Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
github.com/talos-systems/os-runtime
- Version published
- Created
runtime
COSI Runtime contains core resource (state) and controller (operator) engine to build operating systems.
Design
Resources
A resource is a metadata plus opaque spec.
Metadata structure is strictly defined, while a spec is transparent to the runtime.
Metadata defines an address of the resource: (namespace, type, id, version) and additional fields (finalizers, owner, etc.)
Controllers
A controller is a task that runs as a single thread of execution. A controller has defined input and outputs. Outputs are static and should be defined at the registration time, while inputs are dynamic and might change during controller execution.
A controller is supposed to implement a reconcile loop: for each reconcile event (coming from the runtime) the controller wakes up, checks the inputs, performs any actions and modifies the outputs.
Controller inputs are resources which controller can read (it can't read resources that are not declared as inputs), and inputs are the resources controller gets notified about changes:
stronginputs are the inputs controller depends on in a strong way: it has to be notified when inputs are going to be destroyed via finalizer mechanism;weakinputs are the inputs controller watches, but it doesn't have to do any cleanup when weak inputs are being destroyed.
A controller can modify finalizers of strong controller inputs; any other modifications to the inputs are not permitted.
Controller outputs are resources which controller can write (create, destroy, update):
exclusiveoutputs are managed by only a single controller; no other controller can modify exclusive resourcessharedoutputs are resources that are created by multiple controllers, but each specific resource can only be modified by a controller which created that resource
Runtime verifies that only one controller has exclusive access to the resource.
Principles
- simple and structured: impose structure to make things simple.
- avoid conflicts by design: resources don't have multiple entities which can modify them.
- use controller structure as documentation: graph of dependencies between controllers and resources documents system design and current state.
FAQs
Unknown package
Package last updated on 04 Feb 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025