supermachine 0.7.76

Run any OCI/Docker image as a hardware-isolated microVM on macOS HVF (Linux KVM and Windows WHP in progress). Single library API, zero flags for the common case, sub-100 ms cold-restore from snapshot.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

//! End-to-end Dockerfile build on KVM: parse a Dockerfile, build each layer by
//! executing it in a microVM and live-snapshotting the result, then boot the
//! final image and confirm the RUN effects are present.

#[cfg(all(target_os = "linux", target_arch = "x86_64"))]
fn main() {
    use std::time::{Duration, Instant};
    use supermachine::{builder, Image, VmConfig};

    // The apk RUN exercises build-time networking (TSI egress + DNS + correct
    // guest clock for TLS) — it must SUCCEED (no `|| true`), so a network/clock
    // regression fails the build instead of silently shipping without jq.
    let dockerfile = "FROM alpine\n\
        RUN echo built-by-kvm > /built\n\
        RUN mkdir -p /app && echo v1 > /app/version\n\
        RUN apk add --no-cache jq\n";
    let df = builder::parse(dockerfile).expect("parse");
    eprintln!("=== parsed {} stage(s) ===", df.stages.len());

    let ctx = std::env::temp_dir().join("sm-build-ctx");
    let _ = std::fs::create_dir_all(&ctx);
    let dest = "/tmp/sm-built-image";
    let _ = std::fs::remove_dir_all(dest);

    let base = Image::from_oci("alpine").expect("from_oci base");
    eprintln!("=== build_linear (layer-per-snapshot on KVM) ===");
    let t0 = Instant::now();
    let out = builder::build_linear(&df, &base, &ctx, dest).expect("build_linear");
    eprintln!("build took {:?}", t0.elapsed());

    eprintln!("=== boot final image, verify RUN effects ===");
    let vm = out.image.start(&VmConfig::new()).expect("start built");
    std::thread::sleep(Duration::from_millis(5000));
    let o = vm
        .exec_builder()
        .argv([
            "/bin/sh",
            "-c",
            "cat /built; cat /app/version; (command -v jq >/dev/null && echo jq-ok || echo jq-missing)",
        ])
        .output()
        .expect("exec verify");
    let got = String::from_utf8_lossy(&o.stdout).trim_end().to_string();
    eprintln!("built image contents:\n{got}");
    vm.stop().ok();

    let pass = got.contains("built-by-kvm") && got.contains("v1") && got.contains("jq-ok");
    eprintln!(
        "=== KVM DOCKERFILE BUILD: {} ===",
        if pass { "PASS" } else { "FAIL" }
    );
}

#[cfg(not(all(target_os = "linux", target_arch = "x86_64")))]
fn main() {
    eprintln!("kvm_build is Linux/x86_64 only");
}