mirage

CHANGES:

• Update the generated minimal constraint required for mirage-runtime as Opam considers 4.0.0~beta* < 4.0.0 (#1276, @dinosaure)

CHANGES:

Refactor build process to use Dune build system. The
motivation is to drop ocamlbuild-induced technical debt and to obtain
first-class support for cross-compilation. To learn more about how Dune is
able to perform cross-compilation, please refer to the
documentation.

Main changes:

• Two opam files are generated when running mirage configure:

  • <unikernel>-switch.opam: for dependencies that are meant to be installed
    in the user's opam switch. It comprises of build tools such as
    ocaml-freestanding for Solo5 targets.
  • <unikernel>-monorepo.opam: for unikernel dependencies, they are locally
    fetched to compose a dune workspace.

• Unikernel dependencies are fetched in the source project using the
  opam-monorepo tool. This tool reads the <unikernel>-monorepo.opam file and
  make use of the opam solver to compute the transitive dependency set, saves
  that as a lockfile, and fetch sources in the duniverse/ subfolder.
  More info on the
  Github repository.

• The compilation scheme use dune's concept of a workspace: it's a set of
  libraries that are built together using the same context. For each
  compilation target, the Mirage tool is able to generate a context definition
  able to compile for that target. A context is defined by an OCaml compiler
  (or cross-compiler) toolchain, as defined by findlib, it can be tuned with
  environment variables and custom flags for the OCaml or underlying C compiler.

• The usual workflow mirage configure && make depends && mirage build does
  not change. However, files are now generated in the ./mirage directory
  (OPAM files, main.ml, key_gen.ml or manifest.json), and
  the final artefact is created in the ./dist directory.

Breaking changes:

• Unikernel dependencies need to use dune as a build system. Other build
  systems can be sandboxed, but the recommended way is to switch to dune.
  Many packages not compiling with dune yet have been ported and are available
  as an additional
  opam repository overlay.
  In addition, a few packages not supporting cross-compilation have been fixed
  and are available in another
  opam repository
  overlay. The mirage tool uses these two opam overlays by default. To only
  use the default packages provided by Opam,
  use mirage configure --no-extra-repo.

• Functoria_runtime.info and Mirage_runtime.info now list all the libraries
  that are statically linked against the unikernel. The packages field have
  been removed and the libraries field is now accurate and contains the
  versions computed by dune-build-info.

• Update the DSL to describe devices into the config.ml. We don't use
  objects anymore, and we replace it with the usage of Mirage.impl that
  expects the same fields as before.

CHANGES:

• Allow tcpip 7.0.0, arp 3.0.0, ethernet 3.0.0 (#1259 @hannesm)

CHANGES:

• Allow mirage-clock 4.0.0 (@hannesm #1256)
• Use "opam var prefix" instead of "opam config var prefix" (@hannesm)

CHANGES:

• Adapt to conduit 5.0.0 API (and dns 6.0.0) @hannesm #1246
• Avoid deprecated Fmt functions @hannesm #1246

CHANGES:

• Allow tls-mirage 0.14 and 0.15 series (@hannesm)

CHANGES:

• Allow mirage-crypto-rng-mirage 0.10 (@hannesm)

CHANGES:

• Adapt to conduit 4.0.0 and cohttp 4.0.0 (@dinosaure #1221)

CHANGES:

• Adapt to conduit 2.3 and cohttp 4.0 (@samoht @dinosaure #1209)
• Allow mirage-crypto-rng-mirage 0.9 (@hannesm #1218)
• Adapt to tcpip 6.1.0 release (the unix sublibrary is no longer needed)

CHANGES:

• Fix serialising of Mirage_key.Arg.ip_address: remove superfluous '.'
  character (#1205 @hannesm)

CHANGES:

IPv6 and dual (IPv4 and IPv6) stack support #1187

Since a long time, IPv6 code was around in our TCP/IP stack (thanks to @nojb
who developed it in 2014). Some months ago, @hannesm and @MagnusS got excited
to use it. After we managed to fix some bugs and add some test cases, and
writing more code to setup IPv6-only and dual stacks, we are eager to share
this support for MirageOS in a released version. We expect there to be bugs
lingering around, but duplicate address detection (neighbour solicitation and
advertisements) has been implemented, and (unless
"--accept-router-advertisement=false") router advertisements are decoded and
used to configure the IPv6 part of the stack. Configuring a static IPv6 address
is also possible (with "--ipv6=2001::42/64").

While at it, we unified the boot arguments between the different targets:
namely, on Unix (when using the socket stack), you can now pass
"--ipv4=127.0.0.1/24" to the same effect as the direct stack: only listen
on 127.0.0.1 (the subnet mask is ignored for the Unix socket stack).

A dual stack unikernel has "--ipv4-only=BOOL" and "--ipv6-only=BOOL" parameters,
so a unikernel binary could support both Internet Protocol versions, while the
operator can decide which protocol version to use.

Please also note that the default IPv4 network configuration no longer uses
10.0.0.1 as default gateway (since there was no way to unset the default
gateway #1147).

For unikernel developers, there are some API changes in the Mirage module

• New "v4v6" types for IP protocols and stacks
• The ipv6_config record was adjusted in the same fashion as the ipv4_config
  type: it is now a record of a network (V6.Prefix.t) and gateway (V6.t option)

Some parts of the Mirage_key module were unified as well:

• Arp.ip_address is available (for a dual Ipaddr.t)
• Arg.ipv6_address replaces Arg.ipv6 (for an Ipaddr.V6.t)
• Arg.ipv6 replaces Arg.ipv6_prefix (for a Ipaddr.V6.Prefix.t)
• V6.network and V6.gateway are available, mirroring the V4 submodule

If you're ready to experiment with the dual stack, here's a diff for our basic
network example (from mirage-skeleton/device-usage/network) replacing IPv4
with a dual stack:

diff --git a/device-usage/network/config.ml b/device-usage/network/config.ml

CHANGES:

The Xen backend is a minimal legacy-free re-write: Solo5 (since 0.6.6) provides
the low-level glue code, and ocaml-freestanding provides the OCaml runtime. The
PV-only Mini-OS implementation has been retired.

The only supported virtualization mode is now Xen PVH (version 2 or above),
supported since Xen version 4.10 or later (and Qubes OS 4.0).

The support for the ARM32 architecture on Xen has been removed.

Security posture improvements:

With the move to a Solo5 and ocaml-freestanding base MirageOS gains several
notable improvements to security posture for unikernels on Xen:

• Stack smashing protection is enabled unconditionally for all C code.
• W^X is enforced throughout, i.e. .text is read-execute, .rodata is
  read-only, non-executable and .data, heap and stack are read-write and
  non-executable.
• The memory allocator used by the OCaml runtime is now dlmalloc (provided by
  ocaml-freestanding), which is a big improvement over the Mini-OS malloc, and
  incorporates features such as heap canaries.

Interface changes:

• With the rewrite of the Xen core platform stack, several Xen-specific APIs
  have changed in incompatible ways; unikernels may need to be updated. Please
  refer to the mirage-xen v6.0.0 change
  log for a list of
  interfaces that have changed along with their replacements.

Other changes:

• OCaml 4.08 is the minimum supported version.
• A dummy dev-repo field is emitted for the generated opam file.
• .xe files are no longer generated.
• Previous versions of MirageOS would strip boot parameters on Xen, since Qubes
  OS 3.x added arguments that could not be interpreted by our command line
  parser. Since Qubes OS 4.0 this is no longer an issue, and MirageOS no longer
  strips any boot parameters. You may need to execute
  qvm-prefs qube-name kernelopts ''.

Acknowledgements:

• Thanks to Roger Pau Monné, Andrew Cooper and other core Xen developers for
  help with understanding the specifics of how PVHv2 works, and how to write an
  implementation from scratch.
• Thanks to Marek Marczykowski-Górecki for help with the Qubes OS specifics, and
  for forward-porting some missing parts of PVHv2 to Qubes OS version of Xen.
• Thanks to @palainp on Github for help with testing on Qubes OS.

CHANGES:

• OCaml runtime parameters (OCAMLPARAM) are exposed as boot and configure
  arguments. This allows e.g. to switch to the best-fit garbage collection
  strategy (#1180 @hannesm)

CHANGES:

• Emit type=pv in xl (instead of builder=linux), as required by xen 4.10+ (#1166 by @djs55)
• adapt to ipaddr 5.0.0, tcpip 5.0.0, mirage-crypto 0.8 (#1172 @hannesm)

CHANGES:

• handle errors from Bos.OS.Cmd.run_out
• use PREFIX if defined (no need to call "opam config var prefix")
• adapt to conduit 2.2.0, tls 0.12, mirage-crypto 0.7.0 changes

CHANGES:

• fix conduit with 3.7.5 changes (#1086, @hannesm)

CHANGES:

• use mirage-crypto (and mirage-crypto-entropy) instead of nocrypto, also
  tls-mirage and up-to-date conduit

CHANGES:

• use git rev-parse --abbrev-ref HEAD instead of git branch --show-current
  for emitting branch information into the opam file. The latter is only
  available in git 2.22 or later, while the former seems to be supported by
  old git releases. (#1024, @hannesm)

CHANGES:

• mirage configure now emits build and install steps into generated opam file
  this allows to use opam install . to actually install a unikernel.
  (#1022 @hannesm)
• refactor configure, build and link step into separate modules (#1017 @dinosaure)

CHANGES:

• adjust fat-filesystem constraints to >= 0.14 && < 0.15 (#1015, @hannesm)