right_tcpip_library (#1622 @reynir, review by @hannesm)?local_libs parameter to allow local dune libs (#1609 @omegametabroccolo)--name argument to each unikernel (Mirage_runtime.name ()), remove monitor_hostname (#1611 @hannesm)Remove time, pclock, mclock, random from functor arguments Instead, use the linking trick in mirage-mtime, mirage-ptime, mirage-sleep libraries (#1599 @hannesm, discussion in #1513 and on the mailing list) This removes the default_time, default_monotonic_clock, default_posix_clock bindings, and allows "Mirage.register" to get ?sleep ?ptime ?mtime ?random passed optionally, following how ?argv is handled.
This is a breaking change, and your unikernel likely needs to be updated. Have a look at https://github.com/mirage/mirage-skeleton/pull/407 for how our examples changed.
As example, the hello-key unikernel diff:
--- a/tutorial/hello-key/config.ml
+++ b/tutorial/hello-key/config.ml
@@ -2,5 +2,5 @@
open Mirage
let packages = [ package "duration" ]
-let main = main ~packages "Unikernel.Hello" (time @-> job)
-let () = register "hello-key" [ main $ default_time ]
+let main = main ~packages "Unikernel" job
+let () = register "hello-key" [ main ]
--- a/tutorial/hello-key/unikernel.ml
+++ b/tutorial/hello-key/unikernel.ml
@@ -5,13 +5,12 @@ let hello =
let doc = Arg.info ~doc:"How to say hello." [ "hello" ] in
Mirage_runtime.register_arg Arg.(value & opt string "Hello World!" doc)
-module Hello (Time : Mirage_time.S) = struct
- let start _time =
+let start () =
let rec loop = function
| 0 -> Lwt.return_unit
| n ->
Logs.info (fun f -> f "%s" (hello ()));
- Time.sleep_ns (Duration.of_sec 1) >>= fun () -> loop (n - 1)
+ Mirage_sleep.ns (Duration.of_sec 1) >>= fun () ->
+ loop (n - 1)
in
loop 4
-endipv4_of_dhcp device (#1593, @palainp)Mirage_runtime.register_arg <my-cmdliner-term> () leads to an exception, and without backtrace this is not easy to spot where work needs to be done (#1584 @reynir)?deps argument into Mirage.main function to be able to track how to compile some artifacts for an unikernel without emitting modules/functors used by these artifacts (#1555, @dinosaure) - this was removed in mirage 4.5.0, and is back nowBREAKING adapt to happy-eyeballs and dns-client devices where dependencies got reversed (#1543 @dinosaure @hannesm)
Adapting unikernels requires to notice that the generic_dns_client now takes a happy_eyeballs, and happy_eyeballs does no longer take a dns_client:
-let dns_client = generic_dns_client ~nameservers stackv4v6 -let happy_eyeballs = generic_happy_eyeballs stackv4v6 dns_client +let happy_eyeballs = generic_happy_eyeballs stackv4v6 +let dns_client = generic_dns_client ~nameservers stackv4v6 happy_eyeballs
~name parameter from Mirage.Runtime_args.create (#1541 @samoht, fixes #1532)~name parameter from Mirage.runtime_arg, and use a string (instead of a format string) as third parameter (#1541 @samoht)start function to unit Lwt.t. Previously, there was no restrictions, and lots of time was spent in debugging when a unikernel resulted in unit Lwt.t Lwt.t (@Julow #1524)mirage build is no longer available, use make "build" (#1527 @hannesm)This release introduces a significant change in the Mirage tool by splitting the definition of command-line arguments used at configure-time and runtime. Command-line arguments used in the configure script (also called 'configuration keys' and defined in the Key module) are essential during the setup of module dependencies for the unikernel, allowing for a specialized production of a unikernel for a given target runtime environment. On the other hand, command-line arguments that the unikernel can use at runtime (defined in the Runtime_arg module) are useful for customizing deployments without altering the dependencies of the unikernels. (#1449, #1450, #1451, #1455 @samoht, review by @hannesm)
API changes:
~stage parameter for Key.Arg.info.Key now define command-line arguments for the configuration tool.Runtime_arg to define command-line arguments for the unikernel.'Both, users are now expected to create two separated keys in that case (one for configure-time, one for runtime) or decide if the key is useful at runtime of configure-time.Intended use of configuration keys (values of type 'a key):
Intended use of command-line runtime arguments (values of type a runtime_arg):
key_gen.ml is not generated anymore, so users cannot refer to Key_gen.<key_name> directy.
runtime_arg and registered on the device (using ~runtime_args). The value of that argument will then be passed as an extra parameter of the connect function of that device.Key_gen.target has been removed.Code migration:
(* in config.ml *)
let key =
let doc = Key.Arg.info ~doc:"A Key." ~stage:`Run [ "key" ] in
Key.(create "key" Arg.(opt_all ~stage:`Run string doc))becomes:
(* in unikernel.ml *)
open Cmdliner
let key =
let doc = Arg.info ~doc:"A Key." [ "key" ] in
Arg.(value & opt_all string [] doc) (* in unikernel.ml *)
let start _ =
let key = Key_gen.hello () in
...becomes:
(* in config.ml *)
let hello = runtime_arg ~pos:__POS__ "Unikernel.hello"
let main = main ~runtime_args:[hello] ... (* in unikernel.ml *)
let hello =
let open Cmdliner in
let doc = Arg.info ~doc:"How to say hello." [ "hello" ] in
Arg.(value & opt string "Hello World!" doc)
let start _ hello =
...functoria and functoria-runtime are removed. The respectives libraries became mirage.functoria and mirage-runtime.functoria (#1509, @samoht)Mirage.keys is renamed to Mirage.runtime_args (#1506, @samoht)Mirage.foreign. Use Mirage.main instead (#1505, @samoht)Mirage.main does not take a ?extra_deps parameter anymore (#1505, @samoht)Mirage.connect functions passed to create devices (with Mirage.impl) now take values of type 'a Mirage.code instead of string. Value of type code are created using a new Mirage.code function, that takes ~pos:__POS__ as parameter. This is used to generate better locations in the generated code, leading to better error messages (#1504, @samoht)mirage describe output (#1446 @samoht), add test (#1458 @samoht)Mirage.register no longer have ?packages and ?keys arguments (#1433, #1434 @hannesm)mirage build subcommand, use dune build in Makefile (#1404 @hannesm), put --profile release in Makefile instead of dune-workspace (#1470 @hannesm)--help (#1485 @hannesm)Prepare for reproducing unikernels with generated opam file (#1335, @hannesm)
ocamlformat.0.21.0 (@gpetiot, @dinosaure, #1286)Upgrade the mirage tool with opam-monorepo.0.3.0 and generate a single OPAM file (@TheLortex, @hannesm, @dinosaure, #1327)
You should check the opam-monorepo.0.3.0 release to get more details about updates and fixes.
chamelon device, a filesystem with littlefs (@dinosaure, @yomimono, #1300)pair combinator for MirageOS key (@dinosaure, #1328)--solo5-abi=xen for qubes target (#1312, @hannesm)config.ml with -f (#1309, @dinosaure)--warn-errors and --debug flags (#1320, @samoht)--target=ukvm (#1321, @hannesm)ocaml-freestanding to ocaml-solo5 (#1314, @dinosaure, @samoht, @hannesm)mirage-runtime as Opam considers 4.0.0~beta* < 4.0.0 (#1276, @dinosaure)Refactor build process to use Dune build system. The motivation is to drop ocamlbuild-induced technical debt and to obtain first-class support for cross-compilation. To learn more about how Dune is able to perform cross-compilation, please refer to the documentation.
Main changes:
Two opam files are generated when running mirage configure:
<unikernel>-switch.opam: for dependencies that are meant to be installed in the user's opam switch. It comprises of build tools such as ocaml-freestanding for Solo5 targets.<unikernel>-monorepo.opam: for unikernel dependencies, they are locally fetched to compose a dune workspace.opam-monorepo tool. This tool reads the <unikernel>-monorepo.opam file and make use of the opam solver to compute the transitive dependency set, saves that as a lockfile, and fetch sources in the duniverse/ subfolder. More info on the Github repository.dune's concept of a workspace: it's a set of libraries that are built together using the same context. For each compilation target, the Mirage tool is able to generate a context definition able to compile for that target. A context is defined by an OCaml compiler (or cross-compiler) toolchain, as defined by findlib, it can be tuned with environment variables and custom flags for the OCaml or underlying C compiler.mirage configure && make depends && mirage build does not change. However, files are now generated in the ./mirage directory (OPAM files, main.ml, key_gen.ml or manifest.json), and the final artefact is created in the ./dist directory.Breaking changes:
dune as a build system. Other build systems can be sandboxed, but the recommended way is to switch to dune. Many packages not compiling with dune yet have been ported and are available as an additional opam repository overlay. In addition, a few packages not supporting cross-compilation have been fixed and are available in another opam repository overlay. The mirage tool uses these two opam overlays by default. To only use the default packages provided by Opam, use mirage configure --no-extra-repo.Functoria_runtime.info and Mirage_runtime.info now list all the libraries that are statically linked against the unikernel. The packages field have been removed and the libraries field is now accurate and contains the versions computed by dune-build-info.config.ml. We don't use objects anymore, and we replace it with the usage of Mirage.impl that expects the same fields as before.IPv6 and dual (IPv4 and IPv6) stack support #1187
Since a long time, IPv6 code was around in our TCP/IP stack (thanks to @nojb who developed it in 2014). Some months ago, @hannesm and @MagnusS got excited to use it. After we managed to fix some bugs and add some test cases, and writing more code to setup IPv6-only and dual stacks, we are eager to share this support for MirageOS in a released version. We expect there to be bugs lingering around, but duplicate address detection (neighbour solicitation and advertisements) has been implemented, and (unless "--accept-router-advertisement=false") router advertisements are decoded and used to configure the IPv6 part of the stack. Configuring a static IPv6 address is also possible (with "--ipv6=2001::42/64").
While at it, we unified the boot arguments between the different targets: namely, on Unix (when using the socket stack), you can now pass "--ipv4=127.0.0.1/24" to the same effect as the direct stack: only listen on 127.0.0.1 (the subnet mask is ignored for the Unix socket stack).
A dual stack unikernel has "--ipv4-only=BOOL" and "--ipv6-only=BOOL" parameters, so a unikernel binary could support both Internet Protocol versions, while the operator can decide which protocol version to use.
Please also note that the default IPv4 network configuration no longer uses 10.0.0.1 as default gateway (since there was no way to unset the default gateway #1147).
For unikernel developers, there are some API changes in the Mirage module
Some parts of the Mirage_key module were unified as well:
If you're ready to experiment with the dual stack, here's a diff for our basic network example (from mirage-skeleton/device-usage/network) replacing IPv4 with a dual stack:
diff --git a/device-usage/network/config.ml b/device-usage/network/config.ml
index c425edb..eabc9d6 100644
--- a/device-usage/network/config.ml
+++ b/device-usage/network/config.ml
@@ -4,9 +4,9 @@ let port =
let doc = Key.Arg.info ~doc:"The TCP port on which to listen for incoming connections." ["port"] in
Key.(create "port" Arg.(opt int 8080 doc))
-let main = foreign ~keys:[Key.abstract port] "Unikernel.Main" (stackv4 @-> job)
+let main = foreign ~keys:[Key.abstract port] "Unikernel.Main" (stackv4v6 @-> job)
-let stack = generic_stackv4 default_network
+let stack = generic_stackv4v6 default_network
let () =
register "network" [
diff --git a/device-usage/network/unikernel.ml b/device-usage/network/unikernel.ml
index 5d29111..1bf1228 100644
--- a/device-usage/network/unikernel.ml
+++ b/device-usage/network/unikernel.ml
@@ -1,19 +1,19 @@
open Lwt.Infix
-module Main (S: Mirage_stack.V4) = struct
+module Main (S: Mirage_stack.V4V6) = struct
let start s =
let port = Key_gen.port () in
- S.listen_tcpv4 s ~port (fun flow ->
- let dst, dst_port = S.TCPV4.dst flow in
+ S.listen_tcp s ~port (fun flow ->
+ let dst, dst_port = S.TCP.dst flow in
Logs.info (fun f -> f "new tcp connection from IP %s on port %d"
- (Ipaddr.V4.to_string dst) dst_port);
- S.TCPV4.read flow >>= function
+ (Ipaddr.to_string dst) dst_port);
+ S.TCP.read flow >>= function
| Ok `Eof -> Logs.info (fun f -> f "Closing connection!"); Lwt.return_unit
- | Error e -> Logs.warn (fun f -> f "Error reading data from established connection: %a" S.TCPV4.pp_error e); Lwt.return_unit
+ | Error e -> Logs.warn (fun f -> f "Error reading data from established connection: %a" S.TCP.pp_error e); Lwt.return_unit
| Ok (`Data b) ->
Logs.debug (fun f -> f "read: %d bytes:\n%s" (Cstruct.len b) (Cstruct.to_string b));
- S.TCPV4.close flow
+ S.TCP.close flow
);
S.listen sOther bug fixes include #1188 (in #1201) and adapt to charrua 1.3.0 and arp 2.3.0 changes (#1199).
The Xen backend is a minimal legacy-free re-write: Solo5 (since 0.6.6) provides the low-level glue code, and ocaml-freestanding provides the OCaml runtime. The PV-only Mini-OS implementation has been retired.
The only supported virtualization mode is now Xen PVH (version 2 or above), supported since Xen version 4.10 or later (and Qubes OS 4.0).
The support for the ARM32 architecture on Xen has been removed.
Security posture improvements:
With the move to a Solo5 and ocaml-freestanding base MirageOS gains several notable improvements to security posture for unikernels on Xen:
.text is read-execute, .rodata is read-only, non-executable and .data, heap and stack are read-write and non-executable.Interface changes:
Other changes:
dev-repo field is emitted for the generated opam file.qvm-prefs qube-name kernelopts ''.Acknowledgements:
git rev-parse --abbrev-ref HEAD instead of git branch --show-current for emitting branch information into the opam file. The latter is only available in git 2.22 or later, while the former seems to be supported by old git releases. (#1024, @hannesm)mirage configure now emits build and install steps into generated opam file this allows to use opam install . to actually install a unikernel. (#1022 @hannesm)mirage configure is executed (#1013 @dinosaure)exit 0 after the Lwt event loop returned (to run at_exit handlers in freestanding environments) (#1011, @hannesm)solo5 0.6 support for multiple devices (#993, by @mato) please read https://github.com/Solo5/solo5/blob/v0.6.2/CHANGES.md for detailed changes observable mirage changes:
-t spt for sandboxed processed tender (seccomp on Linux)ocamlbuild -- verbose if log level is info or debug (#999, by @mato)rw (#975, by @hannesm)New target: (via solo5) Genode: "Genode is a free and open-source operating system framework consisting of a microkernel abstraction layer and a collection of userspace components. The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such as Unix. The characteristic design philosophy is that a small trusted computing base is of primary concern in a security oriented OS." (from wikipedia, more at https://genode.org/ #942, by @ehmry)
User-visible changes
use mirage-bootvar-unix instead of OS.Env.argv (deprecated since mirage-{xen,unix,os-shim}.3.1.0, mirage-solo5.0.5.0) on unix (#931, by @hannesm)
WARNING: this leads to a different semantics for argument passing on Unix: all arguments are concatenated (using a whitespace " " as separator), and split on the whitespace character again (by parse-argv). This is coherent with all other backends, but the whitespace in "--hello=foo bar" needs to be escaped now.
mirage now generates upper bounds for hard-coded packages that are used in generated code. When we now break the API, unikernels which are configured with an earlier version won't accept the new release of the dependency. This means API breakage is much smoother for us, apart from that we now track version numbers in the mirage utility. The following rules were applied for upper bounds:
WARNING: Please be careful when release any of the referenced libraries by taking care of appropriate version numbering. (initial version in #855 by @avsm, final #946 by @hannesm)
Due to conflicting packages, opam will not upgrade mirage to version 3.2.0 or newer if a version of mirage-solo5 older than 0.4.0 is installed in the switch. To perform the upgrade you must run opam upgrade mirage explicitly.
Changes required to rebuild and run ukvm unikernels
As of Solo5 0.4.0, the ukvm target has been renamed to hvt. If you are working out of an existing, dirty, source tree, you should initially run:
mirage configure -t hvt
mirage clean
mirage configure -t hvtand then proceed as normal. If you are working with a clean source tree, then simply configuring with the new hvt target is sufficient:
mirage configure -t hvt
Note that the build products have changed:
The unikernel binary is now named <unikernel>.hvt, the ukvm-bin binary is now named solo5-hvt.
This is a breaking change: mirage 3.2.0 requires mirage-protocols 1.4.0, mirage-stack 1.3.0, and tcpip 3.5.0 to work (charru-client-mirage 0.10 and mirage-qubes-ipv4 0.6 are adapted to the changes). An older mirage won't be able to use these new libraries correctly. Conflicts were introduced in the opam-repository.
In more detail, direct and socket stack initialisation changed, which is automatically generated by the mirage tool for each unikernel (as part of main.ml). A record was built up, which is no longer needed.
Several unneeded type aliases were removed: netif from Mirage_protocols.ETHIF ethif and prefix from Mirage_protocols.IP ip from Mirage_protocols.{UDP,TCP} netif and 'netif config from Mirage_stack.V4 'netif stackv4_config and socket_stack_config in Mirage_stack
mirage build (#916, by @mato)-tags thread, as done for the mac osx target (#861, suggested by @cfcs)configure section (#892, by @yomimono)xen, pass the raw filename rather than trying to infer the xenstore ID (#874, by @yomimono)cohttp-mirage is 1.0.0 (not 3.0.0) (#870 by @hannesm)mirage-http to cohttp-mirage (#863 by @djs55) See [mirage/ocaml-cohttp#572]--syslog, --syslog-port and --syslog-hostname (#853 via @hannesm).--kv-ro archive (#848 by @mor1)--gdb argument for ukvm targets so that debuggers can be attached easily. This allows mirage configure --gdb -t ukvm to work (@ricarkol in #847).Packaging updates for latest opam repository:
$PKG_CONFIG_PATHTERM <> dumb && Unix.isatty stdout (#814, by @hannesm)format function and Format_unknown error from FS module type (#733, by @djs55)error from DEVICE module type (#728, by @hannesm)is_xen key (#682, by @hannesm)qubes target for making Xen unikernels which boot & configure themselves correctly on QubesOS. (#553, by @yomimono)id from DEVICE module type. (#612, by @yomimono and @talex5)direct as an option for kv_ro. (#607, by @mor1)mem function in KV_RO, and add Failure error variant (#606, by @yomimono)connect functions are no longer expected to return polyvars, but rather to raise exceptions if connect fails and return the value directly. (#602, by @hannesm)odig (#591, #593, #594, #597, #598, #599, #600, and more, by @avsm)topkg from oasis. (#558, #590, #654, #673, by @avsm, @samoht, @hannesm, @dbuenzli)is_unix key (#575, by @mato)TIME.sleep, instead of a float representing seconds. (#547, by @hannesm)virtio and ukvm via the solo5 project. (#565, by @djwillia, @mato, and @hannesm).base_context, which includes command-line arguments --unix and --xen, and config.ml functions add_to_ocamlfind_libraries and add_to_opam_packages. As a side effect, fix a long-standing error message bug when invoking mirage against a config.ml that does not build. (#560, by @yomimono)libgcc.a only on ARM & other build improvements (#544, by @hannesm)crunch on unix with kv_ro; clean up crunch .mlis on clean (#556, by @yomimono)src and dst, and source and destination ports as src_port and dst_port (#546, by @yomimono)pseudoheader function for IP module types. (#541, by @yomimono)ocamlbuild -r, to avoid repetitive failure message (#537, by @talex5)--unix and --xen that support for these will soon be dropped. Instead, use -t unix and -t xen respectively. (see https://github.com/mirage/mirage-www/pull/475#issuecomment-233802501) (#561, by @yomimono)add_to_opam_packages p and add_to_ocamlfind_libraries l that support for these will soon be dropped. Instead, use register ~libraries:l and register:~packages:p respectively. (#561, by @yomimono).reporter parameter to register is now available. This parameter defines how to configure the log reporter, using Logs and Mirage_logs. Log reporters can also be configured at configuration AND runtime using on the new -l or --logs command-line argument. (#534, by @samoht, @talex5 and @Drup)argv parameter to the register function to allow to pass custom command-line argument parsing devices. Use register ~argv:no_argv to disable command-line argument parsing. (#493, by @samoht and @Drup)-warn-error by default. This is now controlled by a --warn-error flag on mirage configure. Currently it's default value is [false] but this might change in future versions (#520)opam install and breaks opam depext (#519, by @samoht)Clean-up dependencies automatically added by the tool
lwt.syntax, cstruct.syntax and sexplib, which should make the default unikernels camlp4-free (#510, #515 by @samoht)mirage-platform (#512, by @talex5)mirage-types and mirage-types-lwt are installedThe mirage tool is now based on functoria. (#441 #450, by @drup @samoht) See https://mirage.io/blog/introducing-functoria for full details.
get_mode is deprecated. You should use keys instead. And in particular Key.target and Key.is_xen.add_to_ocamlfind_libraries and add_to_opam_packages are deprecated. Both the foreign and the register functions now accept the ~libraries and ~packages arguments to specify library dependencies.If you were using tls without the conduit combinator, you will be greeted during configuration by a message like this:
The "nocrypto" library is loaded but entropy is not enabled! Please enable the entropy by adding a dependency to the nocrypto device. You can do so by adding ~deps:[abstract nocrypto] to the arguments of Mirage.foreign.
Data dependencies (such as entropy initialization) are now explicit.
In order to fix this, you need to declare the dependency like so:
```ocaml
open Mirage
let my_functor =
let deps = [abstract nocrypto] in
foreign ~deps "My_Functor" (foo @-> bar)My_functor.start will now take an extra argument for each dependencies. In the case of nocrypto, this is ().
nat-script.sh from the scripts directory, to be available as an external script.Xen: improve the .xl file generation. We now have
name.xl: this has sensible defaults for everything including the network bridges and should "just work" if used on the build boxname.xl.in: this has all the settings needed to boot (e.g. presence of block and network devices) but all the environmental dependencies are represented by easily-substitutable variables. This file is intended for production use: simply replace the variables for the paths, bridges, memory sizes etc. and run xl create as before.Better ARP support. This needs mirage-tcpip.2.6.0 (#419, by @yomimono)
V1.IPV4.input_arpV1.ARP and V1_LWT.ARPMirage.arp combinatorMirage.archive and Mirage.archive_of_files to support attaching files via a read-only tar-formatted BLOCK (#432, by @djs55)V1_LWT.FS.page_aligned_buffer = Cstruct.tChange the type of the Mirage.http_server combinator. The first argument (the conduit server configuration) is removed and should now be provided at compile-time in unikernel.ml instead of configuration-time in config.ml:
(* [config.ml] ) ( in 2.4 ) let http = http_server (TCP (Port 80)) conduit ( in 2.5 *) let http = http_server conduit
(* [unikernel.ml] ) let start http = ( in 2.4 ) http (S.make ~conn_closed ~callback ()) ( in 2.5 *) http (`TCP 80) (S.make ~conn_closed ~callback ()) ```
Change the type of the Mirage.conduit_direct combinator. Previously, it took an optional vchan implementation, an optional tls immplementation and an optional stackv4 implemenation. Now, it simply takes a stackv4 implementation and a boolean to enable or disable the tls stack. Users who want to continue to use vchan with conduit should now use the Vchan functors inside unikernel.ml instead of the combinators in config.ml. To enable the TLS stack:
(* [config.ml] *) let conduit = conduit_direct ~tls:true (stack default_console)
(* [unikernel.ml] *) module Main (C: Conduit_mirage.S): struct let start conduit = C.listen conduit (TLS (tls_config, TCP 443)) callback end ```
V1.ENTROPY and V1_LWT.ENTROPY. The entropy is now handled directly by nocrypto.0.4.0 and the mirage-tool is only responsible to call the Nocrypto_entropy_{mode}.initialize function.Mirage.vchan, Mirage.vchan_localhost, Mirage.vchan_xen and Mirage.vchan_default. Vchan users need to adapt their code to directly use the Vchan functors instead of relying on the combinators.Mirage.conduit_client and Mirage.conduit_server types.mirage build (#408 by @lnmx)--no-depext to disable the automatic installation of opam depexts (#402)@name/file findlib's extended name syntax in xen_linkopts fields. @name is expanded to %{lib}%/namemirage-http.2.2.0conduit.0.8.0tcpip.2.4.0ocaml-tls 0.4.0.Makefile.user to extend the generated Makefile. Also all, build and clean are now extensible make targets.mirage run command (#379)opam depext when configuring (#373)mirage and mirage-types packagesmirage --version (#374)update-doc target to the Makefile to easily update the online documentation at http://mirage.github.io/mirage/IO_PAGE module type from V1. This has now moved into the io-page pacakge (#356)DEVICE.connect from the V1 module types. When a module is functorised over a DEVICE it should only have the ability to use devices it is given, not to connect to new ones. (#150)FLOW.error_message to the V1 module types to allow for generic handling of errors. (#346)IP.uipaddr as a universal IP address type. (#361)entropy version 0.2+ interfaces. (#359)opam command is at least version 1.2.0 (#355)mirage output is not redirected. (#355)Add IPv6 support. This alters some of the interfaces that were previously hardcoded to IPv4 by generalising them. For example:
type v4 type v6
type 'a ip type ipv4 = v4 ip type ipv6 = v6 ip ```
Full support for configuring IPv6 does not exist yet, as this release is intended for getting the type definitions in place before adding configuration support.
xen_linkopts variables (#332). See tcpip.2.1.0 for a library that does this for a C binding.vmnet framework requires Yosemite or higher.camlp4, which significantly speeds up compilation on ARM platforms (from minutes to seconds!) (#299).MacOSX as a platform, which enables network bridging on Yosemite (#329). The --unix flag will automatically activate the new target if run on a MacOS X host. If this breaks for you due to being on an older version of MacOS X, then use the new --target flag to set either Unix, MacOSX or Xen to the mirage configure command.mirage.runtime findlib library and corresponding Mirage_runtime module (#327).Lwt.tracing instructions work for Fish shell too by improving quoting (#328).register ~tracing to enable tracing with mirage-profile at start-up (#321).Vchan, Conduit and Resolver code generators.*.xe script which can upload a kernel to a XenServer.*.xml configuration file (#292).mirage-xen location for paths with spaces (#279).The Mirage frontend tool now generates a Makefile with a make depend target, instead of directly invoking OPAM as part of mirage configure. This greatly improves usability on slow platforms such as ARM, since the output of OPAM as it builds can be inspected more easily. Users will now need to run make depend to ensure they have the latest package set, before building their unikernel with make as normal.
make depend target to generated Makefile.OPAMVERBOSE and OPAMYES in the Makefile, which can be overridden.ENTROPY device type for strong random sources (#256).FLOW based on TCPV4.V1.STACKV4 to expose UDPv4/TCPv4 types properly (#226).config.ml files from the 1.0.x branches.mirage-types code into types. This is built as a separate library from the command-line tool, via the install-types Makefile target.KV_RO to Crunchmirage clean (#143)mirage-tcp-* and mirage-http-*.Fat_KV_RO (a read-only k/v version of the FAT filesystem).KV_RO now passes through to the underlying filesystem instead of calling crunch, via mirage-fs-unix.HTTP support.KV_RO configuration for OPAM autoinstall.mirage-tcpip-* supportmirage-net-* supportIpaddr.V4 interface instead of Nettypes.id).ip-* lines in the .conf file.mirage-fs if there is no filesystem to create.nat-script.sh to setup xenbr0 with DNS, DHCP and masqerading under Linux.xl create -c unikernel.xl.--socket flag to activate socket-based networking (UNIX only).obuild automatically in all compiler switches (such as Xen).mir-foo for a non-Xen target.mirari clean command.mirari --switch=<compiler> or the config file.--no-install option to mirari configure to prevent invoking OPAM automatically.mirage-fs package if a filesystem crunch is requested.mir-run by including the final Xen link directly in Mirari.