robur/homepage-data
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updated from main (commit 019fae7bb2)

Browse source
This commit is contained in:
Canopy bot 2024-06-30 19:42:25 +00:00
parent de6e4fb052
commit 481932e905
2 changed files with 17 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
Our Work/Projects
View file

@ -1,5 +1,5 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Projects</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="alternate" href="/atom" title="Projects" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Home">robur</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/Donate"><span>Donate</span></a></li><li><a href="/Contact"><span>Contact</span></a></li><li><a href="/About Us"><span>About Us</span></a></li><li><a href="/Our Work"><span>Our Work</span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="post"><h2>Projects</h2><span class="date">Published: 2019-09-10 (last updated: 2022-03-01)</span><article><h1 id="robur-reproducible-builds">Robur Reproducible Builds</h1>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Projects</title><meta charset="UTF-8"/><link rel="stylesheet" href="/static/css/style.css"/><link rel="alternate" href="/atom" title="Projects" type="application/atom+xml"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><nav class="navbar navbar-default navbar-fixed-top"><div class="container"><div class="navbar-header"><a class="navbar-brand" href="/Home">robur</a></div><div class="collapse navbar-collapse collapse"><ul class="nav navbar-nav navbar-right"><li><a href="/Donate"><span>Donate</span></a></li><li><a href="/Contact"><span>Contact</span></a></li><li><a href="/About Us"><span>About Us</span></a></li><li><a href="/Our Work"><span>Our Work</span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li><li><a href="/"><span></span></a></li></ul></div></div></nav><main><div class="flex-container"><div class="post"><h2>Projects</h2><span class="date">Published: 2019-09-10 (last updated: 2024-06-30)</span><article><h1 id="robur-reproducible-builds">Robur Reproducible Builds</h1>
<p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the Eurepean Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p>
<p>The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for <a href="https://opam.ocaml.org">Opam</a> packages and <a href="https://mirageos.org">MirageOS</a> - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.</p>
<p>Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- <code>albatross-client-local update my-unikernel</code> is everything needed for an update.</p>
@ -70,12 +70,13 @@
<p>The software consists of a library, and various UNIX tools that make use of the library, and can be used to interact with systems that are currently using GnuPG or other OpenPGP implementations for file encryption or verification using OpenPGP signatures. Notably it can be used from within MirageOS applications without having to bundle a C implementation, and the UNIX binaries are separated from the library so that your applications can use the library directly, unlike GnuPG or libgpgme whose API translates to repeated executions of the gpg2 binary and parsing of the textual output from that.</p>
<p>Currently we have implemented signing/verification and encryption/decryption, but there is no support for elliptic curve cryptography. Decompression of ZLIB streams is supported through the use of a pure OCaml library called decompress. While some things are implemented with a streaming API, many operations make use of an in-memory buffer, which introduces memory constraints on the file handled (this is an area where there is definitely room for improvement).</p>
<p>The software is available <a href="https://github.com/roburio/ocaml-openpgp">on Github</a>.</p>
<h1 id="openvpn">OpenVPN</h1>
<p>OpenVPN is a virtual private network protocol that started from a single implementation developed in C, without any specification document. Over time flaws were found in the implementation which lead to further revisions. Also several extensions were developed for coping with other needs.</p>
<p>This history meant that overall OpenVPN has a number of flaws and is overly complex due to revisions on revisions. We implemented only the most recent protocol version and require the current key derivation and authentication method.</p>
<p>We started from scratch developing it in <a href="/Our%20Work/Technology-Employed#OCaml">OCaml</a> using existing cryptographic libraries and parsers. This approach allowed us to take some design decisions that have security benefits and our codebase is minimal. We strive for compatibility of the configuration file, so our OCaml OpenVPN can be a drop-in replacement.</p>
<p>We began this work in 2018 with a grant from <a href="https://prototypefund.de">The Prototype Fund</a>. Whilst the code is available on <a href="https://github.com/roburio/openvpn">Github</a> we have not released it yet as it needs further work (in terms of testing, performance evaluation).</p>
<p>If you are interested in supporting further work on our OpenVPN implementation through a <a href="/Donate">donation</a>, with a grant, or just want to hear more about the project please <a href="/Contact">get in touch with us</a>!</p>
<h1 id="miragevpn">MirageVPN</h1>
<p>OpenVPN™ is a virtual private network protocol that started from a single implementation developed in C, without any specification document. Over time flaws were found in the implementation which lead to further revisions. Also several extensions were developed for coping with other needs.</p>
<p>This history meant that overall OpenVPN™ has a number of flaws and is overly complex due to revisions on revisions. We implemented only the most recent protocol version and require the current key derivation and authentication method.</p>
<p>We started from scratch developing <a href="https://github.com/robur-coop/miragevpn">MirageVPN</a> in <a href="/Our%20Work/Technology-Employed#OCaml">OCaml</a> using existing cryptographic libraries and parsers. This approach allowed us to take some design decisions that have security benefits and our codebase is minimal. We strive for compatibility of the configuration file, so MirageVPN can be a drop-in replacement for OpenVPN™.</p>
<p>This project was funded in 2019 for six months by the <a href="https://www.bmbf.de">German federal ministry for education and research</a> via the <a href="https://prototypefund.de">Prototypefund</a> - the amount was 47500 EUR.</p>
<p>In 2023, we received further funding from European Union in the Next Generation Internet project (<a href="https://www.assure.ngi.eu/">NGI assure</a>, via <a href="https://nlnet.nl">NLnet</a>. The scope was updating to the current protocol version (tls-crypt-v2 etc.), a QubesOS client, a server implementation, and more documentation. The amount was 57000 EUR. Learn more at the <a href="https://nlnet.nl/project/MirageVPN">NLnet project page</a>.</p>
<p>If you are interested in supporting further work on our MirageVPN implementation through a <a href="/Donate">donation</a>, with a grant, or just want to hear more about the project please <a href="/Contact">get in touch with us</a>!</p>
<h4 id="more-technical-information-5">More technical information:</h4>
<p>Our main goal is a client implementation as a MirageOS unikernel (either forwarding all traffic to a single IP address or NAT of a local network via the OpenVPN tunnel), but we also developed a UNIX client which configures a tap device on the host and adjusts the hosts routing table accordingly. We extended our protocol implementation with a server as well. Testing is done against existing OpenVPN servers.</p>
<p>Our implementation has stronger security promises since we do not implement old protocol versions that are brittle. In addition it is fail-hard when using the NAT unikernel: if the tunnel is down, all packets are dropped (instead of sent unencrypted). We do not support questionable configuration options and we have safe defaults for the configuration.</p>

17
atom
View file

@ -1,4 +1,4 @@
<feed xmlns="http://www.w3.org/2005/Atom"><link href="https://robur.coop//atom" rel="self"/><id>urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbc</id><title type="text">robur</title><updated>2024-04-18T07:34:49-00:00</updated><entry><published>2021-11-16T15:06:35-00:00</published><link href="/Projects/Reproducible_builds" rel="alternate"/><content type="html">&lt;p&gt;In 2021 we in &lt;a href=&quot;https://robur.coop/&quot;&gt;Robur&lt;/a&gt; have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the &lt;a href=&quot;https://pointer.ngi.eu/&quot;&gt;Next Generation Internet (NGI Pointer) initiative&lt;/a&gt;. The result is &lt;a href=&quot;https://builds.robur.coop&quot;&gt;online&lt;/a&gt;.&lt;/p&gt;
<feed xmlns="http://www.w3.org/2005/Atom"><link href="https://robur.coop//atom" rel="self"/><id>urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbc</id><title type="text">robur</title><updated>2024-06-30T19:42:13-00:00</updated><entry><published>2021-11-16T15:06:35-00:00</published><link href="/Projects/Reproducible_builds" rel="alternate"/><content type="html">&lt;p&gt;In 2021 we in &lt;a href=&quot;https://robur.coop/&quot;&gt;Robur&lt;/a&gt; have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the &lt;a href=&quot;https://pointer.ngi.eu/&quot;&gt;Next Generation Internet (NGI Pointer) initiative&lt;/a&gt;. The result is &lt;a href=&quot;https://builds.robur.coop&quot;&gt;online&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for &lt;a href=&quot;https://opam.ocaml.org&quot;&gt;Opam&lt;/a&gt; packages and &lt;a href=&quot;https://mirageos.org&quot;&gt;MirageOS&lt;/a&gt; - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.&lt;/p&gt;
&lt;p&gt;Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- &lt;code&gt;albatross-client update my-unikernel&lt;/code&gt; is everything needed for an update.&lt;/p&gt;
&lt;p&gt;Several ready-to-use MirageOS unikernels are built on a daily basis - ranging from &lt;a href=&quot;https://builds.robur.coop/job/dns-primary-git/&quot;&gt;authoritative DNS servers&lt;/a&gt; (&lt;a href=&quot;https://builds.robur.coop/job/dns-secondary/&quot;&gt;secondary&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/dns-letsencrypt-secondary/&quot;&gt;let's encrypt DNS solver&lt;/a&gt;), &lt;a href=&quot;https://builds.robur.coop/job/dnsvizor/&quot;&gt;DNS-and-DHCP service (similar to dnsmasq)&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/tlstunnel/&quot;&gt;TLS reverse proxy&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/unipi/&quot;&gt;Unipi - a web server that delivers content from a git repository&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/dns-resolver/&quot;&gt;DNS resolver&lt;/a&gt;, &lt;a href=&quot;https://builds.robur.coop/job/caldav/&quot;&gt;CalDAV server&lt;/a&gt;, and of course your own MirageOS unikernel.&lt;/p&gt;
@ -303,12 +303,13 @@ This talk explores functional programming concepts, which help us create powerfu
&lt;p&gt;The software consists of a library, and various UNIX tools that make use of the library, and can be used to interact with systems that are currently using GnuPG or other OpenPGP implementations for file encryption or verification using OpenPGP signatures. Notably it can be used from within MirageOS applications without having to bundle a C implementation, and the UNIX binaries are separated from the library so that your applications can use the library directly, unlike GnuPG or libgpgme whose API translates to repeated executions of the gpg2 binary and parsing of the textual output from that.&lt;/p&gt;
&lt;p&gt;Currently we have implemented signing/verification and encryption/decryption, but there is no support for elliptic curve cryptography. Decompression of ZLIB streams is supported through the use of a pure OCaml library called decompress. While some things are implemented with a streaming API, many operations make use of an in-memory buffer, which introduces memory constraints on the file handled (this is an area where there is definitely room for improvement).&lt;/p&gt;
&lt;p&gt;The software is available &lt;a href=&quot;https://github.com/roburio/ocaml-openpgp&quot;&gt;on Github&lt;/a&gt;.&lt;/p&gt;
&lt;h1 id=&quot;openvpn&quot;&gt;OpenVPN&lt;/h1&gt;
&lt;p&gt;OpenVPN is a virtual private network protocol that started from a single implementation developed in C, without any specification document. Over time flaws were found in the implementation which lead to further revisions. Also several extensions were developed for coping with other needs.&lt;/p&gt;
&lt;p&gt;This history meant that overall OpenVPN has a number of flaws and is overly complex due to revisions on revisions. We implemented only the most recent protocol version and require the current key derivation and authentication method.&lt;/p&gt;
&lt;p&gt;We started from scratch developing it in &lt;a href=&quot;/Our%20Work/Technology-Employed#OCaml&quot;&gt;OCaml&lt;/a&gt; using existing cryptographic libraries and parsers. This approach allowed us to take some design decisions that have security benefits and our codebase is minimal. We strive for compatibility of the configuration file, so our OCaml OpenVPN can be a drop-in replacement.&lt;/p&gt;
&lt;p&gt;We began this work in 2018 with a grant from &lt;a href=&quot;https://prototypefund.de&quot;&gt;The Prototype Fund&lt;/a&gt;. Whilst the code is available on &lt;a href=&quot;https://github.com/roburio/openvpn&quot;&gt;Github&lt;/a&gt; we have not released it yet as it needs further work (in terms of testing, performance evaluation).&lt;/p&gt;
&lt;p&gt;If you are interested in supporting further work on our OpenVPN implementation through a &lt;a href=&quot;/Donate&quot;&gt;donation&lt;/a&gt;, with a grant, or just want to hear more about the project please &lt;a href=&quot;/Contact&quot;&gt;get in touch with us&lt;/a&gt;!&lt;/p&gt;
&lt;h1 id=&quot;miragevpn&quot;&gt;MirageVPN&lt;/h1&gt;
&lt;p&gt;OpenVPN™ is a virtual private network protocol that started from a single implementation developed in C, without any specification document. Over time flaws were found in the implementation which lead to further revisions. Also several extensions were developed for coping with other needs.&lt;/p&gt;
&lt;p&gt;This history meant that overall OpenVPN™ has a number of flaws and is overly complex due to revisions on revisions. We implemented only the most recent protocol version and require the current key derivation and authentication method.&lt;/p&gt;
&lt;p&gt;We started from scratch developing &lt;a href=&quot;https://github.com/robur-coop/miragevpn&quot;&gt;MirageVPN&lt;/a&gt; in &lt;a href=&quot;/Our%20Work/Technology-Employed#OCaml&quot;&gt;OCaml&lt;/a&gt; using existing cryptographic libraries and parsers. This approach allowed us to take some design decisions that have security benefits and our codebase is minimal. We strive for compatibility of the configuration file, so MirageVPN can be a drop-in replacement for OpenVPN™.&lt;/p&gt;
&lt;p&gt;This project was funded in 2019 for six months by the &lt;a href=&quot;https://www.bmbf.de&quot;&gt;German federal ministry for education and research&lt;/a&gt; via the &lt;a href=&quot;https://prototypefund.de&quot;&gt;Prototypefund&lt;/a&gt; - the amount was 47500 EUR.&lt;/p&gt;
&lt;p&gt;In 2023, we received further funding from European Union in the Next Generation Internet project (&lt;a href=&quot;https://www.assure.ngi.eu/&quot;&gt;NGI assure&lt;/a&gt;, via &lt;a href=&quot;https://nlnet.nl&quot;&gt;NLnet&lt;/a&gt;. The scope was updating to the current protocol version (tls-crypt-v2 etc.), a QubesOS client, a server implementation, and more documentation. The amount was 57000 EUR. Learn more at the &lt;a href=&quot;https://nlnet.nl/project/MirageVPN&quot;&gt;NLnet project page&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;If you are interested in supporting further work on our MirageVPN implementation through a &lt;a href=&quot;/Donate&quot;&gt;donation&lt;/a&gt;, with a grant, or just want to hear more about the project please &lt;a href=&quot;/Contact&quot;&gt;get in touch with us&lt;/a&gt;!&lt;/p&gt;
&lt;h4 id=&quot;more-technical-information-5&quot;&gt;More technical information:&lt;/h4&gt;
&lt;p&gt;Our main goal is a client implementation as a MirageOS unikernel (either forwarding all traffic to a single IP address or NAT of a local network via the OpenVPN tunnel), but we also developed a UNIX client which configures a tap device on the host and adjusts the hosts routing table accordingly. We extended our protocol implementation with a server as well. Testing is done against existing OpenVPN servers.&lt;/p&gt;
&lt;p&gt;Our implementation has stronger security promises since we do not implement old protocol versions that are brittle. In addition it is fail-hard when using the NAT unikernel: if the tunnel is down, all packets are dropped (instead of sent unencrypted). We do not support questionable configuration options and we have safe defaults for the configuration.&lt;/p&gt;
@ -334,7 +335,7 @@ This talk explores functional programming concepts, which help us create powerfu
&lt;p&gt;Compared to existing technologies, such as traditional virtualization using KVM/QEMU, VMWare, crosvm and so on, Solo5 is several orders of magnitude smaller (around 10,000 lines of C) and is tailored to running unikernels in a legacy-free and minimalist fashion.&lt;/p&gt;
&lt;p&gt;Our goal for Solo5 is to enable the use of unikernel technology to build hybrid, disaggregated systems where the designer/developer can choose which components are untrusted or security-sensitive and &amp;quot;split them out&amp;quot; from the monolithic host system. At the same time the developer can continue to use existing, familiar, technology as the base or &amp;quot;control plane&amp;quot; for the overall system design/deployment, or mix and match traditional applications and unikernels as appropriate.&lt;/p&gt;
&lt;p&gt;The software is available &lt;a href=&quot;https://github.com/solo5&quot;&gt;on Github&lt;/a&gt;.&lt;/p&gt;
</content><id>urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aa</id><title type="text">Projects</title><updated>2022-03-01T22:03:39-00:00</updated><author><name>canopy</name></author></entry><entry><published>2019-09-10T19:40:14-00:00</published><link href="/Our%20Work/Our-Approach" rel="alternate"/><content type="html">&lt;p&gt;We are a nonprofit open source software cooperative whose mission is to develop robust and secure digital infrastructure. We strive to enable more people to reliably run their own infrastructure by producing correct, surprise-free software to be deployed in real environments. Our software aims to meet the needs of anyone working in an environment where security and dependability is vital.&lt;/p&gt;
</content><id>urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aa</id><title type="text">Projects</title><updated>2024-06-30T19:42:13-00:00</updated><author><name>canopy</name></author></entry><entry><published>2019-09-10T19:40:14-00:00</published><link href="/Our%20Work/Our-Approach" rel="alternate"/><content type="html">&lt;p&gt;We are a nonprofit open source software cooperative whose mission is to develop robust and secure digital infrastructure. We strive to enable more people to reliably run their own infrastructure by producing correct, surprise-free software to be deployed in real environments. Our software aims to meet the needs of anyone working in an environment where security and dependability is vital.&lt;/p&gt;
&lt;p&gt;We write all our code in a high-level memory-safe (and more secure) programming language called &lt;a href=&quot;/Our%20Work/Technology-Employed#OCaml&quot;&gt;OCaml&lt;/a&gt;. In addition each piece of software leverages &lt;a href=&quot;/Our%20Work/Technology-Employed#MirageOS&quot;&gt;MirageOS&lt;/a&gt; (a minimal operating system) to produce bespoke applications tailored to only contain their required functionality. Each service is executed on virtual machines with a size usually around 1-10 MB, much smaller than a UNIX / Linux system, and it boots within milliseconds.&lt;/p&gt;
&lt;p&gt;Where other approaches try to patch general purpose operating systems by adding more layers, we strive to build a secure system from the ground up.&lt;/p&gt;
&lt;p&gt;Our approach means our software has a number of security and ease-of-use benefits:&lt;/p&gt;