From 952998885ecbd78af03aee61b6ed07401ac5f4df Mon Sep 17 00:00:00 2001
From: Hannes Mehnert <hannes@mehnert.org>
Date: Tue, 16 May 2023 19:25:50 +0200
Subject: [PATCH] update to albatross 2.0.0

---
 Projects/Reproducible_builds | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/Projects/Reproducible_builds b/Projects/Reproducible_builds
index 88eec76..b7436f9 100644
--- a/Projects/Reproducible_builds
+++ b/Projects/Reproducible_builds
@@ -6,7 +6,7 @@ In 2021 we in [Robur](https://robur.coop/) have been working towards easing depl
 
 The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for [Opam](https://opam.ocaml.org) packages and [MirageOS](https://mirageos.org) - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.
 
-Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- `albatross-client-local update my-unikernel` is everything needed for an update.
+Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- `albatross-client update my-unikernel` is everything needed for an update.
 
 Several ready-to-use MirageOS unikernels are built on a daily basis - ranging from [authoritative DNS servers](https://builds.robur.coop/job/dns-primary-git/) ([secondary](https://builds.robur.coop/job/dns-secondary/), [let's encrypt DNS solver](https://builds.robur.coop/job/dns-letsencrypt-secondary/)), [DNS-and-DHCP service (similar to dnsmasq)](https://builds.robur.coop/job/dnsvizor/), [TLS reverse proxy](https://builds.robur.coop/job/tlstunnel/), [Unipi - a web server that delivers content from a git repository](https://builds.robur.coop/job/unipi/), [DNS resolver](https://builds.robur.coop/job/dns-resolver/), [CalDAV server](https://builds.robur.coop/job/caldav/), and of course your own MirageOS unikernel.
 
@@ -46,19 +46,21 @@ $ pkg install solo5 albatross
 
 For other distributions and systems we do not (yet?) provide binary packages. You can compile and install them using [opam](https://opam.ocaml.org) (`opam install solo5 albatross`). Get in touch if you're keen on adding some other distribution to our reproducible build infrastructure.
 
-There is no configuration needed. Start the `albatross_console` and the `albatross_daemon` service (via `systemctl daemon-reload ; systemctl start albatross_daemon` on Linux or `service albatross_daemon start` on FreeBSD). Executing `albatross-client-local info ` should return success (exit code 0) and no running unikernel. You may need to be in the albatross group, or change the permissions of the Unix domain socket (`/run/albatross/util/vmmd.sock` on Linux, `/var/run/albatross/util/vmmd.sock` on FreeBSD).
+There is no configuration needed. Start the `albatross_console` and the `albatross_daemon` service (via `systemctl daemon-reload ; systemctl start albatross_daemon` on Linux or `service albatross_daemon start` on FreeBSD). Executing `albatross-client info ` should return success (exit code 0) and no running unikernel. You may need to be in the albatross group, or change the permissions of the Unix domain socket (`/run/albatross/util/vmmd.sock` on Linux, `/var/run/albatross/util/vmmd.sock` on FreeBSD).
 
 To check that albatross works, get the latest hello world unikernel and run it:
 ```
 $ wget https://builds.robur.coop/job/hello/build/latest/bin/hello.hvt
-$ albatross-client-local console my-hello-unikernel & # this is sent to the background since it waits and displays the console of the unikernel named "my-hello-unikernel"
-$ albatross-client-local create my-hello-unikernel hello.hvt # this returns once the unikernel image has been transmitted to the albatross daemon
-$ albatross-client-local create --arg='--hello="Hello,\ my\ unikernel" my-hello-unikernel hello.hvt # executes the same unikernel, but passes the boot parameter "--hello"
-$ fg # back to albatross-client-local console
+$ albatross-client console my-hello-unikernel & # this is sent to the background since it waits and displays the console of the unikernel named "my-hello-unikernel"
+$ albatross-client create my-hello-unikernel hello.hvt # this returns once the unikernel image has been transmitted to the albatross daemon
+$ albatross-client create --arg='--hello="Hello,\ my\ unikernel" my-hello-unikernel hello.hvt # executes the same unikernel, but passes the boot parameter "--hello"
+$ fg # back to albatross-client console
 $ Ctrl-C # kill that process
 ```
 
-Voila, we have a working albatross installation. Albatross also supports a remote client (using a TLS handshake) `albatross-client-bistro`, monitoring of unikernels (`albatross_stat` and `albatross_influx` services), and a TLS endpoint (via inetd with `albatross-tls-inetd`).
+Voila, we have a working albatross installation. Albatross also supports a remote client (using a TLS handshake) `albatross-client --ca <ca.pem> --ca-key <ca.key> --server-ca <cacert.pem> --destination <myhost>`, monitoring of unikernels (`albatross_stats` and `albatross_influx` services), and a TLS endpoint (inetd/systemd: `albatross-tls-endpoint`).
+
+Please ensure to have albatross in version of at least 2.0.0 to follow this page.
 
 ### Network for your unikernel
 
@@ -93,15 +95,15 @@ Afterwards either restart your system or re-run the service scripts to have the
 To check that the networking works, get the latest static website unikernel and run it:
 ```
 $ wget https://builds.robur.coop/job/static-website/build/latest/bin/https.hvt
-$ albatross-client-local console my-website & # this is sent to the background since it waits and displays the console of the unikernel named "my-website"
-$ albatross-client-local create --net=service --arg='--ipv4=10.0.42.2/24' my-website https.hvt # this returns once the unikernel image has been transmitted to the albatross daemon
+$ albatross-client console my-website & # this is sent to the background since it waits and displays the console of the unikernel named "my-website"
+$ albatross-client create --net=service --arg='--ipv4=10.0.42.2/24' my-website https.hvt # this returns once the unikernel image has been transmitted to the albatross daemon
 $ ping 10.0.42.2 # should receive answers
 $ open http://10.0.42.2 # in your browser - also https://10.0.42.2 (you'll get a certificate warning)
 $ wget http://10.0.42.2/ # should download the Hello Mirage world!
 $ wget --no-check-certificate https://10.0.42.2/ # should also download the Hello Mirage world!
-$ fg # back to albatross-client-local console
+$ fg # back to albatross-client console
 $ Ctrl-C # kill that process
-$ albatross-client-local destroy my-website # kills the unikernel
+$ albatross-client destroy my-website # kills the unikernel
 ```
 
 When you reached this point, you have successfully launched a MirageOS unikernel, and are able to communicate from your computer with it. This uses the OCaml networking stack, and the host bridge interface.
@@ -151,9 +153,9 @@ Let's test that your unikernels have access to the Internet by using the [tracer
 
 ```
 $ wget https://builds.robur.coop/job/traceroute/build/latest/bin/traceroute.hvt
-$ albatross-client-local console my-traceroute & # this is sent to the background since it waits and displays the console of the unikernel named "my-traceroute"
-$ albatross-client-local create --net=service --arg='--ipv4=10.0.42.2/24' --arg='--ipv4-gateway=10.0.42.1' my-traceroute traceroute.hvt # the IP configuration depends on your setup, use your public IP address and actual router IP if you've set it up.
-$ fg # back to albatross-client-local console
+$ albatross-client console my-traceroute & # this is sent to the background since it waits and displays the console of the unikernel named "my-traceroute"
+$ albatross-client create --net=service --arg='--ipv4=10.0.42.2/24' --arg='--ipv4-gateway=10.0.42.1' my-traceroute traceroute.hvt # the IP configuration depends on your setup, use your public IP address and actual router IP if you've set it up.
+$ fg # back to albatross-client console
 $ Ctrl-C # kill that process
 ```