From cb6d03d83d2d7b1e204c9a36ab7210c35c74a1ec Mon Sep 17 00:00:00 2001 From: xaki23 Date: Sun, 28 Jul 2019 13:07:09 +0200 Subject: [PATCH 1/5] Use OCaml 4.08.0 for qubes-builder builds (was 4.07.1) --- Makefile.builder | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.builder b/Makefile.builder index 098463d..146392e 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -1,2 +1,2 @@ MIRAGE_KERNEL_NAME = qubes_firewall.xen -OCAML_VERSION ?= 4.07.1 +OCAML_VERSION ?= 4.08.0 From 16231e2e524a53284490346961fc26b11059fe22 Mon Sep 17 00:00:00 2001 From: xaki23 Date: Sun, 28 Jul 2019 13:08:15 +0200 Subject: [PATCH 2/5] Adjust to ipaddr-4.0.0 renaming _bytes to _octets --- Dockerfile | 2 +- build-with-docker.sh | 2 +- client_eth.ml | 2 +- config.ml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 41ad029..7544cdb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ FROM ocaml/opam2@sha256:74fb6e30a95e1569db755b3c061970a8270dfc281c4e69bffe2cf990 # Pin last known-good version for reproducible builds. # Remove this line (and the base image pin above) if you want to test with the # latest versions. -RUN git fetch origin && git reset --hard d28fedaa8a077a429bd7bd79cbc19eb90e01c040 && opam update +RUN git fetch origin && git reset --hard 3389beb33b37da54c9f5a41f19291883dfb59bfb && opam update RUN sudo apt-get install -y m4 libxen-dev pkg-config RUN opam install -y vchan mirage-xen-ocaml mirage-xen-minios io-page mirage-xen mirage mirage-nat mirage-qubes diff --git a/build-with-docker.sh b/build-with-docker.sh index ad8d3b7..82a6fab 100755 --- a/build-with-docker.sh +++ b/build-with-docker.sh @@ -5,5 +5,5 @@ docker build -t qubes-mirage-firewall . echo Building Firewall... docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall echo "SHA2 of build: $(sha256sum qubes_firewall.xen)" -echo "SHA2 last known: 9f7d064a194be07301173389a4414266cd5d7ef935b16ed29a978a33cb92884c" +echo "SHA2 last known: 5707d97d78eb54cad9bade5322c197d8b3706335aa277ccad31fceac564f3319" echo "(hashes should match for released versions)" diff --git a/client_eth.ml b/client_eth.ml index 3aa3a8a..10c84d1 100644 --- a/client_eth.ml +++ b/client_eth.ml @@ -70,7 +70,7 @@ module ARP = struct let lookup t ip = if ip = t.net.client_gw then Some t.client_link#my_mac - else if (Ipaddr.V4.to_bytes ip).[3] = '\x01' then ( + else if (Ipaddr.V4.to_octets ip).[3] = '\x01' then ( Log.info (fun f -> f ~header:t.client_link#log_header "Request for %a is invalid, but pretending it's me (see Qubes issue #5022)" Ipaddr.V4.pp ip); Some t.client_link#my_mac diff --git a/config.ml b/config.ml index c27223a..ef85b1a 100644 --- a/config.ml +++ b/config.ml @@ -29,7 +29,7 @@ let main = package "shared-memory-ring" ~min:"3.0.0"; package "netchannel" ~min:"1.11.0"; package "mirage-net-xen"; - package "ipaddr" ~min:"3.0.0"; + package "ipaddr" ~min:"4.0.0"; package "mirage-qubes"; package "mirage-nat" ~min:"1.2.0"; package "mirage-logs"; From 8b411db75145131a11a42a1b662f6de7ae27184d Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Sun, 28 Jul 2019 16:49:16 +0100 Subject: [PATCH 3/5] Removed some hard-coded installs from Dockerfile There's no advantage to installing these manually, and with the current version of mirage they had to be downgraded again in the next step. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7544cdb..5929b79 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ FROM ocaml/opam2@sha256:74fb6e30a95e1569db755b3c061970a8270dfc281c4e69bffe2cf990 RUN git fetch origin && git reset --hard 3389beb33b37da54c9f5a41f19291883dfb59bfb && opam update RUN sudo apt-get install -y m4 libxen-dev pkg-config -RUN opam install -y vchan mirage-xen-ocaml mirage-xen-minios io-page mirage-xen mirage mirage-nat mirage-qubes +RUN opam install -y mirage lwt RUN mkdir /home/opam/qubes-mirage-firewall ADD config.ml /home/opam/qubes-mirage-firewall/config.ml WORKDIR /home/opam/qubes-mirage-firewall From ce29c09f0f543e2eed02fe55355fd17197027e40 Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Sun, 28 Jul 2019 17:01:23 +0100 Subject: [PATCH 4/5] Show final sha256 checksum in Travis output --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fb11f9a..77b3499 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,8 @@ script: - echo 'ADD . /home/opam/qubes-mirage-firewall' >> Dockerfile - echo 'RUN sudo chown -R opam /home/opam/qubes-mirage-firewall' >> Dockerfile - docker build -t qubes-mirage-firewall . - - docker run --rm -i qubes-mirage-firewall + - docker run --name build -i qubes-mirage-firewall + - docker cp build:/home/opam/qubes-mirage-firewall/qubes_firewall.xen . + - sha256sum qubes_firewall.xen sudo: required dist: trusty From cac3e53be120fe03cfafe3a221b797bb8fa47a2b Mon Sep 17 00:00:00 2001 From: xaki23 Date: Sun, 28 Jul 2019 13:33:43 +0200 Subject: [PATCH 5/5] README: create the symlink-redirected docker dir Otherwise, installing the docker package removes the dangling symlink. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9cd73d7..7722ff9 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ See the [Deploy](#deploy) section below for installation instructions. Create a new Fedora-29 AppVM (or reuse an existing one). Open a terminal. Clone this Git repository and run the `build-with-docker.sh` script: + mkdir /home/user/docker sudo ln -s /home/user/docker /var/lib/docker sudo dnf install docker sudo systemctl start docker