sagemathinc / cowasm

CoWasm: Collaborative WebAssembly for Servers and Browsers. Built using Zig. Supports Python with extension modules, including numpy.

https://cowasm.org

Compatibility with Emscriptenforge, Pyodide, Pyscript?

westurner opened this issue 2 years ago · comments

Wes Turner commented 2 years ago

Does cowasm intend to invent a new WASM packaging format?
Will it be possible to use pyodide packages with cowasm?
Will it be possible to use cowasm packages with pyodide (pyscript,)?
Cocalc is composed of conda packages (from conda-forge?) now
Conda-forge noarch packages can be installed with emscriptenforge without modification
Emscriptenforge WASM packages are built with empack, hosted on Quetz, and installed with picomamba
Will cowasm be able to use emscriptenforge packages?

.

pyodide/pyodide#795 (comment) :
- EmscriptenForge
- EmscriptenForge, CondaForge, Pyodide package SECurity and PERFormance
  - [...] CORS headers, [...]
  - FWIU packages are persisted w/ SQLite in WASM, per-request?
  - https://www.anaconda.com/blog/conda-signature-verification (2021)
    https://github.com/conda/conda-content-trust
  - Signed HTTP Exchanges (SXG) & Web Bundles weren't yet finalized (could be used to secure WASM packages); from https://web.dev/web-bundles/ :
    
    HTTP resources in a Web Bundle are indexed by request URLs, and can optionally come with signatures that vouch for the resources. Signatures allow browsers to understand and verify where each resource came from, and treats each as coming from its true origin. This is similar to how Signed HTTP Exchanges, a feature for signing a single HTTP resource, are handled.
  - HTTP Subresource Integrity (SRI):
```
    <script src="https://cdn.example.com/app.js"
     integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB"
     crossorigin="anonymous"></script>
```