-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dunification of MirageOS #1024
Dunification of MirageOS #1024
Conversation
This patch adds a way to configure the UNIX target where we define a dune's alias: dune build @default and an underlying rule to _generate_ the unikernel. It adds as Solo5 and Xen libs.sexp which just put into the link step command, the flag `-thread`.
I just would like to clarify some underlying requests about this PR to understand choices made as long as #979, #1020 and #1021. From all people, requests in my mind are exhaustive such as:
From that, I followed the work did by @TheLortex who focused his work on the usability of However, I took care about some others details mostly to avoid an hard incompatibility of existing resources and give a chance to people to switch from the current By this fact, I keep in mind and in this PR the layout provided by OPAM where the MirageOS ecosystem trusts. The hard question from all of that is how to deal with both worlds as an intermediate step. From what I saw, all people consider it as an intermediate step which is not perfect but let a window for all of us to move forward and be synchronized properly together in one fully-define goal. The fact that the idea behind This PR is not a perfect way to switch MirageOS to |
|
lib/mirage_configure.ml
Outdated
let configure_dune_workspace i = | ||
let ctx = Info.context i in | ||
let target = Key.(get ctx target) in | ||
let lang = sexp_of_fmt {sexp|(lang dune 2.0)|sexp} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you write all of these lines in one big {sexp|...|sexp}
statements instead of splitting in multiple lines?
Ok ( rule_libmirage_solo5_bindings | ||
:: rule_ldflags :: rule_cflags :: rule_libs :: rule_libdir | ||
:: rule_manifest_c :: rule_manifest_o | ||
:: alias :: rule_unikernel :: [] ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here, I find it easier to maintain/review if there is one main file template instead of splitting this into multiple statements.
The patch looks good to me. To make it even simpler, I think it would be nice:
And I am very much in favour for using dune variants, as it will simplify a lot of things. For the C bindings: a possible solution to simplify the ports to MirageOS that we discussed last year would be to provide a tool to generate the correct |
|
683ac4f
to
da87930
Compare
CHANGES: * use `git rev-parse --abbrev-ref HEAD` instead of `git branch --show-current` for emitting branch information into the opam file. The latter is only available in git 2.22 or later, while the former seems to be supported by old git releases. (mirage/mirage#1024, @hannesm)
This patch loads several files: - libs.sexp used by `dune` when we want to provide main.exe.o (with -output-complete-obj) It will add right libasmrun.a, libnolibc.a and libopenlibm.a with the right patch (with -I) and expects libmirage-solo5_bindings.a in sources to link with it (and resolve some symbols at this step) - ldflags used by `dune` and `ld` when we want to provide %{target}.hvt. It will use the linking script of Solo5 with some options like -nostdlib and max-page-size - cflags.sexp to be able to compile correctly manifest.c and give the right context to compile any C artifacts inside the dune workspace All of these files come from `ocaml-freestanding` and libmirage-solo5_bindings.a comes from `mirage-solo5`. A `mirage configure` does need to have this libraries but a `mirage build` needs them - `make depends` serves this point. These files want to replace `pkg-config`. The call of this tool is not really deleted when it's done at the build time of `ocaml-freestanding`. However, the mirage tool does not depend on `pkg-config` to get flags and trust on the layout of `ocaml-freestanding` available on OPAM - `dune` has the capability to resolve that. * A rule is done to compile manifest.o needed at the final link time. A hack is done (we create a new file manifest.ml) to put as a dependency of %{target}.hvt manifest.o. * A rule is done to do the final link step when we use the linking script from Solo5 and make the unikernel.
18e1510
to
042a1cc
Compare
As UNIX and Solo5 target, Xen can emit special dune's configuration.
This patch integrate the biggest update about the _dunification_ of MirageOS where mostly all are orchestrated here. `configure_dune` is the main function to emit the right `dune.build` file according target __and__ libraries described in `config.ml` It will emit the main `(executable ...)` artifact with specific cflags and lflags. Both are delivered by a __post__ processs `configure_post_build_rules` according the requested target. cc-to-ocamlopt is used to properly link static libraries expected by `config.ml` and -l flags provided by `*.cmxa` artifacts. The executable is described as a target which will used specific variants (`xen` or `freestanding`). _dunified_ project can take the advantage of that to plug a special implementation according the target requested. A `dune-workspace` and a `dune-project` are emitted too to provide a good context about how to compile C stubs specially. `duniverse` can take the advantage of that.
See update into Mirage_clean and give a proper way to delete all generated files.
The link process is defined into the `dune.build` file and the mirage tool does not need to take care about that when `dune build` will do the linking step with `ocamlopt` and `ld` (for Solo5 and Xen). NOTE: `dune` uses `-output-complete-obj` when `ocamlbuild` uses `-output-obj`. The main diff is about flags given by *.cmxa. `dune` will try to follow them when `ocamlbuild` just generate a `*.o` with undefined symbols (then, a call to `ld` with static libraries is needed - resolved by `ocamlfind`). Due to `-output-complete-obj`, all flags provided by any `*.cmxa` should be right (eg. zarithi-freestanding.cmxa with -lgmp-freestanding). The last link step is used only to follow scripts given by Xen or Solo5 platform.
This patch wants to replace the call of `ocamlbuild` to `dune` with the requested target (see alias emitted by the configuration step).
042a1cc
to
698693a
Compare
Currently, Xen support was done but I'm not able to reproduce anything when Travis disappeared and I don't know how to use OCaml CI when it stuck on "Unable to parse .ocamlformat file". Do we have a way to use OCaml CI with this PR correctly? |
You need to merge with master (#1026 has a fix for the malformed ocamlformat file). |
As the new year, Travis CI is happy and OCaml CI is happy. So the PR is ready to merge according the OPAM repository available here: https://github.com/dinosaure/mirage-dune.git. I did not test Xen unikernels but they should work. According what I did:
So, I will prepare all of these PRs next week. Happy new year 🎉 ! |
Ok out | ||
|
||
|
||
let link _info _name _target _target_debug = Ok () |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe cleaner to just remove that function?
After discussion,
The way to upstream the dunification of |
Closing in favour of #1153 ; thanks for the hard work it was very useful to have that PR as a starting point of that work! |
…es (3.9.0) CHANGES: The Xen backend is a minimal legacy-free re-write: Solo5 (since 0.6.6) provides the low-level glue code, and ocaml-freestanding provides the OCaml runtime. The PV-only Mini-OS implementation has been retired. The only supported virtualization mode is now Xen PVH (version 2 or above), supported since Xen version 4.10 or later (and Qubes OS 4.0). The support for the ARM32 architecture on Xen has been removed. Security posture improvements: With the move to a Solo5 and ocaml-freestanding base MirageOS gains several notable improvements to security posture for unikernels on Xen: * Stack smashing protection is enabled unconditionally for all C code. * W^X is enforced throughout, i.e. `.text` is read-execute, `.rodata` is read-only, non-executable and `.data`, heap and stack are read-write and non-executable. * The memory allocator used by the OCaml runtime is now dlmalloc (provided by ocaml-freestanding), which is a big improvement over the Mini-OS malloc, and incorporates features such as heap canaries. Interface changes: * With the rewrite of the Xen core platform stack, several Xen-specific APIs have changed in incompatible ways; unikernels may need to be updated. Please refer to the mirage-xen v6.0.0 [change log](https://github.com/mirage/mirage-xen/releases/tag/v6.0.0) for a list of interfaces that have changed along with their replacements. Other changes: * OCaml 4.08 is the minimum supported version. * A dummy `dev-repo` field is emitted for the generated opam file. * .xe files are no longer generated. * Previous versions of MirageOS would strip boot parameters on Xen, since Qubes OS 3.x added arguments that could not be interpreted by our command line parser. Since Qubes OS 4.0 this is no longer an issue, and MirageOS no longer strips any boot parameters. You may need to execute `qvm-prefs qube-name kernelopts ''`. Acknowledgements: * Thanks to Roger Pau Monné, Andrew Cooper and other core Xen developers for help with understanding the specifics of how PVHv2 works, and how to write an implementation from scratch. * Thanks to Marek Marczykowski-Górecki for help with the Qubes OS specifics, and for forward-porting some missing parts of PVHv2 to Qubes OS version of Xen. * Thanks to @palainp on Github for help with testing on Qubes OS. ### v3.8.1 (2020-09-22) * OCaml runtime parameters (OCAMLPARAM) are exposed as boot and configure arguments. This allows e.g. to switch to the best-fit garbage collection strategy (mirage/mirage#1180 @hannesm) ### v3.8.0 (2020-06-22) * Emit type=pv in xl (instead of builder=linux), as required by xen 4.10+ (mirage/mirage#1166 by @djs55) * adapt to ipaddr 5.0.0, tcpip 5.0.0, mirage-crypto 0.8 (mirage/mirage#1172 @hannesm) ### v3.7.7 (2020-05-18) * handle errors from Bos.OS.Cmd.run_out * use PREFIX if defined (no need to call "opam config var prefix") * adapt to conduit 2.2.0, tls 0.12, mirage-crypto 0.7.0 changes ### v3.7.6 (2020-03-18) * fix conduit with 3.7.5 changes (mirage/mirage#1086, @hannesm) ### v3.7.5 (2020-03-15) * use mirage-crypto (and mirage-crypto-entropy) instead of nocrypto, also tls-mirage and up-to-date conduit (mirage/mirage#1068, @hannesm) ### v3.7.4 (2019-12-20) * use `git rev-parse --abbrev-ref HEAD` instead of `git branch --show-current` for emitting branch information into the opam file. The latter is only available in git 2.22 or later, while the former seems to be supported by old git releases. (mirage/mirage#1024, @hannesm) ### v3.7.3 (2019-12-17) * `mirage configure` now emits build and install steps into generated opam file this allows to use `opam install .` to actually install a unikernel. (mirage/mirage#1022 @hannesm) * refactor configure, build and link step into separate modules (mirage/mirage#1017 @dinosaure) ### v3.7.2 (2019-11-18) * adjust fat-filesystem constraints to >= 0.14 && < 0.15 (mirage/mirage#1015, @hannesm) ### v3.7.1 (2019-11-03) * clean opam files when `mirage configure` is executed (mirage/mirage#1013 @dinosaure) * deprecate mirage-types and mirage-types-lwt (mirage/mirage#1006 @hannesm) * remove abstraction over 'type 'a io' and 'buffer', remove mirage-*-lwt packages (mirage/mirage#1006 @hannesm) * unify targets in respect to hooks (Mirage_runtime provides the hooks and registration) * unify targets in respect to error handling (no toplevel try .. with installed anymore, mirage-unix does no longer ignore all errors) ### v3.7.0 (2019-11-01) * mirage-runtime: provide at_enter_iter/at_exit_iter/at_exit hooks for the event loop (mirage/mirage#1010, @samoht @dinosaure @hannesm) * call `exit 0` after the Lwt event loop returned (to run at_exit handlers in freestanding environments) (mirage/mirage#1011, @hannesm) * NOTE: this release only contains the mirage-runtime opam package to unblock other releases, there'll be a 3.7.1 soon ### v3.6.0 (2019-10-02) * solo5 0.6 support for multiple devices (mirage/mirage#993, by @mato) please read https://github.com/Solo5/solo5/blob/v0.6.2/CHANGES.md for detailed changes observable mirage changes: - new target `-t spt` for sandboxed processed tender (seccomp on Linux) - new functions Mirage_key.is_solo5 and Mirage_key.is_xen, analogue to Mirage_key.is_unix * respect verbosity when calling `ocamlbuild` -- verbose if log level is info or debug (mirage/mirage#999, by @mato) ### v3.5.2 (2019-08-22) * Adapt to conduit 2.0.0 release, including dns 4.0.0 (mirage/mirage#996, by @hannesm) * Adjust mirage-xen constraints to < 5.0.0 (mirage/mirage#995, by @reynir) ### v3.5.1 (2019-07-11) * Adapt to new tracing API (mirage/mirage#985, by @talex5) * Remove stubs for qrexec and qubes gui (qubes 3 is end of life, qubes 4 makes it configurable) (mirage/mirage#984, by @linse & @yomimono) * Update mirage-logs and charrua-client-mirage version constraints (mirage/mirage#982, by @hannesm) * Remove unused dockerfile, travis updates (mirage/mirage#982 mirage/mirage#990, by @hannesm) ### v3.5.0 (2019-03-03) * Rename Mirage_impl_kv_ro to Mirage_impl_kv, and introduce `rw` (mirage/mirage#975, by @hannesm) * Adapt to mirage-kv 2.0.0 changes (mirage/mirage#975, by @hannesm) * Adapt to mirage-protocols and mirag-net 2.0.0 changes (mirage/mirage#972, by @hannesm) * mirage-types-lwt: remove unneeded io-page dependency (mirage/mirage#971, by @hannesm) * Fix regression introduced in 3.4.0 that "-l *:debug" did no longer work (mirage/mirage#970, by @hannesm) * Adjust various upper bounds (mirage-unix, cohttp-mirage, mirage-bootvar-xen) (mirage/mirage#967, by @hannesm) ### v3.4.1 (2019-02-05) * Provide a httpaf_server device, and a cohttp_server device (mirage/mirage#955, by @anmonteiro) * There can only be a single prng device in a unikernel, due to entropy harvesting setup (mirage/mirage#959, by @hannesm) * Cleanup zarith-freestanding / gmp-freestanding dependencies (mirage/mirage#964, by @hannesm) * ethernet is now a separate package (mirage/mirage#965, by @hannesm) * arp now uses the mirage/arp repository by default, the tcpip.arpv4 implementation was removed in tcpip 3.7.0 (mirage/mirage#965, by @hannesm) ### v3.4.0 (2019-01-11) * use ipaddr 3.0 without s-expression dependency (mirage/mirage#956, by @hannesm) * use mirage-clock 2.x and tcpip 3.6.x libraries (mirage/mirage#960, mirage/mirage#962, by @hannesm) * default to socket stack on unix and macos (mirage/mirage#958, by @hannesm) * use String.split_on_char in mirage-runtime to avoid astring dependency (mirage/mirage#957, by @hannesm) * add build-dependency on mirage to each unikernel (mirage/mirage#953, by @hannesm) ### 3.3.1 (2018-11-21) * fix regression: --yes was not passed to opam in 3.3.0 (mirage/mirage#950, by @hannesm) ### 3.3.0 (2018-11-18) New target: (via solo5) Genode: "Genode is a free and open-source operating system framework consisting of a microkernel abstraction layer and a collection of userspace components. The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such as Unix. The characteristic design philosophy is that a small trusted computing base is of primary concern in a security oriented OS." (from wikipedia, more at https://genode.org/ mirage/mirage#942, by @ehmry) User-visible changes * use mirage-bootvar-unix instead of OS.Env.argv (deprecated since mirage-{xen,unix,os-shim}.3.1.0, mirage-solo5.0.5.0) on unix (mirage/mirage#931, by @hannesm) WARNING: this leads to a different semantics for argument passing on Unix: all arguments are concatenated (using a whitespace " " as separator), and split on the whitespace character again (by parse-argv). This is coherent with all other backends, but the whitespace in "--hello=foo bar" needs to be escaped now. * mirage now generates upper bounds for hard-coded packages that are used in generated code. When we now break the API, unikernels which are configured with an earlier version won't accept the new release of the dependency. This means API breakage is much smoother for us, apart from that we now track version numbers in the mirage utility. The following rules were applied for upper bounds: - if version < 1.0.0 then ~min:"a.b.c" ~max:"a.(b+1).0" - if version > 1.0.0 then ~min:"a.b.c" ~max:"(a+1).0.0"` - exceptions: tcpip (~min:"3.5.0" ~max:"3.6.0"), mirage-block-ramdisk (unconstrained) WARNING: Please be careful when release any of the referenced libraries by taking care of appropriate version numbering. (initial version in mirage/mirage#855 by @avsm, final mirage/mirage#946 by @hannesm) * since functoria.2.2.2, the "package" function (used in unikernel configuration) is extended with the labeled argument ~pin that receives a string (e.g. ~pin:"git+https://github.com/mirage-random/mirage-random.git"), and is embedded into the generated opam file as [pin-depends](https://opam.ocaml.org/doc/Manual.html#opamfield-pin-depends) * mirage-random-stdlib is now used for default_random instead of mirage-random (which since 1.2.0 no longer bundles the stdlib Random module). mirage-random-stdlib is not cryptographically secure, but "a lagged-Fibonacci F(55, 24, +) with a modified addition function to enhance the mixing of bits.", which is now seeded using mirage-entropy. If you configure your unikernel with "mirage configure --prng fortuna" (since mirage 3.0.0), a cryptographically secure PRNG will be used (read more at https://mirage.io/blog/mirage-entropy) * mirage now revived its command-line "--no-depext", which removes the call to "opam depext" in the depend and depends target of the generated Makefile (mirage/mirage#948, by @hannesm) * make depend no longer uses opam pin for opam install --deps-only (mirage/mirage#948, by @hannesm) * remove unused io_page configuration (initial discussion in mirage/mirage#855, mirage/mirage#940, by @hannesm) * charrua-client requires a Mirage_random interface since 0.11.0 (mirage/mirage#938, by @hannesm) * split implementations into separate modules (mirage/mirage#933, by @emillon) * improved opam2 support (declare ocaml as dependency mirage/mirage#926) * switch build system to dune (mirage/mirage#927, by @emillon) * block device writes has been fixed in mirage-solo5.0.5.0 ### 3.2.0 (2018-09-23) * adapt to solo5 0.4.0 changes (mirage/mirage#924, by @mato) Upgrading from Mirage 3.1.x or earlier Due to conflicting packages, opam will not upgrade mirage to version 3.2.0 or newer if a version of mirage-solo5 older than 0.4.0 is installed in the switch. To perform the upgrade you must run `opam upgrade mirage` explicitly. Changes required to rebuild and run ukvm unikernels As of Solo5 0.4.0, the ukvm target has been renamed to hvt. If you are working out of an existing, dirty, source tree, you should initially run: ``` mirage configure -t hvt mirage clean mirage configure -t hvt ``` and then proceed as normal. If you are working with a clean source tree, then simply configuring with the new hvt target is sufficient: `mirage configure -t hvt` Note that the build products have changed: The unikernel binary is now named `<unikernel>.hvt`, the `ukvm-bin` binary is now named `solo5-hvt`. * adapt to mirage-protocols, mirage-stack, tcpip changes (mirage/mirage#920, by @hannesm) This is a breaking change: mirage 3.2.0 requires mirage-protocols 1.4.0, mirage-stack 1.3.0, and tcpip 3.5.0 to work (charru-client-mirage 0.10 and mirage-qubes-ipv4 0.6 are adapted to the changes). An older mirage won't be able to use these new libraries correctly. Conflicts were introduced in the opam-repository. In more detail, direct and socket stack initialisation changed, which is automatically generated by the mirage tool for each unikernel (as part of `main.ml`). A record was built up, which is no longer needed. Several unneeded type aliases were removed: `netif` from Mirage_protocols.ETHIF `ethif` and `prefix` from Mirage_protocols.IP `ip` from Mirage_protocols.{UDP,TCP} `netif` and `'netif config` from Mirage_stack.V4 `'netif stackv4_config` and `socket_stack_config` in Mirage_stack * squash unnecessary warning from `mirage build` (mirage/mirage#916, by @mato) ### 3.1.1 (2018-08-01) * for the unix target, add `-tags thread`, as done for the mac osx target (mirage/mirage#861, suggested by @cfcs) * bump minimum mirage-solo5* and solo5-kernel* to 0.3.0 (mirage/mirage#914, by @hannesm, as suggested by @mato) * use the exposed signature in functoria for Key modules (mirage/mirage#912, by @Drup) * add ?group param to all generic devices (mirage/mirage#913, by @samoht) ### 3.1.0 (2018-06-20) * solo5 v0.3.0 support (mirage/mirage#906, by @mato @Kensan @hannesm): The major new user-visible features for the Solo5 backends are: ukvm: Now runs natively on FreeBSD vmm and OpenBSD vmm. ukvm: ARM64 support. muen: New target, for the Muen Separation Kernel. ukvm: Improved and documented support for debugging Solo5-based unikernels. * generate libvirt.xml for virtio target (mirage/mirage#903, by @bramford) * don't make xen config documents for target qubes (mirage/mirage#895, by @yomimono) * use a path pin when making depends (mirage/mirage#891, by @yomimono) * move block registration to `configure` section (mirage/mirage#892, by @yomimono) * allow to directly specifying xenstore ids (mirage/mirage#879, by @yomimono) ### 3.0.8 (2017-12-19) * when passing block devices to `xen`, pass the raw filename rather than trying to infer the xenstore ID (mirage/mirage#874, by @yomimono) * make homepage in opam files consistent (mirage/mirage#872, by @djs55) ### 3.0.7 (2017-11-24) * the released version of `cohttp-mirage` is `1.0.0` (not `3.0.0`) (mirage/mirage#870 by @hannesm) ### 3.0.6 (2017-11-16) * remove macOS < yosemite support (mirage/mirage#860 by @hannesm) * rename `mirage-http` to `cohttp-mirage` (mirage/mirage#863 by @djs55) See [mirage/ocaml-cohttp#572] * opam: require OCaml 4.04.2+ (mirage/mirage#867 by @hannesm) ### 3.0.5 (2017-08-08) * Allow runtime configuration of syslog via config keys `--syslog`, `--syslog-port` and `--syslog-hostname` (mirage/mirage#853 via @hannesm). * Switch build of tool and libraries to Jbuilder (by @samoht) * Fix a warning when connecting to a ramdisk device (mirage/mirage#837 by @g2p) * Fix reference to tar library when using `--kv-ro archive` (mirage/mirage#848 by @mor1) * Adapt to latest functoria API (mirage/mirage#849 by @samoht) * Add a `--gdb` argument for ukvm targets so that debuggers can be attached easily. This allows `mirage configure --gdb -t ukvm` to work (@ricarkol in mirage/mirage#847). * Adapt to latest functoria (mirage/mirage#849 by @samoht) * Adapt to latest charrua, tcpip (mirage/mirage#854 by @yomimono) * Switch to jbuilder (mirage/mirage#850 by @samoht) Packaging updates for latest opam repository: * ARP is compatible with MirageOS3 since 0.2.0 (mirage/mirage#851 by @hannesm) ### 3.0.4 (2017-06-15) * add a --block configure flag for picking ramdisk or file-backed disk * add lower bounds on packages * fallback to system `$PKG_CONFIG_PATH` * update for mirage-qubes-ipv4 ### 3.0.2 (2017-03-15) * restore ocamlbuild colors when `TERM <> dumb && Unix.isatty stdout` (mirage/mirage#814, by @hannesm) ### 3.0.1 (2017-03-14) * remove "-color always" from ocamlbuild invocation (bugfix for some scripts interpreting build output) (mirage/mirage#811, by @hannesm) * provide a "random" module argument when invoking IPv6.Make (compat with tcpip 3.1.0) (mirage/mirage#801, by @hannesm) * add a "depends" target to the generated Makefile (controversial and may be removed) (mirage/mirage#805, by @yomimono) * allow qubesdb to be requested in config.ml when the target is xen (mirage/mirage#807, by @talex5) ### 3.0.0 (2017-02-23) * rename module types modules: V1 -> Mirage_types, V1_LWT -> Mirage_types_lwt (mirage/mirage#766, by @yomimono, @samoht, and @hannesm) * split type signatures and error printers into separate libraries (mirage/mirage#755, mirage/mirage#753, mirage/mirage#752, mirage/mirage#751, mirage/mirage#764, and several others, by @samoht and @yomimono) * use mirage-fs instead of ocaml-fat to transform FS into KV_RO (mirage/mirage#756, by @samoht) * changes to simplify choosing an alternate ARP implementation (mirage/mirage#750, by @hannesm) * add configurators for syslog reporter (mirage/mirage#749, by @hannesm) * filter incoming boot-time arguments for all Xen backends, not just QubesOS (mirage/mirage#746, by @yomimono) * give mirage-types-lwt its own library, instead of a mirage-types sublibrary called lwt (mirage/mirage#735, by @hannesm) * remove `format` function and `Format_unknown` error from FS module type (mirage/mirage#733, by @djs55) * ocamlify FAT name (mirage/mirage#723 by @yomimono) * remove type `error` from DEVICE module type (mirage/mirage#728, by @hannesm) * UDP requires random for source port randomization (mirage/mirage#726 by @hannesm) * drop "mir-" prefix from generated binaries (mirage/mirage#725 by @hannesm) * BLOCK and FS uses result types (mirage/mirage#705 by @yomimono) * depext fixes (mirage/mirage#718 by @mato) * workflow changes: separate configure, depend, build phases, generate opam file during configure (mirage/mirage#703, mirage/mirage#711 by @hannesm) * tap0 is now default_network (mirage/mirage#715, mirage/mirage#719 by @yomimono, @mato) * ARP uses result types (mirage/mirage#711 by @yomimono) * ipv4 key (instead of separate ip and netmask) (mirage/mirage#707, mirage/mirage#709 by @yomimono) * CHANNEL uses result types (mirage/mirage#702 by @avsm) * no custom myocamlbuild.ml, was needed for OCaml 4.00 (mirage/mirage#693 by @hannesm) * revert custom ld via pkg-config (mirage/mirage#692 by @hannesm) * result types for FLOW and other network components (mirage/mirage#690 by @yomimono) * removed `is_xen` key (mirage/mirage#682, by @hannesm) * mirage-clock-xen is now mirage-clock-freestanding (mirage/mirage#684, by @mato) * mirage-runtime is a separate opam package providing common functionality (mirage/mirage#681, mirage/mirage#615 by @hannesm) * add `qubes` target for making Xen unikernels which boot & configure themselves correctly on QubesOS. (mirage/mirage#553, by @yomimono) * revised V1.CONSOLE interface: removed log, renamed log_s to log (mirage/mirage#667, by @hannesm) * remove Str module from OCaml runtime (mirage/mirage#663, in ocaml-freestanding and mirage-xen-ocaml, by @hannesm) * new configuration time keyword: prng to select the default prng (mirage/mirage#611, by @hannesm) * fail early if tracing is attempted with Solo5 (mirage/mirage#657, by @yomimono) * refactor ipv4, stackv4, and dhcp handling (mirage/mirage#643, by @yomimono) * create xen-related helper files only when the target is xen (mirage/mirage#639, by @hannesm) * improvements to nocrypto handling (mirage/mirage#636, by @pqwy) * disable warning mirage/mirage#42 in generated code for unikernels (mirage/mirage#633, by @hannesm) * V1.NETWORK functions return a Result.t rather than polyvars indicating success or errors (mirage/mirage#615, by @hannesm) * remove GNUisms and unnecessary artifacts from build (mirage/mirage#623, mirage/mirage#627, by @mato and @hannesm) * remove type `id` from `DEVICE` module type. (mirage/mirage#612, by @yomimono and @talex5) * revise the RANDOM signature to provide n random bytes; provide nocrypto_random and stdlib_random (mirage/mirage#551 and mirage/mirage#610, by @hannesm) * expose `direct` as an option for `kv_ro`. (mirage/mirage#607, by @mor1) * require a `mem` function in KV_RO, and add `Failure` error variant (mirage/mirage#606, by @yomimono) * `connect` functions are no longer expected to return polyvars, but rather to raise exceptions if `connect` fails and return the value directly. (mirage/mirage#602, by @hannesm) * new documentation using `odig` (mirage/mirage#591, mirage/mirage#593, mirage/mirage#594, mirage/mirage#597, mirage/mirage#598, mirage/mirage#599, mirage/mirage#600, and more, by @avsm) * change build system to `topkg` from `oasis`. (mirage/mirage#558, mirage/mirage#590, mirage/mirage#654, mirage/mirage#673, by @avsm, @samoht, @hannesm, @dbuenzli) * express io-page dependency of crunch. (mirage/mirage#585, by @yomimono and @mato) * deprecate the CLOCK module type in favor of PCLOCK (POSIX clock) and MCLOCK (a monotonically increasing counter of elapsed nanoseconds). (mirage/mirage#548 and mirage/mirage#579, by @mattgray and @yomimono) * emit an ocamlfind predicate that matches the target, reducing the amount of duplication by target required of library authors (mirage/mirage#568, by @pqwy) * implement an `is_unix` key (mirage/mirage#575, by @mato) * use an int64 representing nanoseconds as the argument for `TIME.sleep`, instead of a float representing seconds. (mirage/mirage#547, by @hannesm) * expose new targets `virtio` and `ukvm` via the `solo5` project. (mirage/mirage#565, by @djwillia, @mato, and @hannesm). * remove users of `base_context`, which includes command-line arguments `--unix` and `--xen`, and `config.ml` functions `add_to_ocamlfind_libraries` and `add_to_opam_packages`. As a side effect, fix a long-standing error message bug when invoking `mirage` against a `config.ml` that does not build. (mirage/mirage#560, by @yomimono) * link `libgcc.a` only on ARM & other build improvements (mirage/mirage#544, by @hannesm) * allow users to use `crunch` on unix with `kv_ro`; clean up crunch .mlis on clean (mirage/mirage#556, by @yomimono) * remove console arguments to network functors (mirage/mirage#554, by @talex5 and @yomimono) * standardize ip source and destination argument names as `src` and `dst`, and source and destination ports as `src_port` and `dst_port` (mirage/mirage#546, by @yomimono) * a large number of documentation improvements (mirage/mirage#549, by @djs55) * require `pseudoheader` function for IP module types. (mirage/mirage#541, by @yomimono) * always build with `ocamlbuild -r`, to avoid repetitive failure message (mirage/mirage#537, by @talex5) ### 2.9.1 (2016-07-20) * Warn users of command-line arguments `--unix` and `--xen` that support for these will soon be dropped. Instead, use `-t unix` and `-t xen` respectively. (see mirage/mirage-www#475 (comment)) (mirage/mirage#561, by @yomimono) * Warn users of functions `add_to_opam_packages p` and `add_to_ocamlfind_libraries l` that support for these will soon be dropped. Instead, use `register ~libraries:l` and `register:~packages:p` respectively. (mirage/mirage#561, by @yomimono). ### 2.9.0 (2016-04-29) * Add logging support. A new `reporter` parameter to `register` is now available. This parameter defines how to configure the log reporter, using `Logs` and `Mirage_logs`. Log reporters can also be configured at configuration AND runtime using on the new `-l` or `--logs` command-line argument. (mirage/mirage#534, by @samoht, @talex5 and @Drup) * Allow to disable command-line parsing at runtime. There is a new `argv` parameter to the `register` function to allow to pass custom command-line argument parsing devices. Use `register ~argv:no_argv` to disable command-line argument parsing. (mirage/mirage#493, by @samoht and @Drup) ### 2.8.0 (2016-04-04) * Define an ICMP and ICMPV4 module type. ICMPV4 is included in, and surfaced by, the STACKV4 module type. The previous default behavior of the IPv4 module with respect to ICMP is preserved by STACKV4 and the tcpip_stack_direct function provided by mirage. (mirage/mirage#523, by @yomimono) * Explicitly require OCaml compiler version 4.02.3 in opam files for mirage-types and mirage. ### 2.7.3 (2016-03-20) * Fix another regression introduced in 2.7.1 which enable `-warn-error` by default. This is now controlled by a `--warn-error` flag on `mirage configure`. Currently it's default value is [false] but this might change in future versions (mirage/mirage#520) ### 2.7.2 (2016-03-20) * Fix regression introduced in 2.7.1 which truncates the ouput of `opam install` and breaks `opam depext` (mirage/mirage#519, by @samoht) ### 2.7.1 (2016-03-17) * Improve the Dockerfile (mirage/mirage#507, by @avsm) * Use Astring (by @samoht) * Clean-up dependencies automatically added by the tool - do not require `lwt.syntax`, `cstruct.syntax` and `sexplib`, which should make the default unikernels camlp4-free (mirage/mirage#510, mirage/mirage#515 by @samoht) - always require `mirage-platform` (mirage/mirage#512, by @talex5) - ensure that `mirage-types` and `mirage-types-lwt` are installed * Turn on more warnings and enable "warning as errors". * Check that the OCaml compiler is at least 4.02.3 (by @samoht) ### 2.7.0 (2016-02-17) The mirage tool is now based on functoria. (mirage/mirage#441 mirage/mirage#450, by @Drup @samoht) See https://mirage.io/blog/introducing-functoria for full details. * Command line interface: The config file must be passed with the -f option (instead of being just an argument). * Two new generic combinators are available, generic_stack and generic_kv_ro. * `get_mode` is deprecated. You should use keys instead. And in particular `Key.target` and `Key.is_xen`. * `add_to_ocamlfind_libraries` and `add_to_opam_packages` are deprecated. Both the `foreign` and the `register` functions now accept the `~libraries` and `~packages` arguments to specify library dependencies. * If you were using `tls` without the conduit combinator, you will be greeted during configuration by a message like this: ``` The "nocrypto" library is loaded but entropy is not enabled! Please enable the entropy by adding a dependency to the nocrypto device. You can do so by adding ~deps:[abstract nocrypto] to the arguments of Mirage.foreign. ``` Data dependencies (such as entropy initialization) are now explicit. In order to fix this, you need to declare the dependency like so: ```ocaml open Mirage let my_functor = let deps = [abstract nocrypto] in foreign ~deps "My_Functor" (foo @-> bar) ``` `My_functor.start` will now take an extra argument for each dependencies. In the case of nocrypto, this is `()`. * Remove `nat-script.sh` from the scripts directory, to be available as an external script. ### 2.6.1 (2015-09-08) * Xen: improve the .xl file generation. We now have - `name.xl`: this has sensible defaults for everything including the network bridges and should "just work" if used on the build box - `name.xl.in`: this has all the settings needed to boot (e.g. presence of block and network devices) but all the environmental dependencies are represented by easily-substitutable variables. This file is intended for production use: simply replace the variables for the paths, bridges, memory sizes etc. and run `xl create` as before. ### 2.6.0 (2015-07-28) * Better ARP support. This needs `mirage-tcpip.2.6.0` (mirage/mirage#419, by @yomimono) - [mirage-types] Remove `V1.IPV4.input_arp` - [mirage-types] Expose `V1.ARP` and `V1_LWT.ARP` - Expose a `Mirage.arp` combinator * Provide noop configuration for default_time (mirage/mirage#435, by @yomimono) * Add `Mirage.archive` and `Mirage.archive_of_files` to support attaching files via a read-only tar-formatted BLOCK (mirage/mirage#432, by @djs55) * Add a .merlin file (mirage/mirage#428, by @Drup) ### 2.5.1 (2015-07-17) * [mirage-types] Expose `V1_LWT.FS.page_aligned_buffer = Cstruct.t` ### 2.5.0 (2015-06-10) * Change the type of the `Mirage.http_server` combinator. The first argument (the conduit server configuration) is removed and should now be provided at compile-time in `unikernel.ml` instead of configuration-time in `config.ml`: ```ocaml (* [config.ml] *) (* in 2.4 *) let http = http_server (`TCP (`Port 80)) conduit (* in 2.5 *) let http = http_server conduit (* [unikernel.ml] *) let start http = (* in 2.4 *) http (S.make ~conn_closed ~callback ()) (* in 2.5 *) http (`TCP 80) (S.make ~conn_closed ~callback ()) ``` * Change the type of the `Mirage.conduit_direct` combinator. Previously, it took an optional `vchan` implementation, an optional `tls` immplementation and an optional `stackv4` implemenation. Now, it simply takes a `stackv4` implementation and a boolean to enable or disable the `tls` stack. Users who want to continue to use `vchan` with `conduit` should now use the `Vchan` functors inside `unikernel.ml` instead of the combinators in `config.ml`. To enable the TLS stack: ```ocaml (* [config.ml] *) let conduit = conduit_direct ~tls:true (stack default_console) (* [unikernel.ml] *) module Main (C: Conduit_mirage.S): struct let start conduit = C.listen conduit (`TLS (tls_config, `TCP 443)) callback end ``` * [types] Remove `V1.ENTROPY` and `V1_LWT.ENTROPY`. The entropy is now handled directly by `nocrypto.0.4.0` and the mirage-tool is only responsible to call the `Nocrypto_entropy_{mode}.initialize` function. * Remove `Mirage.vchan`, `Mirage.vchan_localhost`, `Mirage.vchan_xen` and `Mirage.vchan_default`. Vchan users need to adapt their code to directly use the `Vchan` functors instead of relying on the combinators. * Remove `Mirage.conduit_client` and `Mirage.conduit_server` types. * Fix misleading "Compiling for target" messages in `mirage build` (mirage/mirage#408 by @lnmx) * Add `--no-depext` to disable the automatic installation of opam depexts (mirage/mirage#402) * Support `@name/file` findlib's extended name syntax in `xen_linkopts` fields. `@name` is expanded to `%{lib}%/name` * Modernize the Travis CI scripts ### 2.4.0 (2015-05-05) * Support `mirage-http.2.2.0` * Support `conduit.0.8.0` * Support `tcpip.2.4.0` * Add time and clock parameters to IPv4 (mirage/mirage#362, patch from @yomimono) * Support for `ocaml-tls` 0.4.0. * Conduit now takes an optional TLS argument, allowing servers to support encryption. (mirage/mirage#347) * Add the ability to specify `Makefile.user` to extend the generated `Makefile`. Also `all`, `build` and `clean` are now extensible make targets. * Remove the `mirage run` command (mirage/mirage#379) * Call `opam depext` when configuring (mirage/mirage#373) * Add opam files for `mirage` and `mirage-types` packages * Fix `mirage --version` (mirage/mirage#374) * Add a `update-doc` target to the Makefile to easily update the online documentation at http://mirage.github.io/mirage/ ### 2.3.0 (2015-03-10) * Remove the `IO_PAGE` module type from `V1`. This has now moved into the `io-page` pacakge (mirage/mirage#356) * Remove `DEVICE.connect` from the `V1` module types. When a module is functorised over a `DEVICE` it should only have the ability to *use* devices it is given, not to connect to new ones. (mirage/mirage#150) * Add `FLOW.error_message` to the `V1` module types to allow for generic handling of errors. (mirage/mirage#346) * Add `IP.uipaddr` as a universal IP address type. (mirage/mirage#361) * Support the `entropy` version 0.2+ interfaces. (mirage/mirage#359) * Check that the `opam` command is at least version 1.2.0 (mirage/mirage#355) * Don't put '-classic-display' in the generated Makefiles. (mirage/mirage#364) ### 2.2.1 (2015-01-29) * Fix logging errors when `mirage` output is not redirected. (mirage/mirage#355) * Do not reverse the order of C libraries when linking. This fixes Zarith linking in Xen mode. (mirage/mirage#341). * Fix typos in command line help. (mirage/mirage#352). ### 2.2.0 (2014-12-18) * Add IPv6 support. This alters some of the interfaces that were previously hardcoded to IPv4 by generalising them. For example: ```ocaml type v4 type v6 type 'a ip type ipv4 = v4 ip type ipv6 = v6 ip ``` Full support for configuring IPv6 does not exist yet, as this release is intended for getting the type definitions in place before adding configuration support. ### 2.1.1 (2014-12-10) * Do not reuse the Unix linker options when building Xen unikernels. Instead, get the linker options from the ocamlfind `xen_linkopts` variables (mirage/mirage#332). See `tcpip.2.1.0` for a library that does this for a C binding. * Only activate MacOS X compilation by default on 10.10 (Yosemite) or higher. Older revisions of MacOS X will use the generic Unix mode by default, since the `vmnet` framework requires Yosemite or higher. * Do not run crunched filesystem modules through `camlp4`, which significantly speeds up compilation on ARM platforms (from minutes to seconds!) (mirage/mirage#299). ### 2.1.0 (2014-12-07) * Add specific support for `MacOSX` as a platform, which enables network bridging on Yosemite (mirage/mirage#329). The `--unix` flag will automatically activate the new target if run on a MacOS X host. If this breaks for you due to being on an older version of MacOS X, then use the new `--target` flag to set either Unix, MacOSX or Xen to the `mirage configure` command. * Add `mirage.runtime` findlib library and corresponding Mirage_runtime module (mirage/mirage#327). * If net driver in STACKV4_direct can't initialize, print a helpful error (mirage/mirage#164). * [xen]: fixed link order in generated Makefile (mirage/mirage#322). * Make `Lwt.tracing` instructions work for Fish shell too by improving quoting (mirage/mirage#328). ### 2.0.1 (2014-11-21) * Add `register ~tracing` to enable tracing with mirage-profile at start-up (mirage/mirage#321). * Update Dockerfile for latest libraries (mirage/mirage#320). * Only build mirage-types if Io_page is also installed (mirage/mirage#324). ### 2.0.0 (2014-11-05) * [types]: backwards incompatible change: CONSOLE is now a FLOW; 'write' has a different signature and 'write_all' has been removed. * Set on_crash = 'preserve' in default Xen config. * Automatically install dependencies again, but display the live output to the user. * Include C stub libraries in linker command when generating Makefiles for Xen. * Add `Vchan`, `Conduit` and `Resolver` code generators. * Generate a `*.xe` script which can upload a kernel to a XenServer. * Generate a libvirt `*.xml` configuration file (mirage/mirage#292). * Fix determination of `mirage-xen` location for paths with spaces (mirage/mirage#279). * Correctly show config file locations when using a custom one. * Fix generation of foreign (non-functor) modules (mirage/mirage#293) ### 1.2.0 (2014-07-05) The Mirage frontend tool now generates a Makefile with a `make depend` target, instead of directly invoking OPAM as part of `mirage configure`. This greatly improves usability on slow platforms such as ARM, since the output of OPAM as it builds can be inspected more easily. Users will now need to run `make depend` to ensure they have the latest package set, before building their unikernel with `make` as normal. * Improve format of generated Makefile, and also colours in terminal output. * Add `make depend` target to generated Makefile. * Set `OPAMVERBOSE` and `OPAMYES` in the Makefile, which can be overridden. * Add an `ENTROPY` device type for strong random sources (mirage/mirage#256). ### 1.1.3 (2014-06-15) * Build OPAM packages in verbose mode by default. * [types] Add `FLOW` based on `TCPV4`. * travis: build mirage-types from here, rather than 1.1.0. ### 1.1.2 (2014-04-01) * Improvement to the Amazon EC2 deployment script. * [types] Augment STACKV4 with an IPV4 module in addition to TCPV4 and UDPV4. * Regenerate with OASIS 0.4.4 (which adds natdynlink support) ### 1.1.1 (2014-02-21) * Man page fixes for typos and terminology (mirage/mirage#220). * Activate backtrace recording by default (mirage/mirage#225). * Fixes in the `V1.STACKV4` to expose UDPv4/TCPv4 types properly (mirage/mirage#226). ### 1.1.0 (2014-02-05) * Add a combinator interface to device binding that makes the functor generation significantly more succinct and expressive. This breaks backwards compatibility with `config.ml` files from the 1.0.x branches. * Integrate the `mirage-types` code into `types`. This is built as a separate library from the command-line tool, via the `install-types` Makefile target. ### 1.0.4 (2014-01-14) * Add default build tags for annot, bin_annot, principal and strict_sequence. * Renane `KV_RO` to `Crunch` ### 1.0.3 (2013-12-18) * Do not remove OPAM packages when doing `mirage clean` (mirage/mirage#143) * [xen] generate a simple main.xl, without block devices or network interfaces. * The HTTP dependency now also installs `mirage-tcp-*` and `mirage-http-*`. * Fix generated Makefile dependency on source OCaml files to rebuild reliably. * Support `Fat_KV_RO` (a read-only k/v version of the FAT filesystem). * The Unix `KV_RO` now passes through to the underlying filesystem instead of calling `crunch`, via `mirage-fs-unix`. ### 1.0.2 (2013-12-10) * Add `HTTP` support. * Fix `KV_RO` configuration for OPAM autoinstall. ### 1.0.1 (2013-12-09) * Add more examples to the FAT filesystem test case. * Fix `mirage-tcpip-*` support * Fix `mirage-net-*` support ### 1.0.0 (2013-12-09) * Adapt the latest library releases for Mirage 1.0 interfaces. ### 0.10.0 (2013-12.08) * Complete API rewrite * [xen] XL configuration phase is now created during configure phase, was during run phase. ### 0.9.7 (2013-08-09) * Generate code that uses the `Ipaddr.V4` interface instead of `Nettypes`. ### 0.9.6 (2013-07-26) * fix unix-direct by linking the unix package correctly (previously it was always dropped). ### 0.9.5 (2013-07-18) * completely remove the dependency on obuild: use ocamlbuild everywhere now. * adapt for mirage-0.9.3 OS.Netif interfaces (abstract type `id`). * do not output network config when there are no `ip-*` lines in the `.conf` file. * do not try to install `mirage-fs` if there is no filesystem to create. * added `nat-script.sh` to setup xenbr0 with DNS, DHCP and masqerading under Linux. ### 0.9.4 (2013-07-09) * build using ocamlbuild rather than depending on obuild. * [xen] generate a symbol that can be used to produce stack traces with xenctx. * mirari run --socket just runs the unikernel without any tuntap work. * mirari run --xen creates a xl config file and runs `xl create -c unikernel.xl`. ### 0.9.3 (2013-06-12) * Add a `--socket` flag to activate socket-based networking (UNIX only). * Do not use OPAM compiler switches any more, as that's done in the packaging now. * Use fd-passing in the UNIX backend to spawn a process. ### 0.9.2 (2013-03-28) * Install `obuild` automatically in all compiler switches (such as Xen). * Only create symlinks to `mir-foo` for a non-Xen target. * Add a `mirari clean` command. * Add the autoswitch feature via `mirari --switch=<compiler>` or the config file. ### 0.9.1 (2013-02-13) * Fix Xen symlink upon build. * Add a `--no-install` option to `mirari configure` to prevent invoking OPAM automatically. ### 0.9.0 (2013-02-12) * Automatically install `mirage-fs` package if a filesystem crunch is requested. * Remove the need for `mir-run` by including the final Xen link directly in Mirari. * Add support for building Xen variants. * Initial import of a unix-direct version.
cc @mirage/core
This is the final proposal about the dunification of MirageOS. Some specific tasks which are discussed but not yet implemented into this PR:
sexplib
libdir
compatibility and flags
-output-obj
MirageOS in the current version trusts on one command-line argument with
ocamlopt
:-output-obj
. As I explained to @mato, this flag asks toocamlopt
to produce amain.o
(frommain.cmx
generated byfunctoria
) without any link step.Then, the
mirage
tool collects some information withocamlfind
and retrieves static libraries needed withlinkopts_freestanding
orlinkopts_xen
. About theunix
target, it follows surely flags given by*.cmxa
. However,dune
wants to use for several reasons (eg.-output-obj
on ocaml/ocaml#6797) the new option-output-complete-obj
which will follow flags given by*.cmxa
.The problem about the link-step is on this new option. We can not continue to link
*.cmxa
together and then, in another link step, choose right static libraries compiled for the given target. So, at least, we have two solution:*.cmxa
with right flags (-L
and-l
)Into #1020/#1021, the choice was made to continue to trust on
ocamlfind
and use-noautolink
to mimic the behavior of-output-obj
. In another, the choice was made to continue to resolve static libraries withocamlfind
(with givenMETA
files) and then, do a translation between C flags given byocamlfind
/META
/pkg-config
toocamlopt
flags (eg. wrap-L
with-ccopt
and-l
with-cclib
).This solution is not very good when we add a new tool (
cc-to-opt
) and discard some static libraries (with-noautolink
) if they are not noticed by theMETA
file (eg.digestif
/checkseum
).The second solution was chosen to trust on the orchestration of
dune
. But even if it's what we want, I just would like to compare what it should happen with this PR and what we did before. The choice ofdune
is, in many ways logic and expected by a consensus of all @mirage/core and the OCaml community. But this same choice was made aboutocamlfind
a long time ago. I mean, we do exactly what we did before, we will trust on an external tool of the MirageOS project about a particular step (which is not present in many projects).I don't want to say that
dune
is may be the wrong choice but I would like to say that it implies a strong follow about what happens insidedune
. Currently, and from what I saw with @rgrinberg and @diml, the feedback-loop is very good - so I don't have anything to blame. But, please, keep in your mind that you should keep this state: dune + mirage = ❤️ as long as possible.-no-keep-locs
Since OCaml 4.06.0,
-keep-locs
is the default option when we compile*.cmi
. For a long time and across several libraries from the MirageOS eco-system (and in many ways), we trusted on the fact that a*.mli
can be compiled to a*.cmi
and the resulted hash should be reproducible despite the location of the compilation computation.However, it's not true now and for a long time but I'm not sure that all the MirageOS stack followed this update (eg. #1005). It's currently a problem when some libraries still continue to follow this old rule when they expect to plug at the link time an implementation according an interface: in other words, the linking-trick.
Of course,
dune
comes with a solution,modules_without_implementation
andvariant
. But, again, it's true that many strong pieces of the MirageOS stack did not follow this update (eg. the dunification) too. At the end, it still exists some tricks into our stack and it seems hard to just remove them. So, this PR wants to deal with this, again, with the smallest patch as we can.Intermediate solution
I would like to say that this solution is not fixed. It's an intermediate solution where the move the MirageOS stack needs much more work than what I can alone. Some required updates are well known but the time needed to ship a release of these projects is not.
So, instead to wait that some projects are updated in our way, this PR wants to provide a reasonable solution first for all people. Some points are not perfect but, as I said into #1020, we can start to figure out about details/features/etc. only if we have an dunified MirageOS.
Deletion of
pkg-config
In the way of #1020, #1021 and #979, we still continue to uses some files provided by the platform instead to use
pkg-config
inside themirage
tool. We still continue to usepkg-config
on these platforms (eg.ocaml-freestanding
andmirage-posix-xen
) to craft these flags, however.These flags are:
libs.sexp
which contains path to static libraries:libasmrun.a
libnolibc.a
libopenlibm.a
and an explicit link to these libraries. For Solo5, it comes with
libmirage-solo5_bindings.a
which has some needed symbols. This file is used by the first link step. with-output-complete-obj
.ldflags
which contains flags needed to useld
at the final link step.The link step is about Solo5 and Xen when we need to follow a linking-script given by the requested platform to produce the unikernel
cflags.sexp
which contains right flags needed to compile any C files. These flags are used by the Solo5 target to compile themanifest.c
generated bysolo5-elftool
with themanifest.json
and used by the final link step.libdir
is provided but not used anymore.This solution seems to be the right and @mirage/core agree to delete
pkg-config
from themirage
tool. Again, a better solution can be found (apkg-config
in OCaml?) but I think, from the OCaml ecosystem point-of-view, we don't need more that what these files give to us.The support of Xen is not done but should follow the same pattern. I will try to fix that this week but only if people agree with this last proposal - I mostly want to save my time.
Deletion of
ocamlfind
A deletion of
ocamlfind
is much more complex that what we believe when we followed the last layout aboutocamlfind
/META
files on several projects including some outside the MirageOS organization.As I said,
dune
comes with a solution and even if I can swear that some of these projects will move todune
and will usevariant
as we expect, some projects will not follow this move for many reasons.Currently, some neuralgic projects must be updated with this new layout:
nocrypto
digestif
checkseum
bigstringaf
(cc @seliopou)I'm sure that I forgot some others projects, so help me on this list.
The point is to use
variant
. The idea is to have an interface which has allexternal
. Then, the developer should provide 3 implementations of this interface:unix
one, basic compilation of C stubsfreestanding
with a compilation of C stubs with flags given byocaml-freestanding/cflags.sexp
xen
with a compilation of C stubs with flags given bymirage-posix-xen/cflags.sexp
These implementations must denote a variant with:
(variant {unix,freestanding,xen})
and to avoid any link error for others users, denote a default implementation (theunix
one). Then, themirage
tool will generate adune.build
which will select rights variants.In the case of
checkseum
ordigestif
when we need variants to provideunix
,freestanding
andxen
stubs, we should be able to specify an other variant to use the OCaml implementation of the C implementation.In the case of
nocrypto
, the story is much more complex than what we think.nocrypto
uses C stubs (asdigestif
) and a virtual*.cmi
, in our case:Z.cmi
. This module should be provided by the Zarith distribution. However, this distribution comes with another static libraries of C files which should be compiled with right flags. The problem aboutZ.cmx
can also be found by:asn1-combinators
x509
At this stage, I suspect that
nocrypto
still trust on the initial behavior of*.cmi
with-no-keep-locs
.A fork of
nocrypto
#1020 and #1021 want to keep the compatibility with
nocrypto.0.5.4-2
and avoid any needed works on this project when its future is not clear. However, the solution is not good as some people said (including me). The solution was to do what themirage
does currently but the diff is which command will eat our link flags? Currently, themirage
tool gives flags of static libraries told
where, withdune
, we must give them toocamlopt
.Then,
nocrypto
aggregates at the end all of our problems. And when some can be fixed without any change ofnocrypto
(eg. #1005, #1009 and #1010), I think we reach the end of the current status ofnocrypto
when we must update it, at least, make a new release of it.A work was done on mirleft/ocaml-nocrypto#158 about the dunification but it's not merged.
So I did a fork of
nocrypto
available here: https://github.com/dinosaure/ocaml-nocrypto/commits/dune from mirleft/ocaml-nocrypto#158 (I need to clear the history and I will make a description of each commit in another comment). I want to update the layout of the library accordingdune
, it fixes some bugs about endian.h and it provides, as expected,nocrypto.native.{unix,freestanding,xen}
.This version wants to stay compatible with the current version of TLS. So it includes some
ppx
on some types.At the end, this version of
nocrypto
will do the right orchestration about whichzarith
we want accordingvariants
and it uses onlyZ.cmi
as an interface oflibgmp
. As we believe,dune
will do the right orchestration according variants/target and it will choose the rightnocrypto.native
which depends on the rightzarith
implementation.Again, the solution is not the best where we completely fork a project to unlock the dunification of MirageOS. But, as @mato said,
nocrypto
is a part of an important stack of MirageOS and it was not released since 2017. We can not move forward without it but we can not continue to use it as is. From what I know, @avsm did a good mediation about it but it seems clear for me (and from others) that we should make a decision.Patches needed for others projects
The new repository
mirage-dune
available here: https://github.com/dinosaure/mirage-dune wants to provide the best way to move forward and include all needed patches for others projects to compile and use them with this PR.Zarith
The most important patch and the smallest is about
zarith
. As I said, we need to provide a way to plug an implementation underZ.cmi
but we should ensure thatZ.cmi
produced and used bynocrypto
/x509
/asn1-combinators
still is the same (the same hash). As a reasonable a patch, we should put-no-keep-locs
when we want to build Zarith and do a release ofzarith.1.7-1
with this patch. The distribution does change, the code does not change, just an option is added.Of course, we can start to think about a better solution like: dunify Zarith. But:
dune
So, this is the most reasonable as I can and I believe that we can do a release of it as soon as possible.
From it, a patch is needed about
zarith-freestanding
(andxen
) when the provided*.cmxa
of these packages should link with the right GMP library:This patch was tested with the great CI of OPAM (eg. ocam/l/opam-repository#15522) and should not break anything with the current state of MirageOS - where initially we link with
zarith.cmxa
.asn1-combinators and x509
Then, we need to upgrade projects which want to use
Z.cmi
and mostly still continue to use-no-keep-locs
and importZ.mli
from Zarith and compile it as a virtual interface of an implementation of the moduleZ
. Again, the orchestration will be done bynocrypto
, at this stage, usex509
orasn1-combinators
with this patch will produce a link error where they will expect an implementation (asdigestif
before).I provided:
tls
At the end, of course, we have
tls
but the only patch I did about this project is to give the right implementation when we want to compile tests. Of course, again, we can start to think about a dunification of this project but the current state oftls
is good enough to support a dunification of MirageOS. I mean, the bottleneck is not here. So I providedtls.0.10.5-1
where the patch, I think, is not needed for an usual installation (but I'm not sure).sexplib and ocplib-endian
These libraries are already noticed in #1020 and #1021:
sexplib
: Use bigarray-compat instead bigarray to avoid a link with unix janestreet/sexplib#40ocplib-endian
:ocplib-endian.1.0-1
which includes a patch forbigarray-compat
with the current release of this packageocplib-endian.1.1
which took the current trunk and apply the patch aboutbigarray-compat
Conclusion
From what I know, I can compile
mirage-skeleton
with this PR and all of packages available intodinosaure/mirage-dune
. Again, others solutions can exist but a decision should be done as soon as possible to go forward, merge it an fix rest of issues then.As I said into #1020 and #1021, many possibilities exists then about features given by
dune
but all need a dunification of MirageOS first.Other solutions than
dune
exist too when I mentioned a possible way to do by ourselves the link step but we need a decision from all @mirage/core about next. So I just would like to say that it will be my last proposal about the dunification according expected results from all people.Then, if all people are agree with this pull-request and whet it implies about our ecosystem (in a general way), I will continue the support of Xen, merge it and then, do the support to move others libraries to this new layout. Thanks for reading.