updated from main (commit fd990ef4ae)

This commit is contained in:
Canopy bot 2024-05-15 14:39:05 +00:00
parent 09e9834897
commit 174a797c14
6 changed files with 50 additions and 47 deletions

20
Posts/Retreat2024 Normal file
View file

@ -0,0 +1,20 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>The MirageOS retreat 2024</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="The MirageOS retreat 2024" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="post"><h2>The MirageOS retreat 2024</h2><span class="author">Written by hannes</span><br/><div class="tags">Classified under: <a href="/tags/mirageos" class="tag">mirageos</a><a href="/tags/community" class="tag">community</a></div><span class="date">Published: 2024-05-15 (last updated: 2024-05-15)</span><article><p>End of April I spent a week in Marrakech to work on MirageOS at our annual <a href="https://retreat.mirage.io">retreat</a>. This was the 12th time when it actually took place, and it was amazing. We were a total of 17 people attending, of which 5 people used ground transportation. I have respect for them, to take the 3 or more day trip from Berlin or Glasgow or Paris or whereever to Marrakech - with a ferry in between (which availability depends on the wind etc.). This time, I didn't take ground transportation since I had appointments just before and just after the retreat nearby Berlin where I had to be in person. The food an weather was really nice and motivating.</p>
<p>Of the 17 people there were lots of new faces. It is really nice to see an active community which is welcoming to new people, and also that there's change: a lot of fresh ideas are brought by these people and we rethink what we are doing and why.</p>
<p>Our daily routine included breakfast, circle, lunch, dinner, (sometimes) presentations. There wasn't more formal structure, and there was no need for it since people kept themselves busy working on various projects. We had a bigger discussion about &quot;deploying MirageOS&quot;, which is a reoccurring theme. Even running a MirageOS unikernel on a laptop is for people who are not very familiar with networking pretty hard. In addition, our <a href="https://mirage.io">website</a> only briefly described network setup, and included DHCP very early (which is overwhelming to setup and use on your laptop).</p>
<p>I went to the retreat with some ideas in my head what I want to achieve (for example, replace all the bigarray allocations by bytes &amp; string), but the discussion about deployment made me prioritise this more.</p>
<h2 id="operator-handbook">Operator handbook</h2>
<p>I sat down with some people to start off a <a href="https://mirage.github.io/operator-handbook/index.html">MirageOS operator handbook</a> - we talked about the scope and the early chapters (and what is not in scope). This is still very much work in progress, <a href="https://github.com/mirage/operator-handbook">issues</a> and pull requests are welcome. The target audience is someone who wants to execute a MirageOS unikernel with hvt on a laptop or server. It will not be necessary to install OCaml, but the focus is really on the operational aspects with binaries that we provide from our <a href="https://builds.robur.coop">reproducible build infrastructure</a>.</p>
<p>In contrast to earlier attempts, this time we started with the focus and the pain points that we encountered at the retreat. We didn't plan all the chapters upfront or tried to start by developing and compiling a MirageOS &quot;hello world&quot;. I have confidence that our approach is a great start for a handbook that has been missing in the last decade.</p>
<h2 id="mollymawk">Mollymawk</h2>
<p>Also related to the deployment discussion, I re-started work from last year's retreat on a Web UI for <a href="/Posts/Albatross">Albatross</a>. Welcome <a href="https://github.com/robur-coop/mollymawk">mollymawk</a>. The idea is to have both a UI but also a HTTP API for deploying MirageOS unikernels via e.g. GitHub actions by a simple HTTP POST request. Observation and management of unikernels is also part of mollymawk. <a href="https://github.com/PizieDust">Pixie</a> worked a lot on the JavaScript and web side of it, while I put some effort into the MirageOS and Albatross interaction. Within days we got an initial prototype up and running and could show it to others. This already is able to gather information of running unikernels, the console output, and create and destroy unikernels. We will continue on mollymawk in the future.</p>
<p>From the design point, mollymawk communicates via TLS to albatross. It contains the TLS certificate and private key to access albatross (and generates temporary certificates for all the actions required). This also means that mollymawk needs to protect its secrets, otherwise anyone can mess around with albatross. Mollymawk itself is a unikernel that runs on top of albatross. What could possibly go wrong? We plan to add authentication soon to mollymawk, and can then use it for our own purposes. This will greatly improve the state of our running unikernels, since updating our unikernels from our reproducible build infrastructure will then be a click on a button, with a revert button if there are issues.</p>
<h2 id="defunctorising-mirageos">Defunctorising MirageOS</h2>
<p>Other discussions were about porting existing OCaml code to MirageOS, and what are the hurdles. The excessive use of functors are usually cumbersome for existing projects that need to revise their internal code structure. I have some issues with the use of functors as well, especially at places where they don't seem to be necessary. A rule of thumb I learned is that a functor is great if you want to have something in the same application instantiated with different modules -- i.e. a set of string and a set of integers. Now, in MirageOS we use even for time (providing the function <code>sleep</code>), clocks (monotonic and posix time), random (random data), network interface functors. The reason is that in earlier days (before mirage 4.0.0) our compilation strategy used installed opam packages. Since mirage 4, a monorepo is used to compile the unikernel.</p>
<p>Talking about time - I don't think anyone wants to have two different sleep functions in their application, similar for monotonic clock and posix time. Also the existing open source unikernels only use a single time and clock. The random interface has as well some history connected, since our cryptographic library used to bundle everything in a single opam package, and required arbitrary precision integers (via zarith using gmp), and we didn't want to impose a dependency on gmp for every unikernel. Nowadays, the CSPRNG code is separated from gmp, and we can just use it. The network interface: indeed if you're using solo5 (hvt or virtio or whatnot), you will never need a unix (tap-based) network implementation, neither xen netfront/netback. Thus, the functorisation is not necessary.</p>
<p>At the retreat we discussed and thought about replacing the functors in MirageOS with other mechanisms - conditional compilation (depending on the target) or the linking trick (dune variants) or a ppx are candidates, apart from other things (maybe first-class modules fit the requirement as well).</p>
<p>I got into coding a bit, and first looked into conditional compilation with the <a href="https://dune.readthedocs.io/en/stable/reference/library-dependencies.html#alternative-dependencies"><code>select</code></a> clauses from dune. They turned out to be not very flexible (you've to decide in the package what are all the options, and which one to take). I switched to <a href="https://dune.readthedocs.io/en/stable/variants.html#dune-variants">dune variants</a>, where the idea is that you provide a virtual interface, and only when compiling the executable you specify the implementation. This is great, since the mirage tool (at mirage configure time) can emit the dependencies. I went ahead and defunctorised the whole network stack - it was nice to see it is possible, but this is not easily upstreamable. There's as well at least <a href="https://github.com/ocaml/dune/issues/10460">one issue</a> in the dune variant code, I'm sure it will get debugged and fixed once we decide that dune variants are the solution we want to try out.</p>
<h2 id="conclusion">Conclusion</h2>
<p>I found the retreat very inspiring, there were lots of interest in various topics, and a lot of projects have been worked on. I'm also very happy that I managed to contribute and start some projects that will hopefully ease MirageOS adaption -- both on the deployment side, but as well on the developer experience side.</p>
<p>I'm looking forward to other writeups and future retreats, or other events where I can say hi to attendees.</p>
</article></div></div></main></body></html>

View file

@ -1,5 +1,6 @@
<!DOCTYPE html> <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="full stack engineer" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="flex-container"><div class="list-group listing"><a href="/Posts/TCP-ns" class="list-group-item"><h2 class="list-group-item-heading">Redeveloping TCP from the ground up</h2><span class="author">Written by hannes</span> <time>2023-11-28</time><br/><p class="list-group-item-text abstract"><p>Core Internet protocols require operational experiments, even if formally specified</p> <html xmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="full stack engineer" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="flex-container"><div class="list-group listing"><a href="/Posts/Retreat2024" class="list-group-item"><h2 class="list-group-item-heading">The MirageOS retreat 2024</h2><span class="author">Written by hannes</span> <time>2024-05-15</time><br/><p class="list-group-item-text abstract"><p>My involvement and experience of the MirageOS retreat 2024</p>
</p></a><a href="/Posts/TCP-ns" class="list-group-item"><h2 class="list-group-item-heading">Redeveloping TCP from the ground up</h2><span class="author">Written by hannes</span> <time>2023-11-28</time><br/><p class="list-group-item-text abstract"><p>Core Internet protocols require operational experiments, even if formally specified</p>
</p></a><a href="/Posts/Albatross" class="list-group-item"><h2 class="list-group-item-heading">Deploying reproducible unikernels with albatross</h2><span class="author">Written by hannes</span> <time>2022-11-17</time><br/><p class="list-group-item-text abstract"><p>fleet management for MirageOS unikernels using a mutually authenticated TLS handshake</p> </p></a><a href="/Posts/Albatross" class="list-group-item"><h2 class="list-group-item-heading">Deploying reproducible unikernels with albatross</h2><span class="author">Written by hannes</span> <time>2022-11-17</time><br/><p class="list-group-item-text abstract"><p>fleet management for MirageOS unikernels using a mutually authenticated TLS handshake</p>
</p></a><a href="/Posts/OpamMirror" class="list-group-item"><h2 class="list-group-item-heading">Mirroring the opam repository and all tarballs</h2><span class="author">Written by hannes</span> <time>2022-09-29</time><br/><p class="list-group-item-text abstract"><p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p> </p></a><a href="/Posts/OpamMirror" class="list-group-item"><h2 class="list-group-item-heading">Mirroring the opam repository and all tarballs</h2><span class="author">Written by hannes</span> <time>2022-09-29</time><br/><p class="list-group-item-text abstract"><p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p>
</p></a><a href="/Posts/Monitoring" class="list-group-item"><h2 class="list-group-item-heading">All your metrics belong to influx</h2><span class="author">Written by hannes</span> <time>2022-03-08</time><br/><p class="list-group-item-text abstract"><p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p> </p></a><a href="/Posts/Monitoring" class="list-group-item"><h2 class="list-group-item-heading">All your metrics belong to influx</h2><span class="author">Written by hannes</span> <time>2022-03-08</time><br/><p class="list-group-item-text abstract"><p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p>

65
atom
View file

@ -1,4 +1,23 @@
<feed xmlns="http://www.w3.org/2005/Atom"><link href="https://hannes.robur.coop/atom" rel="self"/><id>urn:uuid:981361ca-e71d-4997-a52c-baeee78e4156</id><title type="text">full stack engineer</title><updated>2023-11-29T13:31:13-00:00</updated><entry><summary type="html">&lt;p&gt;Core Internet protocols require operational experiments, even if formally specified&lt;/p&gt; <feed xmlns="http://www.w3.org/2005/Atom"><link href="https://hannes.robur.coop/atom" rel="self"/><id>urn:uuid:981361ca-e71d-4997-a52c-baeee78e4156</id><title type="text">full stack engineer</title><updated>2024-05-15T14:38:51-00:00</updated><entry><summary type="html">&lt;p&gt;My involvement and experience of the MirageOS retreat 2024&lt;/p&gt;
</summary><published>2024-05-15T14:38:51-00:00</published><link href="/Posts/Retreat2024" rel="alternate"/><content type="html">&lt;p&gt;End of April I spent a week in Marrakech to work on MirageOS at our annual &lt;a href=&quot;https://retreat.mirage.io&quot;&gt;retreat&lt;/a&gt;. This was the 12th time when it actually took place, and it was amazing. We were a total of 17 people attending, of which 5 people used ground transportation. I have respect for them, to take the 3 or more day trip from Berlin or Glasgow or Paris or whereever to Marrakech - with a ferry in between (which availability depends on the wind etc.). This time, I didn't take ground transportation since I had appointments just before and just after the retreat nearby Berlin where I had to be in person. The food an weather was really nice and motivating.&lt;/p&gt;
&lt;p&gt;Of the 17 people there were lots of new faces. It is really nice to see an active community which is welcoming to new people, and also that there's change: a lot of fresh ideas are brought by these people and we rethink what we are doing and why.&lt;/p&gt;
&lt;p&gt;Our daily routine included breakfast, circle, lunch, dinner, (sometimes) presentations. There wasn't more formal structure, and there was no need for it since people kept themselves busy working on various projects. We had a bigger discussion about &amp;quot;deploying MirageOS&amp;quot;, which is a reoccurring theme. Even running a MirageOS unikernel on a laptop is for people who are not very familiar with networking pretty hard. In addition, our &lt;a href=&quot;https://mirage.io&quot;&gt;website&lt;/a&gt; only briefly described network setup, and included DHCP very early (which is overwhelming to setup and use on your laptop).&lt;/p&gt;
&lt;p&gt;I went to the retreat with some ideas in my head what I want to achieve (for example, replace all the bigarray allocations by bytes &amp;amp; string), but the discussion about deployment made me prioritise this more.&lt;/p&gt;
&lt;h2 id=&quot;operator-handbook&quot;&gt;Operator handbook&lt;/h2&gt;
&lt;p&gt;I sat down with some people to start off a &lt;a href=&quot;https://mirage.github.io/operator-handbook/index.html&quot;&gt;MirageOS operator handbook&lt;/a&gt; - we talked about the scope and the early chapters (and what is not in scope). This is still very much work in progress, &lt;a href=&quot;https://github.com/mirage/operator-handbook&quot;&gt;issues&lt;/a&gt; and pull requests are welcome. The target audience is someone who wants to execute a MirageOS unikernel with hvt on a laptop or server. It will not be necessary to install OCaml, but the focus is really on the operational aspects with binaries that we provide from our &lt;a href=&quot;https://builds.robur.coop&quot;&gt;reproducible build infrastructure&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;In contrast to earlier attempts, this time we started with the focus and the pain points that we encountered at the retreat. We didn't plan all the chapters upfront or tried to start by developing and compiling a MirageOS &amp;quot;hello world&amp;quot;. I have confidence that our approach is a great start for a handbook that has been missing in the last decade.&lt;/p&gt;
&lt;h2 id=&quot;mollymawk&quot;&gt;Mollymawk&lt;/h2&gt;
&lt;p&gt;Also related to the deployment discussion, I re-started work from last year's retreat on a Web UI for &lt;a href=&quot;/Posts/Albatross&quot;&gt;Albatross&lt;/a&gt;. Welcome &lt;a href=&quot;https://github.com/robur-coop/mollymawk&quot;&gt;mollymawk&lt;/a&gt;. The idea is to have both a UI but also a HTTP API for deploying MirageOS unikernels via e.g. GitHub actions by a simple HTTP POST request. Observation and management of unikernels is also part of mollymawk. &lt;a href=&quot;https://github.com/PizieDust&quot;&gt;Pixie&lt;/a&gt; worked a lot on the JavaScript and web side of it, while I put some effort into the MirageOS and Albatross interaction. Within days we got an initial prototype up and running and could show it to others. This already is able to gather information of running unikernels, the console output, and create and destroy unikernels. We will continue on mollymawk in the future.&lt;/p&gt;
&lt;p&gt;From the design point, mollymawk communicates via TLS to albatross. It contains the TLS certificate and private key to access albatross (and generates temporary certificates for all the actions required). This also means that mollymawk needs to protect its secrets, otherwise anyone can mess around with albatross. Mollymawk itself is a unikernel that runs on top of albatross. What could possibly go wrong? We plan to add authentication soon to mollymawk, and can then use it for our own purposes. This will greatly improve the state of our running unikernels, since updating our unikernels from our reproducible build infrastructure will then be a click on a button, with a revert button if there are issues.&lt;/p&gt;
&lt;h2 id=&quot;defunctorising-mirageos&quot;&gt;Defunctorising MirageOS&lt;/h2&gt;
&lt;p&gt;Other discussions were about porting existing OCaml code to MirageOS, and what are the hurdles. The excessive use of functors are usually cumbersome for existing projects that need to revise their internal code structure. I have some issues with the use of functors as well, especially at places where they don't seem to be necessary. A rule of thumb I learned is that a functor is great if you want to have something in the same application instantiated with different modules -- i.e. a set of string and a set of integers. Now, in MirageOS we use even for time (providing the function &lt;code&gt;sleep&lt;/code&gt;), clocks (monotonic and posix time), random (random data), network interface functors. The reason is that in earlier days (before mirage 4.0.0) our compilation strategy used installed opam packages. Since mirage 4, a monorepo is used to compile the unikernel.&lt;/p&gt;
&lt;p&gt;Talking about time - I don't think anyone wants to have two different sleep functions in their application, similar for monotonic clock and posix time. Also the existing open source unikernels only use a single time and clock. The random interface has as well some history connected, since our cryptographic library used to bundle everything in a single opam package, and required arbitrary precision integers (via zarith using gmp), and we didn't want to impose a dependency on gmp for every unikernel. Nowadays, the CSPRNG code is separated from gmp, and we can just use it. The network interface: indeed if you're using solo5 (hvt or virtio or whatnot), you will never need a unix (tap-based) network implementation, neither xen netfront/netback. Thus, the functorisation is not necessary.&lt;/p&gt;
&lt;p&gt;At the retreat we discussed and thought about replacing the functors in MirageOS with other mechanisms - conditional compilation (depending on the target) or the linking trick (dune variants) or a ppx are candidates, apart from other things (maybe first-class modules fit the requirement as well).&lt;/p&gt;
&lt;p&gt;I got into coding a bit, and first looked into conditional compilation with the &lt;a href=&quot;https://dune.readthedocs.io/en/stable/reference/library-dependencies.html#alternative-dependencies&quot;&gt;&lt;code&gt;select&lt;/code&gt;&lt;/a&gt; clauses from dune. They turned out to be not very flexible (you've to decide in the package what are all the options, and which one to take). I switched to &lt;a href=&quot;https://dune.readthedocs.io/en/stable/variants.html#dune-variants&quot;&gt;dune variants&lt;/a&gt;, where the idea is that you provide a virtual interface, and only when compiling the executable you specify the implementation. This is great, since the mirage tool (at mirage configure time) can emit the dependencies. I went ahead and defunctorised the whole network stack - it was nice to see it is possible, but this is not easily upstreamable. There's as well at least &lt;a href=&quot;https://github.com/ocaml/dune/issues/10460&quot;&gt;one issue&lt;/a&gt; in the dune variant code, I'm sure it will get debugged and fixed once we decide that dune variants are the solution we want to try out.&lt;/p&gt;
&lt;h2 id=&quot;conclusion&quot;&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;I found the retreat very inspiring, there were lots of interest in various topics, and a lot of projects have been worked on. I'm also very happy that I managed to contribute and start some projects that will hopefully ease MirageOS adaption -- both on the deployment side, but as well on the developer experience side.&lt;/p&gt;
&lt;p&gt;I'm looking forward to other writeups and future retreats, or other events where I can say hi to attendees.&lt;/p&gt;
</content><category scheme="https://hannes.robur.coop/tags/community" term="community"/><category scheme="https://hannes.robur.coop/tags/mirageos" term="mirageos"/><id>urn:uuid:2c9e2634-78c5-5957-b6f2-d0706f80d7eb</id><title type="text">The MirageOS retreat 2024</title><updated>2024-05-15T14:38:51-00:00</updated><author><name>hannes</name></author></entry><entry><summary type="html">&lt;p&gt;Core Internet protocols require operational experiments, even if formally specified&lt;/p&gt;
</summary><published>2023-11-28T21:17:01-00:00</published><link href="/Posts/TCP-ns" rel="alternate"/><content type="html">&lt;p&gt;The &lt;a href=&quot;https://en.wikipedia.org/wiki/Transmission_Control_Protocol&quot;&gt;Transmission Control Protocol (TCP)&lt;/a&gt; is one of the main Internet protocols. Usually spoken on top of the Internet Protocol (legacy version 4 or version 6), it provides a reliable, ordered, and error-checked stream of octets. When an application uses TCP, they get these properties for free (in contrast to UDP).&lt;/p&gt; </summary><published>2023-11-28T21:17:01-00:00</published><link href="/Posts/TCP-ns" rel="alternate"/><content type="html">&lt;p&gt;The &lt;a href=&quot;https://en.wikipedia.org/wiki/Transmission_Control_Protocol&quot;&gt;Transmission Control Protocol (TCP)&lt;/a&gt; is one of the main Internet protocols. Usually spoken on top of the Internet Protocol (legacy version 4 or version 6), it provides a reliable, ordered, and error-checked stream of octets. When an application uses TCP, they get these properties for free (in contrast to UDP).&lt;/p&gt;
&lt;p&gt;As common for Internet protocols, TCP is specified in a series of so-called requests for comments (RFC). The latest revised version from August 2022 is &lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc9293&quot;&gt;RFC 9293&lt;/a&gt;; the initial one was &lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc793&quot;&gt;RFC 793&lt;/a&gt; from September 1981.&lt;/p&gt; &lt;p&gt;As common for Internet protocols, TCP is specified in a series of so-called requests for comments (RFC). The latest revised version from August 2022 is &lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc9293&quot;&gt;RFC 9293&lt;/a&gt;; the initial one was &lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc793&quot;&gt;RFC 793&lt;/a&gt; from September 1981.&lt;/p&gt;
&lt;h1 id=&quot;my-brief-personal-tcp-story&quot;&gt;My brief personal TCP story&lt;/h1&gt; &lt;h1 id=&quot;my-brief-personal-tcp-story&quot;&gt;My brief personal TCP story&lt;/h1&gt;
@ -1050,46 +1069,4 @@ $ ocertify 10.0.42.2 foo.mirage
&lt;p&gt;There are further steps to take, such as monitoring (&lt;code&gt;mirage configure --monitoring&lt;/code&gt;), which use a second network interface for reporting syslog and metrics to telegraf / influx / grafana. Some DNS features are still missing, most prominently DNSSec.&lt;/p&gt; &lt;p&gt;There are further steps to take, such as monitoring (&lt;code&gt;mirage configure --monitoring&lt;/code&gt;), which use a second network interface for reporting syslog and metrics to telegraf / influx / grafana. Some DNS features are still missing, most prominently DNSSec.&lt;/p&gt;
&lt;p&gt;I'd like to thank all people involved in this software stack, without other key components, including &lt;a href=&quot;https://github.com/mirage/ocaml-git&quot;&gt;git&lt;/a&gt;, &lt;a href=&quot;https://github.com/mirage/mirage-crypto&quot;&gt;mirage-crypto&lt;/a&gt;, &lt;a href=&quot;https://github.com/mirage/awa-ssh&quot;&gt;awa-ssh&lt;/a&gt;, &lt;a href=&quot;https://github.com/solo5/sol5&quot;&gt;solo5&lt;/a&gt;, &lt;a href=&quot;https://github.com/mirage/mirage&quot;&gt;mirage&lt;/a&gt;, &lt;a href=&quot;https://github.com/mmaker/ocaml-letsencrypt&quot;&gt;ocaml-letsencrypt&lt;/a&gt;, and more.&lt;/p&gt; &lt;p&gt;I'd like to thank all people involved in this software stack, without other key components, including &lt;a href=&quot;https://github.com/mirage/ocaml-git&quot;&gt;git&lt;/a&gt;, &lt;a href=&quot;https://github.com/mirage/mirage-crypto&quot;&gt;mirage-crypto&lt;/a&gt;, &lt;a href=&quot;https://github.com/mirage/awa-ssh&quot;&gt;awa-ssh&lt;/a&gt;, &lt;a href=&quot;https://github.com/solo5/sol5&quot;&gt;solo5&lt;/a&gt;, &lt;a href=&quot;https://github.com/mirage/mirage&quot;&gt;mirage&lt;/a&gt;, &lt;a href=&quot;https://github.com/mmaker/ocaml-letsencrypt&quot;&gt;ocaml-letsencrypt&lt;/a&gt;, and more.&lt;/p&gt;
&lt;p&gt;If you want to support our work on MirageOS unikernels, please &lt;a href=&quot;https://robur.coop/Donate&quot;&gt;donate to robur&lt;/a&gt;. I'm interested in feedback, either via &lt;a href=&quot;https://twitter.com/h4nnes&quot;&gt;twitter&lt;/a&gt;, &lt;a href=&quot;https://mastodon.social/@hannesm&quot;&gt;hannesm@mastodon.social&lt;/a&gt; or via eMail.&lt;/p&gt; &lt;p&gt;If you want to support our work on MirageOS unikernels, please &lt;a href=&quot;https://robur.coop/Donate&quot;&gt;donate to robur&lt;/a&gt;. I'm interested in feedback, either via &lt;a href=&quot;https://twitter.com/h4nnes&quot;&gt;twitter&lt;/a&gt;, &lt;a href=&quot;https://mastodon.social/@hannesm&quot;&gt;hannesm@mastodon.social&lt;/a&gt; or via eMail.&lt;/p&gt;
</content><category scheme="https://hannes.robur.coop/tags/deployment" term="deployment"/><category scheme="https://hannes.robur.coop/tags/protocol" term="protocol"/><category scheme="https://hannes.robur.coop/tags/mirageos" term="mirageos"/><id>urn:uuid:e3d4fd9e-e379-5c86-838e-46034ddd435d</id><title type="text">Deploying authoritative OCaml-DNS servers as MirageOS unikernels</title><updated>2023-03-02T17:20:44-00:00</updated><author><name>hannes</name></author></entry><entry><summary type="html">&lt;p&gt;MirageOS unikernels are reproducible :)&lt;/p&gt; </content><category scheme="https://hannes.robur.coop/tags/deployment" term="deployment"/><category scheme="https://hannes.robur.coop/tags/protocol" term="protocol"/><category scheme="https://hannes.robur.coop/tags/mirageos" term="mirageos"/><id>urn:uuid:e3d4fd9e-e379-5c86-838e-46034ddd435d</id><title type="text">Deploying authoritative OCaml-DNS servers as MirageOS unikernels</title><updated>2023-03-02T17:20:44-00:00</updated><author><name>hannes</name></author></entry></feed>
</summary><published>2019-12-16T18:29:30-00:00</published><link href="/Posts/ReproducibleOPAM" rel="alternate"/><content type="html">&lt;h2 id=&quot;reproducible-builds-summit&quot;&gt;Reproducible builds summit&lt;/h2&gt;
&lt;p&gt;I'm just back from the &lt;a href=&quot;https://reproducible-builds.org/events/Marrakesh2019/&quot;&gt;Reproducible builds summit 2019&lt;/a&gt;. In 2018, several people developing &lt;a href=&quot;https://ocaml.org&quot;&gt;OCaml&lt;/a&gt; and &lt;a href=&quot;https://opam.ocaml.org&quot;&gt;opam&lt;/a&gt; and &lt;a href=&quot;https://mirage.io&quot;&gt;MirageOS&lt;/a&gt;, attended &lt;a href=&quot;https://reproducible-builds.org/events/paris2018/&quot;&gt;the Reproducible builds summit in Paris&lt;/a&gt;. The notes from last year on &lt;a href=&quot;https://reproducible-builds.org/events/paris2018/report/#Toc11410_331763073&quot;&gt;opam reproducibility&lt;/a&gt; and &lt;a href=&quot;https://reproducible-builds.org/events/paris2018/report/#Toc11681_331763073&quot;&gt;MirageOS reproducibility&lt;/a&gt; are online. After last years workshop, Raja started developing the opam reproducibilty builder &lt;a href=&quot;https://github.com/rjbou/orb&quot;&gt;orb&lt;/a&gt;, which I extended at and after this years summit. This year before and after the facilitated summit there were hacking days, which allowed further interaction with participants, writing some code and conduct experiments. I had this year again an exciting time at the summit and hacking days, thanks to our hosts, organisers, and all participants.&lt;/p&gt;
&lt;h2 id=&quot;goal&quot;&gt;Goal&lt;/h2&gt;
&lt;p&gt;Stepping back a bit, first look on the &lt;a href=&quot;https://reproducible-builds.org/&quot;&gt;goal of reproducible builds&lt;/a&gt;: when compiling source code multiple times, the produced binaries should be identical. It should be sufficient if the binaries are behaviourally equal, but this is pretty hard to check. It is much easier to check &lt;strong&gt;bit-wise identity of binaries&lt;/strong&gt;, and relaxes the burden on the checker -- checking for reproducibility is reduced to computing the hash of the binaries. Let's stick to the bit-wise identical binary definition, which also means software developers have to avoid non-determinism during compilation in their toolchains, dependent libraries, and developed code.&lt;/p&gt;
&lt;p&gt;A &lt;a href=&quot;https://reproducible-builds.org/docs/test-bench/&quot;&gt;checklist&lt;/a&gt; of potential things leading to non-determinism has been written up by the reproducible builds project. Examples include recording the build timestamp into the binary, ordering of code and embedded data. The reproducible builds project also developed &lt;a href=&quot;https://packages.debian.org/sid/disorderfs&quot;&gt;disorderfs&lt;/a&gt; for testing reproducibility and &lt;a href=&quot;https://diffoscope.org/&quot;&gt;diffoscope&lt;/a&gt; for comparing binaries with file-dependent readers, falling back to &lt;code&gt;objdump&lt;/code&gt; and &lt;code&gt;hexdump&lt;/code&gt;. A giant &lt;a href=&quot;https://tests.reproducible-builds.org/&quot;&gt;test infrastructure&lt;/a&gt; with &lt;a href=&quot;https://tests.reproducible-builds.org/debian/index_variations.html&quot;&gt;lots of variations&lt;/a&gt; between the builds, mostly using Debian, has been setup over the years.&lt;/p&gt;
&lt;p&gt;Reproducibility is a precondition for trustworthy binaries. See &lt;a href=&quot;https://reproducible-builds.org/#why-does-it-matter&quot;&gt;why does it matter&lt;/a&gt;. If there are no instructions how to get from the published sources to the exact binary, why should anyone trust and use the binary which claims to be the result of the sources? It may as well contain different code, including a backdoor, bitcoin mining code, outputting the wrong results for specific inputs, etc. Reproducibility does not imply the software is free of security issues or backdoors, but instead of a audit of the binary - which is tedious and rarely done - the source code can be audited - but the toolchain (compiler, linker, ..) used for compilation needs to be taken into account, i.e. trusted or audited to not be malicious. &lt;strong&gt;I will only ever publish binaries if they are reproducible&lt;/strong&gt;.&lt;/p&gt;
&lt;p&gt;My main interest at the summit was to enhance existing tooling and conduct some experiments about the reproducibility of &lt;a href=&quot;https://mirage.io&quot;&gt;MirageOS unikernels&lt;/a&gt; -- a unikernel is a statically linked ELF binary to be run as Unix process or &lt;a href=&quot;https://github.com/solo5/solo5&quot;&gt;virtual machine&lt;/a&gt;. MirageOS heavily uses &lt;a href=&quot;https://ocaml.org&quot;&gt;OCaml&lt;/a&gt; and &lt;a href=&quot;https://opam.ocaml.org&quot;&gt;opam&lt;/a&gt;, the OCaml package manager, and is an opam package itself. Thus, &lt;em&gt;checking reproducibility of a MirageOS unikernel is the same problem as checking reproducibility of an opam package&lt;/em&gt;.&lt;/p&gt;
&lt;h2 id=&quot;reproducible-builds-with-opam&quot;&gt;Reproducible builds with opam&lt;/h2&gt;
&lt;p&gt;Testing for reproducibility is achieved by taking the sources and compile them twice independently. Afterwards the equality of the resulting binaries can be checked. In trivial projects, the sources is just a single file, or originate from a single tarball. In OCaml, opam uses &lt;a href=&quot;https://github.com/ocaml/opam-repository&quot;&gt;a community repository&lt;/a&gt; where OCaml developers publish their package releases to, but can also use custom repositores, and in addition pin packages to git remotes (url including branch or commit), or a directory on the local filesystem. Manually tracking and updating all dependent packages of a MirageOS unikernel is not feasible: our hello-world compiled for hvt (kvm/BHyve) already has 79 opam dependencies, including the OCaml compiler which is distribued as opam package. The unikernel serving this website depends on 175 opam packages.&lt;/p&gt;
&lt;p&gt;Conceptually there should be two tools, the &lt;em&gt;initial builder&lt;/em&gt;, which takes the latest opam packages which do not conflict, and exports exact package versions used during the build, as well as hashes of binaries. The other tool is a &lt;em&gt;rebuilder&lt;/em&gt;, which imports the export, conducts a build, and outputs the hashes of the produced binaries.&lt;/p&gt;
&lt;p&gt;Opam has the concept of a &lt;code&gt;switch&lt;/code&gt;, which is an environment where a package set is installed. Switches are independent of each other, and can already be exported and imported. Unfortunately the export is incomplete: if a package includes additional patches as part of the repository -- sometimes needed for fixing releases where the actual author or maintainer of a package responds slowly -- these package neither the patches end up in the export. Also, if a package is pinned to a git branch, the branch appears in the export, but this may change over time by pushing more commits or even force-pushing to that branch. In &lt;a href=&quot;https://github.com/ocaml/opam/pull/4040&quot;&gt;PR #4040&lt;/a&gt; (under discussion and review), also developed during the summit, I propose to embed the additional files as base64 encoded values in the opam file. To solve the latter issue, I modified the export mechanism to &lt;a href=&quot;https://github.com/ocaml/opam/pull/4055&quot;&gt;embed the git commit hash (PR #4055)&lt;/a&gt;, and avoid sources from a local directory and which do not have a checksum.&lt;/p&gt;
&lt;p&gt;So the opam export contains the information required to gather the exact same sources and build instructions of the opam packages. If the opam repository would be self-contained (i.e. not depend on any other tools), this would be sufficient. But opam does not run in thin air, it requires some system utilities such as &lt;code&gt;/bin/sh&lt;/code&gt;, &lt;code&gt;sed&lt;/code&gt;, a GNU make, commonly &lt;code&gt;git&lt;/code&gt;, a C compiler, a linker, an assembler. Since opam is available on various operating systems, the plugin &lt;code&gt;depext&lt;/code&gt; handles host system dependencies, e.g. if your opam package requires &lt;code&gt;gmp&lt;/code&gt; to be installed, this requires slightly different names depending on host system or distribution, take a look at &lt;a href=&quot;https://github.com/ocaml/opam-repository/blob/master/packages/conf-gmp/conf-gmp.1/opam&quot;&gt;conf-gmp&lt;/a&gt;. This also means, opam has rather good information about both the opam dependencies and the host system dependencies for each package. Please note that the host system packages used during compilation are not yet recorded (i.e. which &lt;code&gt;gmp&lt;/code&gt; package was installed and used during the build, only that a &lt;code&gt;gmp&lt;/code&gt; package has to be installed). The base utilities mentioned above (C compiler, linker, shell) are also not recorded yet.&lt;/p&gt;
&lt;p&gt;Operating system information available in opam (such as architecture, distribution, version), which in some cases maps to exact base utilities, is recorded in the build-environment, a separate artifact. The environment variable &lt;a href=&quot;https://reproducible-builds.org/specs/source-date-epoch/&quot;&gt;&lt;code&gt;SOURCE_DATE_EPOCH&lt;/code&gt;&lt;/a&gt;, used for communicating the same timestamp when software is required to record a timestamp into the resulting binary, is also captured in the build environment.&lt;/p&gt;
&lt;p&gt;Additional environment variables may be captured or used by opam packages to produce different output. To avoid this, both the initial builder and the rebuilder are run with minimal environment variables: only &lt;code&gt;PATH&lt;/code&gt; (normalised to a whitelist of &lt;code&gt;/bin&lt;/code&gt;, &lt;code&gt;/usr/bin&lt;/code&gt;, &lt;code&gt;/usr/local/bin&lt;/code&gt; and &lt;code&gt;/opt/bin&lt;/code&gt;) and &lt;code&gt;HOME&lt;/code&gt; are defined. Missing information at the moment includes CPU features: some libraries (gmp?, nocrypto) emit different code depending on the CPU feature.&lt;/p&gt;
&lt;h2 id=&quot;tooling&quot;&gt;Tooling&lt;/h2&gt;
&lt;p&gt;&lt;em&gt;TL;DR: A &lt;strong&gt;build&lt;/strong&gt; builds an opam package, and outputs &lt;code&gt;.opam-switch&lt;/code&gt;, &lt;code&gt;.build-hashes.N&lt;/code&gt;, and &lt;code&gt;.build-environment.N&lt;/code&gt;. A &lt;strong&gt;rebuild&lt;/strong&gt; uses these artifacts as input, builds the package and outputs another &lt;code&gt;.build-hashes.M&lt;/code&gt; and &lt;code&gt;.build-environment.M&lt;/code&gt;.&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;The command-line utility &lt;code&gt;orb&lt;/code&gt; can be installed and used:&lt;/p&gt;
&lt;pre&gt;&lt;code class=&quot;language-sh&quot;&gt;$ opam pin add orb git+https://github.com/hannesm/orb.git#active
$ orb build --twice --keep-build-dir --diffoscope &amp;lt;your-favourite-opam-package&amp;gt;
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;It provides two subcommands &lt;code&gt;build&lt;/code&gt; and &lt;code&gt;rebuild&lt;/code&gt;. The &lt;code&gt;build&lt;/code&gt; command takes a list of local opam &lt;code&gt;--repos&lt;/code&gt; where to take opam packages from (defaults to &lt;code&gt;default&lt;/code&gt;), a compiler (either a variant &lt;code&gt;--compiler=4.09.0+flambda&lt;/code&gt;, a version &lt;code&gt;--compiler=4.06.0&lt;/code&gt;, or a pin to a local development version &lt;code&gt;--compiler-pin=~/ocaml&lt;/code&gt;), and optionally an existing switch &lt;code&gt;--use-switch&lt;/code&gt;. It creates a switch, builds the packages, and emits the opam export, hashes of all files installed by these packages, and the build environment. The flags &lt;code&gt;--keep-build&lt;/code&gt; retains the build products, opam's &lt;code&gt;--keep-build-dir&lt;/code&gt; in addition temporary build products and generated source code. If &lt;code&gt;--twice&lt;/code&gt; is provided, a rebuild (described next) is executed after the initial build.&lt;/p&gt;
&lt;p&gt;The &lt;code&gt;rebuild&lt;/code&gt; command takes a directory with the opam export and build environment to build the opam package. It first compares the build-environment with the host system, sets the &lt;code&gt;SOURCE_DATE_EPOCH&lt;/code&gt; and switch location accordingly and executes the import. Once the build is finished, it compares the hashes of the resulting files with the previous run. On divergence, if build directories were kept in the previous build, and if diffoscope is available and &lt;code&gt;--diffoscope&lt;/code&gt; was provided, diffoscope is run on the diverging files. If &lt;code&gt;--keep-build-dir&lt;/code&gt; was provided as well, &lt;code&gt;diff -ur&lt;/code&gt; can be used to compare the temporary build and sources, including build logs.&lt;/p&gt;
&lt;p&gt;The builds are run in parallel, as opam does, this parallelism does not lead to different binaries in my experiments.&lt;/p&gt;
&lt;h2 id=&quot;results-and-discussion&quot;&gt;Results and discussion&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;All MirageOS unikernels I have deployed are reproducible \o/&lt;/strong&gt;. Also, several binaries such as &lt;code&gt;orb&lt;/code&gt; itself, &lt;code&gt;opam&lt;/code&gt;, &lt;code&gt;solo5-hvt&lt;/code&gt;, and all &lt;code&gt;albatross&lt;/code&gt; utilities are reproducible.&lt;/p&gt;
&lt;p&gt;The unikernel range from hello world, web servers (e.g. this blog, getting its data on startup via a git clone to memory), authoritative DNS servers, CalDAV server. They vary in size between 79 and 200 opam packages, resulting in 2MB - 16MB big ELF binaries (including debug symbols). The &lt;a href=&quot;https://github.com/roburio/reproducible-unikernel-repo&quot;&gt;unikernel opam repository&lt;/a&gt; contains some reproducible unikernels used for testing. Some work-in-progress enhancements are needed to achieve this:&lt;/p&gt;
&lt;p&gt;At the moment, the opam package of a MirageOS unikernel is automatically generated by &lt;code&gt;mirage configure&lt;/code&gt;, but only used for tracking opam dependencies. I worked on &lt;a href=&quot;https://github.com/mirage/mirage/pull/1022&quot;&gt;mirage PR #1022&lt;/a&gt; to extend the generated opam package with build and install instructions.&lt;/p&gt;
&lt;p&gt;As mentioned above, if locale is set, ocamlgraph needs to be patched to emit a (locale-dependent) timestamp.&lt;/p&gt;
&lt;p&gt;The OCaml program &lt;a href=&quot;https://github.com/mirage/ocaml-crunch&quot;&gt;&lt;code&gt;crunch&lt;/code&gt;&lt;/a&gt; embeds a subdirectory as OCaml code into a binary, which we use in MirageOS quite regularly for static assets, etc. This plays in several ways into reproducibility: on the one hand, it needs a timestamp for its &lt;code&gt;last_modified&lt;/code&gt; functionality (and adheres since &lt;a href=&quot;https://github.com/mirage/ocaml-crunch/pull/45&quot;&gt;June 2018&lt;/a&gt; to the &lt;code&gt;SOURCE_DATE_EPOCH&lt;/code&gt; spec, thanks to Xavier Clerc). On the other hand, it used before version 3.2.0 (released Dec 14th) hashtables for storing the file contents, where iteration is not deterministic (the insertion is not sorted), &lt;a href=&quot;https://github.com/mirage/ocaml-crunch/pull/51&quot;&gt;fixed in PR #51&lt;/a&gt; by using a Map instead.&lt;/p&gt;
&lt;p&gt;In functoria, a tool used to configure MirageOS devices and their dependencies, can emit a list of opam packages which were required to build the unikernel. This uses &lt;code&gt;opam list --required-by --installed --rec &amp;lt;pkgs&amp;gt;&lt;/code&gt;, which uses the cudf graph (&lt;a href=&quot;https://github.com/mirage/functoria/pull/189#issuecomment-566696426&quot;&gt;thanks to Raja for explanation&lt;/a&gt;), that is during the rebuild dropping some packages. The &lt;a href=&quot;https://github.com/mirage/functoria/pull/189&quot;&gt;PR #189&lt;/a&gt; avoids by not using the &lt;code&gt;--rec&lt;/code&gt; argument, but manually computing the fixpoint.&lt;/p&gt;
&lt;p&gt;Certainly, the choice of environment variables, and whether to vary them (as &lt;a href=&quot;https://tests.reproducible-builds.org/debian/index_variations.html&quot;&gt;debian does&lt;/a&gt;) or to not define them (or normalise) while building, is arguably. Since MirageOS does neither support time zone nor internationalisation, there is no need to prematurely solving this issue. On related note, even with different locale settings, MirageOS unikernels are reproducible apart from an &lt;a href=&quot;https://github.com/backtracking/ocamlgraph/pull/90&quot;&gt;issue in ocamlgraph #90&lt;/a&gt; embedding the output of &lt;a href=&quot;https://pubs.opengroup.org/onlinepubs/9699919799/utilities/date.html&quot;&gt;&lt;code&gt;date&lt;/code&gt;&lt;/a&gt;, which is different depending on &lt;code&gt;LANG&lt;/code&gt; and locale (&lt;code&gt;LC_*&lt;/code&gt;) settings.&lt;/p&gt;
&lt;p&gt;Prior art in reproducible MirageOS unikernels is the &lt;a href=&quot;https://github.com/mirage/qubes-mirage-firewall/&quot;&gt;mirage-qubes-firewall&lt;/a&gt;. Since &lt;a href=&quot;https://github.com/mirage/qubes-mirage-firewall/commit/07ff3d61477383860216c69869a1ffee59145e45&quot;&gt;early 2017&lt;/a&gt; it is reproducible. Their approach is different by building in a docker container with the opam repository pinned to an exact git commit.&lt;/p&gt;
&lt;h2 id=&quot;further-work&quot;&gt;Further work&lt;/h2&gt;
&lt;p&gt;I only tested a certain subset of opam packages and MirageOS unikernels, mainly on a single machine (my laptop) running FreeBSD, and am happy if others will test reproducibility of their OCaml programs with the tools provided. There could as well be CI machines rebuilding opam packages and reporting results to a central repository. I'm pretty sure there are more reproducibility issues in the opam ecosystem. I developed an &lt;a href=&quot;https://github.com/roburio/reproducible-testing-repo&quot;&gt;reproducible testing opam repository&lt;/a&gt; with opam packages that do not depend on OCaml, mainly for further tooling development. Some tests were also conducted on a Debian system with the same result. The variations, apart from build time, were using a different user, and different locale settings.&lt;/p&gt;
&lt;p&gt;As mentioned above, more environment, such as the CPU features, and external system packages, should be captured in the build environment.&lt;/p&gt;
&lt;p&gt;When comparing OCaml libraries, some output files (cmt / cmti / cma / cmxa) are not deterministic, but contain minimal diverge where I was not able to spot the root cause. It would be great to fix this, likely in the OCaml compiler distribution. Since the final result, the binary I'm interested in, is not affected by non-identical intermediate build products, I hope someone (you?) is interested in improving on this side. OCaml bytecode output also seems to be non-deterministic. There is &lt;a href=&quot;https://github.com/coq/coq/issues/11229&quot;&gt;a discussion on the coq issue tracker&lt;/a&gt; which may be related.&lt;/p&gt;
&lt;p&gt;In contrast to initial plans, I did not used the &lt;a href=&quot;https://reproducible-builds.org/specs/build-path-prefix-map/&quot;&gt;&lt;code&gt;BUILD_PATH_PREFIX_MAP&lt;/code&gt;&lt;/a&gt; environment variable, which is implemented in OCaml by &lt;a href=&quot;https://github.com/ocaml/ocaml/pull/1515&quot;&gt;PR #1515&lt;/a&gt; (and followups). The main reasons are that something in the OCaml toolchain (I suspect the bytecode interpreter) needed absolute paths to find libraries, thus I'd need a symlink from the left-hand side to the current build directory, which was tedious. Also, my installed assembler does not respect the build path prefix map, and BUILD_PATH_PREFIX_MAP is not widely supported. See e.g. the Debian &lt;a href=&quot;https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/ocaml-zarith.html&quot;&gt;zarith&lt;/a&gt; package with different build paths and its effects on the binary.&lt;/p&gt;
&lt;p&gt;I'm fine with recording the build path (switch location) in the build environment for now - it turns out to end up only once in MirageOS unikernels, likely by the last linking step, which &lt;a href=&quot;http://blog.llvm.org/2019/11/deterministic-builds-with-clang-and-lld.html&quot;&gt;hopefully soon be solved by llvm 9.0&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;What was fun was to compare the unikernel when built on Linux with gcc against a built on FreeBSD with clang and lld - spoiler: they emit debug sections with different dwarf versions, it is pretty big. Other fun differences were between OCaml compiler versions: the difference between minor versions (4.08.0 vs 4.08.1) is pretty small (~100kB as human-readable output), while the difference between major version (4.08.1 vs 4.09.0) is rather big (~900kB as human-readable diff).&lt;/p&gt;
&lt;p&gt;An item on my list for the future is to distribute the opam export, build hashes and build environment artifacts in a authenticated way. I want to integrate this as &lt;a href=&quot;https://in-toto.io/&quot;&gt;in-toto&lt;/a&gt; style into &lt;a href=&quot;https://github.com/hannesm/conex&quot;&gt;conex&lt;/a&gt;, my not-yet-deployed implementation of &lt;a href=&quot;https://theupdateframework.github.io/&quot;&gt;tuf&lt;/a&gt; for opam that needs further development and a test installation, hopefully in 2020.&lt;/p&gt;
&lt;p&gt;If you want to support our work on MirageOS unikernels, please &lt;a href=&quot;https://robur.coop/Donate&quot;&gt;donate to robur&lt;/a&gt;. I'm interested in feedback, either via &lt;a href=&quot;https://twitter.com/h4nnes&quot;&gt;twitter&lt;/a&gt;, &lt;a href=&quot;https://mastodon.social/@hannesm&quot;&gt;hannesm@mastodon.social&lt;/a&gt; or via eMail.&lt;/p&gt;
</content><category scheme="https://hannes.robur.coop/tags/package%20signing" term="package signing"/><category scheme="https://hannes.robur.coop/tags/security" term="security"/><category scheme="https://hannes.robur.coop/tags/mirageos" term="mirageos"/><id>urn:uuid:09922d6b-56c8-595d-8086-5aef9656cbc4</id><title type="text">Reproducible MirageOS unikernel builds</title><updated>2021-11-19T18:04:52-00:00</updated><author><name>hannes</name></author></entry></feed>

View file

@ -1,5 +1,6 @@
<!DOCTYPE html> <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="full stack engineer" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="flex-container"><div class="list-group listing"><a href="/Posts/TCP-ns" class="list-group-item"><h2 class="list-group-item-heading">Redeveloping TCP from the ground up</h2><span class="author">Written by hannes</span> <time>2023-11-28</time><br/><p class="list-group-item-text abstract"><p>Core Internet protocols require operational experiments, even if formally specified</p> <html xmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="full stack engineer" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="flex-container"><div class="list-group listing"><a href="/Posts/Retreat2024" class="list-group-item"><h2 class="list-group-item-heading">The MirageOS retreat 2024</h2><span class="author">Written by hannes</span> <time>2024-05-15</time><br/><p class="list-group-item-text abstract"><p>My involvement and experience of the MirageOS retreat 2024</p>
</p></a><a href="/Posts/TCP-ns" class="list-group-item"><h2 class="list-group-item-heading">Redeveloping TCP from the ground up</h2><span class="author">Written by hannes</span> <time>2023-11-28</time><br/><p class="list-group-item-text abstract"><p>Core Internet protocols require operational experiments, even if formally specified</p>
</p></a><a href="/Posts/Albatross" class="list-group-item"><h2 class="list-group-item-heading">Deploying reproducible unikernels with albatross</h2><span class="author">Written by hannes</span> <time>2022-11-17</time><br/><p class="list-group-item-text abstract"><p>fleet management for MirageOS unikernels using a mutually authenticated TLS handshake</p> </p></a><a href="/Posts/Albatross" class="list-group-item"><h2 class="list-group-item-heading">Deploying reproducible unikernels with albatross</h2><span class="author">Written by hannes</span> <time>2022-11-17</time><br/><p class="list-group-item-text abstract"><p>fleet management for MirageOS unikernels using a mutually authenticated TLS handshake</p>
</p></a><a href="/Posts/OpamMirror" class="list-group-item"><h2 class="list-group-item-heading">Mirroring the opam repository and all tarballs</h2><span class="author">Written by hannes</span> <time>2022-09-29</time><br/><p class="list-group-item-text abstract"><p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p> </p></a><a href="/Posts/OpamMirror" class="list-group-item"><h2 class="list-group-item-heading">Mirroring the opam repository and all tarballs</h2><span class="author">Written by hannes</span> <time>2022-09-29</time><br/><p class="list-group-item-text abstract"><p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p>
</p></a><a href="/Posts/Monitoring" class="list-group-item"><h2 class="list-group-item-heading">All your metrics belong to influx</h2><span class="author">Written by hannes</span> <time>2022-03-08</time><br/><p class="list-group-item-text abstract"><p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p> </p></a><a href="/Posts/Monitoring" class="list-group-item"><h2 class="list-group-item-heading">All your metrics belong to influx</h2><span class="author">Written by hannes</span> <time>2022-03-08</time><br/><p class="list-group-item-text abstract"><p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p>

3
tags/community Normal file
View file

@ -0,0 +1,3 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="full stack engineer" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="flex-container"><div class="list-group listing"><a href="/Posts/Retreat2024" class="list-group-item"><h2 class="list-group-item-heading">The MirageOS retreat 2024</h2><span class="author">Written by hannes</span> <time>2024-05-15</time><br/><p class="list-group-item-text abstract"><p>My involvement and experience of the MirageOS retreat 2024</p>
</p></a></div></div></div></main></body></html>

View file

@ -1,5 +1,6 @@
<!DOCTYPE html> <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="full stack engineer" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="flex-container"><div class="list-group listing"><a href="/Posts/TCP-ns" class="list-group-item"><h2 class="list-group-item-heading">Redeveloping TCP from the ground up</h2><span class="author">Written by hannes</span> <time>2023-11-28</time><br/><p class="list-group-item-text abstract"><p>Core Internet protocols require operational experiments, even if formally specified</p> <html xmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="stylesheet" href="/static/css/highlight.css"/><script src="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="alternate" href="/atom" title="full stack engineer" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Posts">full stack engineer</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/About"><span>About</span></a></li><li><a href="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="flex-container"><div class="list-group listing"><a href="/Posts/Retreat2024" class="list-group-item"><h2 class="list-group-item-heading">The MirageOS retreat 2024</h2><span class="author">Written by hannes</span> <time>2024-05-15</time><br/><p class="list-group-item-text abstract"><p>My involvement and experience of the MirageOS retreat 2024</p>
</p></a><a href="/Posts/TCP-ns" class="list-group-item"><h2 class="list-group-item-heading">Redeveloping TCP from the ground up</h2><span class="author">Written by hannes</span> <time>2023-11-28</time><br/><p class="list-group-item-text abstract"><p>Core Internet protocols require operational experiments, even if formally specified</p>
</p></a><a href="/Posts/Albatross" class="list-group-item"><h2 class="list-group-item-heading">Deploying reproducible unikernels with albatross</h2><span class="author">Written by hannes</span> <time>2022-11-17</time><br/><p class="list-group-item-text abstract"><p>fleet management for MirageOS unikernels using a mutually authenticated TLS handshake</p> </p></a><a href="/Posts/Albatross" class="list-group-item"><h2 class="list-group-item-heading">Deploying reproducible unikernels with albatross</h2><span class="author">Written by hannes</span> <time>2022-11-17</time><br/><p class="list-group-item-text abstract"><p>fleet management for MirageOS unikernels using a mutually authenticated TLS handshake</p>
</p></a><a href="/Posts/OpamMirror" class="list-group-item"><h2 class="list-group-item-heading">Mirroring the opam repository and all tarballs</h2><span class="author">Written by hannes</span> <time>2022-09-29</time><br/><p class="list-group-item-text abstract"><p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p> </p></a><a href="/Posts/OpamMirror" class="list-group-item"><h2 class="list-group-item-heading">Mirroring the opam repository and all tarballs</h2><span class="author">Written by hannes</span> <time>2022-09-29</time><br/><p class="list-group-item-text abstract"><p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p>
</p></a><a href="/Posts/Monitoring" class="list-group-item"><h2 class="list-group-item-heading">All your metrics belong to influx</h2><span class="author">Written by hannes</span> <time>2022-03-08</time><br/><p class="list-group-item-text abstract"><p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p> </p></a><a href="/Posts/Monitoring" class="list-group-item"><h2 class="list-group-item-heading">All your metrics belong to influx</h2><span class="author">Written by hannes</span> <time>2022-03-08</time><br/><p class="list-group-item-text abstract"><p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p>