Commit Graph

280 Commits

Author SHA1 Message Date
Hannes Mehnert
54dfd05ab5
Merge pull request #164 from hannesm/action
Reproducible build systems: use in GitHub action the build-with-docker.sh
2022-11-17 12:39:37 +01:00
Hannes Mehnert
9239aa5277 github action: check checksum before uploading 2022-11-13 16:15:15 +01:00
Hannes Mehnert
ba6629f4ca Reproducible build systems: use in GitHub action the build-with-docker.sh
Also upload the artifact to GitHub action, and in addition use the same setup
(ubuntu 20.04 image) and build directories as done on builds.robur.coop.

Also use `strip` on the resulting binary to reduce it's size (since the debug
section aren't mapped into the running unikernel, there's nothing we get from
them -- also they are preserved (as .debug file) and uploaded to
https://builds.robur.coop if one needs them).

This entails binary reproducibility between the different systems:
- a developer using ./build-with-docker.sh
- GitHub action (run on every PR)
- builds.robur.coop with the ubuntu-20.04 worker
2022-11-13 15:20:59 +01:00
Hannes Mehnert
ee45c7ba3d
Merge pull request #163 from hannesm/next
Next release: 0.8.3
2022-11-11 16:43:26 +01:00
Hannes Mehnert
b414230735 Dockerfile: install ocaml-solo5 earlier to help caching more 2022-11-11 16:10:28 +01:00
Hannes Mehnert
2023cc4655 changes for 0.8.3, and checksum updates 2022-11-11 15:50:50 +01:00
Hannes Mehnert
20ce084a49 set netchannel + mirage-nat lower bounds 2022-11-11 15:44:58 +01:00
Hannes Mehnert
e8e03fe6a6 My_nat.free_udp_port: avoid looping forever, use last_resort_port earlier 2022-11-11 15:44:58 +01:00
Hannes Mehnert
d094b20950 use a fresh client for requesting vif and ip
in the callback to "Xs_client.wait", all operations are tracked and new watches
are installed (that are never removed, due to xenstore's xs_handle
"accessed_path" never removes any elements of the "accessed_paths" (a mutable
StringSet). So, whatever is done in the callback of wait needs to take care
(if returning EAGAIN and thus forcing xenstore to continue waiting/watching)
that accesses are tracked.

Our way out is to create a fresh client and read the IP address with that new
client -> the watcher isn't extended -> no dangling (leaking) watches, and no
leaking only-expanding StringSet.
2022-11-11 15:44:58 +01:00
Hannes Mehnert
0e0917f4fe DNS: start task reading Lwt_mvar and distributing DNS replies to clients
Before, a DNS request was sent and the first thing appearing in the Lwt_mvar
was taken as reply. The issue with this was two-fold:
- it could be a reply for a different request
- there could be DNS replies being sent to the uplink stack leading to
  Lwt_mvar.put being called, which blocks if there is already a value in the
  mvar.

No, the separate task is a loop reading the mvar, using a Lwt_condition to
signal the receive of that ID (potentially discarding if there's no client
waiting). The DNS query registers itself (using the ID) in the map with a
Lwt_condition, and waits to be notified (or a timeout occurs).
2022-11-11 15:44:58 +01:00
Hannes Mehnert
ddfb17c0b2 remove unused integer module, intset, intmap 2022-11-11 15:44:58 +01:00
Hannes Mehnert
33c7c24dfd code cleanups (removed profile release from dune-workspace to find some warnings) 2022-11-11 15:44:58 +01:00
Hannes Mehnert
ecc5cbc409 fix github action 2022-11-11 15:36:42 +01:00
Hannes Mehnert
af60225671 github action: something sets OPAMCLI to 2.0, so no --confirm-level=yes available 2022-11-11 13:58:46 +01:00
Hannes Mehnert
7370ba85f6 github action should be in .github/workflows 2022-11-11 13:46:29 +01:00
Hannes Mehnert
bed0aa5cc4 add github action to compile the firewall 2022-11-11 13:40:04 +01:00
Hannes Mehnert
b09acdeec2
Merge pull request #154 from hannesm/dns-6.4.0
update to dns 6.4.0
2022-10-27 15:05:39 +02:00
Hannes Mehnert
2afa24536d update to dns 6.4.0 2022-10-27 11:48:52 +02:00
Hannes Mehnert
07da67c8cf changes for 0.8.2 2022-10-12 09:09:03 +02:00
Hannes Mehnert
065c8bb69a
Merge pull request #152 from hannesm/next-release
Next release
2022-10-12 09:05:55 +02:00
Hannes Mehnert
b958c10690 build-with-docker: update sha 2022-10-11 13:55:36 +02:00
Hannes Mehnert
c66d6a8727 raise lower bound of mirage-nat to 3.0.0, bump opam-repo commit 2022-10-11 13:34:55 +02:00
Hannes Mehnert
93b92c041b Adapt to mirage-nat changes:
allow pick_free_port to fail
reserve a special udp port for dns (as last resort)
2022-10-11 13:31:30 +02:00
Hannes Mehnert
f2d3faf1da revise port management
this needs mirage-nat at hannesm#fixes
2022-10-11 13:31:18 +02:00
Hannes Mehnert
8187096bfa updates to recent mirage-nat changes 2022-10-11 13:30:45 +02:00
palainp
06b9a88331 remove unneeded logs: be silent if the GC is enough 2022-10-11 13:20:23 +02:00
palainp
eb4d0fc371 update documentation 2022-10-11 13:20:07 +02:00
palainp
abb508000e remove memory management code not needed anymore 2022-10-11 13:20:07 +02:00
Hannes Mehnert
721f552a3c CHANGES for 0.8.1 2022-09-14 11:10:23 +02:00
Hannes Mehnert
47562749b2
Merge pull request #149 from hannesm/next
Next release
2022-09-14 10:57:49 +02:00
Hannes Mehnert
6521b1474c update sha256 2022-09-14 10:18:11 +02:00
palainp
9b1b30aa2b trigger the GC earlier (at < 50% free space)
print memory usage every 10 minutes
2022-09-14 09:45:44 +02:00
Hannes Mehnert
c643f97700 in rules, instead of hardcoding IPv4 addresses of name servers, use those present in QubesDB 2022-09-14 09:43:51 +02:00
Hannes Mehnert
5fdcaae7e8 firewall rule: remove DNS rule (was only needed in Qubes 3) 2022-09-14 09:43:48 +02:00
palainp
050c4706e3 remove gui code, not needed anymore in Qubes 4.1 2022-09-14 09:43:20 +02:00
Hannes Mehnert
29ddbea03d update opam repository to mirage-qubes 0.9.3 release 2022-09-14 09:42:35 +02:00
Hannes Mehnert
2af63f1f45
Merge pull request #145 from hannesm/cleanup
remove no longer needed _tags file and travis
2022-09-07 16:59:45 +02:00
Hannes Mehnert
147fe18e74 travis is no longer online 2022-09-07 16:33:34 +02:00
Hannes Mehnert
699088bbde remove no longer needed _tags file 2022-09-07 16:29:57 +02:00
Hannes Mehnert
b0205f7dab changes for 0.8.0 2022-08-31 11:39:31 +02:00
Hannes Mehnert
61767ef0d5
Merge pull request #140 from palainp/mirage4
update to mirage 4.2.0 & mirage-xen 8.0.0
2022-08-30 16:29:10 +02:00
palainp
df4f7bf811 update to mirage 4.2.1 2022-08-29 11:31:44 +02:00
Hannes Mehnert
deac2f6c8a
Merge pull request #141 from palainp/drop-pv
Drop PV references from README.md
2022-08-19 16:49:46 +02:00
palainp
008b5b3b2f drop PV from README.md for recent versions of qubes-mirage-firewall 2022-08-13 16:59:09 +02:00
palainp
ba1b04432d must make depend before building solo5 with make tar 2022-08-11 13:17:44 +02:00
palainp
e73c160cd4 update docker build for mirage 4.2 2022-08-09 14:16:16 +02:00
palainp
68ab4f37c1 use the new quick_stat+trim from mirage-xen 8.0.0 2022-07-27 14:26:58 +02:00
palainp
7718c95f20 no_argv not needed anymore with no-default-kernelopts for the VM in Qubes 2022-05-27 15:59:49 +02:00
palainp
f33db2b42a fix kernel name 2022-04-04 10:23:54 -04:00
palainp
6f257c5b7b fix opam option 2022-04-04 10:10:43 -04:00