(value: duration) -> result<_, error-code>; + + /// The maximum amount of keepalive packets TCP should send before aborting the connection. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPCNT socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-count: func() -> result; + set-keep-alive-count: func(value: u32) -> result<_, error-code>; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + hop-limit: func() -> result; + set-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which can be used to poll for, or block on, + /// completion of any of the asynchronous operations of this socket. + /// + /// When `finish-bind`, `finish-listen`, `finish-connect` or `accept` + /// return `error(would-block)`, this pollable can be used to wait for + /// their success or failure, after which the method can be retried. + /// + /// The pollable is not limited to the async operation that happens to be + /// in progress at the time of calling `subscribe` (if any). Theoretically, + /// `subscribe` only has to be called once per socket and can then be + /// (re)used for the remainder of the socket's lifetime. + /// + /// See + /// for a more information. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + + /// Initiate a graceful shutdown. + /// + /// - `receive`: The socket is not expecting to receive any data from + /// the peer. The `input-stream` associated with this socket will be + /// closed. Any data still in the receive queue at time of calling + /// this method will be discarded. + /// - `send`: The socket has no more data to send to the peer. The `output-stream` + /// associated with this socket will be closed and a FIN packet will be sent. + /// - `both`: Same effect as `receive` & `send` combined. + /// + /// This function is idempotent. Shutting a down a direction more than once + /// has no effect and returns `ok`. + /// + /// The shutdown function does not close (drop) the socket. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not in the `connected` state. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + shutdown: func(shutdown-type: shutdown-type) -> result<_, error-code>; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/udp-create-socket.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp-create-socket.wit new file mode 100644 index 0000000000..0482d1fe73 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp-create-socket.wit @@ -0,0 +1,27 @@ + +interface udp-create-socket { + use network.{network, error-code, ip-address-family}; + use udp.{udp-socket}; + + /// Create a new UDP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_DGRAM, IPPROTO_UDP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind` is called, + /// the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References: + /// - + /// - + /// - + /// - + create-udp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/udp.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp.wit new file mode 100644 index 0000000000..d987a0a908 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp.wit @@ -0,0 +1,266 @@ + +interface udp { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + /// A received datagram. + record incoming-datagram { + /// The payload. + /// + /// Theoretical max size: ~64 KiB. In practice, typically less than 1500 bytes. + data: list, + + /// The source address. + /// + /// This field is guaranteed to match the remote address the stream was initialized with, if any. + /// + /// Equivalent to the `src_addr` out parameter of `recvfrom`. + remote-address: ip-socket-address, + } + + /// A datagram to be sent out. + record outgoing-datagram { + /// The payload. + data: list, + + /// The destination address. + /// + /// The requirements on this field depend on how the stream was initialized: + /// - with a remote address: this field must be None or match the stream's remote address exactly. + /// - without a remote address: this field is required. + /// + /// If this value is None, the send operation is equivalent to `send` in POSIX. Otherwise it is equivalent to `sendto`. + remote-address: option, + } + + + + /// A UDP socket handle. + resource udp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the port is zero, the socket will be bound to a random free port. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Set up inbound & outbound communication channels, optionally to a specific peer. + /// + /// This function only changes the local socket configuration and does not generate any network traffic. + /// On success, the `remote-address` of the socket is updated. The `local-address` may be updated as well, + /// based on the best network path to `remote-address`. + /// + /// When a `remote-address` is provided, the returned streams are limited to communicating with that specific peer: + /// - `send` can only be used to send to this destination. + /// - `receive` will only return datagrams sent from the provided `remote-address`. + /// + /// This method may be called multiple times on the same socket to change its association, but + /// only the most recently returned pair of streams will be operational. Implementations may trap if + /// the streams returned by a previous invocation haven't been dropped yet before calling `stream` again. + /// + /// The POSIX equivalent in pseudo-code is: + /// ```text + /// if (was previously connected) { + /// connect(s, AF_UNSPEC) + /// } + /// if (remote_address is Some) { + /// connect(s, remote_address) + /// } + /// ``` + /// + /// Unlike in POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-state`: The socket is not bound. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + %stream: func(remote-address: option) -> result, error-code>; + + /// Get the current bound address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the address the socket is currently streaming to. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not streaming to a specific remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + unicast-hop-limit: func() -> result; + set-unicast-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which will resolve once the socket is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource incoming-datagram-stream { + /// Receive messages on the socket. + /// + /// This function attempts to receive up to `max-results` datagrams on the socket without blocking. + /// The returned list may contain fewer elements than requested, but never more. + /// + /// This function returns successfully with an empty list when either: + /// - `max-results` is 0, or: + /// - `max-results` is greater than 0, but no results are immediately available. + /// This function never returns `error(would-block)`. + /// + /// # Typical errors + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + receive: func(max-results: u64) -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready to receive again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource outgoing-datagram-stream { + /// Check readiness for sending. This function never blocks. + /// + /// Returns the number of datagrams permitted for the next call to `send`, + /// or an error. Calling `send` with more datagrams than this function has + /// permitted will trap. + /// + /// When this function returns ok(0), the `subscribe` pollable will + /// become ready when this function will report at least ok(1), or an + /// error. + /// + /// Never returns `would-block`. + check-send: func() -> result; + + /// Send messages on the socket. + /// + /// This function attempts to send all provided `datagrams` on the socket without blocking and + /// returns how many messages were actually sent (or queued for sending). This function never + /// returns `error(would-block)`. If none of the datagrams were able to be sent, `ok(0)` is returned. + /// + /// This function semantically behaves the same as iterating the `datagrams` list and sequentially + /// sending each individual datagram until either the end of the list has been reached or the first error occurred. + /// If at least one datagram has been sent successfully, this function never returns an error. + /// + /// If the input list is empty, the function returns `ok(0)`. + /// + /// Each call to `send` must be permitted by a preceding `check-send`. Implementations must trap if + /// either `check-send` was not called or `datagrams` contains more items than `check-send` permitted. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The socket is in "connected" mode and `remote-address` is `some` value that does not match the address passed to `stream`. (EISCONN) + /// - `invalid-argument`: The socket is not "connected" and no value for `remote-address` was provided. (EDESTADDRREQ) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// - `datagram-too-large`: The datagram is too large. (EMSGSIZE) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + send: func(datagrams: list) -> result; + + /// Create a `pollable` which will resolve once the stream is ready to send again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/world.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/world.wit new file mode 100644 index 0000000000..f8bb92ae04 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/world.wit @@ -0,0 +1,11 @@ +package wasi:sockets@0.2.0; + +world imports { + import instance-network; + import network; + import udp; + import udp-create-socket; + import tcp; + import tcp-create-socket; + import ip-name-lookup; +} diff --git a/crates/build/tests/wit/cmd-minimal/environment.wit b/crates/build/tests/wit/cmd-minimal/environment.wit new file mode 100644 index 0000000000..70065233e8 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/environment.wit @@ -0,0 +1,18 @@ +interface environment { + /// Get the POSIX-style environment variables. + /// + /// Each environment variable is provided as a pair of string variable names + /// and string value. + /// + /// Morally, these are a value import, but until value imports are available + /// in the component model, this import function should return the same + /// values each time it is called. + get-environment: func() -> list>; + + /// Get the POSIX-style arguments to the program. + get-arguments: func() -> list; + + /// Return a path that programs should use as their initial current working + /// directory, interpreting `.` as shorthand for this. + initial-cwd: func() -> option; +} diff --git a/crates/build/tests/wit/cmd-minimal/exit.wit b/crates/build/tests/wit/cmd-minimal/exit.wit new file mode 100644 index 0000000000..d0c2b82ae2 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/exit.wit @@ -0,0 +1,4 @@ +interface exit { + /// Exit the current instance and any linked instances. + exit: func(status: result); +} diff --git a/crates/build/tests/wit/cmd-minimal/imports.wit b/crates/build/tests/wit/cmd-minimal/imports.wit new file mode 100644 index 0000000000..8017dc784e --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/imports.wit @@ -0,0 +1,5 @@ +package wasi:cli@0.2.0; + +world imports { + import environment; +} diff --git a/crates/build/tests/wit/cmd-minimal/run.wit b/crates/build/tests/wit/cmd-minimal/run.wit new file mode 100644 index 0000000000..a70ee8c038 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/run.wit @@ -0,0 +1,4 @@ +interface run { + /// Run the program. + run: func() -> result; +} diff --git a/crates/build/tests/wit/cmd-minimal/stdio.wit b/crates/build/tests/wit/cmd-minimal/stdio.wit new file mode 100644 index 0000000000..31ef35b5a7 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/stdio.wit @@ -0,0 +1,17 @@ +interface stdin { + use wasi:io/streams@0.2.0.{input-stream}; + + get-stdin: func() -> input-stream; +} + +interface stdout { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stdout: func() -> output-stream; +} + +interface stderr { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stderr: func() -> output-stream; +} diff --git a/crates/build/tests/wit/cmd-minimal/terminal.wit b/crates/build/tests/wit/cmd-minimal/terminal.wit new file mode 100644 index 0000000000..38c724efc8 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/terminal.wit @@ -0,0 +1,49 @@ +/// Terminal input. +/// +/// In the future, this may include functions for disabling echoing, +/// disabling input buffering so that keyboard events are sent through +/// immediately, querying supported features, and so on. +interface terminal-input { + /// The input side of a terminal. + resource terminal-input; +} + +/// Terminal output. +/// +/// In the future, this may include functions for querying the terminal +/// size, being notified of terminal size changes, querying supported +/// features, and so on. +interface terminal-output { + /// The output side of a terminal. + resource terminal-output; +} + +/// An interface providing an optional `terminal-input` for stdin as a +/// link-time authority. +interface terminal-stdin { + use terminal-input.{terminal-input}; + + /// If stdin is connected to a terminal, return a `terminal-input` handle + /// allowing further interaction with it. + get-terminal-stdin: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stdout as a +/// link-time authority. +interface terminal-stdout { + use terminal-output.{terminal-output}; + + /// If stdout is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stdout: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stderr as a +/// link-time authority. +interface terminal-stderr { + use terminal-output.{terminal-output}; + + /// If stderr is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stderr: func() -> option; +} diff --git a/crates/compose/src/lib.rs b/crates/compose/src/lib.rs index 5fc52740bc..8bc973e5b4 100644 --- a/crates/compose/src/lib.rs +++ b/crates/compose/src/lib.rs @@ -133,7 +133,8 @@ impl ComponentSourceLoaderFs { ) })?; - let component = spin_componentize::componentize_if_necessary(&bytes)?; + let component = spin_componentize::componentize_if_necessary(&bytes) + .with_context(|| format!("failed to componentize {}", quoted_path(&path)))?; Ok(component.into()) } diff --git a/crates/environments/src/environment/env_loader.rs b/crates/environments/src/environment/env_loader.rs index b0b60cfa37..aea9f6aafc 100644 --- a/crates/environments/src/environment/env_loader.rs +++ b/crates/environments/src/environment/env_loader.rs @@ -45,7 +45,7 @@ pub async fn load_environments( let envs = try_join_all( env_ids .iter() - .map(|e| load_environment(e, &cache, &lockfile)), + .map(|e| load_environment(e, app_dir, &cache, &lockfile)), ) .await?; @@ -63,6 +63,7 @@ pub async fn load_environments( /// Loads the given `TargetEnvironment` from a registry or directory. async fn load_environment( env_id: &TargetEnvironmentRef, + app_dir: &Path, cache: &spin_loader::cache::Cache, lockfile: &std::sync::Arc>, ) -> anyhow::Result { @@ -75,7 +76,7 @@ async fn load_environment( load_environment_from_registry(registry, id, cache, lockfile).await } TargetEnvironmentRef::File { path } => { - load_environment_from_file(path, cache, lockfile).await + load_environment_from_file(app_dir.join(path), cache, lockfile).await } } } @@ -91,17 +92,19 @@ async fn load_environment_from_registry( lockfile: &std::sync::Arc>, ) -> anyhow::Result { let env_def_toml = load_env_def_toml_from_registry(registry, env_id, cache, lockfile).await?; - load_environment_from_toml(env_id, &env_def_toml, cache, lockfile).await + load_environment_from_toml(env_id, &env_def_toml, None, cache, lockfile).await } /// Loads a `TargetEnvironment` from the given TOML file. Any remote packages /// it references will be used from cache if available; otherwise, they will be saved /// to the cache, and the in-memory lockfile object updated. async fn load_environment_from_file( - path: &Path, + path: impl AsRef, cache: &spin_loader::cache::Cache, lockfile: &std::sync::Arc>, ) -> anyhow::Result { + let path = path.as_ref(); + let env_def_dir = path.parent(); let name = path .file_stem() .and_then(|s| s.to_str()) @@ -113,7 +116,7 @@ async fn load_environment_from_file( quoted_path(path) ) })?; - load_environment_from_toml(&name, &toml_text, cache, lockfile).await + load_environment_from_toml(&name, &toml_text, env_def_dir, cache, lockfile).await } /// Loads a `TargetEnvironment` from the given TOML text. Any remote packages @@ -122,6 +125,7 @@ async fn load_environment_from_file( async fn load_environment_from_toml( name: &str, toml_text: &str, + relative_to_dir: Option<&Path>, cache: &spin_loader::cache::Cache, lockfile: &std::sync::Arc>, ) -> anyhow::Result { @@ -135,14 +139,16 @@ async fn load_environment_from_toml( for (trigger_type, trigger_env) in env.triggers() { trigger_worlds.insert( trigger_type.to_owned(), - load_worlds(trigger_env.world_refs(), cache, lockfile).await?, + load_worlds(trigger_env.world_refs(), relative_to_dir, cache, lockfile).await?, ); trigger_capabilities.insert(trigger_type.to_owned(), trigger_env.capabilities()); } let unknown_trigger = match env.default() { None => UnknownTrigger::Deny, - Some(env) => UnknownTrigger::Allow(load_worlds(env.world_refs(), cache, lockfile).await?), + Some(env) => UnknownTrigger::Allow( + load_worlds(env.world_refs(), relative_to_dir, cache, lockfile).await?, + ), }; let unknown_capabilities = match env.default() { None => vec![], @@ -237,13 +243,14 @@ async fn download_env_def_file(registry: &str, env_id: &str) -> anyhow::Result<( async fn load_worlds( world_refs: &[WorldRef], + relative_to_dir: Option<&Path>, cache: &spin_loader::cache::Cache, lockfile: &std::sync::Arc>, ) -> anyhow::Result { let mut worlds = vec![]; for world_ref in world_refs { - worlds.push(load_world(world_ref, cache, lockfile).await?); + worlds.push(load_world(world_ref, relative_to_dir, cache, lockfile).await?); } Ok(CandidateWorlds { worlds }) @@ -251,6 +258,7 @@ async fn load_worlds( async fn load_world( world_ref: &WorldRef, + relative_to_dir: Option<&Path>, cache: &spin_loader::cache::Cache, lockfile: &std::sync::Arc>, ) -> anyhow::Result { @@ -261,11 +269,21 @@ async fn load_world( WorldRef::Registry { registry, world } => { load_world_from_registry(registry, world, cache, lockfile).await } - WorldRef::WitDirectory { path, world } => load_world_from_dir(path, world), + WorldRef::WitDirectory { path, world } => { + let path = match relative_to_dir { + Some(dir) => dir.join(path), + None => path.to_owned(), + }; + load_world_from_dir(&path, world) + } } } -fn load_world_from_dir(path: &Path, world: &WorldName) -> anyhow::Result { +fn load_world_from_dir( + path: impl AsRef, + world: &WorldName, +) -> anyhow::Result { + let path = path.as_ref(); let mut resolve = wit_parser::Resolve::default(); let (pkg_id, _) = resolve.push_dir(path)?; let decoded = wit_parser::decoding::DecodedWasm::WitPackage(resolve, pkg_id); diff --git a/crates/environments/src/loader.rs b/crates/environments/src/loader.rs index d3f634f696..fa5639775a 100644 --- a/crates/environments/src/loader.rs +++ b/crates/environments/src/loader.rs @@ -188,8 +188,11 @@ impl<'a> spin_compose::ComponentSourceLoader for ComponentSourceLoader<'a> { .wasm_loader .load_component_source(source.id, source.source) .await?; - let bytes = tokio::fs::read(&path).await?; - let component = spin_componentize::componentize_if_necessary(&bytes)?; + let bytes = tokio::fs::read(&path) + .await + .with_context(|| format!("reading {}", quoted_path(&path)))?; + let component = spin_componentize::componentize_if_necessary(&bytes) + .with_context(|| format!("componentizing {}", quoted_path(&path)))?; Ok(component.into()) } @@ -198,8 +201,11 @@ impl<'a> spin_compose::ComponentSourceLoader for ComponentSourceLoader<'a> { .wasm_loader .load_component_dependency(&source.name, &source.dependency) .await?; - let bytes = tokio::fs::read(&path).await?; - let component = spin_componentize::componentize_if_necessary(&bytes)?; + let bytes = tokio::fs::read(&path) + .await + .with_context(|| format!("reading {}", quoted_path(&path)))?; + let component = spin_componentize::componentize_if_necessary(&bytes) + .with_context(|| format!("componentizing {}", quoted_path(&path)))?; Ok(component.into()) } } From 44f10a145da26701f7280601f397d332f317545b Mon Sep 17 00:00:00 2001 From: itowlson Date: Thu, 21 Aug 2025 09:56:04 +1200 Subject: [PATCH 4/5] Update to WAC 0.8 and WASI P2 test Signed-off-by: itowlson --- Cargo.lock | 192 ++---------------- crates/build/tests/test-components/README.md | 6 +- .../tests/test-components/test-command.wasm | Bin 68346 -> 89882 bytes crates/compose/Cargo.toml | 2 +- crates/environments/Cargo.toml | 6 +- 5 files changed, 28 insertions(+), 178 deletions(-) mode change 100755 => 100644 crates/build/tests/test-components/test-command.wasm diff --git a/Cargo.lock b/Cargo.lock index 17400cd4e1..23b5f53a23 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8349,7 +8349,7 @@ dependencies = [ "spin-serde", "thiserror 2.0.12", "tokio", - "wac-graph 0.6.1", + "wac-graph", ] [[package]] @@ -8418,7 +8418,7 @@ dependencies = [ "tracing", "wac-parser", "wac-resolver", - "wac-types 0.7.0", + "wac-types", "wasm-pkg-client", "wasmparser 0.235.0", "wit-component 0.235.0", @@ -10503,28 +10503,9 @@ checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64" [[package]] name = "wac-graph" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d94268a683b67ae20210565b5f91e106fe05034c36b931e739fe90377ed80b98" -dependencies = [ - "anyhow", - "id-arena", - "indexmap 2.7.1", - "log", - "petgraph", - "semver", - "thiserror 1.0.69", - "wac-types 0.6.1", - "wasm-encoder 0.202.0", - "wasm-metadata 0.202.0", - "wasmparser 0.202.0", -] - -[[package]] -name = "wac-graph" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1dcc86eda3243819bb0b8cd37ec1ac3c104e8dd3a63303efaae3f598a325b11c" +checksum = "0d94f428d894714ffba71621dd5fde3b5a52feb6a0ec96aded6207f85057dffc" dependencies = [ "anyhow", "id-arena", @@ -10533,17 +10514,17 @@ dependencies = [ "petgraph", "semver", "thiserror 1.0.69", - "wac-types 0.7.0", - "wasm-encoder 0.229.0", - "wasm-metadata 0.229.0", - "wasmparser 0.229.0", + "wac-types", + "wasm-encoder 0.235.0", + "wasm-metadata 0.235.0", + "wasmparser 0.235.0", ] [[package]] name = "wac-parser" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82a2cc4df92a70e611e6cf6525cfde180a6bd472e559380152cead78ecc9a097" +checksum = "37077f3951f01f32c496a7f54ac93e9e26bf6860fe461552aab3f12d753ddf10" dependencies = [ "anyhow", "id-arena", @@ -10554,17 +10535,17 @@ dependencies = [ "semver", "serde", "thiserror 1.0.69", - "wac-graph 0.7.0", - "wasm-encoder 0.229.0", - "wasm-metadata 0.229.0", - "wasmparser 0.229.0", + "wac-graph", + "wasm-encoder 0.235.0", + "wasm-metadata 0.235.0", + "wasmparser 0.235.0", ] [[package]] name = "wac-resolver" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f66dec428bef6544e119f8e45361f768bf840765e4e05697774f7a29e4693453" +checksum = "00089c18bdb399f998c3fa9723a7678cb5c5cc61995702d96f66ac4d634aa886" dependencies = [ "anyhow", "futures", @@ -10575,39 +10556,25 @@ dependencies = [ "thiserror 1.0.69", "tokio", "wac-parser", - "wac-types 0.7.0", + "wac-types", "warg-client", "warg-crypto", "warg-protocol", - "wit-component 0.229.0", -] - -[[package]] -name = "wac-types" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f5028a15e266f4c8fed48beb95aebb76af5232dcd554fd849a305a4e5cce1563" -dependencies = [ - "anyhow", - "id-arena", - "indexmap 2.7.1", - "semver", - "wasm-encoder 0.202.0", - "wasmparser 0.202.0", + "wit-component 0.235.0", ] [[package]] name = "wac-types" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "271949d040a6b9a20bda4942bad2c85fb10636a9e86d10fda8092b3dd9467f7c" +checksum = "6690e903d48e7258ea5e623c3269452c81ce1c9bfa8ffcb9c8909d77861fff6a" dependencies = [ "anyhow", "id-arena", "indexmap 2.7.1", "semver", - "wasm-encoder 0.229.0", - "wasmparser 0.229.0", + "wasm-encoder 0.235.0", + "wasmparser 0.235.0", ] [[package]] @@ -10898,15 +10865,6 @@ dependencies = [ "wasmparser 0.121.2", ] -[[package]] -name = "wasm-encoder" -version = "0.202.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfd106365a7f5f7aa3c1916a98cbb3ad477f5ff96ddb130285a91c6e7429e67a" -dependencies = [ - "leb128", -] - [[package]] name = "wasm-encoder" version = "0.224.1" @@ -10917,16 +10875,6 @@ dependencies = [ "wasmparser 0.224.1", ] -[[package]] -name = "wasm-encoder" -version = "0.229.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38ba1d491ecacb085a2552025c10a675a6fddcbd03b1fc9b36c536010ce265d2" -dependencies = [ - "leb128fmt", - "wasmparser 0.229.0", -] - [[package]] name = "wasm-encoder" version = "0.235.0" @@ -10937,22 +10885,6 @@ dependencies = [ "wasmparser 0.235.0", ] -[[package]] -name = "wasm-metadata" -version = "0.202.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "094aea3cb90e09f16ee25a4c0e324b3e8c934e7fd838bfa039aef5352f44a917" -dependencies = [ - "anyhow", - "indexmap 2.7.1", - "serde", - "serde_derive", - "serde_json", - "spdx", - "wasm-encoder 0.202.0", - "wasmparser 0.202.0", -] - [[package]] name = "wasm-metadata" version = "0.224.1" @@ -10970,25 +10902,6 @@ dependencies = [ "wasmparser 0.224.1", ] -[[package]] -name = "wasm-metadata" -version = "0.229.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78fdb7d29a79191ab363dc90c1ddd3a1e880ffd5348d92d48482393a9e6c5f4d" -dependencies = [ - "anyhow", - "auditable-serde", - "flate2", - "indexmap 2.7.1", - "serde", - "serde_derive", - "serde_json", - "spdx", - "url", - "wasm-encoder 0.229.0", - "wasmparser 0.229.0", -] - [[package]] name = "wasm-metadata" version = "0.235.0" @@ -11087,17 +11000,6 @@ dependencies = [ "semver", ] -[[package]] -name = "wasmparser" -version = "0.202.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6998515d3cf3f8b980ef7c11b29a9b1017d4cf86b99ae93b546992df9931413" -dependencies = [ - "bitflags 2.6.0", - "indexmap 2.7.1", - "semver", -] - [[package]] name = "wasmparser" version = "0.224.1" @@ -11110,19 +11012,6 @@ dependencies = [ "semver", ] -[[package]] -name = "wasmparser" -version = "0.229.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0cc3b1f053f5d41aa55640a1fa9b6d1b8a9e4418d118ce308d20e24ff3575a8c" -dependencies = [ - "bitflags 2.6.0", - "hashbrown 0.15.2", - "indexmap 2.7.1", - "semver", - "serde", -] - [[package]] name = "wasmparser" version = "0.235.0" @@ -12191,25 +12080,6 @@ dependencies = [ "wit-parser 0.224.1", ] -[[package]] -name = "wit-component" -version = "0.229.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f550067740e223bfe6c4878998e81cdbe2529dd9a793dc49248dd6613394e8b" -dependencies = [ - "anyhow", - "bitflags 2.6.0", - "indexmap 2.7.1", - "log", - "serde", - "serde_derive", - "serde_json", - "wasm-encoder 0.229.0", - "wasm-metadata 0.229.0", - "wasmparser 0.229.0", - "wit-parser 0.229.0", -] - [[package]] name = "wit-component" version = "0.235.0" @@ -12261,24 +12131,6 @@ dependencies = [ "wasmparser 0.224.1", ] -[[package]] -name = "wit-parser" -version = "0.229.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "459c6ba62bf511d6b5f2a845a2a736822e38059c1cfa0b644b467bbbfae4efa6" -dependencies = [ - "anyhow", - "id-arena", - "indexmap 2.7.1", - "log", - "semver", - "serde", - "serde_derive", - "serde_json", - "unicode-xid", - "wasmparser 0.229.0", -] - [[package]] name = "wit-parser" version = "0.235.0" diff --git a/crates/build/tests/test-components/README.md b/crates/build/tests/test-components/README.md index c33c4df938..ff8c80718d 100644 --- a/crates/build/tests/test-components/README.md +++ b/crates/build/tests/test-components/README.md @@ -2,9 +2,7 @@ ``` cd source/test-command -cargo build --release --target wasm32-wasip1 +cargo build --release --target wasm32-wasip2 ``` -then copy from `target/wasm32-wasip1/release/` to this directory. - -**IMPORTANT:** Do not use the `wasm32-wasip2` target. It generates to the 0.2.x world (0.2.3 at time of writing), and Component Model tooling does not yet accept that as compatible with the 0.2.0 world. +then copy from `target/wasm32-wasip2/release/` to this directory. diff --git a/crates/build/tests/test-components/test-command.wasm b/crates/build/tests/test-components/test-command.wasm old mode 100755 new mode 100644 index cc6df8850a873d5a1b8d549a56b26f527e366889..07b2631fcc81c82ef3532977db99c7e635244411 GIT binary patch literal 89882 zcmd?S3!J2RS>O9!>ef}=GquYA!_L6IRXdSc-QKzP%#NV*4(!UZz;e^$`Q#+KJ>4}k z)wk-Ys-6qNPQ#A4Dk>V(HFDx=mIERy5D^w3G72arh$JCMayYswIbx#8dQ0$xxaa$O z{{Q!_x4L_l6)-2ClZBpoFaOK)f9}uozr4ZhV0kJCgX*5}WGU=LgF(0&geQU^ECt)o zbcWNNmGj+xZ)Lf&G7O{ojbU)Zh1o&(_}o%=U*Xk>{kI;x^-wveK07=ahYM6c5mpAn z+2PuN#!Eq|bFn)N!}`uJc-p8w&wRzOIu)Lz%W|jR@AczC!ESG#J@W;lNdezxWp1fA=*$PeIq901c3=c0o^)4=O^0WLa3Q=9mKk7a&{;ZN4Qi#J^>>#$!?V5l zzc&WRt#fBPbBog#`rTnCoCsH62Vzt)ausWHy_F$o9n^zHDcH4j6Rz@PDY$j(_otS6 zbBo=TGp?8E*_HX}(@SfEv*F|jKw97P6>7UWQ}r9d;ORym(C$z%@Q5!}t^-x^7&@x^ z!;@tpySx!kFhDmH8%3pHLToe`&UaVBxc;m#*pV}UJ@oBYD%Y$1aZ*+f`VOj_h+OQU z?t1|HbdiriJW3Zl^?lTyw2z6W)CZigMISu%eblSp7@my6epDTFAn^R)LStoi1^%*| zOQoPTKRfIUyUU$82c5bdS7&I>Q)|Td{jjyV+ zO9<5brERBX=ch-_mQJk=F4g9FBS6dN)_TL)G6FsrZc|s&!(MNCX|{i+^Yrf0Qs>O< z()6iI!_M@eb8fA(GS_KzSEg6{y)%9F)Nv|U#K)jN+0IknVj ztkK-+YOfFQ6}lJ>FKy#zur_x#gFr=3FZC{1lW3mh?vTQz)$VF%La3eYtt?$arflF~ zsI$0j*ts~IHarT=lXLyv0A$#JAg(E<>ABuK)GUX~wd&f+;!5wr%A^s@mut?Qo$b%g zfm#1xVuZ}o-P66P!KLL>y`}D)A#<|dIkN`6tkcQ>JavXB{}H{XhnH6At}14#3;p!J zwla)^3CaG{7)v+8#mTT=DXB`WP`F+arJ|?9{Ik=J)21Z^*ofuTsa^JXxi{a1I8Hl{ zUOv;=k!c3C0>wu!#(`9+IM^nTwvBXuQwqCVLT5iMtYoV9`bzKg=|N{01v^T?O_^#O z4fs~my3^;ov)-hHPtUaJ^{SF<(?XTm)zuElw@~L9bXrrV&QM$*JhPzX3pJ&@gsyNW z6}A^EJgXEua|`G+((s1x>~-OyT94t0UBT{B@N^UOOM_u&*%>h7lknN~Bn)<$mKhb; zryeuizP+*?-CHYYj_UKmlU1RzIj&Hg*6l?RZbB^mj)gQgA!D#^XAqX_H-*7-Hg>q$ z?_hgZvOcd1|I2$z0p3R#(CDCfZxGxYUJmY!E?*8WbHzXL<;y(KzufRVxVOZ$J-Y95 zc%QrDRlr|aZ+PW?c~G$js#$ecylnU@{e+jJ9}7#*5R~@}R%TZRXM4kYfbo2{bKyYk z^!z=>1Hr^KN;JIla}U%DqH7eoE-NJ7A3SN%2{hu|J@S%*F#h%M<6tF*CiSQ^QK?iS z_g^C_^S`Ryg!->iX+%*ubJ)AjYMLF00e+CQPLO8VzF-|rqj z_yPC(z7M(IieA?A&xHQ@q%UT5uKKcX@xKrF-)~XLUkMu3{iTZ2@ljB@2chW?gL31Z zdzNRrEBBo5b?1Zn4~DJn;PQ*m2AM`n2nw zasA(U`7>|4``N7Z@y(@X{w|wh~lj%!eytuTy@{$+KG`FAaoIbO6{?yzz z9_+m%{KfE}gzpbO5I!1yFs#4xf%xNL6f|BD!gD906F0qneSJMhKk@#n>%qd_D3}Vy zo}}SS6g01>O!NEnZ!2hiFI9phmN=Xnv11==FNZ!!rRPXo>*NW$j7wYO0c zZMU%`VG=d}Pd(e-c&0CtL`mHIyp<~@rR|L=z@z4$x>9ZKPX5U+J@WqF{O-^EJBMO}H>LJfh0mVHtq` zc;WijblrF_{ve9fv&8dZ#tL|!cmr%;F#ub%aP~jw0xt)}Y(w)X?r6h*XZ?l1` z-~A)j*ul6Mwf-qFrmHrN=YxzV!@|1@Bmecn^)FcMk49rWoZ%pnSWFsKQCs1ihFY$g z`PF)fOTZ4(Z#_qe{_$YD-Cch^eOz~-gm;zm`Ri@=U~=?eDlN6*$yod_Y9uf9*p`h< zr7?A)@j6pkS68i08d1d9ECh@+Y{d=m1I}t~XbLmvDp*Y7yTzw)N1TRf*nChlv6n5> z427Wm0{Dj=s zX(7G5kOIWwxkng>=-URIVY|v*^{!oTb}dD?)9{X6`LpUH_qA&$lLy{@`;bUN%fWCPT-i}V#h-BJ%)ucC`!X` zn+g-Ink|@kZ#3DeG?Gd#0S}l2G=EZv0bf=iPJ*N=p|F{zOZIu8AF?PIX9%A`}wQrmYZYoSy|AP?-m_%!aZj1 zn-6)y#fQRryK-{ZD=1V!AyEsFq{4!rPs)p8l?XPA8j%0w6XE?QORtcEg_T;NK_Zn8 zo0eca#v8*nCO<)|447eBlAUiy`lsX=vUDAtuLu00hc$58%HQd()_jw_qxK}W!`}o+ z<)Sfle*)XI<|C5($nzPGH1zlc>@DgugO4F!8xJUiwsoPa3+%aRt%KA8)KmAI0Ka( z1Hs`jj=@Ay^$@=05eZEu6c5F*&=_y_bDY8|8PreNFiMk$X=WI4BDgCUMs%w9d}J8Q z7{*NsD=%e+aZ@8@4C5w+h0wdM%rKTPj3b4GL1{^ON&AaGxGG6;{Uh;~WO6#dUZy2c z)?^)}Bo1<8H<1TUi9B7K$fJk6QS%hTCIs!OC{{_T8z{y*_|LzS^~gm&9;X-%Ip(FP zM$^)_HNLkV*NPSw_pP)C$OZaV|C2or+H})2fG^MB<(H&a#ocl9SEURYG*aPoDkXQf zE8bey&Ajcz`c`DD(ROM5+omRvu@LDgF}iTEU7Lw+;kufH3+;)SXfMq-7g9`bx|g4# z<`#TOX91oJDk?y)f3iGPq$>>UJQX17PKXRGWnm?qm-5}}42WTXdP6A&!RTkEFqwXgg$aje7O6^zf zo|>2pQ1y5w*cJTrcH_<|xhjT|5P%!EPr;1nkcJ;WR!T#!Jn5)y#AdHFj&^+udo?-9 z=+GjvS3u-Px4~YO4uPskXRjt5Zff#N&^^#0sV~|%uvb+EVT9WOd8E`t5RkV6r!HwU zKjitmG#xbID6xgmQJ=)P1PRKr3FA#pWGd|QPC@*vx0*pRsn=D<8DP)a^j@MouEs*U zZumwkLDRj_&Q>*N7zXz>F%0Tk3^O&xFjJ0UrZzAPPMc?#%Gbm&uYei-s14s4!_)}_ z#Bq#C0Req6Y_Th}@D%)_i{*aWHS4Tjv(AI#Zyqd# zxv6|CfK($*oM0%XB=sJ`_k2LA3SFFrLQ~lM7ZSttiSXR<;6~$`l%VZKp({*dt~73$ zCy^_Z0CU5Du^!F;OI3Ltnyl{8ReB?MJ8V~bxY}=530Jr94s9PaKao|U%{E^4F%^*m z4MRN7S&k&SodiViZRgst)6k5eMhpbZ$AcQ>qvOE~ut?z@D3vh11(@*p{Qw_)j|SNM z9qWcxT#dY6fJYrDxNHHs*zbijNZ&6?0x1d`nw;s&04;CYg0L|C1Z}=sZ92@*XPEwO zkac>s*eQ0Jw)*`vba@aVY`j7B{5;>D@cdY?;3y_8I~g2}Ud|7!PPXzWfQ4>oBxxRa zw+08yshapG;c<|@b6wB4{g~ap*@`rOPOt`z3owTB9zwHv<~G3eCL+a1!J<{~HWDRU+G&=2sm%Uo@Q4?UHe85LFAwD-S^+JjFg zEjD)|f_4=WMpB}2q?e7~ZPZvssU;I68&$e956&AO3aw%4L}~CMseI!Mf&vBoJm!iZ z)GkRUBq2$QxIxNa5d@B;ApZe9w^W~6^yQ;MdHDxn^ZQ*fq1?0rI>Yh1 z<)55{SO(ZXMjA>|q4q|eo=rG3Tw)am2N-G9C05UG#qLtB=qY9OGrbt6pL@eqbYMCG z34hOB(lR#>I@=njf1DL?>BRIM_M-Vu#RsICBT(<$>B9<_;7$xWsq7B!NIo=hrJ6JtfJ zImkZtQ0!>zje11#S~<>KPv}QZ+m~G*FsMWjO>_&jQEWH$8Oje*k9i z;}V=Cix-t*34FY$IfFC=>08E&;l7Yy%*Bf^{=RTqyPjTL*tR3oRO9%6C3)YLw?#;< z;q;dXZOGv$fGSN&=Ku#NNQl+%o~kMW^aK9nc;FM7e=jAW@w061C|++S2|@afUyvl2 zbVxli(Pyq=GxMCkLiLB9yt)VJA?IVf$JwmrFNz%jz4Z2$+z7FeQc`*73m?H48||_J zYGu&d$h=EiNUphdnaY}4sU)=x{)c5Mvv*^OCUj}045eV8u~X7pJM9}pP7$%-9%C|v zGH|AMS;k($f0iULHMW~6JW#Msz`6taF`g`bu$vl6Tb?c%o(&ziRwk*=#9z+-US;5X zgVQjNKpKA>mT;<=p zf{H0R&Xq4S%o#VmYNY(1;%qV2@pH!PW`LAd!?Paa{)Y+<6k0vbRK5b#n*0Yu%IUn3 zv*v>^KOqQD!lhE*n950G_t@v@ES!={4P(QlK`UVV%IS%v!HrM8qk}iFw1N?rd^g*R zTFhK(j8%c9X-<9lj9?Oz3{(mPUXP^{_VU93b|m?0;^gkXTE9MWl03p;I6xN&Q70wq zB$8sK(z?$zq+k9gSJ9XGEE*Ir?#a70Gp%GCojI}yLWb7-aSf$SaolaRcj=|h zGL4-L;8QHy$^4dw;+(}Dm866tv1zOvTsU%1?LHzpH^xrif^+R2VV0Zk)Hua^d!x6+ znIrjN-25IJe<-@~-^Er$UMI!(zv~X&G40)9GVofY4UV{HMTS-J2i?Zw&00#9QX^GJB@c)035R&UAcpMEX$qG&+z7 zQ2^PRl=xb;rWqldKie$AxJ}m-Vcv-aw-RAFyM`(wXPiD1FE|B+e>_^)@HrQu_-Wk_ zvAQ{#dj9R=anRocLbe~v@Fb6?_lQU65RR)eO;3UbcZ-KhtMOhgQ z!8*2yNMOReXGUxsVK8ncCXI*6(F6wbCXJRAKG&F`5V_(;0dBHUb$@*Hh0y@!=gR<@>;-;a};<|DAr{{80phD?u<~WmD-|m z1}LtEU^L`1YTwj`#5mO-Xl+ZT-fqsSx3o1n-*&S0O16lUTHCTVrcSQ^^%GBQzn@ph z8?Usc^iI5D=vEsi*YCT(HI-8^NO*Py^h+3W4*jDjEM?;T5L^{Ggu?{YwCE9au^nm6N(Zdwn8(qm}52dxY(8pNM zT)3TuGIi#%7zz-xWR{sNyFvdTiUSh%zPfV?o6$YFFhk$PVlOK5~}W9@N3ZMQ?3ol(rijy$ zTQkOtm9qv>x_g1BC{AB{u0=ktWiQZqS}(y`iHkxZzpMWDto@c2_zwxHrim(}fnbex z1xwv9Rg2o>Q9L9|$cvUmYHEjTRYI3xW)(+bzcn{Z(N-1kMmQ-iCV~{4AhRQ!h?A@6 zdX=nMyD$?Y$?8@Y#a*Q~Ym`)1y==fID%kK@T|nKJvy7${U1+n|Op=HZjFOs-#v?WX zc4VhfLea2HH(Me3H4xB+T{!_8mVh@Je!dh}ifa*w7fT~WDl&?YLa_u=uDQ^M?E<0c z6Z{vRQ~pWQ!=#%aB{P7UB~r?s(%5bxumWkdA_0#_rW4C@Co{4#Fm4$I2%y=8)`aXI zHCZu6AU$#h%-#tICeZ8cx-(coQb$q9Dwo6uW(gs2?h56$&=pB0Gyvjt4It)cYyjrV zxd9|KhR}{M>Odu15BQ7%0w&R-VSvHNC?*X#2`sG8VE9?2=!CH%BLN~F$(@9C5-fuJ z8&o1wwbIa&ZsL|{Qm>!O>05oMSu+%X!H35~%?a@uP~16HRyV9}lY%AXAZ9NknAQ~l z8Jl|xnHi2zCc<%5bi#v@ zCvGtyK^*3}9QR!5-@S#%XC0REkuq969BTtZPv!@6;u1{!D5fXlD6~fwm#(jeN8_d| zF{vLDLYG5A{6@G^pzF#&J7qyNu z&OB?d5;}QvDJbQ*rDS3gJQghxCU2dQDofb5$VkBp%1GgHsB%S&k|nAu3NjF*EF)D? zM#@n`)`0R_#GqiV#g9uzhY4;riC!_V&99O%&F5D~^9ZB)RrESm7L8Y!UX>4!j?bTvkp%u^BWm3Fcr&|gM4Ese|4V80uU z+?Ha>$~1rTG1xg~Gyt7fp3WX4hmA~rj*Dr-57krfGGR_UmBZ%bIJAQ_SbcJ>X zPBRuUK!fNUO23!?w{<>Hxn{)6$ zLk~?@;Zg$&ND%PIq#>d4i9&*Kqyd~HUK5yHVLrvq&voQl*HPd4K`Y89f||mkO>C(#i_FlFp5hG5QJnow?>3sGp;mww)C2pG zo=lCE@?|2q8Y_)fi5P~))!0MV&@rY{9Q8M)#r;aB{{d79yqqZ$iO=6kTKuOYJXoJc z`gD++JBY%X%iMsZfByZ_^+sEu3Yxzm`YD^_>z1rtY|tO)K`Ms>C>9KFdO(d?kSfMf zT=ycLzClmZEBe=OjzXgJ@`S;3Rf8kyBQ`~1zU({-?-KmWFw&CkEt73ek`^*a9y!UN zZ9FYhMnW>(Hs%cDwIZT!XT_6chWyS7!mHfTM&#IBA-%@tiYz%K6`+6+{gLa}e^v== z8QD>B|9yjs38x%fP*IOhpb0Dd#h{2NKZv|6zz)(C`HwbtrwGJR(a|~4%dO+@-FCO|TjErA2`#*`1`OVNaz2sTS;(U)B8=MGpc=8=0 zGJEo9Y)%WNAXOym=QCF%2AOwu{tiod&EFxv;Br4D@9#)%^Iaet{2d8d{?3Fu^LKEu zvUzEFh1%02H$2muxL52D@kt*+ohJgn=EZZr5{-H5!5&Q2dXO8~b#u2ExO7vfEPjeW zV?h|MXV?F5|5c1zx~=&^R};Mhh=d)fn!4z5iHj+*HPPkuB<*c0Vc`Os+^7Bj``^F! z56Fy!Qd>?@OG~{;Z8AIC!UWs$I_=^K()~E6D55P&29ykKmE9IEBVMxGHgn3|;7GKo zO@7D*?^2AR9cGjZg?5x?djI+rB?sbR`layPdF{p++uqI;{|5wS(D-OL@@lT(!RHlo%jHjII#6cEJJe0#nl)k4$K)3HY5%JMRC!XKSV9dcmyuv5u7Bu!NMDb zdMxmAfge9o?0%sPy=Sp<<7dOI(lfq;*E{z+1Yy{FV78ddVg|?&IagbaYT-^HBj5o< zxUv=3a-{=h1ftB9_KA^kSK9SUUqKEbH5?d?*NxCkDDS-qMKUgxMwXtf5FYX@eNQ4S z0XzG6@x7v&xoo9$pLt~oFQt_=NggCJEU1a-x+^Nk-#YQeXlcji+#czCz6tdbIq{Kf zC&aA$*oJ#y3${XLnvYs5OzD_baj9Z2DKcknH(|^gL@u?Kt0D!X#I*9;(k+&UG*^Zd zVH*^T+4=09tbRUgUMVOTFNGOmzW75|CBN4xSuoj-ulsI6$e(kx#a~)=pOyYASNe0r z1;vs!?X8JuRUEA=SE!FTZhisZm)|b_$uwYL!Dy+`fHj(*69_@$vjuh>r4w9GPXIaT zl47P;6i;r8f)JGwGxq*QC)d;z?y3P8)zcS$-Vr+cQXW-6jwNHXZ1pI!rZfuuj6Q%n$ST##ilwdl! zvO=3#HH+f$5;riNS+(rlm{l9w_Za1ZLui!^EE@(1ymjShzBC%4rAWp{sJJO9j!V)R zrw_QjB0g+7H_{0sf%Gho2DL?HN$^tb=!QKEy~=NZ0sY;z3(otpputoao(M*FxlN`) z^Do>B)yz$E*rw!m>GQWkhRZvMO3)B*3xy>mm9K*s!d&Q1`TWH1e>;pe?6$wHTC!I4DoXpQ+VF7?^ zX>?kP9zg}7p%jNfA$TPIqpD&FJwX#$%FKz|$VF;=Z)x1w!~XhFHa}x1DUti84WL(D zPK*$TX)P4q7P%uN&zudhdnMJXEc*YBUJHPJ=n_; zKo++d;Bp`l`g~^I<+8;Gdq`XUYe8=bATtQfpDm6?1W~c@8pZMj=?|Iyv!io}^vvh5 zSWO_CyAwMjoh2H+XfiC-W{WLtiJA?-`YRe>d~_N?jXTJEdQk1=9?UOR;*iOd-0%N% zDdzp{8VwjCI(y;(P} z$E#Hin5N9Cafu=gbv=p4a-FTWpb_!G-sr=2D27^klm!Sb{K3JrWx28oa_miLB{?+V z!yjhJHy8@u`S6E#)^TS13p?Gg$<~}j8T9^E09Ge*futGKJ}ihIq#%Kb{|%k+u9UwM z^W-j2p%c^yLrwRXZt6PWu*BEL=huFkR%-AUyZ31G8{*nB1Ywp zXs};bj4F`)bZNn9e5EzvVXreDcb3y{V_uf+`T>!>jTSaU+w2?CYw$+4PAUys9%JeI zvfwb&mGG8(rs=_ep4{eG-<)qOvhD1RW6}7!`_P*tQ_`53+zHdNQc=G7+X5|U{QlUH zGh-`{3~J|s%9&;ixQ9@4x0d}fA%Nz=rrVS+TML*3ChscNhtK4F)D|!hT6%BK$rH=G zWREaadZ~Hj-I>nyyM|TVEiJl%x15nclS&M<@eFB93%GVm&I#+RH**wykk0~T*`zQ7 zN}U5M#z{Y-f|WMVZ!*n+{-YbJ$3b+$+4k^e4^p_rXMTcB8z={v81VxDh}VrJzrgq}rn z6z?pccr$)EE=Yvij9)*v&7&Uqqm7>oM?NENL+*+rqta(?w8~?Ix(8v>D#g>^7`jl* zbMz-lkeiHc^h$fYi<~4D*Rn5AnJ-SmHGi83=N4;arYs2>_ed&7gr|;qVe}&hUMFc~ z3m=UBwIcmxG|Q_C zM%1DtH>FZWAl;M-y%uaJt?jWF#{i(59>Z?FoZtOAGQ<*MAmGvZnEPWIBz7?R%NS8#5Dq$?Ujh9nmr;>pbj%8UJ5Z2>5!T=gsFIXz^UaHVi?ZU369SnDA8$fod)eXbDYguOz>Xa` z@UT#lB>E7?;XN>;uDqx*8wPLKNLUllg;LU$8D1t_o zH~is(0xB3Zw7d%cnF_l=6=Y$xymY+JgP>JRqyzTw;(itN=>T_L<9>^m_cNXZwF9^`1)TvJeF#V}P?{IvXfwVMIiK9RkC)JW2e$jq$uU=NgxBmz&J|n>BAsCP%9qUu-Q!ClV~CCQ_qQqs;t-DP^1Hm~)5s_Yoq9kgZkaD&;Ub&B1IFVj4$4JUU-iMiIoQYipF=+lv#{tf$ zG#__&F+B12w!(!C-QXasXXOgT@zTVdIi7LS?2Jf;^vz+EhPJU^*OY+nd#sAfRs5xD zH@@``_<%lHK7TYr=*Erj_C zHGp>}M@mbQ{@C3!M=C6T$?mlGOm`1tmA+gkgxYg&-<-X@Vi#GHzV4gcTVFPj@46o0 zZ)K=?$wGRJc7(sZ(YplwO!Sz#$q9gX5J+VQ?P_@uO$zKGUmqED+f zjE*q(k=llMAYq|{4z-C+sGEbemD#``8FDYL*H{&{zzQEJ6ISQqGIMORdA1H~0s-;E# z5um!2yNnC(L7&{F9k2lWNdve_vW=m*BO7#)Fpq;y87dxN{QYxhfzEC{HATD;h^Vnz zTT{)H7KrhMb8XhB7&e?zW8XV7pv;CCd?WtaAg+~$2G`K7?WuoB-}K~ zkM=G}-wJ&+0KC=#mjGp00%z*?6NWK6->ZI>Ee+{kd=Nk^=GN2#VA=wYgeW;W5gUid zMPY-ce8L^tb4!X2jQOH%NeO>sg#d>It3bGT~XmqCqyIhciOgJqL@Qf#n z=F|`eOlnsa$l}co+f>d%fE}!+*3fy@)H5ohErYK|7R2J)(mprI1&N(;JsDrnUK zLxv_C7METo0t?cQTvmEk%uU@@_A88`BuH#)&gB;LX_zcy-`NsqT!=&LSWd3d8e<$H@Leg-Arqp$ttz3k=a30;Kuyrrl$3NF z0ymCvh~0Y*Vf~Ldq)y{GU;x2ld&oB~raVQ)QymZ_!7E5Px5~3g{CVM&gE&|ABU52$ z=#oRBDFzsV=}|D2jzpBpOmIPyL>bO?aGCA~A!Y3@)KV-O6aS&td~?E;*Z)!xnX=DR zRWxePwP@BEf@qWv%e-=)2|T-%X9?0FBGZ+!haaIkFa4vvpxZ>WRjA;Ai7 zv0wsjmqpY9rbQaUorP-`&#~r9vH-b|(Ue_}(kH(5Xl%lLHnPeBsR5GG!nNZfa^EI)am3i?EJBP)sB_16*`3&uDour#i;V$f0xN z3{2s+gjm^j*4VY~&Ql^$t)*=4C6y|R?(GfQJIYh_@NH8ScIAkx?SvNl0TUol$z%w{ zh&^$zaCU`W$cDonT-T&z!(T~@0k|gW?T2o(fRV?r5TiS`;MgF?B~Z%SF}#Ys1?6#s!c8e%F1>QJwO!wS5srv9^t7z)_?i zaKiXGXNYS=67dGs%~&(z3LQ6I(wPWS3g|x1Ox}~SDvU@v$A*Yauv_O*A+pY8D&iMm z6@GDYa{L0%gacgIN{@mCh_R5SDyHMSnhUt>6X{J1ZA)YnXwk@!A;X!HwS1E}P8sD1 z-5LDMoq~=D3<&dLdd=O|>m@9ucC@~h&dFjyT61CL1lk6+QhFcZfbC|J zO@KCH0sIy@{=ziZPuQuOa9!>}+Z$2Y1uU=t#pFMWV}K6v%l&6Lq6#!1k^B>ym&c6f zj@QYIHOpR|gLb2tDSGp+UoHIx8r{nE!zIFEC`}V9FQ^kwbI-4Zg4O>7oO87&0IoE| z+8NR5RRF@O0B8k7Ll%dbqYJg3MQid8OU^$8XYiTrkDSoVo4JVi(2C-oeO|tIrO8>(}G=^t^~Nk^H#DUcY77Lw8GPFOn+U+e`78QIE?jAz5o|I7poqO>pdqg%8DummCdr7MWDqwNB*U^vCK+1M zFCg@n zJj4#g4mD`?s}5-!Ur@ISx%CvCAZc7AuOlTzcY zwXn(|zF1Oc94$-hL@4B8XciO7lDuXA!=h8$a7w1aTr!C6O-(r~>Ov~K5D4I|nc8s3 zfmfi2RkyrLUfpM5)UJVx$D``*IBLQh(z zjV=+hnPqEh+lGVE@QPle`uS0+O+2Nq+_1qz{g^b-9{SzdqZOHCse*QB1t`vBh=f1| zG&rd?TefXk7aek>XUtx??HR<~RmI&^EKJyr6r0nPRib6hOSpR~m=oaQZu!bu^QEO8 zt{XMFyIn}8w3%K~{xAs*LkanLH&T-pMp_*c9dbm7j)a3TAv(gUL=td0ZNQ061~)I< z3NdRM{XH6_yhpqJ0xlpNso(}nzcsa7t;kY7jUKTP@@+v z)FI8WtwXmg=Je1wMQt@y6hi6<3bcirBKeX{k^IRdib9Bk0RfxsN{}FZty_cy;o8uh zNqCJ#SO8Uc_91;}G-L%4Q_y8$gAR^BOTpTh@gK5D4^LJcewcxVW6{@4gy~-~=T-&-{5XRVW{4?p1}PH} z-=ol78p~{#O|c#dHiaIxvME`0@aa*nE2oqof)h1qFh(@SgLJ`6iKGWEl-M$$%!F*> z!f{$E4jQqg9lmT0jk9HJ21F%2TgEwC^32#$3l+aQwnUXF$Lh3jK41;q+hxl?QYz;+ zn@0LN@mqW?e#-{7iQh(8*u-y{1<7F_V-e_*OPTS-Q!p;@EqEvx7nIYrjSGw=Rl<*L zm~)C0wyJS*=8ZOk^Av4MC=p`O(`MU(9(Df{lQ|0`7_l&AXZ=v}nQ0+f4G2GB4ZrRk z*4$)KKqo8fVw9N~Wz@CuG1?1(Jwc1f@dwd3uHK%gLc5G!%bRCGFZz)fIBaDu4Wb}4 zki=1Cd6x(wCmron{s0v!hXSZs0OYRBWd+p>_8CDZLSN7{oASe)K5uJ!>_MZkXiFl6 z1_7n-?zgfD8|*N!<0nwA57vq77csml1ZM~Dx5=-dnmYx6HK5^6|L&Uxk1Km;na!R8+uOa*)7^AOQ1Y6l7| zn`vmc1~8D7Q3oUao4N6>14eD6)X3dvP_Wk;jcb*ZwO}(QvQ=PSdx;IC%9vv;j}SrG zP}a*2AAZ53fDuIL+z_ZSA6%g7g)C)0L?h+Q)Zc_dIzNl8x=KvS&jWovxyBVv*VaZr ziM6pfB6F`yMg%q$Z354=BJadCWd&&1`)KM=6q6yay+qY~{*Gr&J(K5$A@K8eIBg(R zb9~OJL2h9Ry>|v(a?CNH=qQCv!VTG*%&#!68BYNzQJ^@&V?W#&N013Bgy4ldP*r-~ ziM_=UVU`EV;FdmMlug$(;lgN;_JS`!ss2uJY~5vnJgp~2v}S6nNNe%m*31;rh6`o& z#Y63F%^3tZ>SOZZU%r_o|Y&igT_xx zh86q7Gdq2ZkO&?p4mh_s_HHrHaEk4_Y>wOvn5aovdS00ri9fiuO?~jYbA<65J@-XU ze_qoCp`3Gssp6ZGBTPC#%OHx5FeSam5#$~R&%7h7)w)GT*m))1O#wvbk?7tQKNKBd zp__qcj^{tF7Gdjxb(z?wA->uH~30<7XQl4Ubvidre0; z5W~7U#;{D%I7c`eztog>geeBYj*w+9hB7>Qp z_&PCIbS(zU2DXX8MpzhUuo1CFu#d3_>>}N1H1_U`(;3Q&WlO5evlL&M-XOP*CNCc3VA>Y!3Uz_Y-4Dcksi6q|+qUrSp7gnzpj6N=R0P9SCGqVwY7x0lKUT zsJ6=bu!YSEp%b&!RZ5);I_L9RQhwMr3vC%%L5K^HxxTc6Y_gj_14#hF%9ws!U^*nJ z61$`dxHK2ok}4x7*berJof9koSx8iHf+2--f@KY)Sc?5k`fepUk`0d@gA??)oQhRY zNeEMGG_oVrB4Mg26YITH!*sfv?%CZV7g0G)`-xaf2>V`M;1=9aaWT;cqSE~~P&uPb zw#i1#|7H_BmR{BF7rnM_fy9m>YCNJN)to`XhefUH>*I;OMQ2{B<X2_5M zfHC)0+ov=G_M3I<#K6J2xu4c75YQ_%G>3$ zpqZ}@m>V1tNbj2mpQPRzG}OFbt7-y1^#}pz^0D__T_@OqahmIT(`Z}`M|)0Kn;z_e z3)U$u5Fvpz)qI1>S{jBnCY4rBA64i9*C|w@EV>XAgiC1dh1=WR*7OW-O3lAgn^X&7 zGq<-p{k5R^*LsS_qo=P|4{}R=0mkAB{(4>z5+VgQ1i;FsAR5=vC&g)ip*`_Ld@g%p zOUd06hYQzVOrLYC3l~1VAbezA7QjZ$w+IlHG)e_zYo+ARF-CuuIU`L%n}kh2hEUsT zD)abM{U4~hbK_nX2!~U_w*u?X8gSqVN9pC4ICQ4X^C#%eNK)+avZT-IWnVn`iIB5p znonp9YBzm;^M?)8Fp;Zmfu)T^$UxFqZ8RNN;OnXGmd%Jsv$+L!hL@zy)Esr<=7VZb zBopg~R8OBzjBn}*QlmsvLks<(x|AfwUdFM(4E464`G9ISe?b2>N{q4LHas=I&z{tR z^mAgF#y^f>xadUlO?oV7ln-`5V7|pZJI&h!8#KbvABB@KZpbBvAxdYOLm+^o#doFl zY|nLeb{uHptH$PS9kvCk)D*!#FBq&#jru8cs6xyTJ+YK8cTe+4ty4hsfZ<>%1&D;vEnvfMA)jdY0IH3 zL1g!b^A(Hx4kvM&g} z8FUa;xK8;Y9T#C`L{HlA^fXoHC~vq(JQR{tP#)+N)i`h}j)Rb~WBTyYL}1~hvT$<< zzL-K4RG?}o{GP|*k`H}73WGxYgy}ZsS*&NabLm`+&}Qww_oHL=}Jr!n|ENwv4L?0nGC0M%*`&Nz5)4$4OZ>uFyw_07SQ z`kW57>layOJ}+q?LK4J# zoTifCK!Q1*D1lmdChMWOGHMjnN!d!GN#q|<+$@dlA0u<+OOI5FD=iqa(i*6=z^L>{ zt+>)?l)N-bWDw5a0+>BVpUoW97qB- z4pweXN^Jz$diGeOBxsP_c&-!!av$dRN#x&H+yQ2^N*S5W5^D><-q|Azj&Gli_kIum!bSzNo0mmYLE{K6Fezx1fdQ3Xo%| za>%o?s%0W;^-Ub@%0$hs*w<>~nhwgx1IVcwmE(bSxo}n0Iojx8*Q4|y2qLc2%()cU z1F@a4V0_*ZgTkUo^kw<|&UY6DcqW$xPJ^3a4|fa4`3lnMRz}!)oqtWrF)vun3+nKg z*XGYB?0HJlixMqXc#+^G;d(B8{Tr^-mfU_s=udt&ecm~O+qMMD=PVIG z#^zo}=`b(&EOlcAwJw9Kp|ailC>zetB-K{)YD@Xm+5BogYf7woF5TH@#R?K&Ha>pj zBp&&C^FA3TFl4?=q_1bPC0ajhY}OCwrMXXPMq(gI6$})nH#!Ci8dqZT@5M#Y35Ny8 z|8DXu;$Z++xc#<@>RlQ3U6`*14&5iC7JSGwG6S&>^;KItr4U;~G7AvZDB_wa^{-TN zr2e0zBrPJ70UAF#k*-5W#Q?y)sI8dm5SFBv{aCo-6nx|e?smSoN@ybX=w7puoK+kp z1WDbsqZV$Yuei9W8>vNUKufV8ckNiXu(%n%6~hqpW5)|GPr9Oep>qJpP|&kzA#9C`Nwo6>#(Ew z{T7VthyWAMp!uVE(DpK?BojJ@yoLrM5etPsSyKP8coc)3@IVomLvJ-~4{%B~G2d^6 zsDK0zT_4U-icXl^3yY{p&sj3R=0%AyEwGdnZ+-}aY^hC)q>&FnpteT7{d8e1~^+M++%4DS|R+q#-X?A z7nR~7naNbHJh34AuI@h%M`sn&R^-~!zzkL5OvN`LOGZ$%WpceZaTwj2T?H=_DpIkw z|7H&m%eU6fE-3~(Tf^pEh*uw zZQbhdDdJa?Wi_w**~vbQXR8TBjttySs6ox6Qr(~4^r0~0_sCA&5?fMUy1@J$UD-xN z9zx;-#lRZBo31E_1Z8eeEI|=^PavTCMlMAn1p`@mKDCmUmuB=|P%>rZkOFY|yoX$F zh3pc8>@m4bw^KxKnD>GkDA5o+P|Xg92^w#Y$EX%(RC7ZTJhp=nVhBIbke$#knhHm- zK?O66W{r)Cd2wcA=sDXrL}ihl%jwh3E~pLh)@e??Fl z!7RljzNp}Q`%_%jfAK2J-t?b-7vK69kDCHnqvXvFSJ@}GOvHFA*%GQ5k(T;9 zpt!N6Aj*XD*=J?`3}P^c-sy*aH+od zG2xCzICQoXqJLB*3A`=k{$uX`(FzMC=+$W~{UF7CC(>HqBUQx6i5Lx7-cPnGhVd#O z+gff`o9Pm5t+frXVq`^2x1hAy4NI2Z5MYJrsg~ZW+=yk-+=_i3t-42eGqyn5(r>nf zxU{H`8|pwO3@9Drnc?B%E~+KSTMT5u}Jqci$KDqWh#{7&mOatTa|Hh)RD&FEw(6rkB!KF*l4BOcrnuqjBYY^)NzAG!SE1<({4@ct$$-o*KhbQ3F+ zuii-BA4uT2nzkAy-*G^IoF zwFv;7jXzbpNE&LZvdA6-J-HP-aFhwhJ83clYwKPOE>}>Xg1W7U-+1YmAK|SC>I=)m zX|Xaq*nWN9R=bzDV*{opu$4w2r>Ut?uAIRk6rxvkXru6(LoB&XT?-5~iUn9` z{+5 zI#Uc1;{4F{By9Yt5osC1Ekq8w?=?1*;%RmuH$8~pjV$zN%s z#6a-S4{ zp|<2=Rb_c3B=~(3GS@tmRd(>uAPK86c;KJ%sQb!RJ-PNYb!#6D${UkX+|U>*b(lVf z?Vwru)ZF6~vzB2bt)r})Z#Tn3z7M|LBbSS&8^2SrO+#WJ0WOt{93w`o5}$S^{F_n^ z;WAsd1Js73*K{fp4hBUXnA+rIW?xBonxY3~(uh)=wPWtZFrrr~m)%nkn>S&oi?c5+ z%N*Ao`mlM@()I-UhO}5mHZl{%irIqAnu3y=|e6EG_a|G(5_6WeX=*AcV<7X)g!-+8? z5kV2Uy@f;zd}2;(qZG~SmC20F2i?x0K=K$AS4p_IQEI)-Aqt`9a&<#g6rXUZA_X^Y zA4X-7b0d6`(R&8*B8gw0^7TLLCd80nycb}Jt9EH zm$pZ?cb-RDDM5g&QUu6WO0FdVvK|pJ*dqeuhyYoS2$1a&0kTajGAzOhV+D<2S`m9f zgEmHU87v~43qOlm0Y{vxd_H~|W2kfLCw@MJ(^ z90f8t(a@!PRnJ~caA4DxkE@$Oky^>LKIb)Y)KrLxzzj$y=zl1Xhk#*Q5EcGYXi`t_ zJ(oVjIZT!Ssi!|hq^RWwRN+87oJJ;>Y$g_u;9R;QPOPUVUNmK2=&>tfj1Apchi|6C zau@`GQWjO#Ay{J(M{=o&mt{>njt)>S`yq!kWIg>Mo!u-5Vr6L!SApS48@mbv6#{iS z4q00Y-OZf$=9szR|^R`e?MTrEfqKcgx6rb9AuMMv8Q zo~=zUTZ#@auqt-^28>Ch?m0`QSeY>yAyHoHLEHrYxfQFl>{C2mV2tfQSc=M{?}%Py zon6`KK;&L)NwFKGH}u1v(!?_?7^4gYD%%p86(odQT$i;8C3v*$ryHa#S zQr)Fe8+0%*TUCL+)!SU1Td64hsI{AJU6|pL)RmHd140z=x9$v_ACI7!3Vf3m=kA7O zKINLE?iSEV1!{c@CjXiIxD)Gjbc9w?#d6}@Vf8vb$6?k9*5u}5; z$9|hX?rO0-1a0j7aao((ACDV96OLm20{4S<^8gsSEJ!{%jRZjweRzu_5d3f+^TdN{ zI){Ew;T-y37W-vKtT*%H=EL+O#TV|Izx$2U?ksLcyDS}{1;L12iiK?cAEJHZ2G7Ci z$DC{PO*k9>SZ{*H#nE^+<{%~!4jT>%!ZHqi0B^NMEY_97LvF;KT3v)PhSzkAJ_!uS zuos3To&}Mkq{)Ua0Q`&r`eWf}HTF6lO_od1cv>hd^KH;rXlCtVwv*w~{e3L_Z*yOQ zckG*sB76(rSx%^UG%eZTJo0~_vmeF3%{bYbTgQ#X{AW~`G3U`9(+5e=_z!VZ_`t~H zsJ*IxNA6LsA6Zlpp2cs%6j>9{6PCT6b(c??z;_{1Nf4rgZwhB~^VSXg;s>4$p1h$rDp?MA#!XBl6ZhNKxuVG^jgA zH>@mtTVOjjC3}8kzoUKr;9h<|Cr2XVJMI(vK84l{dd+5!&_mKa*`vhPl*S3=!4?pE zj9eXos??jt@T3sGd<~s!9H9e!==~&DSDf+ z?I%m&6q~O-*HKAaCzdVihx1|KTpT@)IKwgE59bFnOkTtGq(DMaUPPK^nkN=orp?4V zSh$JB_N1SVN+vXm8sV4uWxNgN`nRW&#$tP$bNczHVERcqU^LroG%Cw84m#tB+#FnAhA1y* zgacL98O{?lK*R&40nOqRLU5i(ExAyH50Nt>6>Jfx%+>YBou050;fhhVtPC|5TT>8p z8y#~)3?iNBk>BF%aC{XdLMzEOEfQ(qOv4fh>ukqur)-w|1{~yS;|!DS#(IRL#znDO zS1MO_Qn1BdVsh9>=@nrUD_Hs+o~++t%Ts`aLdB4qO)*Jk7o0R^eM-`HL#(*KT zLfgJp+jG!*wo;53MThMv{y^oDAyRlF77u}wVt2Hw7Kd^xz}cI?RMKm~Iz@EMwtnDJ znzl{Fc~U5XgoT?zx(Ht|f71%_6$w)(L`CKHtQlL4!Vt6ilu~nGP_ra$`w%(>V~7!< zF@;0{|62AVXLX#@CKBSb-x6SSnYXcriY?v4$UoFHM06f%l6b(F62vM%N6T9CHw;WI`qVGHzHzURp_IQtqz5a0I$B1zxmJNSSK@tM!Z=#N`X=v)Qg8BK;8# zC?o@JpzYS-5t|^hcs>-PSr#ZyUXqMQCxGZ!$hLGBq&IbJPe46lt7Va4#y~V*;Kq=E zukfb8jfx*Msnd=eA}w{Pri`FW9%a?Qnwn&wh16x-xKsRyv$6g$x5*pg+ws0cw}9*xd$WKT}W#U@^DrQOtV@a)Qr*E6@`M zr@EL_ed5-Cals7H|DWs#Njs;zImB-q_=%u~LluV&5%dV#dqJAT|S;B%C!(JYtTLMHrQKIhoMe zL{!9;$=HQ+dN{8~nn7!`3mk)+mOZU4aHW;nf!J@Edk>#SCLNG1fnr)B@*LHELcN)$d+YANF`X4!+r zdRPp|H)bw`71MgL`{sGp?mMhq*|1ot7Zy>BK5{0B#g1o53+{B82*1RVmhF(;%NKoo zbr3xIb%cQLgXamgv1AG8HcuxoHKQ~(VR~FhmK-hQO7Ico^4VftdG+UUR7!3iCe#f* zMGDyx+H={G;9A*|2fu2-#MSkwZb>fm`b+bz`cn5)f3|;V-(Wbu zZ_uCHw>rDhom=d#oVm3>2=?{Y2E)01`;VNy?bzX&)5mT*bZY-?vj37w{eG{1es-xlf6vAb49+&P}1D8qMuNY#xG zhiChp*?B+Q)3e>B&U`ZLC1*M-o&M~wldP?D&#iS5S1h^ng~yXq-Qi$$cCM3jE}or* zXr1}x+3w0Kzx`FOzUO56g1cV*%Jc=d&p{R%y7!fx!P?UB`0=%s3;o&Ey*J;R^j4DD zmE>Nazc&H;wa%!|3;iw~4$pRyQ){PBcltCiKRaZE<80II?aSWl!fN#ySr7yvfBNsq zsw{O^I4TC=&dcyC#R64MQbgY@Aer?uYajKNM=WO`C~&wXL)saNexc-R+cU$r{SH!CHP@E z>GhKVwP(+ClI6~PcWt@wZmHK>Re|n`YfTti>MnPO$==SbXKqafmzE*XVxn?44lC!fb^GluXim^Vetga1{)!F{+a%b2<)ZAn7&9F<~NpEfF`06#Ces86h!(}Wy z=yVpvk!vfu68>xy=hk||S&%f>>CAWLt=D0%mn_Zp&%l*~-dZ2-KeaZv)VbK1TN~!} z?AbgB5hCaMy}@95zH=U}!~hu)gYI`$1SpLy&#qju$Ab)J^`p1+vbGGtcniZ=$Gw#^ zBVu(|7-)ZO7487;wbfN)l(m)4#Z_p=kUJ|3`?QUO(d%-#vn*P|3;o_1u}}{w>nEl% z)>h__^E17E_cf|3Et2f*4gA&3TL=aEq}xL#yyUKe^&vV=YU4Qgou|_+YB_~EJAZz5 zWlp8L&_Wt}keupV>H#t!b^DUTGsCl^Vt4jlrBYcTbdN8xu?tvlAF83-yT_W{cVTwW z9RUe!jtwrH?LlRyKxUEU{_^b5LEoQ+2fNFwOC4d~2}Zv&T1a=bn_yCRW7oKPj*^Bn|bcJAC7@|7&F4LcXN8phz# z3I<4T_pS8qajJK~ST>iX+-k2o=&kJQt(fr>=b>d(?Gl-=(8*lqc%314jwiB0s7IS4>5;BZ%O)VE6IiK@GKT$%x*mY^xD$Wy&?;02l!9*1`sQ2_tv^&viqJIw zEp=}upZi=?lAIgI1@)7?i_e?Cw34JNm%hamySQdvX0_)EidVAAdCd!FMF2z=Awf%= zaYb)UvKDU5YRqAV>1n06GL4~?V%@6nY1vX?UW(Ci^Kp+f!O>mm4!g4W*8eS@-8Ujo zQnos~WYV>IaNn)B+SR_E*i&L)PDtOHUF&!5hAC+n_Rz)I*#V-f9g zU+ey9{(g$zZTvl*ze)ZY{#y6j`O`a<{RaMy@%JqLp2?rePVkqtuV*T&Kef4ozZ!qL z_|r4>`3(NluKLim%IR8v>SJHI|flq$Pt6?ikn%Uf7e{<;WB`Kg%%H z?|@_ZE8^JTWpWOZ;qX%M@{Jx#aCdJ1g<)=-bW$f7tj(P@10ti9TmAfv=gHs>F{pDU zg71(s=ggJtq@i7AI2m4A6k8kah!QBCriWEg|Hiv~)=7#Y{#&XJ+RD=^1Ge&whX zt_H>r;e?ykR&pPRip~p=Q4e0Q(GF9;=(6~xgBNBlk73b#o8SdSrw$hm5`d>pzks^j z%NQ?g9$@eyxqP@#1+Oni$DFv}`mf){|Xj0npS#!xXdm<&%x5^*PS!?1h0OS664v-6aGiM&K~ZdV8X%*)jKxpSE=x4kLjKZ3$d4$Oh4DUK<^v-HM`28m-4~^3E6Ma> zLQxQX6eT)1m(OdV(STlM$di!fVOHRu398YAXtlD7JN4R{n7_ZJHsC= z|4HFR$KN-Ftx+DD0c8I>L+{n3>RLyHoRTFLxx+TU!Hd6k0)6w;qFyQ*v3>sa<9@I zK9%tN=eM4ZJ3n`}GngF=I(-w#d(Gk`{qC8wLp)2%aMTlmh||O4N!>j^o{YcO3txg) z`tQ4vTllAbOZ|1p>-O%g-?IPW{{8z8>_52w(Eh{wkL;h>e{}z`{kI+1f8fA@g9i>B zIDFv9ftdqG4;(vi+rj+@4;(yr@X*1-2ag<_Ie7Hov4giA+JET4p@WAG9XfpI$f21- zM-Lr4blc(mhYuV+c=*ua!-tO?o;iH<@Ug?U9oc{6z>$MT4jnmsAymMgiok(eAzxap5X6dqU3_~x_cu((?U-@a$&50qk!Di z2+{}Nc{OOfM-F44#`PER7yCc?hVl^gU-n*}q5jM6_5PbE_hNp3hCg|sYuvwt-{<3k z?&0@WxW9|vA1FJob24=Azmd-5{p!E0J$bhJFT0m_nq|^nM?GC+VByF9`#`yA-uJKat7o@U zjwAen*YMZk@1r~y+#dvo8h3Vo5aJ03zr%Yy|5JWN)9n2munCU8;c5uzr}-{@(B={tzQME1#p?YFxR*Y!o^Rk@#=CmH zm3x^>&*##ni}AdQUx7d2SNinR;Qr^h{)y|~xYpE}XIuu?ey-cNUdeTW>$O~O;`$Y? z-{N|j>o2&z%r(_$V%pr)Ucq%Q*H3c2k?UcucXNG&>rc4;8`s})eVglFxh`a`T*2jX zy^!l}uESif=XxvGqg;=3;g|irYiF9;|6JcxwBx({3LTO0m*497LY`%;s^^#SERwdh zq3FBU@GIl^bNtHudW>Jeo9g{$#rTSj@jS za4&FG&yR60^?YVi0muK~SLTMkxqzp7*8coZLxe4D`@E>zI_ct3G|1V41LqJMY1g;d zGIP3N3$^D_{WG0E)3sYVuXvFoT2RwwY421!I+buXJ={VZ3 z4jPA(jrARY<7h|t!;b7#ERBuBU9vil-$cu86w%g+lcsTmWxIH91)UwI{A7pvlO9=I zLPN!UCNHubs?{)EhLQT++_jB3jwWs_OR|w+!=4_Jf;zHY*-7$y4j${!izm3Rw3Jei z=do{T7`78TmJ$2WcBE`;-EwC7V=3KxV1a zwXE3oV#9=qbEB!NDBH9K(ZUhc5O4rNlKH;pT4@}+MmL(C>2%~<=f1^*+01O&48^0* zt}UMsk7ZAFP4$d!Tb|cmJeayuX!;7N=ES;4`pN6;xaH0rckVc489U-7^&>5Awb<%t zwa|U;xbe;%z6hF~gBj4ll4hA{+kqdazL5n{^Sp}5LMIOrt83+6V&|q4t(Q@AECtPu zm)tN4qVCa?t=9EtGwY$u5wFUe9bF*DQaMjOtvAUDYUFtalkF}&-&J8zreWPm{T|e4%voy^)bJGef^+4mi#6jS2vTkT*L2NnE=JPI!ZFnye;llEq zFi*Vbf*%*C6n4{-_OVk(-Ji96o)QW$0IF+uodE3iGdt-zrWsvm z4VLe|T=t1gL(!@Zd#NV`(_^QLDCA~w8i!dBMq6aYxe9ara^u`GUJ}3RWqEotJGCbS zRoe<7MO%8}zT7gi#ZGzOfwXoC+@|a#=_Xl{x-Q#+iIvCEMQ4V`%moM>qDy`NfX1HZCT8rrP8uUd+tHi>#yS=q#0x<7LRvWZP+nmX=BC>kHBh}-%C}RU$m}MW*Aa{ z&~vsh)u`?`f;QNWwjiW0SH>5}upgGnG$P}e$wU|h> zwFLsnuarn>Iog#pGecR-ojA;+=iNToP{&)XG_lrcL2(3f0PVw<`&kxSaniL-P$6}r zor{Ad`u>U%RiE?*qtz-{5A~v?R3}=k8`O4o0sHOo{YMt#tZYJJ!y;xz=7X=fa00tz znin*i4hhT^6&6c31d$-wXqn1NPHY48SHX>?tfNAzC_J=jg7 ztNf}`S3z!Cx63wZ391(_iF#1xm6gO$BlKvl?R#bx?RKk-0|;psO1@5^(<565Z)=!w z5Q6q_1>NZC7n7}Aiv}@g1dmdzO)Hko*n%cHo?(T#<5;;B!3R?$oFqd!8fR9pKf@Gz z*}~=9%x_eHPGUoa{UmC=^82h{Xi2c>63;L_*Km@+Ou}f-4@vO~a!2e8Os{=H;pd$U zs9F$1g$hep4$!4&FawZ2_gq#n*YhJoDE08VYMNbkZI=#o?m=Zsp4boVZs>L0ki|I9 z)5!c0@_5DCcP@Q){mS7;y%<`Xrd`iY%`}cI=`F8dhzg7agIcW;A$xXmgR4N1tQhZQ z9AKQdLD$X$&q#dB4E)G`0mTa)6ahf>mm^%dY4q(f9L2#415eX)BM!V&mNw{*ZH19j z5mJ#w!oDm5Rb-hz7E7i$_VPT;Ge31RKQWBR4a-`+!k!?wQyJ;qoY|PJg*~%7vN|4m zWJtE1qR@qMM_#MUY8_lG7^R^FD@<$##&F!g@#8M=`TGYNXtT5LiEww^qA5q%5neJK zwS_VWZfYlS3_bMS48%yxD7d;R0}0SHA=;QZo$RnF351!&k{zUO3TG0!jv0l|8%XVU zu&wAUE|JjhLWJNZSxIffu<~f{omE2mUV$b;@8U7jSvpE@chp`2MA~w&Y3PVGNhf9S zI|{?t24l(c52R?=UEg;NJB|amxagXfmZj1`L1jl6_Us7FVE?JE;;s}A_Hso&or1|y zl`b9;(FG193E=XbJdatLljz!OmIGV#qea`SLRJE{0w&k-LyP6fLo3e?LL5DRV1D%0 zz9E`Anx?FrA7Rk7vMdP$Gc{6H=jey->o?aGc6`Y%CQFYs?^Rgvl!J`9>d97X*(z3& z3F#SEbqxJsx_K5jIihpwWPad9FL<5s0!j!65uf#n&2mTp4aq;3Au%1BrPS=A1YsSB zgJ|D_&n*c4!KFf9B1X9t6mc5Hwi!BZf{4y+j@qwzF8iUJ+zgb$b=KJ&?$37F+eZ-s!AcyQ6X<0K|~ zCmfU+!oQ|gf{^c`89}}_Vcu^T5GaIO=*>)GD=S+UcpzNQ;^8c!ERMTM{La~hOC)^%!8GF?#8(n{qX6Rp3JqnA$@^7Y@0!vM=#vH9B2<+ zB`{->F&x|uay8Q=GX`b7j!7_zLI$@goNgU+eRJg$CCA-RezG!bTL~#{QA*g6(F8n2{ zp`W>iZ$)>U_xyKUh95cEw6o0RH@dSL$6?)VHTx6a3E7qRvM!>2W|`4Tg)tU-F`VAC z_g9KtAwO<~p)sm2c-s)>hMA3O?qv^kR%@u7R!bFx60+cNdmjhM z%OIz^f)%!MJ4}LZf~ElJVIT(h0gQ3< z3N+UzvLgj|_oHiyhf-DjW94J1seYvhi!zb}EpUz(;&7)YV}jK#x_(q2>PTnLu6m~9sEt@J$d2OA&4q^rSstRef z2Bm-DCxesm;k=V9z8dg62TeTESe9e`f=V|^fBFXsiw$)XYR3K-40~?mA^M-din5=e zM?&{m?vPc~4_z-vQ2ZsC%Lsd2E6U#>oe+j+U;Q1zSEP5GJW(lx&Sx-O?2?i+2>skM z6J*V(tN8mL2pr`=Sh2<0&L&8bST5rc-J|&X9|#D2%~WdUF55$xVrA$bGCMkOzl_H@ z%#SmV$11pxdq`KFo%pdCqc!YC2UkvZ%TQCenDI&^E|s+?;6fvHL!%2VcbH9wru!)m zcWHw^ph;It7s>z>v`QNwdQtKD5f&H@dT@d-V@N1u``FJjI}qcv9LLS*$nj^h zo)I!&9(K(*HL!%k`VI*_Ix2k9v(_?mq{x?}T1`U>{Q`_?;JVSVXSX{mF{{fisRh3R z(;Yfi>P3sQDVCz_S*i8&xNHNjUbCXtDE6J3&UbY_fE2Y-qYdh zi47%pfcU{CwnCgGhmuBF4h&id1fgNYsT;7|;i!ugadKR=GK=Y{$?QmRci$RJ3$O&w zibeZXjV>-muO82i$nX8*qB2`dUo%m{|L@j_YYqNBZ0VgkcK9dOa)0pE9n25$0KMnf zPp+>tX1!Oh9qU9`0z7b$vIM|nHo-IigV_^#Ws2}R{nCMNeR;9^{(7C}3yN1S#0=r5 z^exL?_AC@0)SKm}o*lwZ>tl+WeS>g2a?^|^C=+)d)Mh|b*$Hg4;`2GK0pWsHU z#vfL%5cJ-r!y%z#!dUazsUttHGsH_LkCXNn^l^E8{Qm!-Zn9Iy->y&cMk$!yp-)%0 zofE&P5@5Rch(5vFW9iZ3kLn^wEz|cxhYM@pPG#*2k{M_eQ2^zkg(4_7{OFhT>sDqB zi!InfvMn`9f#{7pnDJ6d7jXl5(#_%IGn5L^J9W{ZE(5?S_GSx~kz77%Y%E)0HL=6Z z!Z7+}{mg3W%!@NS_S`NzJ3*Kk(Ytino+zp+{+dBq(Ex`^bz$tGg7)3mv7yO99Q}%} zC|lp;fZiJ!K1`mb}Q=DTI5^m2E0t7RVHls2jakzp~0AMj}0Z zr)8v=cOVsGvYpu|tAD-UkCISqAZ&)tDi&24M1>EhY)i)1DeDX2WQ;INx~a*`$>QjJ zYPyZ+0@I=olotLTY~<+-cBzv*77HUIMi~)CzoGvapnA6A3=7E-=McQ# zm+gdv5cO`3?K=8oH%XJ|KkBk6p&(E{e!9rk25;6)JMqK(KkgA_GOoFu4N!GVqQ$ zxm4so#d!$iLW#$Gl$}-d>Lx7W2Xs-4^|}*%Ki)*Lt6?hJ9{@O&o^E{xQF(vy*ZoyO{B6kr81mXIN5f&CT+4OjwYA0CmZa7^zvC-l(__!*NjH)AVzq9^t9wnc)UMRrFSDmzh- zw&=HX*`VzWxiUs7=0tB24vg0=_?VoyDSx$^6_q{G!J&SM@s?o2+(JKXV0My4zpV@3 zt!n5~9gG8%$4S{rW-2yDf|6#&zB_A0fS*SI!TlZmJZ-@;gwFt(gFkuFrKP{Ci>8LX zLRm})+EjV)6&83yhIp$<7Wjk&nU}|G93f&D(MR-qDB3HOSp!8^^G782tTI(vAy2AW zmTSbBv~)*~r3oA9NRcs0g{~9*o__FIt7-YpdJvmz&0&m}xPo!fNBi_&5pxCNkitH- z;gSs#wVL0JbH|T9ri;$Az$RMYDkX~PU@4~Vl=YcxUZR4*`Vf^OTYD@CdG!1G4ZV!? zM}I9_M#!yVUj#emkspb9#9 ziW3uxa?E}?Zr(Lww7b$N23A7Rf7Zn+m+f%D)?{(9SP#zzJ1yZW6Q5Pq@Zq+?=&8Xe zL_1bn(pIQUyO!@8*i%|vJHe*PivFm-s1@9gS9m*_PVvj?hUlRyuTOa5~eq4A*B<41EDsBwiZ*u`avMsx!})+X}!nwbJ^f=f0GSN0*(l zE++J?ZKlyD^gBkDyDIxNs#Md)O2o_YBf}`yWC!g}^mDQ6eCcuQ1y+z!W%N|8FrJOm znw7IVo1%Qh_U)7BRKaLkJyd~bz)rfEiBglT$SnHPb6N~Ww_s>75M>-vG#gk-pAtr& zdRA8A;S~pA1Y@0U7NR!yObnVQ{&0G|woc?Zb`v@rnIN_!`sFv?c4tdG>|2#&+`_n9 zo%F)4%u-&vY*YeeRj$6*Ps(>OMIR_&V5;}nooAJ+Xjr45QpyT!Y6>|^Y~DNUu5-MN z0(Wfxh&+X|qqLCmOQRF(U}oKXJyQhZd#qq#;+T4PKKjx4g)7TI0zS4l@!WL78HRN7 z@W{?Djih=?H6^20hIOMC+OseMnR=T(vbO)1yH(TS%JC>wQ3JwuW!fkkSNQ4|lyK(0 zk*(>iQ9Z<6X6Z7($W)y+#HTMaLw5pBn={ybkR4z4$fDWnM}RyM4gKq0`jVGKFS-*% zOj72sk1zw{?&IhXt+{K}QU=(`!A%=8xbc?T_P1~8+}?iC&DV9VyX~c_WD{WkbCX=8 zB$TXSwD#JwDA~E`w%c9^TnN&(7(m#Lk0^_}X5F!oz51L9l+8mU>w8Z4*{St4ZK8Ez zQK+RpriiBY_xcn{yzEqpJXo6)%e+&VT-55c&@0nrC zY`F`fG+bE94$tj8aPs8wrM-Lh+=BtysicLC+MXjv?koN*P{JXMgE+E>ox0e{;6`x= z2x5#Ua@z=y1M%Hr8E2mq7Sb|yjR_@8FEv|%*D~gI_KriGLlk!x412*gcdbFOzd$|5 zQJEb(Ic~Hpqh+d>2}&0HycSYkntsdBUbYSe4tmK>H;={qV`*&nOmgbT;e}$I*gbtz z4j|yPlvDZcb=XzQp%)AH99c|o3g5jBrj!#XFuYk1r=6wUlS^2l$86p8W7jT#^U)BDd-bPg?ngAM(iyt@hT*3+iZ0 zMaRi;Ww_I^<|%I_&JH^Tli4X9yl~r<{@_^1n7zJo;PerFv&zSrV(^%p@3mCqxMW$5!oFsqNOSti zHuqszP?Vif%yO-^v8qVDEUMYGtQz$Rx4}v>A=&n-us(JbK0gch z9gM4Cs&7(_D`7o&tN?YY1ohyt3eqwGqc+?aUT9MVCaHPB&Pb7 zk9OHcwZVqsNE|%NeJX8>tQ&xU;Ynt=8UpE)#wWc*Q zr_Cf1(|~xZ5{gq!2%p=l?U~c}fBVya_TbY`{L)AM5x?Z;@%-+m|MJ0~f9P*M^evt* z=lL5?J@V#vyyf#x{sYe!^8BS|KJ)%xf9v1=_BVN6M=^v1+}7MWr!@`ElW5dxM7(SI zMLmrjT5aFT|IG{LB@9#hpa1-^H%lZ4IS~I}zgMrGIe~i@QGp~Z93hW5@13*yxmRJG z<#c{Ih@I!z>HvQtYe=X#g1yw{^tt-2geI&>42`Mwztox+YBTMRZdN}ZQ$G?`KwCRD zMv$t;*i8F7DhXxIaxUo{>B$y|E5pA=Ik%^n+~`|AJGV8}po-UL5y4c8Jrr z+hFeDd*{YL;+xm#^ofLWl_*BF_U}r=>qW!mAaddiNW<&WfXn&$(m%ZG{o|g-oBdyX z=Jk*LpRd33;jhuwjXZzz3$K6l7eDjGC+B>cQs4ij&wlv3zx#nlKK4~UmnB_Vl~g|K z(iQEeR;%*co32p>f9bRD{rzX2`23U7$x`xHzwkG2{^S$CBo&nfZ5UbbCsr$%wrr*? z-~O~-RPfEGe)`Lw{QBoV{H3yjXP$oVm;d^qM<4!nAM}l*YM5glacs7r5~D+4o_U=( zEHb_7oZv3>VdmbE^rHQ>zxt?j<8C1ZpL)ZCfBL~kKT2!1^Z3tSdHZ|b`1m6q<8dpG zfB)IHKloP_sEzXZ3xD?hcYN)U-!4Ga+cSsSR{)yUgbFEin2C!TiMUb&f?9Ld zBU)Sy%;FF82B4Z($XpV%Aj*sizX18*c~ZjZsOP4{`;u1#Q>k95;JpMj(Prj*H3$vV zKp28P?XBpT8q{yrh{d2N7&r+W1^t3%5%qn5X7Mycv+C_fK0{17j>&I7AYj+$RFFFv zky zbdMX?KzYG40YKswGEc}&OwDZ|7gfuf{}1}I&ABC)NTAA^5Y>lS>q`t4{Mf==VNOVR zNmhR#ukDl9j~i{Z3bT4PTQsXizNW{_C_YKBH`=VTz7^D>Z0o~9!9kn1T_82K->!Z> zTq|mB9^OV=t8KMv6u1u zmvhZ=&2w$%x`Jyr*VSAtE`!VF^0<7ifNL+;HC)$nJ)i3ZTu(_y{fYefr2P4`{P{0L z*JA$7+)?$IB6>278G*Hjni~b%i+-D{Eof`k)^v^KT^EGod7T9KqG5YAou4{^nq;2W znCFnWKh+C5C&4#`l$NDV9%^oqyv=R86fCy{dm}qE=YUtcOYU~n@Am7r7w>NONTlA~ zl`IIS6 z2NhGi-jq(Om#HP>6ItL~ggzEoz%y7Ep|Mq>IbGdNN=h~H70F}-6^Sev4jFl*R{DJw zEGe;taVT))wqBXA>1APxs5K5X*Qf#;WqfK`u(V>3;JDn{?Ebko&hc?_D_t)9pu)ME zdw8stR(cC0W&vXibkLW0H5V!i(smh9~cgkqaX}h2y`V&6^DG>xyV92a&&I`c1>UZt0y;vpW z9x78Lf`EZPGA!ULT$UyPKrD?+gHc8*v2uKE^X+Imy6DSWkbIk8oRyw>Ov^+Mry zbBB5xfg*|^PBrJGL|I{rveh(|8LK`BxmQu|gr60LPlkMa4a@4>xZpe-iALZ|HHT0? zfKC$lX_l&l`BbD1GEj66uwJ8Avmfg9tGcY)Pt|K^EnW+=K(CAy-0qw%Wy7l$-2q;Y ziM&UtuVb+IBhfk)CoW?Ad>M;!Vr`8+mLVbD7KsUxDbz?>rb)$=C?tvAAXlS#r5Zq) zUXntArXW;d+=K_78*5Hf<5B$1jV;K5a+05E!0=1M_S58&B=LE2>-^;VglGspNFi`( zfWigLq-+vXRthO_h3Bc_S?@zh&ou zqY^U@8jPsGyh=)iuu`L>R3lzi1}?N2aTz%2ks@I4=x-u&E4urr4!Nu}E{gQBtTwN1 ze`URrZj>HinqiwR#9_Vt7_w=L7ytOJ_X-n#6{6X@KlR@CJoEK8iR3oV<3E1kFW>yh z4}MOm2H*qtfBUJ&|LKiy{rr<(hlk(5^H;w3nfLt6TSHjjSQL21aoc%bX z-dsQPDn-vBuEJ)v>rJOk)7z5-XKFO3x5=@54xPaw^Ei}DI%Ny&fGCHaW}Tym_NTrl za!mV*rh73@N^Rr`edOVTUjVtjqi)IgEx7@=|3;~LzEek%1GB$Xu)z$EFt;Ro$Y`#U zN!un;rzx-YYIAdH3M0{|sRO<@BsTVbow#PrX0u8i%lEz7?M3Q+Me1NE^-axLmAZb7 z{<8)NsN-#V@%uV{g-{$X@*Nn;_iA1$5%M?4MPDkZkshgusPfBF(o@EvIVtIvjYG}t zHPEXD06S}+Fy>W^UT&WS^E$lKPw-ZNKeVT ziM`qvjJbOI-w4_Yao~%+gk}B{5MJb!W z9~y=DQIN5s(B|_>s`i3GUW8s!fuOba^s)JxXd6iVzx5+?1ZOi&3=01h4>F?=ch5{i z+peqo9lG4tiu>Bk@8~G4YO4F&O$ne4W~q7H=JqggjOP)v$Ea6iclpQwKoNy0R_&ry zFb^s|Ab2M6p(SQ?A&}MD`b}hF+3E$atdSiGEJIeR*(9_y*;PPk#Ye$Z2(63b3H9-O$+A z)^~8j|B{ReF#{pnwH<(@{rryNkj#avhqg%f#>J^>du3B#<-wQwW7`95F9uYros4O- zbKn)W@a&v>CLW_WfQcoqg~e2)tXEgdYbi&X4qGy^%~1K7$abYzsW`5W6GGRK1Hf?~ zifSKLK8{XdVLTdKoQm1zWz!7zVo8BtL2qlb)lz$#a<<`88DwG5I_}H`b_f#JdO3T$ z9QdTRMU}a_Y>hhd2bggLG*ergTn$b^$%Cl=go4@jm1*CZt0-U=m$7mWv(>syol$Uy z+Gc&W;q_gtwel`bQvrtLmKQZnoMxzls&5PbC!^oBuIgEfvyQ5Li37&xGj~(ZM<3wx3$NTJRShe@9e(x7H-g2hssBy>)OvjTj z!NbGKyM7$46_?_(tDQq(d*rAfP^Qr*{iavc%pShjdt<}0j85USfw3%yZecHrOH~@J zJKe~w>{@kN%rSKi2p!9j!^0THX+WIHViF`HjqxnWqUO1e9A*u@kyH0WBgYAkSgdn! z3m)M(WQEcCm!Eat32r!I8=?Lz2OV$QEKOnybTu-=iZ;kOPS47q_=ROfXVp<5xCaNm zm~q0%X`FwMMH|Jt@Y$$4kSQSR*s|6Vyo99@OEj$iIfu@RHXV7EYIMYsV_9vSG>W?f zc8fS`nJH%yZeGP&;{tIxTdmzCL6U<;AwhPC*97y}F>xK^JhltP_jI+a-qBd1bJE3q zpB)Opnless0m0D{?@sK~w~Vs?xJZr!T&?7A|EZ(L+v3;kDl1k>brajf=8tn?aNyaPXbQVaS&bn$cXg(u(GC@eExJ#9|PKmIRvF zmBRv4T-H6#;SIekn)|Q9m#kI@A#xO3wame*bP?oKR6JqNh3)E-)E+w>No=C)VDy9? z9dSfHT;_7%5wY*BH};@&7oVBosPNkh1K62BVP)os~n8Z=C3Pfz3fQySJBCoT)u zI+qhm952YC`Ln0Dr>~`$#$wH!b84-{dSzl%pC-|E@#w&)JS+rzz=Ndc+(-VBsQc&reLpH!YvjTMP?CreGiew3^S zvw*YeoQw$|C%E9#8eMfd0%ThIp`&ur(5+0op6hjn!Ies;uZ@bNw0-M7cP`h}-~ za~Ow~t^P7a#U%`uQ9TK88ghEc5;90=?7@2dj@;FMTu6M~3YVS+VyWSovJ zk1CWoYcO9u&OzqDS+QV`%rym1jbzXP6|FUL;GnGd>e1dLU)4IOq7oKgoK2Ew`CC_v zzWLyl2VD4T%M`ifN)Jy2^_3n_8!E@Aex0@E@{+Y%N7?!7BTW4DzVW>+#`mGYX$zd2 zVvF&;vtXJFmbXiP-*nIPeb+?KoV~DN7c2OYmhkoFI!#vw6cSWyyfKa`g??OLw{GIr zrcV4K-Q=^S)pT2{>yFmYU2RPFv~k_nCiFm?)I)8mW*XXb4ex}RnrWeeGi?;crlYN$ z+)*eVmUM0U+7-PDer4?KgIiY9nXm3uCcz}`#!e5q0NX2 zRq1TU*N^qSOvsnAl*xhnse$`xxgUUHX8m|C&+M{qYvh}PWUbV%?dcDeK0D}tp$~gK zOknG8F-ioeDpY8FX@3=)WHDI~c#|tn!Yq z&Mu7K`YtpTrz znPo$AmL;e@oxN@t_Or}esd)-tgf+K*e}xpI+jDJL>kk*#$E7{P-WLit2UIuuclGn2 zl(oB?novYV5;bU|u0a%Q8dR~aK^7Ytba70BFme~jpO8O78|AO5jq}%1_qMv1Y<&VL zBzJ1F&ISSmYS^Id+)2+R1?AbiX_)fh$bahiQmvr__4q{%TA~`nUsK%^Qcl`by9@iv z9)|^;9-uLrzEY0TYJEP3Hfg#Nnpcvv4f^;jRqM6NjcQic)frLBrE2`r8d+;SM=FdU z2DN#$t*lbj$Hven4ck9mf$r3BbkJA$S&fgc)9LH!K9@O(k@<%4%g0nMBHGbx;??mN zlT`i^Z;roV?GFUN(>P*Htl~E{c~*WkQ)lPgGJRSHmYG$ZRA$FF(CYe{A$lMU-#ETr zKFkjKV#)hWyKsDp5_RQU zrP9!>hiWywctfa5eMVdvH`JGVv~6gd#&>bU*y&uXHjIzYm&xgbGWqN%r?U-f#$Pi5Pur)xVENhsa;L8yB6xfpLGpOp zCwh$R3YtTLQ93$Y#u)B;U29ybje}v@{mc_yWsu3IK&baX7@ps1 z=~qc-B&oEp-fQ7-(qU4d^2|yeTk@PET~N8#NbXJKo?7n4sYY{cF`BiP*7Rn7J(rdB zBG%Q5VHCE)CtL!Xa2Z^}4dha{- n3G|G-V_MY5E|6+gBwshP1#m=vqxgSP7n5vknozgrC>s4=lG8s@ delta 18841 zcmbt+3w#vSz5krqM>cFiCJ!J10<#NfKoa&jv#X*ExW2##_^4JT%+AaLAtaDQ1>2ga zh={1vgI#J-K~eFo4OLV`v_5ESD|)Tsy@dd($@Gmp6KYlG(YCNs`1`EBMuciF|9oW&s{5?Mgn&o~SPlb&zQIA+ zS5o3dlPr6EY!N%|IG=|Nkt+RzcJ#U4ye*puP!U9WCU82-w{0& z)t0d+^+>_vxluN>#t`dhav8eHT4=XD5?@-@-0(3CstATKXX>?^KH72JU;p~IcO~6J zR6l)S+dY5!YU7TPx<}$~m5t?F$`2oX53y7MW>ls;GobuyDhJ!SR(@Ewaq}|JH@wPY z)EJV=SWuO*GHW3Yn6bg_R%PPlMdC$y!X1fmhEiZ%m4X#u3sS*STLt-=LLH4>G(IUB zZ)dWnn_W6a?AM4a2=l>%#~p5LqD3@JmZy4jEGrw!Xs`EARhO&m{$;wS7EM?3QwNV7 zgF-D>3#eYzqsq!{f)|F?NRbuBpB)?u-$xyVy+1pk{E*<|3c#3$#@6uN)w_nSrL{st zqi;Jb_!R#`jm56!u_2Sn3@PL>r175pKi%HL7Y*TM#;Ys9uyQle>SYyWjNQZsDbM*jElr zyQ@ecf0>UI;XAFIsXnmQbAwose^d3llJy=B?BG&9^YLo_R<*x3HS}^OzgWt*4m*WC z#Rt`z>{EX8@Dco~+O*%e?-wv;3EBRk*e{|6L-bqXm>w6pIn(&~3>z9=c3aU&U zMC%U%4vOpFUw83g#^&pZnLBCwgmtw{m!-0jpz3RoYgN_)zJtoueCF`!f{`;1W@6Zg zlLE%t%Zb7*ynRGFr1tiR@%6@flBovc@RE(xs$QtW*dzqKfk#K4gmFI_nd~l3br-J! z%8cyWCWK|e;{wKBA-+6c8a{QzO#~>iy+FtV zWstdfTA(@^D)>`)J(z8jzJb%?E5|hSR~{cTyVSKwQ<%c2X+{r8!zeYb7H^O;b`yk+ zHEugV2fjNd9rygl=QwK?cSQEH@I+VPqc6SbGcR3inKwQiB#KW+wqx+2EQ5nhu__ z>*jwo#aO$B2;2_>{F%c?!CSm@__9N+&E4%9u@Mq>-$qC>$|?dPgfOTw$!SdHMG5 z=J4xGP+2 z-05My0dirkT!<;*B_2B>RlSTxmU~=THOTKi0q^0RICZk?YOtk1*h4$>hGoSa>m@DI zI4SIfhdZHME|Y>m198J^tRn0wYx&BFF}8+3IkCIKSm!pm3~lGL8k^wRE^8c9cNaCu zA|S5u6hq@$kFuOU**JX68tM&0Hz&Hx!DIovkWbiZf&VWX>%&*mI7D=02xKwf71mNF z2O$&kAU9$=Q<`3^GPYhOICI&!UuHf&a#pRZ{DL1lsgW(`3n$fs;cF%h?{}N`qv>k? zyGh5PsX%E|Wb}xGDPfsnCJ|i5n()_iC;e6Kb!CPg zKyGyaZ-{sqz4ubTCikFBI9x$(J(&Hqm{;^qP|3kEyU~L*dyKFVV>=?PJhq2lnwZ>V z?7mLWYXCV}mlL42oXkb!hO*&pq4ZEi>s8ds_az$GZCp(@bW?BwPZROlO(~Ej6A9*$ zST=w}tsnt5Rm7>Tuw?8a_evQ)IbCY)S>M-yL=*%A$Uq}x0C36;Fg4j|Xep$k62T0% z!2dfrm_5n&BribZ4yNiLQd|21<=OgCg^*2l6oLZDkkpbE)vx*xvN!8z_stlW3b6Cov4U375))6O76i+ zVkyIGHDO4k(gWsir^ceA5uiGV$TFG9MK!4l!jkJeWH?p&kDSORa(oE=5)%Dl>=$iC z4r1!AMzKfUTHQ3)KoyNX3YH(D}^RBm!aqu}|VGiilD`D7Mbrt&^^$knHaM zdsCV75LZMl1AF=Z$YtO#;L^r>D3ej;MyV`>7dMZ_F|Lqq0wS=ilKyNHkPykHaxaNn zBA+9Z{}veyW|Iu)JO$VqTWG_^Va75zNJ)91&%_}lG7n@%BFYxetE$`=yX4>w#H3;T z$jL)SgGCSQ5{}me1!`cz&8yvD)x*D-d|vlI4Os5l53v698zH3gsV zU;v2%EC~Yej0j;jz~Xy^ijW6jK$0ga6sGow)*$9kc%T~p{Fsxvt-?89W#nQ*&{U&z zfbv)%loAb)5LJ0fA88t>yg-7*fFfZ`Bn*pH=x~HJkeUhxgEtR|z5N&x8#<+6KZPX) z3;${<+8H)3mQpD@UoI)n3Jt+7ME=ODr%i7%-gKun zsLTy3%veFA+$#rM$xv815mQ8@;OnN1sxbD5q`cq{p5-r2I~s1e^te&sqFa{e80@Er zTsXG(N8}$IcOtvFcl~i0x+?f<<~aO4;&=)Qnd6uCyY=56pZXVWz3GJ0&iZ#8x3}+B z33ng?we*lsK*_>Ee!ZX-_t;#}O4I*MEBwDs8h^w;IgFA?4_AQ~RVIgH@Zd==ANc@o z{)+Jg7A_Uz32E>l;nQ(GV8#Kq*zlYL>=BTSoy(zizVzh#YYG2_fnlItl}8*YrtxXh zkHS?*_w*4sVD`l%#w6TjLaD$E?kQa7-*=n}016_GGV)gkIe#qEAE1y!c!~iEXOcrh z6Ig_&0AKD|<^r(lmRE`Gpi($G5+g-d8eEBc)1n;u<0|p~u<%wCBSBVFAVU;O0C~o{ zXAGY_(DbB!-%odp2m5}oR$R~!l!6yA{`9cwG5t9~AyuNB0;y7sio1j(rAg@Lji(&T ze#;l0@|54$Me%{BPYwBvzlq}9Qx~vj`G1@`uR>)i_D2_odw))Yt~+hyP_)65;1ZC$ z2zWPk6}zVVdVuJ{|JUSu$=w*3R)*KRKSP5EMJ{i2CHTo{+YDn_{*Vsxzclg6 zK9iOUX(Ad`3Qc%JI``2;BuihPe$w!-Xlw{_Chvv~j0iEh3zd|A@aCDr+2{O{nWwO? z_>P&QWA5<+p;P&sCaJPGfe^HnF9a1_-O=rpyBpOPe1q4`THI)?z6r~PaE*ey3J;=q z|E=vTB=Ben^xy09ZL^M+U-$5@XH7Ykyz<8c0~|)>>Ez(#Ddcm+88hrV-8~ZQpb@HX zCZZLr8@nTZ-X?zBlMh;66ozxl8L?3Sj~^WLQNhiNJ4p<=;mpgTguOkaf)GX#mPN&l zx*pepJgxYU|Eb<#s#-?RDJHnJ`Or!KJjUef%*q^AlGj~(Fm`5eP;hd=@uj2Cs-MKDG z)bMZ5nO||V>xT)&9VRjh0d_wAJcB*P7o0aU z>|Ti@QzNJsASeaT5uz!ak>5IRTxk7gmU~w_sMj@ zO+cD~*G@Wm@%9UT(qt_A#i4|k5flo98@@x>z{R8L7fKVfT_b6bx6(rVs@Z7-i$VIiIn6m_#!_qmk#ox(%h*>eB3E3x!oVeO7WP_@^ za|HW{Z!s6Lz5K9jI=X5L77fd8rqdw5D6U<=ogq!_*5zGPMX{%c1hyR*+sRjF>$=4- z+NLJ&c85^$Au0xqo}OnhY4uiAPND-@2#5CmrUk|uXvWkK(rb5=CT}hf5tDHEC#IkR zz-X;oq|4AXg~&)FxiuX(u>DfZG{ z(0j5o8oe#f>4V)_A>a*n&|CNpCxni_JCi4@a5+=KU5QpP6H9Kc6*sy1emme(T)l=#`r{8!JCIZ*7&B9mWYjXjZJ!K0g;0&Cp{2X$ma` zwgW98Z&?|Rj>HW1wr~E}@`3f3Iy#j4v$JQM4$e+}|EJaG+#56jG{)#X?B*l`Hw*Tca6)bJZ`vBFf-RT%ihE zIE93$0!N|-xx4=nFRtm+Q4iagvoP8%%uYxFX}%X1fj|T4PPC&;7OUbWq-byGDjMzp z^8{s~zJA*Uytb2oJ;d1e8{;{yC1ErnxL}Qi+M(7cnuUX)vEO5ig}Gb#ytZRUA8d>y zk)8tj0lQUO`15T?5&AssW6nHeD999tV#h*i@E*YyBZXiGSVG?7uq(uLnvi#&&>%=Z zKJ!4pm$b*&W`2MB^43Gh58xzNBwtG3E2Z)BRuUTpc6?15?+RPTafj-3Zz#IIS0~_m zJHK_&1(gN+_mb*K@q2ms;*oFx6BaM5-uO6H0Ehjs*w61-tislRxA>VVv2U_#0V9G8 zzqO;jyeJN=fR^8MgxI_M{f;pEj1TS%k!Of@jst}sbUxMeowbE;L6C+o@Lbdt_AC|x zgJT8U_wwVqI%)o6U1Kr-t*%`zu~Gigix+G1e*Wf#TMzYScV0x^Y{x}fS<#z8pI`Gq z7oXiNRCR(&zaUxi2IP0JX;l*5*Dcd$aRv?w`V{sf==Du6P^am_tre!b<-X}EO890C z2$wPb_Qg{w_tJiiOA(Ac7ttQ}^2n0MX;*ue)DISp7M&&T?uISBwJ5K`B_MPqexAF8RCv`TPqTgeq#sQmEwG7bj6+zzwgFs` zBOoU9{%Cw3tKL3VKlstzaPavbPa}rk{Bb|SK9}LeE35hNpIkgp&`7=t?))G@7i~zT zeF#Apmxg#wD948}N+1gHf{H@i6=Yi;A~Zl3Sm6*|lnPzad|r3yN&m|}Ixl_wpX^{| zw|&L{`b9p(;u5Y4a7qHxOBNT>h0r0o!5#R)x`Buby6Koy(2HlF-*v+)O~WSwpQ}%p z80PHff9m;lwVUUNyNYgc?pd>iZ@KJ5pqyPk3a29V@?pdFQaUF%WX2Q`bd886zspa( z{0sz?+b(Y&{iR6w+%e)SalbW)z^h)-kSb`3K#K!&!OcNM1zS)D%FjGT!Ai|5dV2S9nuig^Q}3?O_5 z$_zJ1MLAK1?Lt{Nm4bx+8Iy-%ofU>*9*Sz}b{|(9uuYUdiyt9k7e(jO? zg_#w=o52R0Xi&hjTw%@`$ZKv!jDtL)k)BJUQ)iHR{FAl)*hlnNo-*N ze$`VL_(I=61WyR$<41V@`suUwiYp3X-m17QQmz+?9e#)h4Uv7hiKY;ptcWk3I3%h} zL`Qt89xy`1VN1D=CsrFrxU;(H2V{oQh3_1NkLN#UxUW>cC5~yg#$;s`U%wjHGmr4! zu0D+2$Uj*RFIur`~)H?H&8s;p|=jVLQMr~YiG`=q~T(BWsDO|na zCpQcqR|!*B^N%*(5#2`1(Ul9nzT?&ykj2mKa4oU%LF`8S0*06&5^F@uTK*q*jA85e zzB@AV6Ec7Mwqg9NJLj;U^GEJPPQSS@=C5}y#jXCFyT(^;ceg{oh!m?n-Fwqr=P~wZ z@8_G2kOvh$AZYF{5POfk_rGO1@8P2!II8<6^by!^tp0=47WUDrbpcK&2M%}^8}Fj2 z6#5GfGWI_VHd`7cTutD&1ICYA)Ir9+gWI}Wki?c^QtJYDIwl4Vop>n*9W;?Y{6NCf zVs!I;57dtjmmECaWBBPfeksl@Em*aGL0pWb~P`TolbIuAwLimhs>?9!?gQ=oIAC=woo2B=p9L%^27F)~}Ls z$$pRQrMtYhpC8T>TSAp;fLQn+5~1-f{pDR-rk1&_n?);Mzhx-@^OnQ#Ero{uO$-|S zSZ=5q7%xkqQb1(~wP|t+(Xy1^`B-SmW*Kb2M~A*TE!O;DAhMmNfmVQI8Za29v@u+ok26-Vz|H! z-~BkL=CZLh?0R1F#8J4xa~ZF7Z}7%~!Zu>4aM7lSi#F`ac#2y2>L=8u0)i{S5(2fs zV70f?W`ouEd9+aE5irj6t`)TKzdUh7t+B&Z6Ml?C*I*-&A-eRmt!jON9&Q?$ph$nb z%B_Or^?d#BYxy->@yYHpV${IbNBq9g=waf5dx5f%hK1l&sHp%BDfkc%J~@4Yar;A< zf{#6h9Fpl4yu`R;U<+=_ON_gyh2QvOsMgr+cAkTue&J%;MyC)3f9pvA$mRE?Z6UUS zkKcA|t+B=x9F4|zqyEvWx2YqI?R_#VG2E|-_+{BaG(OoDD{+6Z`dsgXr(R`#W4BOy z@aa}Ihc9^=m;G+TT~DV5iyyTLh(Xx5_3nN84Uha8<1amTR>j>U0Q`ms2CoiM?&k65 zQ}Cn&(~ktb%brIN5%mv6{o&`w@p?uqp%2cByPf_8&$pV=1R4@7rpQ}>@ zRs0H8v=p^G82SUknR09Ikl!>g_J`hMemg=QZoEgM+}~NlBjdnn>=!M!@XKBt&X)4g zzi+HDwo(c}9>7Ca&@~uzC7=8IXrKVA!l*a@`KZ;vnLQ9=xFB{hCVd~qeu^n+e&5z| z-u;Ks|F@~v2~@xThm&i+57qq4m$YfFRRve#Ho>5)+~6Kf!ar}}k@5Bvo)ewc*7k|& z#qAxfc4&|!)k=yq7=8TSm+Hq9#?!oVJjH)SI%3@Hozv=C=UYxwN2eq$!t9eV>^3}g zc=+s{Q-@#VSd$jE+Zga7x@VwyG8P)^c2BRA8kizYN9|glB#kIc;_vSq#Fp`fzf9tv z?L4eTk{CMZ-#A$j<#95f{}-*U7ENV%h$UKZI3A)=$+!GvQbX(fY=_ygbW&%RJ*l(9 zn$*!HxRkbl$PkQLj)ykJBQKv>`wbd(RCeQCkN4f6DLR+EJR3W`+M~c-NYXGG|EHH5 zc=;>GV6`D$MJh$pd*}vgrJ-PSJPn!t%19-J&XK5WL?dz5JNK0@Li{&Zc1)LW*2a0@>otZ+NW(%43*K4HmQrB_xc2^z6Q+`3ghq+%x*^;zw-4}5hLiL#SB zNH!zDNfX}u+FiAw9t@-%U5z&_wF-M8!R1lMIH{H&_udcq9lOR697dMAqB?XC|Lv}L zoz#P=WEsWY(=j@ZI{#)@BSCH*>Ouks-WbAh4}- zwoba(?3_QTy;E4z#K8&@eux1NxtY$c4yU7|y`#B9i0Hx&N0R1XOcnZyV~<6dL{+RG zk1}bqSU&}2(*9{}mZQ#Z>+CYAFwg8%7x9PQ7zRMx2a2RI{=yrnz;0AhR5|cQ#HUs$ z(j?yWpZ9j#FuyK5SK`UzxeL#ucz%oLO+0_Yvky<1PmyZzjKPz_a|)jG@wDLi37*^W z{1=|Rc!GXK8iq&3GXc+$cxK{h#Fxi5A*SvAzLiVaAL9 zyp;F+xrG1y&zrjgBitkh z`29q+md-}vS~QVzB8ik~>KWF^fB$}%U-SOcN;;-HS=~x$PAnVO(>Z?rp0r}?*<{vC z>XBqJVd+_u-?3+gl5k?lbS{}o+0ke$siislV5E{uC9}yyOf#KG%8W!c-uS_FO593l zPC6OYO*>_$;%WZ75A>>>9f{}Crj?4utVlYN&Q$UXKGYS*isz!)m~N&Lww}~Ae%^=a zs+^uk=#iKmk0rFY8A)WS#aL`Hk+ssvoQ=_7mVfZ!QC0D1DwWHnon$U<*>T;<4B;Pv zgq@9~(m74HvR1-MN8_2H`E7MA%A6U|2XQ=f(vJ(ALMskCFq%y>GLviK*ThO6v&LQ6-}dNdwSL@YC&8AAlB zb4gRTY%89KS=n6LHZx=6`CGkgbahmpmw-;3SlWTW!BHa0SN>y_0+8e^Jsq*)PBxa+ z6a28f$0&e6BMq)XB-)9plv}`V-MN>A^k+kh3|I25GD^Au-ry;8xz>#(=laKs- znqsGtNhfA$Rx%BIL~Y*w`Aj9N$DCX;Wt)+B%GRAI-}(7zik{LfKp~aTvneg5W%;Ci z5hWW3tz2A7=3)@6o#yTP##JQDWWtF=(+Q|Brf2!>`=%@LWGa$GyP4EdSSi83-FKRj zf-a(VHXBQ%6Hz;o<`?XbDv@X+=Oj~v@mw;Vitt~tayB&6fS-k1X6Hm1v6+4#B zS&!QpRBFhQS3Q0`P}^PMzRwX7*Gzd zaU96ow9_^p_0_zZT*QPs(IVM&+KQT1G;?eZ{&%fkozFl2s=7wA;#M*R6vG?E9k_rg zSGb)^zaFY+mTe}orm01ektj@%-}-fHRnkl+pfM|&O9R_!D>Id=U(Ft#YrU{@9(cpr zS|sNHr3p;Jwx-=!%NmqqG959^2y8%06FB(qzd1_LBBq_oVgsgSrY$SZYrhREu~aga z(&CmAF~L+?<0pSROL5@sOc-}Mm(y}qJj(C;_CzIR=3R*Gn>r;aB!ii8&78{T$!zD(U_^j zxJ@S(yRnBkReH<0ULHak~y6`r;^Q?X)_MXil*QzQt5mPV-1tFcsvHv&`cmH zWyeyPS>p@X&=+;ITTW*uwgK#tylto=64A3!6K*lBWzOI)eUq-%Ei+~1AR9ZEfTwmc zXEyQXJwx&lnFXp7S|o~qmdGL)rIYYoXB{It=g6$K0)ofxBH3&f0VJp8uaa3uH96Is zqel}?8u2BP%={pO8AJ174;!T&S$^1=T zW+{5s$-%_ZP6SaQo=)b=eW0Cn?5JirW-O|uO!%Js$v$>{brv9j)x|+qkL99H##)x2 z<6{el#pgOCzX%+DE(-YRF+1TzbNNMn)}~}(4G}Y~MU#3o9ZQ?}5B+ROHM|qtSk|&& z!_cgg$@Szv@w55E3$&m>4NJf&#Q?NqE;IKEw_h_mn_<0J4uFSNO;|`uv-LzQ-yL8J z6dfT?cMxbDT~AoCWd6$lYdjjkLXRSu01%RP)J|tw26bGB)Mk;{Hs4xc0})!fdF+fc z$HK!kHNj~#HNnRUrwDCNv0Df{Hqxw5JDT7wts`)5y_$#i6GeK(lMw2R)-ub z)1Ds`WWyuTSS)GA(pDM~$&LbtivrEf9dn!8+ZQgbLW#tK0|dOf5K>3}%pe=voy?|^ zmL88LkW6S!*3NYL7n-;VvAP0wt6RFTd{Kw92q|Z?=(xz6>u{Wl{dOz8m-sEwy0oOj z5rs?2?fIRH+B=bjgMg)VXp z%?=j1g877dSjPMqU|noq$-JG}js?p_9m`$CeD;M47cO1FD#hG|&9uR0yQ{sUyYp)1 z$40D0OINZI6c)B$Ik_Jxa9 z7uNVGD{XFWwYrehcizAP7$u?^XM>8x<_`E*R9c<38}a`=1f@1>;i8}A=ajPvl{xq+ zN*t2#-F70H$>)Dj&JtB{N3cyD$h5OCwRmQ2{+)6*uFA~nQ7sO40w;_xlKDB~i}xXK zMY3UL;YtyF;z;{4H|1vxW(`#_%|Z5#4AX%FM<$;6MSl5UW>&#@=MdbGFC&FQDwSE6 z|6(vpR>3PH*G=Y33l2U9`ZwpNRIp@CA_<0KriL^dS#2zqxrI&5KUB+x}d4f%-*3su28!H1`^IXDP-Ydv#YzFA?zs*n?>(uj+2(a~%=>tt@vuTa2uB$3M^ z&p?_27isF*%*Omn3L9U801EF02b+sPV4!~oJ3oKHXg0mdios)KlXfI$#?5prp1CtW zzmiR;azH(sL_UH2BU4Xi?#ka$$)Z(S0*Ra%O(J)U#3NQBvnl^xB^!(JS`N7|BE5z4 zRl>>KogY=j8mmkTQiRV1AQPpg4m6>voTBQ)1%$(_1R_6ZvdDWN{)e(s!xo9eflLXS{ z%mew=Xs<@Li_;rov8lmPL0u0raUeoyM%tn22=h3x!BISvudHFGS0TZGl;O24CmFXP z)`#<*HEbea;-qnig3C_X38YV%U*;dKVW}#(cRgY!VmQskb%e%DZ~m(qc5)>$zGx07 zv}lgbF1gI+{Mkd;IaN3TP$Fa{u>ux0Gr!7jAHsfE4ee?=IE+JtSrcR)!T%HkXPO9R zBVTgjI-saQYmerehqA+K;;Ago9Cjp|!WkA>L1qg(o?tdE|I|=cS&8Ff4%tA;ibud} zGV@seouO=8jh1qv5#0d;kfN53XC8NF4b4Y}F|`s|Qaq)b@i>AJqH5-eyg7`e6r?D+ zp2neBi)wZ@vo(MBFoqK)&QC};a~cviINfCC$^2f7u0qU-M&nU4h0_j*#53FS$JDY3 zHI%#~4&oS*OD3~vJ@XWc=BL1J>UFptax*Xv7(*0IL?^x^}oYX8Q8^t+W%ap|B{CmS$Y)EOPER{5MwA*Hv$$U-plD6cJR2e?==jW?zWxhVd G&iQ{_qpr{Z diff --git a/crates/compose/Cargo.toml b/crates/compose/Cargo.toml index cbbdf513d1..43f780e1c6 100644 --- a/crates/compose/Cargo.toml +++ b/crates/compose/Cargo.toml @@ -19,7 +19,7 @@ spin-componentize = { path = "../componentize" } spin-serde = { path = "../serde" } thiserror = { workspace = true } tokio = { workspace = true, features = ["fs"] } -wac-graph = "0.6" +wac-graph = "0.8" [lints] workspace = true diff --git a/crates/environments/Cargo.toml b/crates/environments/Cargo.toml index 92b187a522..08298d6737 100644 --- a/crates/environments/Cargo.toml +++ b/crates/environments/Cargo.toml @@ -26,9 +26,9 @@ spin-serde = { path = "../serde" } toml = { workspace = true } tokio = { version = "1.23", features = ["fs"] } tracing = { workspace = true } -wac-parser = "0.7.0" -wac-resolver = "0.7.0" -wac-types = "0.7.0" +wac-parser = "0.8" +wac-resolver = "0.8" +wac-types = "0.8" wasm-pkg-client = { workspace = true } wasmparser = { workspace = true } wit-component = { workspace = true } From 9e76e6f6d99b3e93c3f94d4c648afd898a7ace92 Mon Sep 17 00:00:00 2001 From: Brian Hardock Date: Wed, 20 Aug 2025 18:24:22 -0600 Subject: [PATCH 5/5] Switch to using wac's programmatic api Signed-off-by: Brian Hardock --- Cargo.lock | 47 +----- crates/build/src/lib.rs | 5 +- crates/environments/Cargo.toml | 3 +- crates/environments/src/environment.rs | 16 +- .../src/environment/definition.rs | 4 + crates/environments/src/lib.rs | 139 ++++++++++++------ 6 files changed, 114 insertions(+), 100 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 23b5f53a23..5a6f57d326 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5247,7 +5247,6 @@ checksum = "4edc8853320c2a0dab800fbda86253c8938f6ea88510dc92c5f1ed20e794afc1" dependencies = [ "cfg-if", "miette-derive 7.2.0", - "serde", "thiserror 1.0.69", "unicode-width 0.1.14", ] @@ -8416,8 +8415,7 @@ dependencies = [ "tokio", "toml", "tracing", - "wac-parser", - "wac-resolver", + "wac-graph", "wac-types", "wasm-pkg-client", "wasmparser 0.235.0", @@ -10520,49 +10518,6 @@ dependencies = [ "wasmparser 0.235.0", ] -[[package]] -name = "wac-parser" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37077f3951f01f32c496a7f54ac93e9e26bf6860fe461552aab3f12d753ddf10" -dependencies = [ - "anyhow", - "id-arena", - "indexmap 2.7.1", - "log", - "logos", - "miette 7.2.0", - "semver", - "serde", - "thiserror 1.0.69", - "wac-graph", - "wasm-encoder 0.235.0", - "wasm-metadata 0.235.0", - "wasmparser 0.235.0", -] - -[[package]] -name = "wac-resolver" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00089c18bdb399f998c3fa9723a7678cb5c5cc61995702d96f66ac4d634aa886" -dependencies = [ - "anyhow", - "futures", - "indexmap 2.7.1", - "log", - "miette 7.2.0", - "semver", - "thiserror 1.0.69", - "tokio", - "wac-parser", - "wac-types", - "warg-client", - "warg-crypto", - "warg-protocol", - "wit-component 0.235.0", -] - [[package]] name = "wac-types" version = "0.8.0" diff --git a/crates/build/src/lib.rs b/crates/build/src/lib.rs index 1c0f33c55d..8ad3be2907 100644 --- a/crates/build/src/lib.rs +++ b/crates/build/src/lib.rs @@ -296,6 +296,9 @@ mod tests { let err = target_validation.errors()[0].to_string(); - assert!(err.contains("world wasi:cli/command@0.2.0 does not provide an import named")); + assert!(err.contains("can't run in environment wasi-minimal")); + assert!(err.contains("world wasi:cli/command@0.2.0")); + assert!(err.contains("requires imports named")); + assert!(err.contains("wasi:cli/stdout")); } } diff --git a/crates/environments/Cargo.toml b/crates/environments/Cargo.toml index 08298d6737..d961671333 100644 --- a/crates/environments/Cargo.toml +++ b/crates/environments/Cargo.toml @@ -26,8 +26,7 @@ spin-serde = { path = "../serde" } toml = { workspace = true } tokio = { version = "1.23", features = ["fs"] } tracing = { workspace = true } -wac-parser = "0.8" -wac-resolver = "0.8" +wac-graph = "0.8" wac-types = "0.8" wasm-pkg-client = { workspace = true } wasmparser = { workspace = true } diff --git a/crates/environments/src/environment.rs b/crates/environments/src/environment.rs index 757c4f09f6..0b1bf21ac4 100644 --- a/crates/environments/src/environment.rs +++ b/crates/environments/src/environment.rs @@ -150,6 +150,11 @@ impl CandidateWorld { &self.package_bytes } + /// Returns the world name (e.g. `command` in `wasi:cli/command`). + pub fn world_name(&self) -> &str { + self.world.name() + } + fn from_package_bytes(world: &WorldName, bytes: Vec) -> anyhow::Result { let decoded = wit_component::decode(&bytes) .with_context(|| format!("Failed to decode package for environment {world}"))?; @@ -383,9 +388,14 @@ mod test { err.contains("Component nscomp (nscomp.wasm) can't run in environment test"), "unexpected error {err}" ); - assert!(err.contains( - "world spin:test/simple@1.0.0 does not provide an import named spin:test/evil@1.0.0" - ), "unexpected error {err}"); + assert!( + err.contains("requires imports named"), + "unexpected error {err}" + ); + assert!( + err.contains("spin:test/evil@1.0.0"), + "unexpected error {err}" + ); } #[tokio::test] diff --git a/crates/environments/src/environment/definition.rs b/crates/environments/src/environment/definition.rs index 2bdf4a3645..143019a4e2 100644 --- a/crates/environments/src/environment/definition.rs +++ b/crates/environments/src/environment/definition.rs @@ -89,6 +89,10 @@ impl WorldName { &self.package } + pub fn name(&self) -> &str { + &self.world + } + pub fn package_namespaced_name(&self) -> String { format!("{}:{}", self.package.namespace, self.package.name) } diff --git a/crates/environments/src/lib.rs b/crates/environments/src/lib.rs index 7b0c83f9b6..6544594cfd 100644 --- a/crates/environments/src/lib.rs +++ b/crates/environments/src/lib.rs @@ -163,61 +163,61 @@ async fn validate_wasm_against_world( target_world: &CandidateWorld, component: &ComponentToValidate<'_>, ) -> anyhow::Result<()> { - // Because we are abusing a composition tool to do validation, we have to - // provide a name by which to refer to the component in the dummy composition. - let component_name = "root:component"; - let component_key = wac_types::BorrowedPackageKey::from_name_and_version(component_name, None); - - // wac is going to get the world from the environment package bytes. - // This constructs a key for that mapping. - let env_pkg_name = target_world.package_namespaced_name(); - let env_pkg_key = wac_types::BorrowedPackageKey::from_name_and_version( - &env_pkg_name, - target_world.package_version(), - ); + use wac_types::{validate_target, ItemKind, Package as WacPackage, Types as WacTypes, WorldId}; - let env_name = env.name(); + // Gets the selected world from the component encoded WIT package + // TODO: make this an export on `wac_types::Types`. + fn get_wit_world( + types: &WacTypes, + top_level_world: WorldId, + world_name: &str, + ) -> anyhow::Result { + let top_level_world = &types[top_level_world]; + let world = top_level_world + .exports + .get(world_name) + .with_context(|| format!("wit package did not contain a world named '{world_name}'"))?; - let wac_text = format!( - r#" - package validate:component@1.0.0 targets {target_world}; - let c = new {component_name} {{ ... }}; - export c...; - "# - ); + let ItemKind::Type(wac_types::Type::World(world_id)) = world else { + // We expect the top-level world to export a world type + anyhow::bail!("wit package was not encoded properly") + }; + let wit_world = &types[*world_id]; + let world = wit_world.exports.values().next(); + let Some(ItemKind::Component(w)) = world else { + // We expect the nested world type to export a component + anyhow::bail!("wit package was not encoded properly") + }; + Ok(*w) + } + + let mut types = WacTypes::default(); + + let target_world_package = WacPackage::from_bytes( + &target_world.package_namespaced_name(), + target_world.package_version(), + target_world.package_bytes(), + &mut types, + )?; - let doc = wac_parser::Document::parse(&wac_text) - .context("Internal error constructing WAC document for target checking")?; + let target_world_id = + get_wit_world(&types, target_world_package.ty(), target_world.world_name())?; - let mut packages: indexmap::IndexMap> = - Default::default(); + let component_package = + WacPackage::from_bytes(component.id(), None, component.wasm_bytes(), &mut types)?; - packages.insert(env_pkg_key, target_world.package_bytes().to_vec()); - packages.insert(component_key, component.wasm_bytes().to_vec()); + let target_result = validate_target(&types, target_world_id, component_package.ty()); - match doc.resolve(packages) { + match target_result { Ok(_) => Ok(()), - Err(wac_parser::resolution::Error::TargetMismatch { kind, name, world, .. }) => { - // This one doesn't seem to get hit at the moment - we get MissingTargetExport or ImportNotInTarget instead - Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} expects an {} named {name}", component.id(), component.source_description(), kind.to_string().to_lowercase())) - } - Err(wac_parser::resolution::Error::MissingTargetExport { name, world, .. }) => { - Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} requires an export named {name}, which the component does not provide", component.id(), component.source_description())) - } - Err(wac_parser::resolution::Error::PackageMissingExport { export, .. }) => { - // TODO: The export here seems wrong - it seems to contain the world name rather than the interface name - Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {target_world} requires an export named {export}, which the component does not provide", component.id(), component.source_description())) - } - Err(wac_parser::resolution::Error::ImportNotInTarget { name, world, .. }) => { - Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} does not provide an import named {name}, which the component requires", component.id(), component.source_description())) - } - Err(wac_parser::resolution::Error::SpreadExportNoEffect { .. }) => { - // We don't have any name info in this case, but it *may* indicate that the component doesn't provide any export at all - Err(anyhow!("Component {} ({}) can't run in environment {env_name} because it requires an export which the component does not provide", component.id(), component.source_description())) - } - Err(e) => { - Err(anyhow!(e)) - }, + Err(report) => Err(format_target_result_error( + &types, + env.name(), + target_world.to_string(), + component.id(), + component.source_description(), + &report, + )), } } @@ -242,3 +242,46 @@ fn validate_host_reqs( fn satisfies(host_caps: &[String], host_req: &String) -> bool { host_caps.contains(host_req) } + +fn format_target_result_error( + types: &wac_types::Types, + env_name: &str, + target_world_name: String, + component_id: &str, + source_description: &str, + report: &wac_types::TargetValidationReport, +) -> anyhow::Error { + let mut error_string = format!( + "Component {} ({}) can't run in environment {} because world {} ...\n", + component_id, source_description, env_name, target_world_name + ); + + for (idx, import) in report.imports_not_in_target().enumerate() { + if idx == 0 { + error_string.push_str("... requires imports named\n - "); + } else { + error_string.push_str(" - "); + } + error_string.push_str(import); + error_string.push('\n'); + } + + for (idx, (export, export_kind)) in report.missing_exports().enumerate() { + if idx == 0 { + error_string.push_str("... requires exports named\n - "); + } else { + error_string.push_str(" - "); + } + error_string.push_str(export); + error_string.push_str(" ("); + error_string.push_str(export_kind.desc(types)); + error_string.push_str(")\n"); + } + + for (name, extern_kind, error) in report.mismatched_types() { + error_string.push_str("... found a type mismatch for "); + error_string.push_str(&format!("{extern_kind} {name}: {error}")); + } + + anyhow!(error_string) +}