
Linux apps running on iOS via userspace x86 emulation and syscall translation - United857
https://ish.app/
======
mikenew
Looks like you have to compile it yourself (meaning you need a mac with Xcode)
or install it through testflight. Although I'm surprised that it's even
allowed on testflight. iOS doesn't allow you to execute code of any kind
locally, which is why if you download a "learn python" app or something it has
to send your code off to a server, execute it, and then send you back the
result.

It's part of the reason why I recently moved away from iOS. Things like this
are not supposed to exist, and you have to bend over backwards to make it
work.

EDIT: Okay apparently this changed as of last year-ish? Looks like they have
an exception in place for "a programming environment intended for use in
learning how to program"* Regardless I think this kind of shell environment is
still against the app store guidelines.

*[https://www.theregister.co.uk/2017/06/07/apple_relaxes_devel...](https://www.theregister.co.uk/2017/06/07/apple_relaxes_developer_rules/)

~~~
sitharus
Since last year Apple have allowed executing user-input code providing the
application is designed for teaching programming,
[https://twitter.com/palmin/status/871980560943636480](https://twitter.com/palmin/status/871980560943636480)
has a summary. I can't link to the actual doc since that's behind a login.

I'm not sure how this app would be allowed though.

~~~
saagarjha
I make the argument that this application downloads and emulates code that is
user-editable in the form of x86 binaries, which is the same as Pythonista or
similar downloading and running Python code.

~~~
tluyben2
I would think Apple themselves are looking into this (probably on the
processor level as they control that now) for iOS; in order to make it more
free for devs / users while having software run securely sandboxed, they need
a way of running 'anything' securely. So I don't think they mind users testing
out different ways of making it work and learn from it.

Does that processor have hardware support for it already but Apple just
doesn't do software support? So they can only use it themselves?

~~~
saagarjha
Sorry, I don't quite understand your question. Are you asking whether Apple
has put support in their processors for running arbitrary code inside a
sandbox?

~~~
jakobegger
They are asking if the A series Apple chips have virtualisation features like
Intel VT-x

~~~
saagarjha
I think they do, at least recent ones should. I don't think Apple has
explicitly documented this anywhere, but I recall reading something like this
recently.

------
selimnairb
Why run x86 Linux binaries? Wouldn’t it be easier and more efficient to run
ARM binaries? Then you’d only need syscall translation, no? I guess you would
also need a thuniking layer to handle binary format/ABI differences. But that
would still be better in terms of time and space than emulation I would think.

~~~
ant6n
I wonder to what extend it's possible to include every executable from the
standard apt-get ARM repository (but not any other resources) in the app.
Since the code is included at compile time and bundled with the App, Apple
should allow it. Then one could add some sort of apt-get shim that fetches the
non-code resources and installs them; and something to catch system calls
(which could maybe be overridden at compile time as well).

~~~
saurik
FWIW, without nitpicking your language (as it is clear what you are saying,
and the question is a totally legitimate one), the answer is "yes: that would
absolutely be possible".

~~~
ant6n
Not if the resulting executable is on the order of tens of gigabytes in size,
or if the executables use features that aren't available/allowed in iOS (like
runtime code generation and execution).

------
aasasd
There's been a sorta similar thing for Windows for almost fifteen years now,
called CoLinux:
[https://en.wikipedia.org/wiki/Cooperative_Linux](https://en.wikipedia.org/wiki/Cooperative_Linux)

It runs a Linux kernel on top of the Windows one, without processor emulation,
so you could say it translates Linux calls and semantics to Windows' control
of resources.

However, it didn't gain any significant use, and is apparently abandoned.

~~~
swiftcoder
How different is that to what Microsoft is officially supporting via the
Windows Subsystem for Linux?

~~~
rhinoceraptor
WSL isn't _Linux_ , it's an re-implementation of the Linux kernel syscall
table, that translates them to the Windows equivalent. It allows userspace
Linux programs to run on Windows.

It would be more accurate if they called it the Windows Subsystem for Linux
Apps.

If you give a Linux program a complete syscall interface, it will run
(provided it has its' libraries and a libc to work with).

------
recuter
This is a very nice effort but I can't help but dream of something like xhyve
+ alpine side loaded on an iPad Pro.

I just want to run neovim and use its terminal emulator and a few cli tools.

~~~
saagarjha
iOS doesn't have Hypervisor.framework like macOS does, unfortunately, which
makes a project like this significantly more difficult. Hence the need for an
emulation layer. However,

> I just want to run neovim and use its terminal emulator and a few cli tools.

This is doable with the project as it is currently.

~~~
recuter
Be that as it may, the lack of Hypervisor.framework just means there is no
Apple sanctioned way to publish an app like VirtualBox in the App Store.

I'd still happily pay the yearly Apple developer tax to side load until Apple
ends up shipping one when it transitions from x86 to ARM. ;)

AFAIC rolling your own hypervisor is technically feasible just would not be
very performant.

------
umanwizard
Previous discussion at a link to the github repository:
[https://news.ycombinator.com/item?id=18421016](https://news.ycombinator.com/item?id=18421016)

------
zer0zzz
Why not build a simple aarch64 machine code runtime and skip the emulation by
running aarch64 Linux ?

~~~
saagarjha
I've described why this doesn't work when this thread came up earlier today:
[https://news.ycombinator.com/item?id=18425906](https://news.ycombinator.com/item?id=18425906).
In essence, you will need an emulation layer anyways, so it doesn't really
matter whether you're running x86 or ARM.

------
RavlaAvlar
I thought apple disallow apps like these?

~~~
saagarjha
They have disallowed similar apps, but I’ve made a case that this app in
particular doesn’t violate any of Apple’s guidelines.

------
ninjamisto
ish seem to work in macos as well...

There’s also this interesting project:

Noah is a Darwin subsystem for Linux, or "Bash on Ubuntu on Mac OS X". Noah is
implemented as a hypervisor that traps linux system calls and translates them
into Darwin's system calls. Noah also has an interpreter of ELF files so that
binary executables of Linux run directly and flawlessly without any
modifications.

[https://github.com/linux-noah/noah](https://github.com/linux-noah/noah)

[https://events.static.linuxfound.org/sites/events/files/slid...](https://events.static.linuxfound.org/sites/events/files/slides/Noah%20Hypervisor-
Based%20Darwin%20Subsystem%20for%20Linux.pdf)

------
snazz
It would be awesome if they let you type commonly used symbols with the swipe
down feature like in Swift Playgrounds—then you would not have to go through
multiple screens full of characters to get the angle bracket or curly braces.

~~~
saagarjha
On iPad, this keyboard comes by default for all apps (including iSH), since
it’s provided by the system.

~~~
snazz
Swift Playgrounds changes the symbols that you can type with the keyboard in
that mode. Normally, you can’t type curly braces or angle brackets on the
first level of the iOS keyboard, but you can in Swift Playgrounds (and when
entering LaTeX into Pages).

All I’m saying is that it would be nice if iSH customized the keyboard the
same way.

------
shmerl
Can't you run ARM binaries straight? No need to emulate the CPU. Same as Wine
runs Windows programs without emulating it (as long as it's used on x86 arch).

~~~
saagarjha
You can, but not in the way you'd expect. Codesigning is a big issue, but one
that can be circumvented if everything is signed in advance, though you
probably wouldn't be able to publish to the App Store. But specifically for an
app like this, you'd need an emulation layer:
[https://news.ycombinator.com/item?id=18425906](https://news.ycombinator.com/item?id=18425906)

------
skrowl
Or... you know... you could just get a Chromebook that has Android apps and
Linux apps (via Crostini) in a supported fashion.

------
akerro
Does that mean I can install Steam and Proton and play (WindowS)-Linux games
on iOS?

~~~
saagarjha
I doubt it. Alpine Linux would need to support Steam (which I don't think it
does?) and then this project would need to implement all the syscalls to make
this work, which hasn't quite been done yet. Plus it will be really slow.

~~~
saurik
This project happens to ship a userland from Alpine Linux, but it is not at
all clear to me why it would be limited to run software from Alpine Linux.

~~~
saagarjha
By "Alpine Linux", I meant "the stuff that Alpine Linux usually ships with",
which I doubt is rich enough to support everything that Steam needs, plus
you're not going to get a nice package to install as you might on another
distribution:
[https://developer.valvesoftware.com/wiki/Steam_under_Linux](https://developer.valvesoftware.com/wiki/Steam_under_Linux).
So I'm pretty sure the answer to the original question is still "no, not yet",
though I don't think it is "no, not ever".

~~~
saurik
You still don't seem to get it: this project happens to ship with an Alpine
Linux userland, but you can just build it with Ubuntu Core instead, it will
just be insanely large. Alternatively, you can just download Ubuntu Core and
either replace the Alpine parts or put it in a chroot. Steam isn't going to
run because it doesn't have a graphics layer, but it isn't because this is
somehow--and I mean right now as it is installed on your phone without even
having to reinstall it--in any way tied to Alpine Linux.

~~~
saagarjha
I do realize that this is using Alpine because it's small and easy to package,
and that it's not in any way tied to Alpine. I wouldn't be surprised if you
could do this on device right now by nuking the folder (which is helpfully
exposed through Files) and unpacking a Debian filesystem into there. And I
doubt any games will run at all, even if you do this, because emacs doesn't
work currently due to missing system calls. My response was basically saying
that along with "Alpine Linux likely doesn't support Steam, so if you download
the app you won't be able to install it easily."

------
akshayaurora
This is really cool, can anyone detail how the syscall translation works?

~~~
saagarjha
When a syscall occurs, handle_interrupt is called to translate the call into a
system one:
[https://github.com/tbodt/ish/blob/master/kernel/calls.c#L135](https://github.com/tbodt/ish/blob/master/kernel/calls.c#L135)

------
tambourine_man
It would be interesting to run it nativity as well, ARM compiled.

------
vermaden
Someone just ported FreeBSD Linux Binary Compatibility layer to iOS? :)

[https://www.freebsd.org/doc/handbook/linuxemu.html](https://www.freebsd.org/doc/handbook/linuxemu.html)

------
wenning
i think a ssh client is enough.

~~~
saagarjha
SSH only works when you have a network connection.

~~~
anticensor
You have something called loopback.

~~~
saagarjha
…which requires your device to listen to SSH connections, right? This isn't
something your iPad is doing.

~~~
anticensor
You would jailbreak your iThing and install ssh server.

~~~
saagarjha
If you're jailbroken, you can just spawn a shell. No need to do a SSH loopback
dance.

------
dana321
I can see apple buying this!

------
tluyben2
Thanks to saagarjha for the effort and making the case to Apple that this
should be fine. If it is allowed, it opens up a lot more possibilities.

~~~
saagarjha
> Thanks to saagarjha for the effort and making the case to Apple that this
> should be fine.

I haven't made any case to Apple…this is not my software.

~~~
tluyben2
Oh sorry, I assumed it was :) Well, nice feedback then anyway here on HN!

------
sureaboutthis
It seems like no one wants to run Linux or its applications lately and they
seem happier when Microsoft develops Windows applications and operating system
things to handle Linux things. Now Linux apps run on iOS and it's starting to
sound like Linux people are happy to see their stuff built by others and
running on everything but Linux.

Now, in this day of so much fake news, I wouldn't be surprised that all the
happy comments I read are by Microsoft and, now, iOS shills but it's an
observation I've made.

~~~
metildaa
I think much of this is Microsoft and Apple attempting to retain marketshare.
Niether has well maintained, vast software archives like Debian, or instant
rollback after a package install or update like SUSE (thanks to btrfs and
zypper).

Meanwhile the non-phone computer market is shrinking each year, and what
remains is mostly a market for devices that are good at running browsers.

~~~
sureaboutthis
I am positive Microsoft does it for that reason but this isn't a project by
Apple.

------
AnonymousRider
This is an awesome feat you have accomplished and just when I had given up on
anything new & cool coming out of the crAPP Store. Thanks for your work.

