Commit Graph

29 Commits

Author SHA1 Message Date
Hannes Mehnert
de0eb9d970 adapt to mirage 3.8.0 changes (ipaddr5, tcpip5); bump opam-repository hash (to get netchannel+mirage-net-xen 0.13.1) 2020-07-03 16:39:06 +02:00
Hannes Mehnert
620bbb5b35 update opam repository commit hash for release 2020-06-19 08:24:18 +00:00
linse
53bf4f960c update to ocaml 4.10 and mirage 3.7.7 2020-05-19 14:35:22 +02:00
linse
87df5bdcc0 Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now.
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
Thomas Leonard
65324b4197 Update Dockerfile to get new mirage-nat version 2020-02-19 14:16:49 +00:00
Thomas Leonard
48b38fa992 Fix Lwt.4.5.0 in the Dockerfile for faster builds
Otherwise, it installs Lwt 5 and then has to downgrade it in the next
step.
2020-01-13 09:49:37 +00:00
Hannes Mehnert
730957d19b upgrade opam repository to current head and mirage to 3.7.4 2020-01-11 15:46:22 +01:00
Thomas Leonard
930d209cdb Fix build
- A new ocaml-migrate-parsetree.1.4.0 was released, replacing the old
  1.4.0 with new code. This was rejected by the checksum test.
  Fixed by updating to the latest opam-repository.
  See: https://github.com/ocaml/opam-repository/pull/15294

- The latest opam-repository pulls in mirage 3.7, which doesn't work
  (`No available version of mirage-clock satisfies the constraints`), so
  pin the previous mirage 3.5.2 version instead.

- Mirage now generates `.merlin`, so remove it from Git.
2019-11-17 14:33:56 +00:00
Thomas Leonard
49195ed5e1 Update Docker build for new mirage-xen
Also, switched to the experimental new OCurrent images, as they are much
smaller:

- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now:  309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
2019-08-25 19:01:22 +01:00
Thomas Leonard
8b411db751 Removed some hard-coded installs from Dockerfile
There's no advantage to installing these manually, and with the current
version of mirage they had to be downgraded again in the next step.
2019-07-28 16:49:16 +01:00
xaki23
16231e2e52 Adjust to ipaddr-4.0.0 renaming _bytes to _octets 2019-07-28 16:49:04 +01:00
Thomas Leonard
d36ecf96af Remove cmdliner pin as 1.0.4 is now released
Reverts 06511e076f
2019-06-15 12:57:37 +01:00
Thomas Leonard
0a4dd7413c Force backend MAC to fe:ff:ff:ff:ff:ff to fix HVM clients
Xen appears to configure the same MAC address for both the frontend
and backend in XenStore. e.g.

    [tal@dom0 ~]$ xenstore-ls /local/domain/3/backend/vif/19/0
    frontend = "/local/domain/19/device/vif/0"
    mac = "00:16:3e:5e:6c:00"
    [...]

    [tal@dom0 ~]$ xenstore-ls /local/domain/19/device/vif/0
    mac = "00:16:3e:5e:6c:00"

This works if the client uses just a simple ethernet device, but fails
if it connects via a bridge. HVM domains have an associated stub domain
running qemu, which provides an emulated network device. The stub domain
uses a bridge to connect qemu's interface with eth0, and this didn't
work.

Force the use of the fixed version of mirage-net-xen, which no longer
uses XenStore to get the backend MAC, and provides a new function to get
the frontend one.
2019-05-06 09:52:46 +01:00
Thomas Leonard
45eef49c95 Upgrade to latest mirage-nat to fix ICMP
Now ping and traceroute should work.
2019-04-16 18:21:07 +01:00
Thomas Leonard
06511e076f Add patch to cmdliner for reproducible build
See https://github.com/dbuenzli/cmdliner/pull/106
2019-04-08 10:35:42 +01:00
Thomas Leonard
cb7078633e Update dependencies
Remove pin on mirage 3.4 - it should now be working with the latest
release.
2019-04-03 12:32:13 +01:00
Thomas Leonard
7f99973a02 Update Docker build for Mirage 3.5 2019-03-24 13:21:39 +00:00
Thomas Leonard
2edb088650 Update to latest Debian and opam
Reported by Honzoo.
2019-02-01 09:36:08 +00:00
Thomas Leonard
78e219da8c Update Debian base image in Docker build
Had stopped working:

    Err http://security.debian.org/ jessie/updates/main libxenstore3.0 amd64 4.4.1-9+deb8u10
      404  Not Found [IP: 128.61.240.73 80]

Updated from Debian 8 to Debian 9, and from opam to opam2.
2018-11-03 17:27:48 +00:00
Thomas Leonard
6e6ff755eb Update to newly released version of netchannel 2017-12-16 22:37:41 +00:00
Thomas Leonard
aca156f21b Update to released shared-memory-ring 2017-11-15 17:28:33 +00:00
Thomas Leonard
b114e569f2 Use Git master for shared-memory-ring and netchannel
This adds support for HVM and disposable domains.

Also, update the suggested RAM allocation slightly as 20 MB can be too
small with lots of VMs.
2017-11-09 17:08:59 +00:00
Thomas Leonard
997d538a93 Use released mirage-nat 1.0 2017-10-15 15:24:56 +01:00
Thomas Leonard
794ca35d23 Update Dockerfile to use newer Debian base image
Was failing with

```
E: Failed to fetch http://security.debian.org/pool/updates/main/x/xen/libxenstore3.0_4.4.1-9+deb8u8_amd64.deb  404  Not Found [IP: 212.211.132.32 80]
```
2017-09-12 16:57:01 +01:00
Thomas Leonard
630304500f Update build for Mirage 3 2017-03-18 10:46:06 +00:00
Thomas Leonard
b4079ac861 Update to new mirage-nat API 2017-03-05 17:04:05 +00:00
Thomas Leonard
150208fc72 Pin Docker base image to a specific hash
Requested by Joanna Rutkowska.
2017-01-31 09:26:57 +00:00
Thomas Leonard
07ff3d6147 Fix opam-repository commit for reproducible builds
Also, display the actual and expected SHA hashes after building.
2017-01-28 14:17:27 +00:00
Thomas Leonard
d6074f2271 Add option to build with Docker 2017-01-09 18:44:30 +00:00