supermachine 0.4.21

Run any OCI/Docker image as a hardware-isolated microVM on macOS HVF (Linux KVM and Windows WHP in progress). Single library API, zero flags for the common case, sub-100 ms cold-restore from snapshot.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

[package]
name = "supermachine"
version = "0.4.21"
edition.workspace = true
rust-version.workspace = true
# This package's own source is purely Apache-2.0. The transitive
# dep on `supermachine-kernel` brings in GPL-2.0-only kernel data
# and MIT musl in init-oci; consumers redistributing the combined
# binary must satisfy those licenses on the data blobs (see
# `supermachine-kernel`'s NOTICE for the GPL ยง3(b) source offer).
# Per Cargo convention, the `license` field describes this
# package's contents only.
license = "Apache-2.0"
publish = true
description = "Run any OCI/Docker image as a hardware-isolated microVM on macOS HVF (Linux KVM and Windows WHP in progress). Single library API, zero flags for the common case, sub-100 ms cold-restore from snapshot."
documentation = "https://docs.rs/supermachine"
readme = "README.md"
keywords = ["microvm", "hypervisor", "oci", "docker", "snapshot"]
categories = ["virtualization", "api-bindings", "command-line-utilities"]

# Whitelist what ships in the published .crate. Excluded: large
# binary fixtures (`oci/init-oci*`, `test-initramfs/`, baked
# snapshots, profiling output) which are dev-only artifacts and
# would push the package past crates.io's 10 MiB cap. The init
# shim source `oci/init-oci.c` ships so embedders building from
# source can rebuild it; the prebuilt binary travels through the
# `supermachine-kernel` crate instead.
include = [
    "src/**/*.rs",
    "examples/**/*.rs",
    "entitlements.plist",
    "oci/init-oci.c",
    "Cargo.toml",
    "README.md",
    "LICENSE-APACHE",
]

[lib]
name = "supermachine"
path = "src/lib.rs"

[[bin]]
name = "supermachine"
path = "src/bin/cli.rs"

[[bin]]
name = "supermachine-worker"
path = "src/bin/worker.rs"

[[bin]]
name = "supermachine-router"
path = "src/bin/router.rs"

[[bin]]
name = "cargo-supermachine"
path = "src/bin/cargo_plugin.rs"

[features]
# Default off so Apache-style consumers don't pull tokio
# transitively. Opt-in adds an async wrapper surface that
# `spawn_blocking`s the sync API onto tokio's worker pool.
default = []
tokio = ["dep:tokio"]

[dependencies]
serde.workspace = true
serde_json.workspace = true
libc.workspace = true
log = "0.4"
env_logger = "0.11"
# Structured tracing for embedders. We emit `tracing::info_span!`
# spans + events from the public API entry points (bake, acquire,
# snapshot capture, exec) so embedders can wire a
# `tracing-subscriber` JSON layer and get phase-by-phase metrics
# without us having to ship a custom format. Enabled by default;
# zero overhead when no subscriber is installed.
tracing = "0.1"
mio = { version = "1", features = ["net", "os-poll"] }
rustls = { version = "0.23", default-features = false, features = ["std", "tls12", "ring", "aws-lc-rs"] }
rustls-pemfile = "2"
# Optional async surface โ€” see the `tokio` feature.
tokio = { version = "1", default-features = false, features = ["rt", "rt-multi-thread", "sync"], optional = true }
# Hard dep: kernel + init shim ride inside our binary so
# `cargo install supermachine` produces a CLI that just works,
# zero manual setup. Pinned with `=` because the snapshot format
# is keyed to the kernel build; any drift would invalidate baked
# snapshots. Override with $SUPERMACHINE_KERNEL_PATH at runtime
# for custom kernels.
#
# Licensing: `supermachine-kernel` is `Apache-2.0 AND GPL-2.0-only
# AND MIT` because it bundles the Linux kernel (GPL) and the musl
# libc statically linked into init-oci (MIT). This crate's own
# source stays pure Apache-2.0 โ€” the GPL component arrives as a
# transitive runtime data dependency. Consumers redistributing a
# binary that pulls supermachine in must comply with GPL-2.0 on
# the kernel blob (point downstream at the kernel-build/ recipe
# in our repo for source); their own code is unaffected since the
# kernel runs as guest data in a separate VM, not as linked code.
supermachine-kernel = { version = "=0.4.21", path = "../supermachine-kernel" }

[target.'cfg(all(target_os = "macos", target_arch = "aarch64"))'.dependencies]
applevisor-sys = { version = "1.0", features = ["macos-15-0"] }
vm-fdt = "0.3"

[dev-dependencies]
# For the async-API integration tests under
# `tests/integration_async.rs`, gated on the `tokio` feature.
tokio = { version = "1", default-features = false, features = ["rt-multi-thread", "macros", "time"] }
# Used by `examples/_tracing_demo.rs` to demonstrate the public
# tracing surface. Embedders pick whichever subscriber they want;
# this is just for the example.
tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
# Used by `examples/_flame_graph.rs` to emit folded-stack-format
# output that `inferno-flamegraph` (or chrome://tracing if you
# convert to JSON) renders as an SVG flame graph. Optional โ€”
# embedders who want flame graphs install this themselves.
tracing-flame = "0.2"

[lints.rust]
unsafe_op_in_unsafe_fn = "warn"