From e73c160cd40edfff7b8c35ced2f422cd2d91ef47 Mon Sep 17 00:00:00 2001 From: palainp Date: Tue, 9 Aug 2022 14:16:16 +0200 Subject: [PATCH] update docker build for mirage 4.2 --- Dockerfile | 16 +++++++++------- build-with-docker.sh | 4 ++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index c903ce6..2655efc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,20 @@ # Pin the base image to a specific hash for maximum reproducibility. # It will probably still work on newer images, though, unless an update # changes some compiler optimisations (unlikely). -#FROM ocurrent/opam:fedora-32-ocaml-4.11 -FROM ocurrent/opam@sha256:fce44a073ff874166b51c33a4e37782286d48dbba1b5aa43563a0dd35d15510f +FROM ocaml/opam@sha256:68b7ce1fd4c992d6f3bfc9b4b0a88ee572ced52427f0547b6e4eb6194415f585 +ENV PATH="${PATH}:/home/opam/.opam/4.14/bin" + +# Since mirage 4.2 we must use opam version 2.1 or later +RUN sudo cp /usr/bin/opam-2.1 /usr/bin/opam # Pin last known-good version for reproducible builds. # Remove this line (and the base image pin above) if you want to test with the # latest versions. -RUN cd ~/opam-repository && git fetch origin master && git reset --hard 479a47921a489d11833e03cf949bfb612bd65e41 && opam update +RUN cd /home/opam/opam-repository && git fetch origin master && git reset --hard f85e121f6dd1fd92d9a3d9c8ac9fa553495258bc && opam update -RUN opam depext -i -y mirage +RUN opam install -y mirage opam-monorepo RUN mkdir /home/opam/qubes-mirage-firewall ADD config.ml /home/opam/qubes-mirage-firewall/config.ml WORKDIR /home/opam/qubes-mirage-firewall -RUN opam config exec -- mirage configure -t xen && make depend -CMD opam config exec -- mirage configure -t xen && \ - opam config exec -- make tar +RUN opam exec -- mirage configure -t xen && make depend +CMD opam exec -- mirage configure -t xen && make tar diff --git a/build-with-docker.sh b/build-with-docker.sh index ebacfca..3be3e7b 100755 --- a/build-with-docker.sh +++ b/build-with-docker.sh @@ -4,6 +4,6 @@ echo Building Docker image with dependencies.. docker build -t qubes-mirage-firewall . echo Building Firewall... docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall -echo "SHA2 of build: $(sha256sum qubes_firewall.xen)" -echo "SHA2 last known: e2af3718b7f40ba533f378d1402a41008c3520fe84d991ab58d3230772cc824c" +echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)" +echo "SHA2 last known: c0a94169eb0642db26168688e735f616c675f9b9c02349cac485ec8925e28d10" echo "(hashes should match for released versions)"