v3.5.2

CHANGES:

• Adapt to conduit 2.0.0 release, including dns 4.0.0 (#996, by @hannesm)
• Adjust mirage-xen constraints to < 5.0.0 (#995, by @reynir)

v3.5.1

CHANGES:

• Adapt to new tracing API (#985, by @talex5)
• Remove stubs for qrexec and qubes gui (qubes 3 is end of life, qubes 4 makes it configurable) (#984, by @linse & @yomimono)
• Update mirage-logs and charrua-client-mirage version constraints (#982, by @hannesm)
• Remove unused dockerfile, travis updates (#982 #990, by @hannesm)

v3.5.0

CHANGES:

• Rename Mirage_impl_kv_ro to Mirage_impl_kv, and introduce rw (#975, by @hannesm)
• Adapt to mirage-kv 2.0.0 changes (#975, by @hannesm)
• Adapt to mirage-protocols and mirag-net 2.0.0 changes (#972, by @hannesm)
• mirage-types-lwt: remove unneeded io-page dependency (#971, by @hannesm)
• Fix regression introduced in 3.4.0 that "-l *:debug" did no longer work (#970, by @hannesm)
• Adjust various upper bounds (mirage-unix, cohttp-mirage, mirage-bootvar-xen) (#967, by @hannesm)

v3.4.1

CHANGES:

• Provide a httpaf_server device, and a cohttp_server device (#955, by @anmonteiro)
• There can only be a single prng device in a unikernel, due to entropy
  harvesting setup (#959, by @hannesm)
• Cleanup zarith-freestanding / gmp-freestanding dependencies (#964, by @hannesm)
• ethernet is now a separate package (#965, by @hannesm)
• arp now uses the mirage/arp repository by default, the tcpip.arpv4
  implementation was removed in tcpip 3.7.0 (#965, by @hannesm)

v3.4.0

CHANGES:

• use ipaddr 3.0 without s-expression dependency (#956, by @hannesm)
• use mirage-clock 2.x and tcpip 3.6.x libraries (#960, #962, by @hannesm)
• default to socket stack on unix and macos (#958, by @hannesm)
• use String.split_on_char in mirage-runtime to avoid astring dependency (#957, by @hannesm)
• add build-dependency on mirage to each unikernel (#953, by @hannesm)

3.3.1

CHANGES:

• fix regression: --yes was not passed to opam in 3.3.0 (#950, by @hannesm)

3.3.0

CHANGES:

New target: (via solo5) Genode:
"Genode[4][5][6] is a free and open-source operating system framework consisting
of a microkernel abstraction layer and a collection of userspace components. The
framework is notable as one of the few open-source operating systems not derived
from a proprietary OS, such as Unix. The characteristic design philosophy is
that a small trusted computing base is of primary concern in a security oriented
OS." (from wikipedia, more at https://genode.org/ #942, by @ehmry)

User-visible changes

• use mirage-bootvar-unix instead of OS.Env.argv
  (deprecated since mirage-{xen,unix,os-shim}.3.1.0, mirage-solo5.0.5.0) on unix
  (#931, by @hannesm)

  WARNING: this leads to a different semantics for argument passing on Unix:
  all arguments are concatenated (using a whitespace " " as separator), and
  split on the whitespace character again (by parse-argv). This is coherent
  with all other backends, but the whitespace in "--hello=foo bar" needs to
  be escaped now.

• mirage now generates upper bounds for hard-coded packages that are used in
  generated code. When we now break the API, unikernels which are configured with
  an earlier version won't accept the new release of the dependency. This means
  API breakage is much smoother for us, apart from that we now track version
  numbers in the mirage utility. The following rules were applied for upper bounds:

  • if version < 1.0.0 then ~min:"a.b.c" ~max:"a.(b+1).0"
  • if version > 1.0.0 then ~min:"a.b.c" ~max:"(a+1).0.0"`
  • exceptions: tcpip (~min:"3.5.0" ~max:"3.6.0"), mirage-block-ramdisk (unconstrained)

  WARNING: Please be careful when release any of the referenced libraries by
  taking care of appropriate version numbering.
  (initial version in #855 by @avsm, final #946 by @hannesm)

• since functoria.2.2.2, the "package" function (used in unikernel configuration)
  is extended with the labeled argument ~pin that receives a string (e.g.
  ~pin:"git+https://github.com/mirage-random/mirage-random.git"), and is embedded
  into the generated opam file as pin-depends

• mirage-random-stdlib is now used for default_random instead of mirage-random
  (which since 1.2.0 no longer bundles the stdlib Random
  module). mirage-random-stdlib is not cryptographically secure, but "a
  lagged-Fibonacci F(55, 24, +) with a modified addition function to enhance the
  mixing of bits.", which is now seeded using mirage-entropy. If you configure
  your unikernel with "mirage configure --prng fortuna" (since mirage 3.0.0), a
  cryptographically secure PRNG will be used (read more at
  https://mirage.io/blog/mirage-entropy)

• mirage now revived its command-line "--no-depext", which removes the call to
  "opam depext" in the depend and depends target of the generated Makefile
  (#948, by @hannesm)

• make depend no longer uses opam pin for opam install --deps-only (#948, by @hannesm)

• remove unused io_page configuration (initial discussion in #855, #940, by @hannesm)

• charrua-client requires a Mirage_random interface since 0.11.0 (#938, by @hannesm)

• split implementations into separate modules (#933, by @emillon)

• improved opam2 support (declare ocaml as dependency #926)

• switch build system to dune (#927, by @emillon)

• block device writes has been fixed in mirage-solo5.0.5.0

3.2.0

3.2.0 (2018-09-23)

• adapt to solo5 0.4.0 changes (#924, by @mato)
  Upgrading from Mirage 3.1.x or earlier

Due to conflicting packages, opam will not upgrade mirage to version 3.2.0 or newer if a version of mirage-solo5 older than 0.4.0 is installed in the switch. To perform the upgrade you must run opam upgrade mirage explicitly.

Changes required to rebuild and run ukvm unikernels

As of Solo5 0.4.0, the ukvm target has been renamed to hvt. If you are working out of an existing, dirty, source tree, you should initially run:

mirage configure -t hvt
mirage clean
mirage configure -t hvt

and then proceed as normal. If you are working with a clean source tree, then simply configuring with the new hvt target is sufficient:

mirage configure -t hvt

Note that the build products have changed:

The unikernel binary is now named <unikernel>.hvt,
the ukvm-bin binary is now named solo5-hvt.

• adapt to mirage-protocols, mirage-stack, tcpip changes (#920, by @hannesm)

This is a breaking change: mirage 3.2.0 requires mirage-protocols 1.4.0, mirage-stack 1.3.0, and tcpip 3.5.0 to work (charru-client-mirage 0.10 and mirage-qubes-ipv4 0.6 are adapted to the changes). An older mirage won't be able to use these new libraries correctly. Conflicts were introduced in the opam-repository.

In more detail, direct and socket stack initialisation changed, which is automatically generated by the mirage tool for each unikernel (as part of main.ml). A record was built up, which is no longer needed.

Several unneeded type aliases were removed:
netif from Mirage_protocols.ETHIF
ethif and prefix from Mirage_protocols.IP
ip from Mirage_protocols.{UDP,TCP}
netif and 'netif config from Mirage_stack.V4
'netif stackv4_config and socket_stack_config in Mirage_stack

• squash unnecessary warning from mirage build (#916, by @mato)

3.1.1

3.1.1 (2018-08-01)

• for the unix target, add -tags thread, as done for the mac osx target (#861,
  suggested by @cfcs)
• bump minimum mirage-solo5* and solo5-kernel* to 0.3.0 (#914, by @hannesm, as
  suggested by @mato)
• use the exposed signature in functoria for Key modules (#912, by @Drup)
• add ?group param to all generic devices (#913, by @samoht)

3.1.0

3.1.0 (2018-06-20)

• solo5 v0.3.0 support (#906, by @mato @Kensan @hannesm):
  The major new user-visible features for the Solo5 backends are:
  ukvm: Now runs natively on FreeBSD vmm and OpenBSD vmm.
  ukvm: ARM64 support.
  muen: New target, for the Muen Separation Kernel.
  ukvm: Improved and documented support for debugging Solo5-based unikernels.
• generate libvirt.xml for virtio target (#903, by @bramford)
• don't make xen config documents for target qubes (#895, by @yomimono)
• use a path pin when making depends (#891, by @yomimono)
• move block registration to configure section (#892, by @yomimono)
• allow to directly specifying xenstore ids (#879, by @yomimono)