MirageOS is a library operating system that constructs unikernels
ISC License
Bot releases are visible (Hide)
Published by dinosaure over 2 years ago
CHANGES:
mirage-runtime
as Opam considers 4.0.0~beta* < 4.0.0
(#1276, @dinosaure)Published by dinosaure over 2 years ago
CHANGES:
Refactor build process to use Dune build system. The
motivation is to drop ocamlbuild
-induced technical debt and to obtain
first-class support for cross-compilation. To learn more about how Dune is
able to perform cross-compilation, please refer to the
documentation.
Main changes:
Two opam files are generated when running mirage configure
:
<unikernel>-switch.opam
: for dependencies that are meant to be installedocaml-freestanding
for Solo5 targets.<unikernel>-monorepo.opam
: for unikernel dependencies, they are locallyUnikernel dependencies are fetched in the source project using the
opam-monorepo
tool. This tool reads the <unikernel>-monorepo.opam
file and
make use of the opam solver to compute the transitive dependency set, saves
that as a lockfile, and fetch sources in the duniverse/
subfolder.
More info on the
Github repository.
The compilation scheme use dune
's concept of a workspace: it's a set of
libraries that are built together using the same context. For each
compilation target, the Mirage tool is able to generate a context definition
able to compile for that target. A context is defined by an OCaml compiler
(or cross-compiler) toolchain, as defined by findlib
, it can be tuned with
environment variables and custom flags for the OCaml or underlying C compiler.
The usual workflow mirage configure && make depends && mirage build
does
not change. However, files are now generated in the ./mirage
directory
(OPAM files, main.ml
, key_gen.ml
or manifest.json
), and
the final artefact is created in the ./dist
directory.
Breaking changes:
Unikernel dependencies need to use dune
as a build system. Other build
systems can be sandboxed, but the recommended way is to switch to dune
.
Many packages not compiling with dune yet have been ported and are available
as an additional
opam repository overlay.
In addition, a few packages not supporting cross-compilation have been fixed
and are available in another
opam repository
overlay. The mirage tool uses these two opam overlays by default. To only
use the default packages provided by Opam,
use mirage configure --no-extra-repo
.
Functoria_runtime.info
and Mirage_runtime.info
now list all the libraries
that are statically linked against the unikernel. The packages
field have
been removed and the libraries
field is now accurate and contains the
versions computed by dune-build-info
.
Update the DSL to describe devices into the config.ml
. We don't use
objects anymore, and we replace it with the usage of Mirage.impl
that
expects the same fields as before.
Published by hannesm almost 3 years ago
CHANGES:
Published by hannesm almost 3 years ago
CHANGES:
Published by hannesm almost 3 years ago
CHANGES:
Published by hannesm about 3 years ago
CHANGES:
Published by hannesm over 3 years ago
CHANGES:
Published by dinosaure over 3 years ago
CHANGES:
Published by hannesm over 3 years ago
CHANGES:
Published by hannesm almost 4 years ago
CHANGES:
Published by hannesm almost 4 years ago
CHANGES:
IPv6 and dual (IPv4 and IPv6) stack support #1187
Since a long time, IPv6 code was around in our TCP/IP stack (thanks to @nojb
who developed it in 2014). Some months ago, @hannesm and @MagnusS got excited
to use it. After we managed to fix some bugs and add some test cases, and
writing more code to setup IPv6-only and dual stacks, we are eager to share
this support for MirageOS in a released version. We expect there to be bugs
lingering around, but duplicate address detection (neighbour solicitation and
advertisements) has been implemented, and (unless
"--accept-router-advertisement=false") router advertisements are decoded and
used to configure the IPv6 part of the stack. Configuring a static IPv6 address
is also possible (with "--ipv6=2001::42/64").
While at it, we unified the boot arguments between the different targets:
namely, on Unix (when using the socket stack), you can now pass
"--ipv4=127.0.0.1/24" to the same effect as the direct stack: only listen
on 127.0.0.1 (the subnet mask is ignored for the Unix socket stack).
A dual stack unikernel has "--ipv4-only=BOOL" and "--ipv6-only=BOOL" parameters,
so a unikernel binary could support both Internet Protocol versions, while the
operator can decide which protocol version to use.
Please also note that the default IPv4 network configuration no longer uses
10.0.0.1 as default gateway (since there was no way to unset the default
gateway #1147).
For unikernel developers, there are some API changes in the Mirage module
Some parts of the Mirage_key module were unified as well:
If you're ready to experiment with the dual stack, here's a diff for our basic
network example (from mirage-skeleton/device-usage/network) replacing IPv4
with a dual stack:
diff --git a/device-usage/network/config.ml b/device-usage/network/config.ml
Published by hannesm almost 4 years ago
CHANGES:
The Xen backend is a minimal legacy-free re-write: Solo5 (since 0.6.6) provides
the low-level glue code, and ocaml-freestanding provides the OCaml runtime. The
PV-only Mini-OS implementation has been retired.
The only supported virtualization mode is now Xen PVH (version 2 or above),
supported since Xen version 4.10 or later (and Qubes OS 4.0).
The support for the ARM32 architecture on Xen has been removed.
Security posture improvements:
With the move to a Solo5 and ocaml-freestanding base MirageOS gains several
notable improvements to security posture for unikernels on Xen:
.text
is read-execute, .rodata
is.data
, heap and stack are read-write andInterface changes:
Other changes:
dev-repo
field is emitted for the generated opam file.qvm-prefs qube-name kernelopts ''
.Acknowledgements:
Published by hannesm about 4 years ago
CHANGES:
Published by hannesm over 4 years ago
CHANGES:
Published by hannesm over 4 years ago
CHANGES:
Published by hannesm over 4 years ago
CHANGES:
Published by hannesm over 4 years ago
CHANGES:
Published by hannesm almost 5 years ago
CHANGES:
git rev-parse --abbrev-ref HEAD
instead of git branch --show-current
Published by hannesm almost 5 years ago
CHANGES:
mirage configure
now emits build and install steps into generated opam fileopam install .
to actually install a unikernel.Published by samoht almost 5 years ago
CHANGES: