305 Commits

Author SHA1 Message Date
Pierre Alain
173832e053 comply with SELinux enforcement AppVM 2023-11-04 16:25:46 +01:00
Pierre Alain
700e03de85
Merge pull request #181 from 51lieal/51lieal_patch1
Using too little RAM causes Mirage to stop working.
2023-09-11 15:24:06 +02:00
Dimas Alexander
708040c3b4
Increase RAM on default install 2023-09-11 18:55:32 +07:00
Dimas Alexander
95c870b14e
Using too little RAM causes Mirage to stop working. 2023-09-10 19:10:07 +07:00
Pierre Alain
27bf8c0cae
Merge pull request #180 from 100111001/main
Improved readme and saltstack script by adding more detailed installation instructions and removing hard coded templates
2023-09-05 12:29:13 +02:00
100111001
354c251701
Changed hard coded templates to default templates from qubes
Also replaced wget by curl to make it compatible additionally for the default template of debian. (wget is not installed by default)
2023-08-23 14:56:47 +02:00
100111001
4dda3f513c
Added description how to run salt states 2023-08-23 14:48:29 +02:00
Pierre Alain
50306112ff
Merge pull request #179 from 100111001/100111001-Readme-Adjustments
100111001 - SaltScriptToDownloadAndInstallMirageFirewallInQubes.sls
2023-08-18 12:59:08 +02:00
100111001
6df70c1b35
Update README.md - using correct formating 2023-08-18 00:46:39 +02:00
100111001
3006c14453 Create SaltScriptToDownloadAndInstallMirageFirewallInQubes.sls 2023-08-18 00:38:33 +02:00
100111001
c87f2305ab
Update README.md for using SaltScriptToDownloadAndInstallMirageFirewallInQubes.sls 2023-08-18 00:27:06 +02:00
Pierre Alain
a321287f2f
Merge pull request #175 from palainp/update-shasum
update build script
v0.8.5
2023-07-05 18:04:20 +02:00
Hannes Mehnert
e4f4c3e958 changes for 0.8.5 2023-07-05 17:34:20 +02:00
Hannes Mehnert
8e87f2e9e0 update sha 2023-07-05 17:14:14 +02:00
Hannes Mehnert
a34aab52e9
Apply suggestions from code review 2023-07-05 17:06:00 +02:00
Hannes Mehnert
81a87fd526
Merge branch 'main' into update-shasum 2023-07-05 16:59:38 +02:00
Hannes Mehnert
a33bb5ee7d
Merge pull request #176 from palainp/no-memreport
remove memreport to Xen to avoid Qubes trying to get back some memory…
2023-07-05 16:57:30 +02:00
palainp
b288481d2f remove memreport to Xen to avoid Qubes trying to get back some memory from us 2023-05-26 10:27:29 +02:00
palainp
d3e8e691fd do not check valid-until in debian release file: this permits to keep a debian packages list more than one week 2023-05-16 11:18:34 +02:00
palainp
ffc8e95bc3 create a shasum file matching the tarball release 2023-04-25 10:16:57 +02:00
palainp
cbf6c8c941 update build script 2023-04-18 14:51:13 +02:00
Hannes Mehnert
609f5295c7 changes for 0.8.4 v0.8.4 2022-12-07 20:44:00 +01:00
Hannes Mehnert
09740b7e12
Merge pull request #167 from hannesm/update
Update of opam-repository commit to retrieve solo5 0.7.5
2022-12-07 20:40:52 +01:00
Hannes Mehnert
916813b6ea update hash of build product 2022-12-07 20:00:55 +01:00
Hannes Mehnert
0c3959af04 update opam repository commit to get solo5 0.7.5 2022-12-07 19:15:44 +01:00
Hannes Mehnert
54dfd05ab5
Merge pull request #164 from hannesm/action
Reproducible build systems: use in GitHub action the build-with-docker.sh
2022-11-17 12:39:37 +01:00
Hannes Mehnert
9239aa5277 github action: check checksum before uploading 2022-11-13 16:15:15 +01:00
Hannes Mehnert
ba6629f4ca Reproducible build systems: use in GitHub action the build-with-docker.sh
Also upload the artifact to GitHub action, and in addition use the same setup
(ubuntu 20.04 image) and build directories as done on builds.robur.coop.

Also use `strip` on the resulting binary to reduce it's size (since the debug
section aren't mapped into the running unikernel, there's nothing we get from
them -- also they are preserved (as .debug file) and uploaded to
https://builds.robur.coop if one needs them).

This entails binary reproducibility between the different systems:
- a developer using ./build-with-docker.sh
- GitHub action (run on every PR)
- builds.robur.coop with the ubuntu-20.04 worker
2022-11-13 15:20:59 +01:00
Hannes Mehnert
ee45c7ba3d
Merge pull request #163 from hannesm/next
Next release: 0.8.3
v0.8.3
2022-11-11 16:43:26 +01:00
Hannes Mehnert
b414230735 Dockerfile: install ocaml-solo5 earlier to help caching more 2022-11-11 16:10:28 +01:00
Hannes Mehnert
2023cc4655 changes for 0.8.3, and checksum updates 2022-11-11 15:50:50 +01:00
Hannes Mehnert
20ce084a49 set netchannel + mirage-nat lower bounds 2022-11-11 15:44:58 +01:00
Hannes Mehnert
e8e03fe6a6 My_nat.free_udp_port: avoid looping forever, use last_resort_port earlier 2022-11-11 15:44:58 +01:00
Hannes Mehnert
d094b20950 use a fresh client for requesting vif and ip
in the callback to "Xs_client.wait", all operations are tracked and new watches
are installed (that are never removed, due to xenstore's xs_handle
"accessed_path" never removes any elements of the "accessed_paths" (a mutable
StringSet). So, whatever is done in the callback of wait needs to take care
(if returning EAGAIN and thus forcing xenstore to continue waiting/watching)
that accesses are tracked.

Our way out is to create a fresh client and read the IP address with that new
client -> the watcher isn't extended -> no dangling (leaking) watches, and no
leaking only-expanding StringSet.
2022-11-11 15:44:58 +01:00
Hannes Mehnert
0e0917f4fe DNS: start task reading Lwt_mvar and distributing DNS replies to clients
Before, a DNS request was sent and the first thing appearing in the Lwt_mvar
was taken as reply. The issue with this was two-fold:
- it could be a reply for a different request
- there could be DNS replies being sent to the uplink stack leading to
  Lwt_mvar.put being called, which blocks if there is already a value in the
  mvar.

No, the separate task is a loop reading the mvar, using a Lwt_condition to
signal the receive of that ID (potentially discarding if there's no client
waiting). The DNS query registers itself (using the ID) in the map with a
Lwt_condition, and waits to be notified (or a timeout occurs).
2022-11-11 15:44:58 +01:00
Hannes Mehnert
ddfb17c0b2 remove unused integer module, intset, intmap 2022-11-11 15:44:58 +01:00
Hannes Mehnert
33c7c24dfd code cleanups (removed profile release from dune-workspace to find some warnings) 2022-11-11 15:44:58 +01:00
Hannes Mehnert
ecc5cbc409 fix github action 2022-11-11 15:36:42 +01:00
Hannes Mehnert
af60225671 github action: something sets OPAMCLI to 2.0, so no --confirm-level=yes available 2022-11-11 13:58:46 +01:00
Hannes Mehnert
7370ba85f6 github action should be in .github/workflows 2022-11-11 13:46:29 +01:00
Hannes Mehnert
bed0aa5cc4 add github action to compile the firewall 2022-11-11 13:40:04 +01:00
Hannes Mehnert
b09acdeec2
Merge pull request #154 from hannesm/dns-6.4.0
update to dns 6.4.0
2022-10-27 15:05:39 +02:00
Hannes Mehnert
2afa24536d update to dns 6.4.0 2022-10-27 11:48:52 +02:00
Hannes Mehnert
07da67c8cf changes for 0.8.2 v0.8.2 2022-10-12 09:09:03 +02:00
Hannes Mehnert
065c8bb69a
Merge pull request #152 from hannesm/next-release
Next release
2022-10-12 09:05:55 +02:00
Hannes Mehnert
b958c10690 build-with-docker: update sha 2022-10-11 13:55:36 +02:00
Hannes Mehnert
c66d6a8727 raise lower bound of mirage-nat to 3.0.0, bump opam-repo commit 2022-10-11 13:34:55 +02:00
Hannes Mehnert
93b92c041b Adapt to mirage-nat changes:
allow pick_free_port to fail
reserve a special udp port for dns (as last resort)
2022-10-11 13:31:30 +02:00
Hannes Mehnert
f2d3faf1da revise port management
this needs mirage-nat at hannesm#fixes
2022-10-11 13:31:18 +02:00
Hannes Mehnert
8187096bfa updates to recent mirage-nat changes 2022-10-11 13:30:45 +02:00