Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Firefox appears to utilize a custom clang toolchain to enable this without documenting how to make such toolchain (wasi sysroot). And expects you to just download the precompiled version from their servers.
Fedora and Fennec F-Droid have since disabled this feature.
https://src.fedoraproject.org/rpms/firefox/c/4cb1381d80a94c9...
https://gitlab.com/relan/fennecbuild/-/commit/12cdb51bb045c3...
Pretty sure you can build it yourself from https://github.com/WebAssembly/wasi-libc given that https://github.com/WebAssembly/wasi-libc/commit/ad5133410f66... is a contribution from a MoCo employee doing a lot of work around toolchains.
https://github.com/PLSysSec/rlbox_sandboxing_api/blob/master...
Seems like it could get a bit verbose when used all over the place but I’m not really used to the C++ world. Regardless I’m happy to see the effort being made beyond process isolation and OS capabilities.
There's also the https://github.com/WebAssembly/wasi-sdk repo which is kind of a meta-build-system for all this.
But in FreeBSD we build all the pieces directly, here's our build recipes (with some hacks due to llvm's cmake code being stupid sometimes):
compiler-rt (from llvm): https://github.com/freebsd/freebsd-ports/blob/main/devel/was...
libc (from what you linked): https://github.com/freebsd/freebsd-ports/blob/main/devel/was...
libc++ (from llvm): https://github.com/freebsd/freebsd-ports/blob/main/devel/was...
There's also the https://github.com/WebAssembly/wasi-sdk repo which is kind of a meta-build-system for all this.
But in FreeBSD we build all the pieces directly, here's our build recipes (with some hacks due to llvm's cmake code being stupid sometimes):
compiler-rt (from llvm): https://github.com/freebsd/freebsd-ports/blob/main/devel/was...
libc (from what you linked): https://github.com/freebsd/freebsd-ports/blob/main/devel/was...
libc++ (from llvm): https://github.com/freebsd/freebsd-ports/blob/main/devel/was...
More specifically, unsafe blocks may violate the compiler's security guarantees and procedural macros actually run inside the compiler process at build time. Declarative macros do this too, but they're far too restricted to allow shenanigans. Procmacros can disable Rust's stability guarantees[0].
[0] https://github.com/m-ou-se/nightly-crimes
Looks like Arch Linux is building it themselves with --with-wasi-sysroot. The changes they made to the build script for the 95.0 release are pretty instructive: https://github.com/archlinux/svntogit-packages/commit/532ac4...
Hopefully Fedora manage to implement this to their satisfaction in the near future, although requiring extremely recent releases of build tools might be a blocker for some distros.