Building Pharo VM on Alpine Linux in Docker

3 December 2019

I've put up a Dockerfile that builds the Pharo pharo.cog.spur.minheadless VM on Alpine Linux within Docker. This allows one to build said VM without having to first create an Alpine Linux installation such as through VirtualBox.

This is a multi-stage Dockerfile. The Pharo VM is built in an Alpine Linux 'build' container. Then the VM files are copied into a fresh Alpine Linux Docker image. The resulting Pharo VM Docker image is ~14 MB.

The output Docker image contains the Pharo VM only and is not runnable by itself. It is intended to be used as a base to build your own Docker image containing your application-specific Pharo image.

Tested on Ubuntu 18.04 and MacOS Mojave.

Edit: Changes to OpenSmalltalk VM source tree for building on Alpine Linux are in the pierce_alpine branch of my fork.

Minimizing Docker Pharo - Plugins

30 November 2019

In the quest^Wrather leisurely ambulation towards the smallest possible Docker image for Pharo for running headless, batch and server-side applications, one approach is to reduce the size of the Pharo VM, by removing irrelevant built-in and external plugins, also known as modules.

Here's what a pharo.cog.spur.minheadless VM built yesterday produces from STON toStringPretty: Smalltalk vm listBuiltinModules:

'[
    ''SqueakFFIPrims'',
    ''IA32ABI VMMaker.oscog-eem.2480 (i)'',
    ''FilePlugin VMMaker.oscog-eem.2530 (i)'',
    ''FileAttributesPlugin FileAttributesPlugin.oscog-eem.50 (i)'',
    ''LargeIntegers v2.0 VMMaker.oscog-eem.2530 (i)'',
    ''LocalePlugin VMMaker.oscog-eem.2495 (i)'',
    ''MiscPrimitivePlugin VMMaker.oscog-eem.2480 (i)'',
    ''SecurityPlugin VMMaker.oscog-eem.2480 (i)'',
    ''SocketPlugin VMMaker.oscog-eem.2568 (i)'',
    ''B2DPlugin VMMaker.oscog-eem.2536 (i)'',
    ''BitBltPlugin VMMaker.oscog-nice.2587 (i)'',
    ''FloatArrayPlugin VMMaker.oscog-eem.2480 (i)'',
    ''FloatMathPlugin VMMaker.oscog-eem.2480 (i)'',
    ''Matrix2x3Plugin VMMaker.oscog-eem.2480 (i)'',
    ''DropPlugin VMMaker.oscog-eem.2480 (i)'',
    ''ZipPlugin VMMaker.oscog-eem.2480 (i)'',
    ''ADPCMCodecPlugin VMMaker.oscog-eem.2480 (i)'',
    ''AsynchFilePlugin VMMaker.oscog-eem.2493 (i)'',
    ''BMPReadWriterPlugin VMMaker.oscog-eem.2480 (i)'',
    ''DSAPrims CryptographyPlugins-eem.14 (i)'',
    ''FFTPlugin VMMaker.oscog-eem.2480 (i)'',
    ''FileCopyPlugin VMMaker.oscog-eem.2493 (i)'',
    ''JoystickTabletPlugin VMMaker.oscog-eem.2493 (i)'',
    ''MIDIPlugin VMMaker.oscog-eem.2493 (i)'',
    ''SerialPlugin VMMaker.oscog-eem.2493 (i)'',
    ''SoundCodecPrims VMMaker.oscog-eem.2480 (i)'',
    ''SoundGenerationPlugin VMMaker.oscog-eem.2480 (i)'',
    ''StarSqueakPlugin VMMaker.oscog-eem.2480 (i)'',
    ''Mpeg3Plugin VMMaker.oscog-eem.2495 (i)'',
    ''VMProfileLinuxSupportPlugin VMMaker.oscog-eem.2480 (i)'',
    ''UnixOSProcessPlugin VMConstruction-Plugins-OSProcessPlugin.oscog-dtl.66 (i)''
]'

And here's the directory listing of the VM as built:

~/src/opensmalltalk-vm/products/ph64mincogspurlinuxht% ls
libAioPlugin.so*             libPharoVMCore.a             libSqueakSSL.so*             libssh2.so@
libCroquetPlugin.so*         libRePlugin.so*              libSurfacePlugin.so*         libssh2.so.1@
libEventsHandlerPlugin.so*   libSDL2-2.0.so.0@            libcrypto.so.1.1*            libssh2.so.1.0.1*
libInternetConfigPlugin.so*  libSDL2-2.0.so.0.7.0*        libgit2.so@                  libssl.so@
libJPEGReadWriter2Plugin.so* libSDL2.so@                  libgit2.so.0.26.8*           libssl.so.1.1*
libJPEGReaderPlugin.so*      libSDL2DisplayPlugin.so*     libgit2.so.26@               pharo*

For server-side applications, a number of the plugins and shared libraries (certainly also libPharoVMCore.a) need not be part of the Docker image.

PBKDF2-HMAC-SHA1 password hashing for TF-Login

17 November 2019

I've implemented PBKDF2-HMAC-SHA1 in TF-Login 'password' branch to replace the existing simple and insecure SHA1-based password hashing scheme.

To load, start with fresh Pharo 7 image:

"First load Seaside."
Metacello new 
    baseline: 'Seaside3'; 
    repository: 'github://SeasideSt/Seaside:v3.3.3/repository'; 
    load. 
    
"Then load TF-Login."
Metacello new 
    baseline: 'TFLogin'; 
    repository: 'github://PierceNg/TF-Login:password/src'; 
    load.

As originally implemented, TF-Login also supports cookie-based auto-login, which works by storing username and the SHA1-hashed password in client cookies. This scheme is certainly not secure by current standards and can't be used together with PBKDF2-HMAC-SHA1 password hashing.

Possible future work on TF-Login password management:

  • OAuth2, to replace the existing insecure cookie-based auto-login

  • 2FA

[ANN] TF-Login for Seaside 3.3 for Pharo 7

15 November 2019

I've ported TF-Login to Seaside 3.3 and Pharo 7.

To load, start with fresh Pharo 7 image:

Metacello new 
    baseline: 'Seaside3'; 
    repository: 'github://SeasideSt/Seaside:v3.3.3/repository'; 
    load. 
    
Metacello new 
    baseline: 'TFLogin'; 
    repository: 'github://PierceNg/TF-Login:pharo7/src'; 
    load.

The baseline doesn't load Seaside, in case you want to load it into an image that already has Seaside.

Start Test Runner and run the TF-Login tests. All 62 tests should pass.