{"id":17537543,"url":"https://github.com/zenhack/tempest","last_synced_at":"2025-04-16T01:53:30.567Z","repository":{"id":151019478,"uuid":"586047404","full_name":"zenhack/tempest","owner":"zenhack","description":null,"archived":false,"fork":false,"pushed_at":"2023-06-30T19:16:46.000Z","size":4665,"stargazers_count":93,"open_issues_count":8,"forks_count":10,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-29T03:45:55.959Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Cap'n Proto","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zenhack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-06T19:54:19.000Z","updated_at":"2024-11-27T21:38:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"b268ab3c-fbfe-4908-abc3-775f1f0ee47d","html_url":"https://github.com/zenhack/tempest","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zenhack%2Ftempest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zenhack%2Ftempest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zenhack%2Ftempest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zenhack%2Ftempest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zenhack","download_url":"https://codeload.github.com/zenhack/tempest/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249183064,"owners_count":21226140,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-20T20:42:09.678Z","updated_at":"2025-04-16T01:53:30.550Z","avatar_url":"https://github.com/zenhack.png","language":"Cap'n Proto","readme":"This repository contains an experimental replacement for [Sandstorm][1].\nSee the [blog post][2].\n\nCurrently, most of the sandbox setup code is built, and tempest\nis capable of spawning sandstorm apps and plumbing http traffic to them\nfrom the outside, though some http features are not yet implemented.\n\n# Building\n\nTo build tempest, you will need:\n\n- Go 1.20 or later\n- [tinygo](https://tinygo.org/)\n  - If the build complains about missing `wasm-opt`, you may also need\n    to install the `binaryen` package.\n- Standard C development tools (make, a C compiler, etc).\n- The `bpf_asm` command, included in the linux kernel source tree.\n- capnp (command line tool) version 0.8 or later.\n- capnpc-go code generator plugin\n\n`bpf_asm` is not packaged in all distributions; if your distro does\nnot have a package for it, you can install it from source. You will\nadditionally need `bison` and `flex` installed, and then you can\nrun:\n\n```\ncurl https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.3.1.tar.xz \u003e linux.tar.xz\ntar -xvf linux.tar.xz\ncd linux-*/tools/bpf\nmake bpf_asm\ninstall -Dm755 -t /usr/local/bin/ bpf_asm\n```\n\nYou will also need to separately check out the source for go-capnp:\n\n```\nmkdir ../deps\ncd ../deps\ngit clone https://github.com/capnproto/go-capnp\ncd -\n```\n\nThen, run the configure script and then `make`. The configure script\naccepts most of the same options as typical gnu packages. Additionally\nyou will need to supply the paths to the repository checked out above\nvia the `--with-go-capnp` flag.\n\nFinally, it is possible to share grain \u0026 app storage with an existing\nSandstorm installation. If you want to do this, you will need to specify\nthe correct value for `--localstatedir`, and then see the next section\non importing data from Sandstorm:\n\n```\n./configure \\\n    --with-go-capnp=../deps/go-capnp \\\n    --localstatedir=/opt/sandstorm/var\nmake\n```\n\nThen run `make install` to install tempest system wide.\n\nIf you do not want to share storage with Sandstorm, you can omit the\n`--localstatedir` flag.\n\nIn addition to the files used by sandstorm, `tempest` will create a\ncouple extra things underneath that path, namely:\n\n- an extra directory at `sandstorm/mnt`\n- a sqlite3 database at `sandstorm/sandstorm.sqlite3`\n\n# Importing data from sandstorm\n\nTempest comes with a tool to import some data from a sandstorm\ninstallation's database; after running `make`, there will be\nan executable at `_build/sandstorm-import-tool`. On a typical sandstorm\nserver you can export the contents of the database via:\n\n```\nmkdir ../sandstormexport\n./_build/sandstorm-import-tool --snapshot-dir ../sandstormexport export\n```\n\nIf your sandstorm installation is in a non-standard path or mongoDB is\nlistening on a different port, you may have to supply additional\noptions; see `sandstorm-import-tool --help` to see the full list.\n\nYou can then import the snapshot into tempest via:\n\n```\n./_build/sandstorm-import-tool --snapshot-dir ../sandstormexport import\n```\n\nFor some development, it can be useful to export \u0026 import from sandstorm\nfrequently. Therefore, we have a Makefile target for this:\n\n```\nsudo make export-import\n```\n\n...which will automate the above, using the default values to\nsandstorm-import-tool's flags. It will also destroy the old database\nand fix permissions on the new one.\n\n# Running\n\n`tempest` should be run as the user and group chosen by the via\nthe `--user` and `--group` flags to `./configure` (by default both\n`sandstorm`).  The easiest way to do this is to run as root:\n\n```\nsudo -u sandstorm -g sandstorm ./_build/tempest\n```\n\nTempest can be configured via environment variables; see\n`./capnp/settings.capnp` for full documentation and `./env.sh.example`\nfor an example.\n\nNote that for environment variables to be picked up by tempest when run\nwith sudo, you will have to pass the `--preserve-env`/`-E` flag:\n\n```\nsudo --preserve-env -u sandstorm -g sandstorm ./_build/tempest\n```\n\nFor development purposes, the Makefile includes a `dev` target that will\nrebuild, reinstall, and then spawn tempest; simply run:\n\n```\nsudo --preserve-env make dev\n```\n\n# Creating users\n\nOut of the box, it is possible to login in via both email (if the\n`SMTP_*` enviornment variables are set) and \"developer accounts,\" which\nare useful for testing. However, by default none of these accounts will\nhave any rights on the server. To create a user with the authority to do\ninteresting things, you can either:\n\n- Import data from Sandstorm, per above. Users will have the same\n  permissions they had in Sandstorm.\n- Use the `tempest-make-user` command.\n\nFor the latter, run:\n\n```\n# for email users:\n./_build/tempest-make-user --type email --id alice@example.com --role user\n# for dev accounts:\n./_build/tempest-make-user --type dev --id 'Alice Dev Admin' --role admin\n```\n\nWhere `role` can be any of `visitor`, `user`, or `admin`, with the same\nmeanings as in Sandstorm:\n\n- `visitor`s have the ability to list and interact with grains that have\n  been shared with them, but otherwise have no authority on the server.\n- `user`s can additionally install apps and create grains.\n- `admin`s have full access to the server.\n\n# Using\n\nVisit the web interface (as defined by `BASE_URL`), and log in either\nwith a developer account or email.\n\nOnce you have logged in, the Grains link will display grains the user\nhas access to. Click the links to open the grains.\n\nThis will display the grain's UI within an iframe. Things like\noffer iframes and anything that uses sandstorm specific APIs will not\nwork currently.\n\nIf your account has at least the `user` role, the Apps link will\nallow you upload spk files to install apps, or create grains from\napps which are already installed.\n\n[1]: https://sandstorm.io\n[2]: https://zenhack.net/2023/01/06/introducing-tempest.html\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzenhack%2Ftempest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzenhack%2Ftempest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzenhack%2Ftempest/lists"}