Pierre Alain
173832e053
comply with SELinux enforcement AppVM
2023-11-04 16:25:46 +01:00
Pierre Alain
700e03de85
Merge pull request #181 from 51lieal/51lieal_patch1
...
Using too little RAM causes Mirage to stop working.
2023-09-11 15:24:06 +02:00
Dimas Alexander
708040c3b4
Increase RAM on default install
2023-09-11 18:55:32 +07:00
Dimas Alexander
95c870b14e
Using too little RAM causes Mirage to stop working.
2023-09-10 19:10:07 +07:00
Pierre Alain
27bf8c0cae
Merge pull request #180 from 100111001/main
...
Improved readme and saltstack script by adding more detailed installation instructions and removing hard coded templates
2023-09-05 12:29:13 +02:00
100111001
354c251701
Changed hard coded templates to default templates from qubes
...
Also replaced wget by curl to make it compatible additionally for the default template of debian. (wget is not installed by default)
2023-08-23 14:56:47 +02:00
100111001
4dda3f513c
Added description how to run salt states
2023-08-23 14:48:29 +02:00
Pierre Alain
50306112ff
Merge pull request #179 from 100111001/100111001-Readme-Adjustments
...
100111001 - SaltScriptToDownloadAndInstallMirageFirewallInQubes.sls
2023-08-18 12:59:08 +02:00
100111001
6df70c1b35
Update README.md - using correct formating
2023-08-18 00:46:39 +02:00
100111001
3006c14453
Create SaltScriptToDownloadAndInstallMirageFirewallInQubes.sls
2023-08-18 00:38:33 +02:00
100111001
c87f2305ab
Update README.md for using SaltScriptToDownloadAndInstallMirageFirewallInQubes.sls
2023-08-18 00:27:06 +02:00
Pierre Alain
a321287f2f
Merge pull request #175 from palainp/update-shasum
...
update build script
2023-07-05 18:04:20 +02:00
Hannes Mehnert
e4f4c3e958
changes for 0.8.5
2023-07-05 17:34:20 +02:00
Hannes Mehnert
8e87f2e9e0
update sha
2023-07-05 17:14:14 +02:00
Hannes Mehnert
a34aab52e9
Apply suggestions from code review
2023-07-05 17:06:00 +02:00
Hannes Mehnert
81a87fd526
Merge branch 'main' into update-shasum
2023-07-05 16:59:38 +02:00
Hannes Mehnert
a33bb5ee7d
Merge pull request #176 from palainp/no-memreport
...
remove memreport to Xen to avoid Qubes trying to get back some memory…
2023-07-05 16:57:30 +02:00
palainp
b288481d2f
remove memreport to Xen to avoid Qubes trying to get back some memory from us
2023-05-26 10:27:29 +02:00
palainp
d3e8e691fd
do not check valid-until in debian release file: this permits to keep a debian packages list more than one week
2023-05-16 11:18:34 +02:00
palainp
ffc8e95bc3
create a shasum file matching the tarball release
2023-04-25 10:16:57 +02:00
palainp
cbf6c8c941
update build script
2023-04-18 14:51:13 +02:00
Hannes Mehnert
609f5295c7
changes for 0.8.4
2022-12-07 20:44:00 +01:00
Hannes Mehnert
09740b7e12
Merge pull request #167 from hannesm/update
...
Update of opam-repository commit to retrieve solo5 0.7.5
2022-12-07 20:40:52 +01:00
Hannes Mehnert
916813b6ea
update hash of build product
2022-12-07 20:00:55 +01:00
Hannes Mehnert
0c3959af04
update opam repository commit to get solo5 0.7.5
2022-12-07 19:15:44 +01:00
Hannes Mehnert
54dfd05ab5
Merge pull request #164 from hannesm/action
...
Reproducible build systems: use in GitHub action the build-with-docker.sh
2022-11-17 12:39:37 +01:00
Hannes Mehnert
9239aa5277
github action: check checksum before uploading
2022-11-13 16:15:15 +01:00
Hannes Mehnert
ba6629f4ca
Reproducible build systems: use in GitHub action the build-with-docker.sh
...
Also upload the artifact to GitHub action, and in addition use the same setup
(ubuntu 20.04 image) and build directories as done on builds.robur.coop.
Also use `strip` on the resulting binary to reduce it's size (since the debug
section aren't mapped into the running unikernel, there's nothing we get from
them -- also they are preserved (as .debug file) and uploaded to
https://builds.robur.coop if one needs them).
This entails binary reproducibility between the different systems:
- a developer using ./build-with-docker.sh
- GitHub action (run on every PR)
- builds.robur.coop with the ubuntu-20.04 worker
2022-11-13 15:20:59 +01:00
Hannes Mehnert
ee45c7ba3d
Merge pull request #163 from hannesm/next
...
Next release: 0.8.3
2022-11-11 16:43:26 +01:00
Hannes Mehnert
b414230735
Dockerfile: install ocaml-solo5 earlier to help caching more
2022-11-11 16:10:28 +01:00
Hannes Mehnert
2023cc4655
changes for 0.8.3, and checksum updates
2022-11-11 15:50:50 +01:00
Hannes Mehnert
20ce084a49
set netchannel + mirage-nat lower bounds
2022-11-11 15:44:58 +01:00
Hannes Mehnert
e8e03fe6a6
My_nat.free_udp_port: avoid looping forever, use last_resort_port earlier
2022-11-11 15:44:58 +01:00
Hannes Mehnert
d094b20950
use a fresh client for requesting vif and ip
...
in the callback to "Xs_client.wait", all operations are tracked and new watches
are installed (that are never removed, due to xenstore's xs_handle
"accessed_path" never removes any elements of the "accessed_paths" (a mutable
StringSet). So, whatever is done in the callback of wait needs to take care
(if returning EAGAIN and thus forcing xenstore to continue waiting/watching)
that accesses are tracked.
Our way out is to create a fresh client and read the IP address with that new
client -> the watcher isn't extended -> no dangling (leaking) watches, and no
leaking only-expanding StringSet.
2022-11-11 15:44:58 +01:00
Hannes Mehnert
0e0917f4fe
DNS: start task reading Lwt_mvar and distributing DNS replies to clients
...
Before, a DNS request was sent and the first thing appearing in the Lwt_mvar
was taken as reply. The issue with this was two-fold:
- it could be a reply for a different request
- there could be DNS replies being sent to the uplink stack leading to
Lwt_mvar.put being called, which blocks if there is already a value in the
mvar.
No, the separate task is a loop reading the mvar, using a Lwt_condition to
signal the receive of that ID (potentially discarding if there's no client
waiting). The DNS query registers itself (using the ID) in the map with a
Lwt_condition, and waits to be notified (or a timeout occurs).
2022-11-11 15:44:58 +01:00
Hannes Mehnert
ddfb17c0b2
remove unused integer module, intset, intmap
2022-11-11 15:44:58 +01:00
Hannes Mehnert
33c7c24dfd
code cleanups (removed profile release from dune-workspace to find some warnings)
2022-11-11 15:44:58 +01:00
Hannes Mehnert
ecc5cbc409
fix github action
2022-11-11 15:36:42 +01:00
Hannes Mehnert
af60225671
github action: something sets OPAMCLI to 2.0, so no --confirm-level=yes available
2022-11-11 13:58:46 +01:00
Hannes Mehnert
7370ba85f6
github action should be in .github/workflows
2022-11-11 13:46:29 +01:00
Hannes Mehnert
bed0aa5cc4
add github action to compile the firewall
2022-11-11 13:40:04 +01:00
Hannes Mehnert
b09acdeec2
Merge pull request #154 from hannesm/dns-6.4.0
...
update to dns 6.4.0
2022-10-27 15:05:39 +02:00
Hannes Mehnert
2afa24536d
update to dns 6.4.0
2022-10-27 11:48:52 +02:00
Hannes Mehnert
07da67c8cf
changes for 0.8.2
2022-10-12 09:09:03 +02:00
Hannes Mehnert
065c8bb69a
Merge pull request #152 from hannesm/next-release
...
Next release
2022-10-12 09:05:55 +02:00
Hannes Mehnert
b958c10690
build-with-docker: update sha
2022-10-11 13:55:36 +02:00
Hannes Mehnert
c66d6a8727
raise lower bound of mirage-nat to 3.0.0, bump opam-repo commit
2022-10-11 13:34:55 +02:00
Hannes Mehnert
93b92c041b
Adapt to mirage-nat changes:
...
allow pick_free_port to fail
reserve a special udp port for dns (as last resort)
2022-10-11 13:31:30 +02:00
Hannes Mehnert
f2d3faf1da
revise port management
...
this needs mirage-nat at hannesm#fixes
2022-10-11 13:31:18 +02:00
Hannes Mehnert
8187096bfa
updates to recent mirage-nat changes
2022-10-11 13:30:45 +02:00