Compatibility with Emscriptenforge, Pyodide, Pyscript?
westurner opened this issue · comments
- Does cowasm intend to invent a new WASM packaging format?
- Will it be possible to use pyodide packages with cowasm?
- Will it be possible to use cowasm packages with pyodide (pyscript,)?
- Cocalc is composed of conda packages (from conda-forge?) now
- Conda-forge
noarch
packages can be installed with emscriptenforge without modification - Emscriptenforge WASM packages are built with empack, hosted on Quetz, and installed with picomamba
- Will cowasm be able to use emscriptenforge packages?
.
- pyodide/pyodide#795 (comment) :
-
EmscriptenForge
- https://github.com/emscripten-forge/empack
- https://github.com/emscripten-forge/recipes
- https://github.com/emscripten-forge/recipes/blob/main/.github/workflows/build_recipes.yaml
- https://github.com/emscripten-forge/recipes/blob/main/recipes/recipes_emscripten/python/recipe.yaml
- https://github.com/mamba-org/picomamba/
- https://github.com/mamba-org/picomamba/blob/d15420d2a2cf1cabf19da42e4c7a1734a5c4c46b/python/module/picomamba/picomamba.py#L176-L189
-
EmscriptenForge, CondaForge, Pyodide package SECurity and PERFormance
-
[...] CORS headers, [...]
-
FWIU packages are persisted w/ SQLite in WASM, per-request?
-
https://www.anaconda.com/blog/conda-signature-verification (2021)
https://github.com/conda/conda-content-trust -
Signed HTTP Exchanges (SXG) & Web Bundles weren't yet finalized (could be used to secure WASM packages); from https://web.dev/web-bundles/ :
HTTP resources in a Web Bundle are indexed by request URLs, and can optionally come with signatures that vouch for the resources. Signatures allow browsers to understand and verify where each resource came from, and treats each as coming from its true origin. This is similar to how Signed HTTP Exchanges, a feature for signing a single HTTP resource, are handled.
-
HTTP Subresource Integrity (SRI):
<script src="https://cdn.example.com/app.js" integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB" crossorigin="anonymous"></script>
-
-