MirageOS is a library operating system that constructs unikernels
ISC License
Bot releases are visible (Hide)
Published by hannesm almost 5 years ago
CHANGES:
mirage configure
is executed (#1013 @dinosaure)Published by hannesm almost 5 years ago
CHANGES:
exit 0
after the Lwt event loop returned (to run at_exit handlers in freestanding environments) (#1011, @hannesm)Published by hannesm about 5 years ago
CHANGES:
-t spt
for sandboxed processed tender (seccomp on Linux)ocamlbuild
-- verbose if log level is info or debug (#999, by @mato)Published by hannesm about 5 years ago
CHANGES:
Published by hannesm over 5 years ago
CHANGES:
Published by hannesm over 5 years ago
CHANGES:
rw
(#975, by @hannesm)Published by hannesm over 5 years ago
CHANGES:
Published by hannesm almost 6 years ago
CHANGES:
Published by hannesm almost 6 years ago
CHANGES:
CHANGES:
New target: (via solo5) Genode:
"Genode[4][5][6] is a free and open-source operating system framework consisting
of a microkernel abstraction layer and a collection of userspace components. The
framework is notable as one of the few open-source operating systems not derived
from a proprietary OS, such as Unix. The characteristic design philosophy is
that a small trusted computing base is of primary concern in a security oriented
OS." (from wikipedia, more at https://genode.org/ #942, by @ehmry)
User-visible changes
use mirage-bootvar-unix instead of OS.Env.argv
(deprecated since mirage-{xen,unix,os-shim}.3.1.0, mirage-solo5.0.5.0) on unix
(#931, by @hannesm)
WARNING: this leads to a different semantics for argument passing on Unix:
all arguments are concatenated (using a whitespace " " as separator), and
split on the whitespace character again (by parse-argv). This is coherent
with all other backends, but the whitespace in "--hello=foo bar" needs to
be escaped now.
mirage now generates upper bounds for hard-coded packages that are used in
generated code. When we now break the API, unikernels which are configured with
an earlier version won't accept the new release of the dependency. This means
API breakage is much smoother for us, apart from that we now track version
numbers in the mirage utility. The following rules were applied for upper bounds:
WARNING: Please be careful when release any of the referenced libraries by
taking care of appropriate version numbering.
(initial version in #855 by @avsm, final #946 by @hannesm)
since functoria.2.2.2, the "package" function (used in unikernel configuration)
is extended with the labeled argument ~pin that receives a string (e.g.
~pin:"git+https://github.com/mirage-random/mirage-random.git"), and is embedded
into the generated opam file as pin-depends
mirage-random-stdlib is now used for default_random instead of mirage-random
(which since 1.2.0 no longer bundles the stdlib Random
module). mirage-random-stdlib is not cryptographically secure, but "a
lagged-Fibonacci F(55, 24, +) with a modified addition function to enhance the
mixing of bits.", which is now seeded using mirage-entropy. If you configure
your unikernel with "mirage configure --prng fortuna" (since mirage 3.0.0), a
cryptographically secure PRNG will be used (read more at
https://mirage.io/blog/mirage-entropy)
mirage now revived its command-line "--no-depext", which removes the call to
"opam depext" in the depend and depends target of the generated Makefile
(#948, by @hannesm)
make depend no longer uses opam pin for opam install --deps-only (#948, by @hannesm)
remove unused io_page configuration (initial discussion in #855, #940, by @hannesm)
charrua-client requires a Mirage_random interface since 0.11.0 (#938, by @hannesm)
split implementations into separate modules (#933, by @emillon)
improved opam2 support (declare ocaml as dependency #926)
switch build system to dune (#927, by @emillon)
block device writes has been fixed in mirage-solo5.0.5.0
Published by hannesm about 6 years ago
Due to conflicting packages, opam will not upgrade mirage to version 3.2.0 or newer if a version of mirage-solo5 older than 0.4.0 is installed in the switch. To perform the upgrade you must run opam upgrade mirage
explicitly.
Changes required to rebuild and run ukvm unikernels
As of Solo5 0.4.0, the ukvm target has been renamed to hvt. If you are working out of an existing, dirty, source tree, you should initially run:
mirage configure -t hvt
mirage clean
mirage configure -t hvt
and then proceed as normal. If you are working with a clean source tree, then simply configuring with the new hvt target is sufficient:
mirage configure -t hvt
Note that the build products have changed:
The unikernel binary is now named <unikernel>.hvt
,
the ukvm-bin
binary is now named solo5-hvt
.
This is a breaking change: mirage 3.2.0 requires mirage-protocols 1.4.0, mirage-stack 1.3.0, and tcpip 3.5.0 to work (charru-client-mirage 0.10 and mirage-qubes-ipv4 0.6 are adapted to the changes). An older mirage won't be able to use these new libraries correctly. Conflicts were introduced in the opam-repository.
In more detail, direct and socket stack initialisation changed, which is automatically generated by the mirage tool for each unikernel (as part of main.ml
). A record was built up, which is no longer needed.
Several unneeded type aliases were removed:
netif
from Mirage_protocols.ETHIF
ethif
and prefix
from Mirage_protocols.IP
ip
from Mirage_protocols.{UDP,TCP}
netif
and 'netif config
from Mirage_stack.V4
'netif stackv4_config
and socket_stack_config
in Mirage_stack
mirage build
(#916, by @mato)Published by hannesm about 6 years ago
-tags thread
, as done for the mac osx target (#861,Published by hannesm over 6 years ago
configure
section (#892, by @yomimono)Published by yomimono almost 7 years ago
xen
, pass the raw filename rather than trying to infer the xenstore ID (#874, by @yomimono)Published by djs55 almost 7 years ago
cohttp-mirage
is 1.0.0
(not 3.0.0
) (#870 by @hannesm)Published by djs55 almost 7 years ago
mirage-http
to cohttp-mirage
(#863 by @djs55) see [mirage/ocaml-cohttp#572]Published by djs55 about 7 years ago
--syslog
, --syslog-port
and --syslog-hostname
(#853 via @hannesm).--kv-ro archive
(#848 by @mor1)--gdb
argument for ukvm targets so that debuggers can be attached easily. This allows mirage configure --gdb -t ukvm
to work (@ricarkol in #847).Packaging updates for latest opam repository:
Published by djs55 over 7 years ago
Published by yomimono over 7 years ago
TERM <> dumb && Unix.isatty stdout
(#814, by @hannesm)Published by yomimono over 7 years ago