Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-06-29 07:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
248 Commits 1 Branch 18 Tags 1 MiB
c643f97700
Commit Graph

248 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hannes Mehnert
c643f97700 in rules, instead of hardcoding IPv4 addresses of name servers, use those present in QubesDB 2022-09-14 09:43:51 +02:00
Hannes Mehnert
5fdcaae7e8 firewall rule: remove DNS rule (was only needed in Qubes 3) 2022-09-14 09:43:48 +02:00
palainp
050c4706e3 remove gui code, not needed anymore in Qubes 4.1 2022-09-14 09:43:20 +02:00
Hannes Mehnert
29ddbea03d update opam repository to mirage-qubes 0.9.3 release 2022-09-14 09:42:35 +02:00
Hannes Mehnert
2af63f1f45
Merge pull request #145 from hannesm/cleanup 
remove no longer needed _tags file and travis
 2022-09-07 16:59:45 +02:00
Hannes Mehnert
147fe18e74 travis is no longer online 2022-09-07 16:33:34 +02:00
Hannes Mehnert
699088bbde remove no longer needed _tags file 2022-09-07 16:29:57 +02:00
Hannes Mehnert
b0205f7dab changes for 0.8.0 2022-08-31 11:39:31 +02:00
Hannes Mehnert
61767ef0d5
Merge pull request #140 from palainp/mirage4 
update to mirage 4.2.0 & mirage-xen 8.0.0
 2022-08-30 16:29:10 +02:00
palainp
df4f7bf811 update to mirage 4.2.1 2022-08-29 11:31:44 +02:00
Hannes Mehnert
deac2f6c8a
Merge pull request #141 from palainp/drop-pv 
Drop PV references from README.md
 2022-08-19 16:49:46 +02:00
palainp
008b5b3b2f drop PV from README.md for recent versions of qubes-mirage-firewall 2022-08-13 16:59:09 +02:00
palainp
ba1b04432d must make depend before building solo5 with make tar 2022-08-11 13:17:44 +02:00
palainp
e73c160cd4 update docker build for mirage 4.2 2022-08-09 14:16:16 +02:00
palainp
68ab4f37c1 use the new quick_stat+trim from mirage-xen 8.0.0 2022-07-27 14:26:58 +02:00
palainp
7718c95f20 no_argv not needed anymore with no-default-kernelopts for the VM in Qubes 2022-05-27 15:59:49 +02:00
palainp
f33db2b42a fix kernel name 2022-04-04 10:23:54 -04:00
palainp
6f257c5b7b fix opam option 2022-04-04 10:10:43 -04:00
palainp
dbe068c0fe update qubes-builder script for mirage 4.0 2022-04-04 10:09:16 -04:00
palainp
3cce2a5629 bump lower bound for mirage-xen 2022-03-30 03:15:11 -04:00
palainp
a99d7f8792 update to mirage 4.0.0 & mirage-xen 7.0.0 2022-03-30 03:12:01 -04:00
Hannes Mehnert
ef2419bf6f
Merge pull request #137 from hannesm/ethernet-3.0 
update to ethernet 3.0 API
 2022-01-09 13:37:32 +01:00
Hannes Mehnert
ed0f7667e4 update to ethernet 3.0 API 2022-01-09 12:55:35 +01:00
Hannes Mehnert
1d0aaf2666
Merge pull request #136 from hannesm/fixes 
update to dns 6.1.0
 2021-11-12 12:29:21 +01:00
Hannes Mehnert
d36676a630 update hash 2021-11-11 10:19:29 +01:00
Hannes Mehnert
748f803ca0 update to dns 6.1.0 2021-11-11 10:18:38 +01:00
Thomas Leonard
07c2d456ea
Merge pull request #135 from palainp/ocaml-dns-update 
update to ocaml-dns latest release
 2021-11-10 14:53:07 +00:00
Hannes Mehnert
6e76ab299b update sha256 of build 2021-11-10 15:31:36 +01:00
Hannes Mehnert
c4f9142376 DNS: address code review comments, use qubes-primary-dns from QubesDB 2021-11-10 15:30:55 +01:00
Hannes Mehnert
6835072104 build-with-docker: update hash 2021-11-05 20:03:00 +01:00
Hannes Mehnert
d4e365a499 avoid fmt and cstruct deprecation warnings 2021-11-05 20:02:56 +01:00
Hannes Mehnert
7e3303a8d6 read DNS resolver IP addresses from QubesDB 
as specified in https://www.qubes-os.org/doc/vm-interface/
 2021-11-05 20:02:52 +01:00
Hannes Mehnert
65ff2a9203 update arp to >= 2.3.0, where arp.mirage is a sublibrary 2021-11-05 19:41:57 +01:00
Hannes Mehnert
ba8dbc3f57 Dockerfile: update opam-repository to current master 
config.ml: require more recent dns and ipaddr packages
 2021-11-05 19:41:52 +01:00
palainp
4cb5cfa036 update to ocaml-dns 6.0.0 interface 2021-10-28 13:39:32 +02:00
Thomas Leonard
6080e6db30
Merge pull request #129 from talex5/qrexecv3 
Update to mirage-qubes 0.9.1 for qrexec3 compatibility
 2020-12-31 15:20:58 +00:00
Thomas Leonard
a368b12648 Update to mirage-qubes 0.9.1 for qrexec3 compatibility 
Also, switch to building with OCaml 4.11.
 2020-12-03 16:20:53 +00:00
Thomas Leonard
cfe122592d
Merge pull request #118 from xaki23/master 
unpin mirage+lwt versions for qubes-builder
 2020-10-28 12:20:19 +00:00
xaki23
26b5b59b56
unpin mirage+lwt versions for qubes-builder 2020-10-28 13:14:16 +01:00
Thomas Leonard
089f349a05
Merge pull request #116 from talex5/solo5 
Upgrade to Mirage 6 for solo5 PVH support
 2020-10-28 12:11:00 +00:00
Thomas Leonard
d8ae7f749c Update README 2020-10-28 11:00:13 +00:00
Thomas Leonard
be7461a20a Switch Docker base image from Alpine to Fedora 
There seems to be a problem with Xen events getting lost on Alpine.
 2020-10-26 15:38:41 +00:00
Thomas Leonard
3dbb9ecb27 BROKEN: Upgrade to Mirage 6 for solo5 PVH support 
For me, this mostly hangs at:
```
2020-10-26 11:16:31 -00:00: INF [qubes.rexec] waiting for client...
2020-10-26 11:16:31 -00:00: INF [qubes.gui] waiting for client...
2020-10-26 11:16:31 -00:00: INF [qubes.db] connecting to server...
```

Sometimes it gets a bit further:
```
2020-10-26 11:14:19 -00:00: INF [qubes.rexec] waiting for client...
2020-10-26 11:14:19 -00:00: INF [qubes.gui] waiting for client...
2020-10-26 11:14:19 -00:00: INF [qubes.db] connecting to server...
2020-10-26 11:14:19 -00:00: INF [qubes.db] connected
2020-10-26 11:14:19 -00:00: INF [qubes.rexec] client connected, using protocol version 2
2020-10-26 11:14:19 -00:00: INF [qubes.gui] client connected (screen size: 3840x2160 depth: 24 mem: 32401x)
2020-10-26 11:14:19 -00:00: INF [unikernel] GUI agent connected
```
 2020-10-26 15:38:41 +00:00
Thomas Leonard
997446af6c
Merge pull request #117 from hannesm/kernelopts 
README: use kernelopts='' instead of None
 2020-10-24 13:38:46 +01:00
Hannes Mehnert
c173bf1cb0 README: use kernelopts='' instead of None 2020-10-24 12:43:08 +02:00
Thomas Leonard
006801c03e
Merge pull request #112 from roburio/mirage38 
adapt to mirage 3.8.0 changes (ipaddr5, tcpip5); bump opam-repository hash (to get netchannel+mirage-net-xen 0.13.1)
 2020-07-04 13:39:13 +01:00
Hannes Mehnert
aebaa2cafc update sha256 from travis run 2020-07-03 16:55:38 +02:00
Hannes Mehnert
de0eb9d970 adapt to mirage 3.8.0 changes (ipaddr5, tcpip5); bump opam-repository hash (to get netchannel+mirage-net-xen 0.13.1) 2020-07-03 16:39:06 +02:00
Thomas Leonard
094637b2de
Merge pull request #110 from burghardt/dom0tar 
Do not run tar in dom0 (closes #84).
 2020-06-20 10:59:43 +01:00
Krzysztof Burghardt
f9842e8b18
Do not run tar in dom0 (closes #84). 
Do not run tar and bzip2 in dom0 to decompresses and extract archive
data created in, or downloaded to domU as any vulnerabilities in them
can compromise Qubes OS security model.

Instead of that run both tar and bzip2 in domU and copy unikernel to
dom0 as described in official Qubes documentation ["Copying from (and to)
dom0"](https://www.qubes-os.org/doc/copy-from-dom0/#copying-to-dom0).

Auxiliary files required to run unikernel in Qubes OS domU can be easily
created directly in dom0 using trusted tools available there.
 2020-06-20 01:16:29 +02:00