robur/homepage-data
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updated from main (commit 90a88c239d)

Browse source
This commit is contained in:
Canopy bot 2022-12-07 17:02:17 +00:00
parent 4df1eb3053
commit 25771e45c7
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Projects/Reproducible_builds
View file

@ -1,5 +1,5 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Robur Reproducible Builds</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="alternate" href="/atom" title="Robur Reproducible Builds" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Home">robur</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/Donate"><span>Donate</span></a></li><li><a href="/Contact"><span>Contact</span></a></li><li><a href="/About Us"><span>About Us</span></a></li><li><a href="/Our Work"><span>Our Work</span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="post"><h2>Robur Reproducible Builds</h2><span class="date">Published: 2021-11-16 (last updated: 2022-11-17)</span><article><p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Robur Reproducible Builds</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="alternate" href="/atom" title="Robur Reproducible Builds" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Home">robur</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/Donate"><span>Donate</span></a></li><li><a href="/Contact"><span>Contact</span></a></li><li><a href="/About Us"><span>About Us</span></a></li><li><a href="/Our Work"><span>Our Work</span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="post"><h2>Robur Reproducible Builds</h2><span class="date">Published: 2021-11-16 (last updated: 2022-12-07)</span><article><p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p>
<p>The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for <a href="https://opam.ocaml.org">Opam</a> packages and <a href="https://mirageos.org">MirageOS</a> - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.</p>
<p>Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- <code>albatross-client-local update my-unikernel</code> is everything needed for an update.</p>
<p>Several ready-to-use MirageOS unikernels are built on a daily basis - ranging from <a href="https://builds.robur.coop/job/dns-primary-git/">authoritative DNS servers</a> (<a href="https://builds.robur.coop/job/dns-secondary/">secondary</a>, <a href="https://builds.robur.coop/job/dns-letsencrypt-secondary/">let's encrypt DNS solver</a>), <a href="https://builds.robur.coop/job/dnsvizor/">DNS-and-DHCP service (similar to dnsmasq)</a>, <a href="https://builds.robur.coop/job/tlstunnel/">TLS reverse proxy</a>, <a href="https://builds.robur.coop/job/unipi/">Unipi - a web server that delivers content from a git repository</a>, <a href="https://builds.robur.coop/job/dns-resolver/">DNS resolver</a>, <a href="https://builds.robur.coop/job/caldav/">CalDAV server</a>, and of course your own MirageOS unikernel.</p>
@ -10,8 +10,8 @@
<p>To run a MirageOS unikernel on your laptop or computer with virtualization extensions (VT-x - KVM/BHyve), you first have to install the <code>solo5</code> and <code>albatross</code> packages. Afterwards you need to setup a virtual network switch (a bridge interface) where your unikernels will communicate, and forwarding.</p>
<h3>Host system package installation</h3>
<p>For Debian and Ubuntu systems, we provide package repositories. Browse the <a href="https://apt.robur.coop/dists">dists</a> folder for one matching your distribution, and add it to <code>/etc/apt/sources.list</code>:</p>
<pre><code>$ wget -q -O /etc/apt/trusted.gpg.d/apt.robur.coop.gpg https://apt.robur.coop/gpg.pub
$ echo &quot;deb https://apt.robur.coop ubuntu-20.04 main&quot; &gt;&gt; /etc/apt/sources.list # replace ubuntu-20.04 with e.g. debian-11 on a debian buster machine
<pre><code>$ curl -fsSL https://apt.robur.coop/gpg.pub | gpg --dearmor &gt; /usr/share/keyrings/apt.robur.coop.gpg
$ echo &quot;deb [signed-by=/usr/share/keyrings/apt.robur.coop.gpg] https://apt.robur.coop ubuntu-20.04 main&quot; &gt;&gt; /etc/apt/sources.list # replace ubuntu-20.04 with e.g. debian-11 on a debian buster machine
$ apt update
$ apt install solo5 albatross
</code></pre>

8
atom
View file

@ -1,4 +1,4 @@
<feed xmlns="http://www.w3.org/2005/Atom"><link href="https://robur.coop//atom" rel="self"/><id>urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbc</id><title type="text">robur</title><updated>2022-11-21T15:13:41-00:00</updated><entry><published>2021-11-16T15:06:35-00:00</published><link href="/Projects/Reproducible_builds" rel="alternate"/><content type="html">&lt;p&gt;In 2021 we in &lt;a href=&quot;https://robur.coop/&quot;&gt;Robur&lt;/a&gt; have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the &lt;a href=&quot;https://pointer.ngi.eu/&quot;&gt;Next Generation Internet (NGI Pointer) initiative&lt;/a&gt;. The result is &lt;a href=&quot;https://builds.robur.coop&quot;&gt;online&lt;/a&gt;.&lt;/p&gt;
<feed xmlns="http://www.w3.org/2005/Atom"><link href="https://robur.coop//atom" rel="self"/><id>urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbc</id><title type="text">robur</title><updated>2022-12-07T17:01:48-00:00</updated><entry><published>2021-11-16T15:06:35-00:00</published><link href="/Projects/Reproducible_builds" rel="alternate"/><content type="html">&lt;p&gt;In 2021 we in &lt;a href=&quot;https://robur.coop/&quot;&gt;Robur&lt;/a&gt; have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the &lt;a href=&quot;https://pointer.ngi.eu/&quot;&gt;Next Generation Internet (NGI Pointer) initiative&lt;/a&gt;. The result is &lt;a href=&quot;https://builds.robur.coop&quot;&gt;online&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for &lt;a href=&quot;https://opam.ocaml.org&quot;&gt;Opam&lt;/a&gt; packages and &lt;a href=&quot;https://mirageos.org&quot;&gt;MirageOS&lt;/a&gt; - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.&lt;/p&gt;
&lt;p&gt;Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- &lt;code&gt;albatross-client-local update my-unikernel&lt;/code&gt; is everything needed for an update.&lt;/p&gt;
&lt;p&gt;Several ready-to-use MirageOS unikernels are built on a daily basis - ranging from &lt;a href=&quot;https://builds.robur.coop/job/dns-primary-git/&quot;&gt;authoritative DNS servers&lt;/a&gt; (&lt;a href=&quot;https://builds.robur.coop/job/dns-secondary/&quot;&gt;secondary&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/dns-letsencrypt-secondary/&quot;&gt;let's encrypt DNS solver&lt;/a&gt;), &lt;a href=&quot;https://builds.robur.coop/job/dnsvizor/&quot;&gt;DNS-and-DHCP service (similar to dnsmasq)&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/tlstunnel/&quot;&gt;TLS reverse proxy&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/unipi/&quot;&gt;Unipi - a web server that delivers content from a git repository&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/dns-resolver/&quot;&gt;DNS resolver&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/caldav/&quot;&gt;CalDAV server&lt;/a&gt;, and of course your own MirageOS unikernel.&lt;/p&gt;
@ -9,8 +9,8 @@
&lt;p&gt;To run a MirageOS unikernel on your laptop or computer with virtualization extensions (VT-x - KVM/BHyve), you first have to install the &lt;code&gt;solo5&lt;/code&gt; and &lt;code&gt;albatross&lt;/code&gt; packages. Afterwards you need to setup a virtual network switch (a bridge interface) where your unikernels will communicate, and forwarding.&lt;/p&gt;
&lt;h3&gt;Host system package installation&lt;/h3&gt;
&lt;p&gt;For Debian and Ubuntu systems, we provide package repositories. Browse the &lt;a href=&quot;https://apt.robur.coop/dists&quot;&gt;dists&lt;/a&gt; folder for one matching your distribution, and add it to &lt;code&gt;/etc/apt/sources.list&lt;/code&gt;:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;$ wget -q -O /etc/apt/trusted.gpg.d/apt.robur.coop.gpg https://apt.robur.coop/gpg.pub
$ echo &amp;quot;deb https://apt.robur.coop ubuntu-20.04 main&amp;quot; &amp;gt;&amp;gt; /etc/apt/sources.list # replace ubuntu-20.04 with e.g. debian-11 on a debian buster machine
&lt;pre&gt;&lt;code&gt;$ curl -fsSL https://apt.robur.coop/gpg.pub | gpg --dearmor &amp;gt; /usr/share/keyrings/apt.robur.coop.gpg
$ echo &amp;quot;deb [signed-by=/usr/share/keyrings/apt.robur.coop.gpg] https://apt.robur.coop ubuntu-20.04 main&amp;quot; &amp;gt;&amp;gt; /etc/apt/sources.list # replace ubuntu-20.04 with e.g. debian-11 on a debian buster machine
$ apt update
$ apt install solo5 albatross
&lt;/code&gt;&lt;/pre&gt;
@ -115,7 +115,7 @@ $ fg # back to albatross-client-local console
$ Ctrl-C # kill that process
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;That's it. Albatross has more features, such as block devices, multiple bridges (for management, private networks, ...), restart if the unikernel exited with specific exit code, assignment of a unikernel to a specific CPU. It also has remote command execution and resource limits (you can allow your friends to execute a number of unikernels with limited memory and block storage accessing only some of your bridges). There is a daemon to collect metrics and report them to Grafana (via Telegraf and Influx). MirageOS unikernels also support IPv6, you're not limited to legacy IP.&lt;/p&gt;
</content><id>urn:uuid:a225bf44-9230-569f-8852-1b5d2132a749</id><title type="text">Robur Reproducible Builds</title><updated>2022-11-17T12:59:08-00:00</updated><author><name>canopy</name></author></entry><entry><published>2019-09-10T19:40:14-00:00</published><link href="/Our%20Work/Technology-Employed" rel="alternate"/><content type="html">&lt;h1&gt;MirageOS&lt;/h1&gt;
</content><id>urn:uuid:a225bf44-9230-569f-8852-1b5d2132a749</id><title type="text">Robur Reproducible Builds</title><updated>2022-12-07T17:01:48-00:00</updated><author><name>canopy</name></author></entry><entry><published>2019-09-10T19:40:14-00:00</published><link href="/Our%20Work/Technology-Employed" rel="alternate"/><content type="html">&lt;h1&gt;MirageOS&lt;/h1&gt;
&lt;p&gt;MirageOS is a software suite to build custom-tailored operating systems from (mostly open source) small individual libraries. It has been developed since 2009 at the University of Cambridge, UK and is written in the programming language &lt;a href=&quot;/Our%20Work/Technology-Employed#OCaml&quot;&gt;OCaml&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;It compiles the necessary OCaml libraries into a unikernel - a small operating system, each built for a certain purpose. For each unikernel we can pick from hundreds of permissively licensed open source libraries which implement network protocols, storage on block devices, or interfaces to network devices via the hypervisor or host operating system. As we only put into each one exactly what is needed, each unikernel is fast; instantly booting and, as there is less code base, it is easier to maintain and keep secure.&lt;/p&gt;
&lt;p&gt;As an example to see how lines of code compare, here are the number of lines of code needed for different elements of our &lt;a href=&quot;/Our%20Work/Projects#Bitcoin%20Pinata&quot;&gt;Bitcoin Pinata&lt;/a&gt;, measured in thousands of lines of code:&lt;/p&gt;