Merge pull request #216 from palainp/ocaml-53

Update ecosystem to Ocaml 53
2025-10-28 13:11:09 -04:00 · 2025-10-05 11:54:41 +02:00 · 2025-10-05 11:54:41 +02:00 · c1dd62b20a
commit c1dd62b20a
parent 6fa82a92b0 f01661e3a6
4 changed files with 12 additions and 13 deletions
--- a/16
+++ b/16
@ -2,20 +2,20 @@
 # It will probably still work on newer images, though, unless an update
 # changes some compiler optimisations (unlikely).
 # bookworm-slim taken from https://hub.docker.com/_/debian/tags?page=1&name=bookworm-slim
-FROM debian@sha256:3d5df92588469a4c503adbead0e4129ef3f88e223954011c2169073897547cac
+FROM debian@sha256:7e490910eea2861b9664577a96b54ce68ea3e02ce7f51d89cb0103a6f9c386e0
 # install remove default packages repository
 RUN rm /etc/apt/sources.list.d/debian.sources
 # and set the package source to a specific release too
 # taken from https://snapshot.debian.org/archive/debian
-RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20240419T024211Z bookworm main\n" > /etc/apt/sources.list
+RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20251001T023456Z bookworm main\n" > /etc/apt/sources.list
 # taken from https://snapshot.debian.org/archive/debian-security/
-RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20240419T111010Z bookworm-security main\n" >> /etc/apt/sources.list
+RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20251001T130422Z bookworm-security main\n" >> /etc/apt/sources.list

 RUN apt update && apt install --no-install-recommends --no-install-suggests -y wget ca-certificates git patch unzip bzip2 make gcc g++ libc-dev
-RUN wget -O /usr/bin/opam https://github.com/ocaml/opam/releases/download/2.3.0/opam-2.3.0-i686-linux && chmod 755 /usr/bin/opam
+RUN wget -O /usr/bin/opam https://github.com/ocaml/opam/releases/download/2.4.1/opam-2.4.1-i686-linux && chmod 755 /usr/bin/opam
 # taken from https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh
 RUN test `sha512sum /usr/bin/opam | cut -d' ' -f1` = \
-"4c0e8771889a36bad4d5f964e2e662d5b611e6f112777d3d4eea3eea919d109cd17826beba38e6cfa1ad9553a0a989d9268f911ea5485968da04b1e08efc7de2" || exit
+"60eb20be18ccb976973d1043703dc0d9988d562e7691576feb7b6ccf11e6c7bcb602fde6ef9d371c0b7c02aeb7210a769730728ccbdd53fa95c50c380b0e777e" || exit

 ENV OPAMROOT=/tmp
 ENV OPAMCONFIRMLEVEL=unsafe-yes
@ -23,13 +23,13 @@ ENV OPAMCONFIRMLEVEL=unsafe-yes
 # Remove this line (and the base image pin above) if you want to test with the
 # latest versions.
 # taken from https://github.com/ocaml/opam-repository
-RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repository.git#8f63148a9025a7b775a069a6c0b0385c22ad51d3
-RUN opam switch create myswitch 4.14.2
+RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repository.git#a20cf55ad5f40faa4817b7e80ec43b935dda1d5a
+RUN opam switch create myswitch 5.3.0
 RUN opam exec -- opam install -y mirage opam-monorepo ocaml-solo5
 RUN mkdir /tmp/orb-build
 ADD config.ml /tmp/orb-build/config.ml
 WORKDIR /tmp/orb-build
 CMD opam exec -- sh -exc 'mirage configure -t xen --extra-repos=\
-opam-overlays:https://github.com/dune-universe/opam-overlays.git#f2bec38beca4aea9e481f2fd3ee319c519124649,\
+opam-overlays:https://github.com/dune-universe/opam-overlays.git#3320932b74afc1d049ceeaf60dfe501d664bb143,\
 mirage-overlays:https://github.com/dune-universe/mirage-opam-overlays.git#797cb363df3ff763c43c8fbec5cd44de2878757e \
 && make depend && make unikernel'
--- a/README.md
+++ b/README.md
@ -5,7 +5,6 @@ It uses the [mirage-qubes][] library to implement the Qubes protocols.

 See [A Unikernel Firewall for QubesOS][] for more details.

-
 ## Binary releases

 Pre-built binaries are available from the [releases page][].
@ -14,10 +13,10 @@ See the [Deploy](#deploy) section below for installation instructions.
 ## Build from source

 Note: The most reliable way to build is using Docker or Podman.
-Fedora 38 works well for this, Debian 12 also works, but you'll need to follow the instructions at [docker.com][debian-docker] to get Docker
+Fedora 42 works well for this, Debian 12 also works, but you'll need to follow the instructions at [docker.com][debian-docker] to get Docker
 (don't use Debian's version).

-Create a new Fedora-38 AppVM (or reuse an existing one). In the Qube's Settings (Basic / Disk storage), increase the private storage max size from the default 2048 MiB to 8192 MiB. Open a terminal.
+Create a new Fedora-42 AppVM (or reuse an existing one). In the Qube's Settings (Basic / Disk storage), increase the private storage max size from the default 2048 MiB to 8192 MiB. Open a terminal.

 Clone this Git repository and run the `build-with.sh` script with either `docker` or `podman` as argument (Note: The `chcon` call is mandatory on Fedora with new SELinux policies which do not allow to standardly keep the docker images in homedir):

--- a/config.ml
+++ b/config.ml
@ -1,4 +1,4 @@
-(* mirage >= 4.9.0 & < 4.10.0 *)
+(* mirage >= 4.9.0 & < 4.11.0 *)
 (* Copyright (C) 2017, Thomas Leonard <thomas.leonard@unikernel.com>
   See the README file for details. *)

--- a/qubes-firewall.sha256
+++ b/qubes-firewall.sha256
@ -1 +1 @@
-14f2f9444579649198ffcf3509d793b7c9e159af48b6321f0fa2d5e9c363b3d1  dist/qubes-firewall.xen
+adb38a193ccfd7df940637fbec755a8abc66114b3721db1da6a011f938b47734  dist/qubes-firewall.xen