HackMD
Ideas for GSOC 2024
Rattler improvements
Rattler is a low-level open-source library written in Rust that implements features to handle conda packages: resolving, installing, downloding and more.
Ideas:
-
Implement repository mirrors for rattler in Rust
Scope: 350 hours (medium)
Description:
In the conda world you can define a "channel" from which you want to get the package from. This is, for example, "conda-forge", or "pytorch", etc. We would like to implement the ability to define a channel and multiple "mirrors" of the channel that host the same packages (verified by checking their SHA256 hashes).rattlerwould need the ability to select the best (e.g. geographically closest) mirror, attempt a download, and fail over to another mirror if – for example – the file is not available from said mirror yet.
Skills: Networking, Rust
Expected Outcomes: an implementation inrattler_networkingthat supports selecting the fastest mirror, and intelligently switches mirrors based on download speed and reliability. Stretch goals are OCI support (to be able to download from arbitrary OCI artifacts) and S3/Google Storage support (e.g. using OpenDAL).
Mentors: Wolf Vollprecht, Bas Zalmstra -
Implement package signing for conda packages in Rust
Scope: 350 hours (hard)
Description:
We would like to further solidify rattler & implement "TUF" support (the Update Framework). TUF is a reference in terms of security for package registries and has been implemented inmambaandconda(conda-content-trust). Based on those two implementations we would like to implement TUF support in a similar fashion. Furthermore, we would then like to understand how we can integrate withsigstore.devfor enhanced Supply Chain Security.
Skills: Cryptography, Rust
Expected Outcomes: An implementation of package signing using the sigstore crate and TUF that is merged in rattler.
Mentors: Wolf Vollprecht, Bas Zalmstra
resolvo improvements
Resolvo is a high performance SAT solver that is used in rattler to solve conda package dependencies and in rip to solve PyPI package dependencies. It is written from scratch in Rust and implements state of the art conflict drive clause learning.
Ideas:
- Optimize the SAT solver
resolvofurther
Scope: 175 hours (medium)
Description:
Resolvo is our Rust-implementation of a fast package management SAT solver. We would like to implement some optimizations in the open source to fix some pathological cases for PyPI resolving. We recently maderesolvoasync for faster PyPI resolving but there could be more benchmarking for even faster speeds. Additionally there are some pathological cases where changing the order of backtracking could yield amazing speed ups.
Skills: Optimization, Rust, Profiling
Expected Outcomes: Fix some cases where resolvo / rip are currently slow by implementing e.g. SAT solver restarts.
Mentors: Bas Zalmstra, Tim de Jager - Implement a RPM resolver using
resolvo
Scope: 350 hours (medium)
Description:
A prototype already exists under: https://github.com/prefix-dev/resolvo-rpm. We would need some additional features such as "suggest", "recommends", and "obsoletes" that are currently not implemented inresolvo. These features are available inlibsolv, the SAT solver that many ideas inresolvoare based on.
Expected Outcomes: A more complete RPM resolver prototype that works with actual packages and resolves suggested packages as well as taking care of obsoleted packages. A stretch goal would be the downloading and installing of actual RPM packages.
Skills: Rust, Theoretical Computer Science
Mentors: Wolf Vollprecht, Tim de Jager
