Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-01-14 16:47:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add option to build with Docker

Browse Source
This commit is contained in:
Thomas Leonard 2017-01-09 16:45:16 +00:00 committed by Thomas Leonard
parent 312627e078
commit d6074f2271
4 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.dockerignore Normal file
View File

@ -0,0 +1,2 @@
.git
_build

10
Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM ocaml/opam:debian-8_ocaml-4.03.0
RUN sudo apt-get install -y m4 libxen-dev
RUN opam install -y vchan xen-gnt mirage-xen-ocaml mirage-xen-minios io-page mirage-xen mirage
RUN opam pin add -n -y mirage-nat 'https://github.com/talex5/mirage-nat.git#simplify-checksum'
RUN mkdir /home/opam/qubes-mirage-firewall
ADD config.ml /home/opam/qubes-mirage-firewall/config.ml
WORKDIR /home/opam/qubes-mirage-firewall
RUN opam config exec -- mirage configure --xen
CMD opam config exec -- mirage configure --xen --no-opam && \
opam config exec -- make tar

18
README.md
View File

@ -7,11 +7,25 @@ Note: This firewall *ignores the rules set in the Qubes GUI*. See `rules.ml` for
See [A Unikernel Firewall for QubesOS][] for more details. See [A Unikernel Firewall for QubesOS][] for more details.
## Build (with Docker)
Clone this Git repository and run the `build-with-docker.sh` script:
sudo yum install docker
sudo systemctl start docker
git clone https://github.com/talex5/qubes-mirage-firewall.git
cd qubes-mirage-firewall
./build-with-docker.sh
This took about 10 minutes on my laptop (it will be much quicker if you run it again).
## Build (without Docker)
To build (tested by creating a fresh Fedora 23 AppVM in Qubes): To build (tested by creating a fresh Fedora 23 AppVM in Qubes):
1. Install build tools: 1. Install build tools:
sudo yum install git gcc m4 0install patch ncurses-devel sudo yum install git gcc m4 0install patch ncurses-devel tar bzip2 unzip make which findutils xen-devel
mkdir ~/bin mkdir ~/bin
0install add opam http://tools.ocaml.org/opam.xml 0install add opam http://tools.ocaml.org/opam.xml
opam init --comp=4.02.3 opam init --comp=4.02.3
@ -29,6 +43,8 @@ To build (tested by creating a fresh Fedora 23 AppVM in Qubes):
mirage configure --xen mirage configure --xen
make make
## Deploy
If you want to deploy manually, use `make tar` to create `mirage-firewall.tar.bz2` and unpack this in dom0, inside `/var/lib/qubes/vm-kernels/`. e.g. (if `dev` is the AppVM where you built it): If you want to deploy manually, use `make tar` to create `mirage-firewall.tar.bz2` and unpack this in dom0, inside `/var/lib/qubes/vm-kernels/`. e.g. (if `dev` is the AppVM where you built it):
[tal@dom0 ~]$ cd /var/lib/qubes/vm-kernels/ [tal@dom0 ~]$ cd /var/lib/qubes/vm-kernels/

4
build-with-docker.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
set -eux
docker build -t qubes-mirage-firewall .
docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall