Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-04-11 18:29:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
420 Commits 1 Branch 21 Tags
main
Commit Graph

61 Commits

Author SHA1 Message Date
Pierre Alain
5d515c360d update opam version, opam-repository and overlays hash 2025-03-12 11:56:33 +01:00
Pierre Alain
de9a6ccc86 WIP: update the salt script + releases files 2024-10-17 07:58:10 +02:00
Pierre Alain
74e39a6aa7
Merge pull request from hannesm/use-mirage-481-solo5-09 
update opam repository commit to use solo5 0.9 and mirage 4.8.1
 2024-10-16 14:23:02 +02:00
Hannes Mehnert
3bb13f4c21 update opam repository commit to use solo5 0.9 and mirage 4.8.1 2024-10-15 21:48:14 +02:00
Hannes Mehnert
e2a0b33352 use a newer opam, 2.2.1, instead of 2.1.5 2024-10-15 21:44:31 +02:00
Hannes Mehnert
2acdd320ab update to mirage 4.8 2024-10-14 12:43:29 +02:00
Hannes Mehnert
6b0c18fd4e update opam repository in Dockerfile 
the reason behind this is that in the earlier commit, some urls point to
unavailable urls.
 2024-08-09 13:37:06 +02:00
Hannes Mehnert
8d67e9d47a use OCaml 4.14.2 -- the latest LTS release 2024-05-10 15:00:09 +02:00
Hannes Mehnert
a37584a720 update opam-repository commit 2024-05-10 14:59:51 +02:00
Pierre Alain
a7a7ea4c38 update the compilation toolchain, including upgrade to mirage 4.5.0 2024-04-23 18:11:08 +02:00
Pierre Alain
b9c8674b52 check opam hashsum in Dockerfile 2023-11-09 14:55:26 +01:00
Pierre Alain
2e86ea2ad3 pin to specific overlays hashes 2023-11-08 10:20:59 +01:00
Pierre Alain
95f165a059 change snapshots for debian ones 2023-11-08 08:05:32 +01:00
Hannes Mehnert
a34aab52e9
Apply suggestions from code review 2023-07-05 17:06:00 +02:00
palainp
d3e8e691fd do not check valid-until in debian release file: this permits to keep a debian packages list more than one week 2023-05-16 11:18:34 +02:00
palainp
cbf6c8c941 update build script 2023-04-18 14:51:13 +02:00
Hannes Mehnert
0c3959af04 update opam repository commit to get solo5 0.7.5 2022-12-07 19:15:44 +01:00
Hannes Mehnert
ba6629f4ca Reproducible build systems: use in GitHub action the build-with-docker.sh 
Also upload the artifact to GitHub action, and in addition use the same setup
(ubuntu 20.04 image) and build directories as done on builds.robur.coop.

Also use `strip` on the resulting binary to reduce it's size (since the debug
section aren't mapped into the running unikernel, there's nothing we get from
them -- also they are preserved (as .debug file) and uploaded to
https://builds.robur.coop if one needs them).

This entails binary reproducibility between the different systems:
- a developer using ./build-with-docker.sh
- GitHub action (run on every PR)
- builds.robur.coop with the ubuntu-20.04 worker
 2022-11-13 15:20:59 +01:00
Hannes Mehnert
b414230735 Dockerfile: install ocaml-solo5 earlier to help caching more 2022-11-11 16:10:28 +01:00
Hannes Mehnert
2023cc4655 changes for 0.8.3, and checksum updates 2022-11-11 15:50:50 +01:00
Hannes Mehnert
2afa24536d update to dns 6.4.0 2022-10-27 11:48:52 +02:00
Hannes Mehnert
c66d6a8727 raise lower bound of mirage-nat to 3.0.0, bump opam-repo commit 2022-10-11 13:34:55 +02:00
Hannes Mehnert
29ddbea03d update opam repository to mirage-qubes 0.9.3 release 2022-09-14 09:42:35 +02:00
palainp
df4f7bf811 update to mirage 4.2.1 2022-08-29 11:31:44 +02:00
palainp
ba1b04432d must make depend before building solo5 with make tar 2022-08-11 13:17:44 +02:00
palainp
e73c160cd4 update docker build for mirage 4.2 2022-08-09 14:16:16 +02:00
Hannes Mehnert
ed0f7667e4 update to ethernet 3.0 API 2022-01-09 12:55:35 +01:00
Hannes Mehnert
748f803ca0 update to dns 6.1.0 2021-11-11 10:18:38 +01:00
Hannes Mehnert
ba8dbc3f57 Dockerfile: update opam-repository to current master 
config.ml: require more recent dns and ipaddr packages
 2021-11-05 19:41:52 +01:00
Thomas Leonard
a368b12648 Update to mirage-qubes 0.9.1 for qrexec3 compatibility 
Also, switch to building with OCaml 4.11.
 2020-12-03 16:20:53 +00:00
Thomas Leonard
be7461a20a Switch Docker base image from Alpine to Fedora 
There seems to be a problem with Xen events getting lost on Alpine.
 2020-10-26 15:38:41 +00:00
Thomas Leonard
3dbb9ecb27 BROKEN: Upgrade to Mirage 6 for solo5 PVH support 
For me, this mostly hangs at:
```
2020-10-26 11:16:31 -00:00: INF [qubes.rexec] waiting for client...
2020-10-26 11:16:31 -00:00: INF [qubes.gui] waiting for client...
2020-10-26 11:16:31 -00:00: INF [qubes.db] connecting to server...
```

Sometimes it gets a bit further:
```
2020-10-26 11:14:19 -00:00: INF [qubes.rexec] waiting for client...
2020-10-26 11:14:19 -00:00: INF [qubes.gui] waiting for client...
2020-10-26 11:14:19 -00:00: INF [qubes.db] connecting to server...
2020-10-26 11:14:19 -00:00: INF [qubes.db] connected
2020-10-26 11:14:19 -00:00: INF [qubes.rexec] client connected, using protocol version 2
2020-10-26 11:14:19 -00:00: INF [qubes.gui] client connected (screen size: 3840x2160 depth: 24 mem: 32401x)
2020-10-26 11:14:19 -00:00: INF [unikernel] GUI agent connected
```
 2020-10-26 15:38:41 +00:00
Hannes Mehnert
de0eb9d970 adapt to mirage 3.8.0 changes (ipaddr5, tcpip5); bump opam-repository hash (to get netchannel+mirage-net-xen 0.13.1) 2020-07-03 16:39:06 +02:00
Hannes Mehnert
620bbb5b35 update opam repository commit hash for release 2020-06-19 08:24:18 +00:00
linse
53bf4f960c update to ocaml 4.10 and mirage 3.7.7 2020-05-19 14:35:22 +02:00
linse
87df5bdcc0 Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now. 
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
 2020-05-15 16:25:46 +02:00
Thomas Leonard
65324b4197 Update Dockerfile to get new mirage-nat version 2020-02-19 14:16:49 +00:00
Thomas Leonard
48b38fa992 Fix Lwt.4.5.0 in the Dockerfile for faster builds 
Otherwise, it installs Lwt 5 and then has to downgrade it in the next
step.
 2020-01-13 09:49:37 +00:00
Hannes Mehnert
730957d19b upgrade opam repository to current head and mirage to 3.7.4 2020-01-11 15:46:22 +01:00
Thomas Leonard
930d209cdb Fix build 
- A new ocaml-migrate-parsetree.1.4.0 was released, replacing the old
  1.4.0 with new code. This was rejected by the checksum test.
  Fixed by updating to the latest opam-repository.
  See: https://github.com/ocaml/opam-repository/pull/15294

- The latest opam-repository pulls in mirage 3.7, which doesn't work
  (`No available version of mirage-clock satisfies the constraints`), so
  pin the previous mirage 3.5.2 version instead.

- Mirage now generates `.merlin`, so remove it from Git.
 2019-11-17 14:33:56 +00:00
Thomas Leonard
49195ed5e1 Update Docker build for new mirage-xen 
Also, switched to the experimental new OCurrent images, as they are much
smaller:

- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now:  309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
 2019-08-25 19:01:22 +01:00
Thomas Leonard
8b411db751 Removed some hard-coded installs from Dockerfile 
There's no advantage to installing these manually, and with the current
version of mirage they had to be downgraded again in the next step.
 2019-07-28 16:49:16 +01:00
xaki23
16231e2e52 Adjust to ipaddr-4.0.0 renaming _bytes to _octets 2019-07-28 16:49:04 +01:00
Thomas Leonard
d36ecf96af Remove cmdliner pin as 1.0.4 is now released 
Reverts 06511e076f
 2019-06-15 12:57:37 +01:00
Thomas Leonard
0a4dd7413c Force backend MAC to fe:ff:ff:ff:ff:ff to fix HVM clients 
Xen appears to configure the same MAC address for both the frontend
and backend in XenStore. e.g.

    [tal@dom0 ~]$ xenstore-ls /local/domain/3/backend/vif/19/0
    frontend = "/local/domain/19/device/vif/0"
    mac = "00:16:3e:5e:6c:00"
    [...]

    [tal@dom0 ~]$ xenstore-ls /local/domain/19/device/vif/0
    mac = "00:16:3e:5e:6c:00"

This works if the client uses just a simple ethernet device, but fails
if it connects via a bridge. HVM domains have an associated stub domain
running qemu, which provides an emulated network device. The stub domain
uses a bridge to connect qemu's interface with eth0, and this didn't
work.

Force the use of the fixed version of mirage-net-xen, which no longer
uses XenStore to get the backend MAC, and provides a new function to get
the frontend one.
 2019-05-06 09:52:46 +01:00
Thomas Leonard
45eef49c95 Upgrade to latest mirage-nat to fix ICMP 
Now ping and traceroute should work.
 2019-04-16 18:21:07 +01:00
Thomas Leonard
06511e076f Add patch to cmdliner for reproducible build 
See https://github.com/dbuenzli/cmdliner/pull/106
 2019-04-08 10:35:42 +01:00
Thomas Leonard
cb7078633e Update dependencies 
Remove pin on mirage 3.4 - it should now be working with the latest
release.
 2019-04-03 12:32:13 +01:00
Thomas Leonard
7f99973a02 Update Docker build for Mirage 3.5 2019-03-24 13:21:39 +00:00
Thomas Leonard
2edb088650 Update to latest Debian and opam 
Reported by Honzoo.
 2019-02-01 09:36:08 +00:00