- A new ocaml-migrate-parsetree.1.4.0 was released, replacing the old
1.4.0 with new code. This was rejected by the checksum test.
Fixed by updating to the latest opam-repository.
See: https://github.com/ocaml/opam-repository/pull/15294
- The latest opam-repository pulls in mirage 3.7, which doesn't work
(`No available version of mirage-clock satisfies the constraints`), so
pin the previous mirage 3.5.2 version instead.
- Mirage now generates `.merlin`, so remove it from Git.
Also, switched to the experimental new OCurrent images, as they are much
smaller:
- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now: 309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
Version 1.11.0 has been released now, and the current trunk doesn't
build without updating other things. The error was:
File "lib/xenstore.ml", line 165, characters 19-34:
Error: The module OS is an alias for module Os_xen, which is missing
ocamlopt lib/.netchannel.objs/native/netchannel__Backend.{cmx,o} (exit 2)
(cd _build/default && /home/opam/.opam/4.07/bin/ocamlopt.opt -w -40 -g -I lib/.netchannel.objs/byte -I lib/.netchannel.objs/native -I /home/opam/.opam/4.07/lib/base/caml -I /home/opam/.opam/4.07/lib/bigarray-compat -I /home/opam/.opam/4.07/lib/bytes -I /home/opam/.opam/4.07/lib/cstruct -I /home/opam/.opam/4.07/lib/fmt -I /home/opam/.opam/4.07/lib/io-page -I /home/opam/.opam/4.07/lib/io-page-x[...]
File "lib/backend.ml", line 23, characters 16-29:
Error: The module OS is an alias for module Os_xen, which is missing
Reported by ronpunz in https://groups.google.com/forum/#!topic/qubes-users/PsYUXvypPDs
Before, we used Client_gateway for the IP address of the firewall on the
client network and Firewall_uplink for its address on the uplink
network. However, Qubes 4 uses the same IP address for both, so we can't
separate these any longer, and there doesn't seem to be any advantage to
keeping them separate anyway.
In the (commented-out) example rules, instead of allowing any client to
continue a TCP flow with any other client, just allow Untrusted to reply
to Dev. This is all that is needed to make the SSH example work.