supermachine 0.7.21

[package]
name = "supermachine"
version = "0.7.21"
edition.workspace = true
rust-version.workspace = true
# This package's own source is purely Apache-2.0. The transitive
# dep on `supermachine-kernel` brings in GPL-2.0-only kernel data
# and MIT musl in init-oci; consumers redistributing the combined
# binary must satisfy those licenses on the data blobs (see
# `supermachine-kernel`'s NOTICE for the GPL §3(b) source offer).
# Per Cargo convention, the `license` field describes this
# package's contents only.
license = "Apache-2.0"
publish = true
description = "Run any OCI/Docker image as a hardware-isolated microVM on macOS HVF (Linux KVM and Windows WHP in progress). Single library API, zero flags for the common case, sub-100 ms cold-restore from snapshot."
documentation = "https://docs.rs/supermachine"
readme = "README.md"
keywords = ["microvm", "hypervisor", "oci", "docker", "snapshot"]
categories = ["virtualization", "api-bindings", "command-line-utilities"]

# Whitelist what ships in the published .crate. Excluded: large
# binary fixtures (`oci/init-oci*`, `test-initramfs/`, baked
# snapshots, profiling output) which are dev-only artifacts and
# would push the package past crates.io's 10 MiB cap. The init
# shim source `oci/init-oci.c` ships so embedders building from
# source can rebuild it; the prebuilt binary travels through the
# `supermachine-kernel` crate instead.
include = [
    "src/**/*.rs",
    "examples/**/*.rs",
    "entitlements.plist",
    "oci/init-oci.c",
    "Cargo.toml",
    "README.md",
    "LICENSE-APACHE",
]

[lib]
name = "supermachine"
path = "src/lib.rs"

[[bin]]
name = "supermachine"
path = "src/bin/cli.rs"

[[bin]]
name = "supermachine-worker"
path = "src/bin/worker.rs"

[[bin]]
name = "supermachine-router"
path = "src/bin/router.rs"

[[bin]]
name = "cargo-supermachine"
path = "src/bin/cargo_plugin.rs"

[features]
# Default off so Apache-style consumers don't pull tokio
# transitively. Opt-in adds an async wrapper surface that
# `spawn_blocking`s the sync API onto tokio's worker pool.
default = []
tokio = ["dep:tokio"]

[dependencies]
serde.workspace = true
serde_json.workspace = true
libc.workspace = true
log = "0.4"
env_logger = "0.11"
# Structured tracing for embedders. We emit `tracing::info_span!`
# spans + events from the public API entry points (bake, acquire,
# snapshot capture, exec) so embedders can wire a
# `tracing-subscriber` JSON layer and get phase-by-phase metrics
# without us having to ship a custom format. Enabled by default;
# zero overhead when no subscriber is installed.
tracing = "0.1"
mio = { version = "1", features = ["net", "os-poll"] }
rustls = { version = "0.23", default-features = false, features = ["std", "tls12", "ring", "aws-lc-rs"] }
rustls-pemfile = "2"
# SHA-256 used only for content-hashing the bundled kernel /
# init-oci / agent bytes so the per-version extracted-asset cache
# under $XDG_DATA_HOME/supermachine/ invalidates when the bytes
# change without a CARGO_PKG_VERSION bump (e.g. a maintainer
# rebuilds kernel.xz via a path dep). `ring` is already a
# transitive dep via rustls, so adding it as a direct dep here
# is effectively free in compile-time terms.
ring = "0.17"
# Optional async surface — see the `tokio` feature.
tokio = { version = "1", default-features = false, features = ["rt", "rt-multi-thread", "sync"], optional = true }
# Hard dep: kernel + init shim ride inside our binary so
# `cargo install supermachine` produces a CLI that just works,
# zero manual setup. Pinned with `=` because the snapshot format
# is keyed to the kernel build; any drift would invalidate baked
# snapshots. Override with $SUPERMACHINE_KERNEL_PATH at runtime
# for custom kernels.
#
# Licensing: `supermachine-kernel` is `Apache-2.0 AND GPL-2.0-only
# AND MIT` because it bundles the Linux kernel (GPL) and the musl
# libc statically linked into init-oci (MIT). This crate's own
# source stays pure Apache-2.0 — the GPL component arrives as a
# transitive runtime data dependency. Consumers redistributing a
# binary that pulls supermachine in must comply with GPL-2.0 on
# the kernel blob (point downstream at the kernel-build/ recipe
# in our repo for source); their own code is unaffected since the
# kernel runs as guest data in a separate VM, not as linked code.
supermachine-kernel = { version = "=0.7.21", path = "../supermachine-kernel" }
# OCI bake pipeline: read layer-tar headers to recover original uid/gid
# (macOS BSD `tar -xf` strips ownership to the running user since
# non-root can't chown(); we feed the original metadata to mksquashfs
# via `-pseudo-file`). Pure-Rust, no system deps.
tar = { version = "0.4", default-features = false }
flate2 = { version = "1", default-features = false, features = ["rust_backend"] }

[target.'cfg(all(target_os = "macos", target_arch = "aarch64"))'.dependencies]
applevisor-sys = { version = "1.0", features = ["macos-15-0"] }
vm-fdt = "0.3"

[dev-dependencies]
# For the async-API integration tests under
# `tests/integration_async.rs`, gated on the `tokio` feature.
tokio = { version = "1", default-features = false, features = ["rt-multi-thread", "macros", "time"] }
# Used by `examples/_tracing_demo.rs` to demonstrate the public
# tracing surface. Embedders pick whichever subscriber they want;
# this is just for the example.
tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
# Used by `examples/_flame_graph.rs` to emit folded-stack-format
# output that `inferno-flamegraph` (or chrome://tracing if you
# convert to JSON) renders as an SVG flame graph. Optional —
# embedders who want flame graphs install this themselves.
tracing-flame = "0.2"

[lints.rust]
unsafe_op_in_unsafe_fn = "warn"