update to mirage 4.2.0 & mirage-xen 8.0.0 #140
Conversation
|
as part of the whole mess around (the lower parts of) QubesOS/qubes-issues#6162 and Solo5/solo5#516 i can confirm this branch works at least as much as any other, if not better. tl;dr: LGTM, please merge |
config.ml
Outdated
|
|
||
| let () = | ||
| register "qubes-firewall" [main $ default_random $ default_monotonic_clock] | ||
| register "qubes-firewall" [main $ default_random $ default_monotonic_clock $ default_time] | ||
| ~argv:no_argv |
There was a problem hiding this comment.
| ~argv:no_argv |
as discussed in Solo5/solo5#516 (comment) and following, we don't need the no_argv anymore
There was a problem hiding this comment.
The command that permits to remove this line is in the README.md both for new VM creation:
qubes-mirage-firewall/README.md
Line 85 in ef2419b
and for VM updates:
qubes-mirage-firewall/README.md
Line 99 in ef2419b
It's ok to be removed. 👍
Do you think I should also add the command elsewhere?
There was a problem hiding this comment.
How's the user story when installing an RPM, is there some kind of qvm-features executions already in some script?
There was a problem hiding this comment.
The arguments for the kernel come from the grub.cfg file : https://github.com/marmarek/qubes-builder-mirage/blob/master/template_scripts/grub.cfg
Regarding other commands to properly setup the template VM, there is a post-install script included in the .rpm file, I still need to find if we can provide specific commands to set kernel to grub2-pvh.
There was a problem hiding this comment.
the RPM postinstall script currently doesnt really work for mirage VMs in general. (the rpm installs though and allows the user to adjust the required prefs/features)
the problem is there does not seem to be a sane path to have https://github.com/QubesOS/qubes-linux-template-builder (which is used to roll the rpm) use a custom install script. and/or a "template parameter file" to be included in the template rpm, which could be used by both an in-rpm install script and alternate tooling for installing templates.
from my pov, not a blocker for this PR, it doesnt really make anything worse than it has been since forever.
palainp
changed the title
|
Thanks @hannesm for the mirage update. I manually pinned before compiling with the last commit. |
|
As @Szewcson I have a correct running here with: @TommyTran732 can you copy/paste your vm configuration and the last part of the qubes log to help understanding the crash please? |
Sorry for the late reply, where do you get those logs? I am using the same VM configuration in the README. It works when I build Mirage 3.10, but when I replace the vmlinuz with the 4.2 version it just crashes shortly after it launches. |
|
The logs come from |
|
I figured out what was wrong. I forgot to set qvm-features mirage-firewall no-default-kernelopts 1 :D |
|
@palainp Mirage 4.2.1 just came out a few hours ago. Is there any chance you can update this PR? (Would be a great opportunity to bump the ocaml docker image version too) :D |
|
@TommyTran732 @Szewcson: The build should be fine with mirage 4.2.1 now. I ran into troubles for the compilation, maybe you will have to correctly clean the repository. The shasum has not been changed because the mirage update only affects the build system. |
|
Thanks for all your hard work! :) |
|
Yes, see https://builds.robur.coop/job/qubes-firewall/build/4ead4483-4236-4b87-9498-b86ed931df8b -- indeed I just sent you a mail how to approach #115 |
With these changes it compiles with mirage 4.0 and runs on qubes 4.1.EDIT: This PR is now a general update to mirage 4.2+mirage-xen 8.0.0 and update of qubes-builder + docker scripts.