August 2025 - Spectrum Discuss

This Week in Spectrum, 2025-W34
by Alyssa Ross 25 Aug '25

25 Aug '25

This week, we've seen the first results from Yureka's work on Spectrum's new networking stack posted to the mailing list[1]. The draft submission modifies the networking VM to forward packets using XDP between physical interfaces attached to the VM and a virtual interface that will be provided by the host system. She has also been working on getting the required dependencies into Nixpkgs: updating[2] libbpf to a version that includes her recently accepted bugfix[3], and fixing a musl build issue[4][5]. [1]: https://spectrum-os.org/lists/archives/spectrum-devel/20250823222134.177241… [2]: https://github.com/NixOS/nixpkgs/pull/435918 [3]: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id… [4]: https://github.com/libbpf/libbpf/pull/919 [5]: https://github.com/NixOS/nixpkgs/pull/436237#discussion_r2296245797 Demi has been experimenting with using the systemd service manager on the Spectrum host system. The main motivation was systemd's service hardening capabilities. I think we will probably stick with s6 for now, having discovered that we can likely get a similar level of hardening with standalone sandboxing tools, and just creating users for VM services at VM import time, but I wouldn't be surprised if we revisit systemd again in future, and am open to the switch at some point in future if it will be of benefit to Spectrum. I also understand that her work has resulted in a number of service manager-independent improvements to Spectrum that we should see posted soon. As for me, it's been recovering from the second (final) round of dental surgery, the usual Nixpkgs and server maintenance, and most of all getting the new grant all finalized, which I'm hoping is now basically done. I'm looking forward to actually getting back to proper work soon. :)

1 0

This Week in Spectrum, 2025-W33
by Alyssa Ross 18 Aug '25

18 Aug '25

Going to keep it very brief this week because I'm once again recovering from a wisdom teeth extraction (the last one!). • Yureka's libbpf fix[1] has been applied upstream, and she's now working on exposing vhost-user-net devices from her userspace router. • Demi has been doing some exploratory work on using systemd on the Spectrum host system[2]. We want to evaluate whether the extra complexity would be justified to get access to its extensive sandboxing features. • Apart from recovering, I did a routine test build with a new Nixpkgs, and then spent a while bisecting a kernel regression that broke virtio-gpu[3] (which it turned out had already been discovered and reverted, but my report at least got it tracked by regzbot as well). We also did some work sorting out the new funding. [1]: https://lore.kernel.org/all/20250814180113.1245565-2-yuka@yuka.dev/ [2]: https://github.com/DemiMarie/spectrum/compare/main...b4/systemd [3]: https://lore.kernel.org/all/kgasjsq2s4pshravsinycfihdfjhdts5iz2fox42aejs4xq…

1 0

This Week in Spectrum, 2025-W32
by Alyssa Ross 11 Aug '25

11 Aug '25

Demi and I figured out the last known blocker for her Cloud Hypervisor generic vhost-user device[1] — reads and writes of the VIRTIO configuration space weren't being forwarded to the backend — and she's now seen it work with virtiofsd. Another of her Cloud Hypervisor PRs was just merged[2], so I'm hoping generic vhost-user will be quite soon too, and then we'll be able to start easily adopting more device types in Spectrum, starting with virtio-sound. She also submitted a few small Spectrum improvements[3][4][5][6]. [1]: https://github.com/cloud-hypervisor/cloud-hypervisor/pull/7221 [2]: https://github.com/cloud-hypervisor/cloud-hypervisor/pull/7223 [3]: https://spectrum-os.org/lists/archives/spectrum-devel/20250807-no-require-k… [4]: https://spectrum-os.org/lists/archives/spectrum-devel/20250807-no-erofs-xat… [5]: https://spectrum-os.org/lists/archives/spectrum-devel/20250808-envrc-v1-1-4… [6]: https://spectrum-os.org/lists/archives/spectrum-devel/20250807-host-dev-fd-… Yureka has continued working on her program that will forward traffic on network devices out of driver VMs to the host userspace router, and the code is now public[7]. It now handles multiple physical interfaces per driver VM, which will be important if we want to use both of them and they're in the same IOMMU group. [7]: https://cyberchaos.dev/yuka/xdp-forwarder As for me, it was mostly the usual Nixpkgs maintenance — start of a new staging cycle — and preparation for the new grant. I also fixed a few Spectrum bugs — a couple of compatibility fixes for applications, and a harmless error during the build. I've been at WHY2025 this week too, and having some good conversations about future opportunities for Spectrum. I'll be here until Wednesday morning — if you are too and would like to talk about Spectrum, or get a sticker, DECT QYLS. :)

1 0

This Week in Spectrum, 2025-W31
by Alyssa Ross 04 Aug '25

04 Aug '25

First, some big news: Spectrum's application for funding from the NGI Zero Commons programme has been accepted. The final amount granted is still undetermined, but I expect that Demi's, Yureka's and my work on new feature development Spectrum will be funded for at least the next year. (Maintenance and administrative work is generally not covered — that's where GitHub Sponsors / Liberapay donations come in for me.) This is the first time we'll have funding that covers more than just me, so it should mean that we'll be able to really accelerate our pace of development, as we've already started to see with Demi and Yureka's work over the past couple of months, for which I'm grateful to them for having been willing to make a head start before we had this confirmed. There's still more work to do, agreeing the exact amount of funding, and what work will be covered, so expect a lot of our time (especially mine) to be occupied with that in the near future. Next, Demi's work on PipeWire support in guests is now in the repo[1]. This doesn't mean that we have audio support in Spectrum quite yet, because there's also some host-side work to do to expose a virtio-sound device. In that direction, I added vhost-device-sound to Nixpkgs[2], and I started working on adding socket activation support to it. [1]: https://spectrum-os.org/git/spectrum/commit/?id=6c945fc8b81ab15866567816007… [2]: https://github.com/NixOS/nixpkgs/pull/429376 Yureka is now able to send and receive ethernet frames to a Wi-Fi interface in a VM. This is an important step towards our goal of moving routing to host userspace, connecting VMs running applications with VMs running network drivers. I also spent some time on Nixpkgs maintenance. A test build of Spectrum against staging identified some build regressions, so I've been working through those[3][4][5]. I also tested a crosvm update, and release candidates of QEMU and Meson, which proved worthwhile because I found a regression in Meson affecting Spectrum's tests[6]. [3]: https://github.com/NixOS/nixpkgs/pull/429588 [4]: https://github.com/NixOS/nixpkgs/pull/429585 [5]: https://github.com/NixOS/nixpkgs/pull/429816 [6]: https://github.com/mesonbuild/meson/issues/14869

1 0