Hello,
this maybe off-topic because it may be more a debian10 / docker / mirage
topic, but maybe someone has been able to build the mirage firewall with a
more recent template than fedora-30.
Has someone successfully build the mirage kernel on an AppVM which is newer
that fedora-30?
I tried to do so with an AppVM based on a debian-10 template and Docker CE
(version 20.10.9)
Docker installed correctly and has been verified by the "docker run
hello-world" command.
Trying to build mirage gives the following error:
./build-with-docker.sh'
[...]
Step 8/8 : CMD opam config exec -- mirage configure -t xen && opam
config exec -- make tar
---> Using cache
---> af7a122a9bdb
Successfully built af7a122a9bdb
Successfully tagged qubes-mirage-firewall:latest
Building Firewall...
mirage: unknown option `-t'.
Usage: mirage configure [OPTION]...
Try `mirage configure --help' or `mirage --help' for more information.
create temporary file /home/opam/qubes-mirage-firewall/bos-1cf2b3.tmp:
Permission denied
To reproduce my notes during installation (all from dom0):
TemplateVM=debian-10
MirageFWBuildVM=debian-10-miragbuildvm
MirageFWAppVM=sys-mirage-fw
# create a temporary BuildVM to build the mirage kernel
qvm-create $MirageFWBuildVM --class=AppVM --label=red --template=$TemplateVM
qvm-volume resize $MirageFWBuildVM:private 10GB
qvm-prefs --set $MirageFWBuildVM netvm sys-firewall
# prequisitis to add the docker repository
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM \
'curl -fsSL https://download.docker.com/linux/debian/gpg | gpg
--dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM \
'echo "deb [arch=$(dpkg --print-architecture)
signed-by=/usr/share/keyrings/docker-archive-keyring.gpg]
https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee
/etc/apt/sources.list.d/docker.list'
# update system & install & test docker
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get
update --allow-releaseinfo-change'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get
update && apt-get -y upgrade'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get -y
install apt-transport-https ca-certificates curl gnupg lsb-release git'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get -y
install docker-ce docker-ce-cli containerd.io'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'docker run
hello-world'
# Launch docker & build mirage
qvm-run --pass-io --no-gui --user=root $MirageFWBuildVM 'systemctl start
docker'
qvm-run --pass-io --no-gui --user=root $MirageFWBuildVM 'git clone
https://github.com/mirage/qubes-mirage-firewall.git && \
cd qubes-mirage-firewall && \
mkdir -p /home/opam/qubes-mirage-firewall && \
./build-with-docker.sh'
799
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uV_i4aXnJaw%3DnAumKqtXeKAWCBgnJD--NqXo4mit5pCw%40mail.gmail.com.
