Skip to content

GSOC 2025 ideas #1058

New issue
New issue
Closed
Closed
GSOC 2025 ideas#1058
@wolfv

Description

@wolfv
wolfv
opened on Feb 10, 2025

rattler WASM

We would love to have a WASM build of rattler. We have a prototype, but it has a lot of rough edges.

A fully functional WASM build of rattler would be able to:

  • resolve conda packages using the resolvo resolver
  • download, extract and link them into the filesystem of emscripten

The prospective student will have to make changes across rattler to support WASM, and potentially in some dependencies of rattler, too.
The motivating use cases are as an alternative to picomamba in the emscripten-forge project, as well as to serve as a backend for a Dependabot integration.

Expected outcomes:

The expected outcome of this work would be a version of rattler that can run easily in the browser or another WASM runtime. We expect a few patches to rattler itself, as well as dependencies of rattler (such as the Rust bindings to bzip2, zstd, and more). Most importantly, it would be great to demonstrate that the SAT solver at the core of rattler (resolvo) can run fine in WASM. If time permits, we would add some TypeScript bindings to start the integration with Dependabot.

Complexity: Hard
Duration: 350 Hours
Mentors: @wolfv / @baszalmstra
Required Skills: Build systems, Rust

rattler speed and security improvements

We would love for someone to take another look at security and speed in rattler.

We already ship rattler_sandbox for lightweight process sandboxing, but we have yet to roll it out to all function in the rattler codebase. It would be especially useful when executing arbitrary package scripts, such as activation scripts, post-link and pre-unlink scripts.

Furthermore, we would also like to implement sandboxing for Windows, which is a bigger topic, but highly interesting.

Expected outcomes

When the project is finished, the mutating parts of rattler (such as installing packages) can pass an optional "sandbox" configuration parameter. If the parameter is set to true, then certain actions (such as running activation scripts or post-link scripts) are executed in a special sandbox that makes sure that the script has no network access and cannot write outside of a constrained set of locations.

If time permits, we take another look at sandboxing on Windows, and add support for a Windows sandbox using windows AppJail.

Complexity: Hard
Duration: 350 Hours
Mentors: @wolfv / @baszalmstra
Required Skills: Rust

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions