From ff1e54040bfaa674135c232f3ffb0162feab2837 Mon Sep 17 00:00:00 2001
From: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>
Date: Fri, 9 Jul 2021 12:13:36 +0200
Subject: [PATCH] doc: add ADR for using Go

I always wanted to implement the OTA stack in Go. Here are the decisions
behind this thought process.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>
---
 ...-go-as-the-main-implementation-language.md | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 doc/adr/0002-use-go-as-the-main-implementation-language.md

diff --git a/doc/adr/0002-use-go-as-the-main-implementation-language.md b/doc/adr/0002-use-go-as-the-main-implementation-language.md
new file mode 100644
index 0000000..2272299
--- /dev/null
+++ b/doc/adr/0002-use-go-as-the-main-implementation-language.md
@@ -0,0 +1,45 @@
+<!--
+SPDX-License-Identifier: CC-BY-4.0
+SPDX-FileCopyrightText: Huawei Inc.
+-->
+
+# 2. Use Go as the main implementation language
+
+Date: 2021-07-09
+
+## Status
+
+Accepted
+
+## Context
+
+OTA system is a system which pulls binaries from the internet and puts them on
+the block device, hoping for the best. It is absolutely critical to implement a
+system like that with security in mind, both in the overall architecture, in
+the set of dependencies and in the line-by-line implementation. Using a
+high-level language with a modern and rich testing ecosystem and memory safety
+is a big step towards avoiding security problems.
+
+## Decision
+
+Use Go as the primary development language for the OTA service, client and any
+related tools. We will call to C programs where they have a good security track
+record or when it is not practical to use an off-the-shelf Go implementation.
+
+Certain libraries may be important enough to link via the Cgo mechanism, where
+the system linker instead of the Go linker is used, but any C code can be used
+and linked in directly. Using Cgo is discouraged until it cannot be entirely
+avoided, as it dilutes the security model. 
+
+## Consequences
+
+We have access to a memory-safe, concurrent and productive language. Go's
+standard library has high-quality HTTP client and server implementations,
+making writing correct network code easier. 
+
+On the other hand the static linking model results in a binary that mostly just
+works but in consequence is rather large, so we must be mindful of the size of
+the OTA software as a fraction of the overall system image.
+
+Using Go may also prevent us from trivially linking a specific host library,
+like SSL stack or similar, resulting in possible inconsistencies.
-- 
GitLab