Git-Mirrors
/
qubes-mirage-firewall
mirror of https://github.com/mirage/qubes-mirage-firewall.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Docker build for new mirage-xen 

Also, switched to the experimental new OCurrent images, as they are much
smaller:

- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now:  309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
This commit is contained in:
Thomas Leonard 2019-08-25 18:41:09 +01:00
parent bc7706cc97
commit 49195ed5e1
4 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore
View File

@ -2,3 +2,6 @@
_build
*.xen
*.bz2
*.tar.bz2
*.tgz
mirage-firewall-bin*

9
Dockerfile
View File

@ -1,16 +1,15 @@
# Pin the base image to a specific hash for maximum reproducibility.
# It will probably still work on newer images, though, unless Debian
# changes some compiler optimisations (unlikely).
#FROM ocaml/opam2:debian-9-ocaml-4.07
FROM ocaml/opam2@sha256:74fb6e30a95e1569db755b3c061970a8270dfc281c4e69bffe2cf9905d356b38
#FROM ocurrent/opam:alpine-3.10-ocaml-4.08
FROM ocurrent/opam@sha256:4cf6f8a427e7f65a250cd5dbc9f5069e8f8213467376af5136bf67a21d39d6ec
# Pin last known-good version for reproducible builds.
# Remove this line (and the base image pin above) if you want to test with the
# latest versions.
RUN git fetch origin && git reset --hard 3389beb33b37da54c9f5a41f19291883dfb59bfb && opam update
RUN cd ~/opam-repository && git fetch origin master && git reset --hard a83bd077e4e54c41b0664a2e1618670d57b7c79d && opam update
RUN sudo apt-get install -y m4 libxen-dev pkg-config
RUN opam install -y mirage lwt
RUN opam depext -i -y mirage lwt
RUN mkdir /home/opam/qubes-mirage-firewall
ADD config.ml /home/opam/qubes-mirage-firewall/config.ml
WORKDIR /home/opam/qubes-mirage-firewall

2
build-with-docker.sh
View File

@ -5,5 +5,5 @@ docker build -t qubes-mirage-firewall .
echo Building Firewall...
docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall
echo "SHA2 of build: $(sha256sum qubes_firewall.xen)"
echo "SHA2 last known: 5707d97d78eb54cad9bade5322c197d8b3706335aa277ccad31fceac564f3319"
echo "SHA2 last known: 3cf9358df911c7bc5a28846087c5359e5b550e5d0c6cf342a6e1c90545518ac6"
echo "(hashes should match for released versions)"

1
config.ml
View File

@ -33,6 +33,7 @@ let main =
package "mirage-qubes";
package "mirage-nat" ~min:"1.2.0";
package "mirage-logs";
package "mirage-xen" ~min:"4.0.0";
]
"Unikernel.Main" (mclock @-> job)