On Saturday, December 10, 2016 at 5:36:29 PM UTC, Reg Tiangha wrote:
> On Saturday, December 10, 2016 at 6:03:17 AM UTC-7, jkitt wrote:
> > What's it like to update - is it relatively simple? Would you say it's more 
> > secure than Debian or Fedora?
> 
> It's easy. Shut down your Mirage OS Firewall VMs, copy over the new kernel 
> files to the relevant directory in /var/lib/qubes/vm-kernels in dom0, and 
> then restart the Mirage firewalls.
> 
[...]
> Note that if you're trying to compile the latest mirage firewall code from 
> github (which isn't reflected on the Release pages yet; there have been some 
> minor changes since the last one), it might be a bit tricky since if you 
> follow the default github instructions, the compilation will eventually fail 
> as mirage-nat tries to pull in older versions of its package dependencies by 
> default.

It seems to work for me. To make things more predictable, I've added a script 
to build it with Docker:

sudo yum install docker
sudo systemctl start docker
git clone https://github.com/talex5/qubes-mirage-firewall.git
cd qubes-mirage-firewall
sudo ./build-with-docker.sh

The Dockerfile uses a fixed version of opam-repository, so it shouldn't break 
even if something gets updated. It also prints out the sha256sum of the binary 
it built and the expected hash (hard-coded in the file), e.g.

$ sudo ./build-with-docker.sh
[...]
SHA2 of build:   
f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3  
mir-qubes-firewall.xen
SHA2 last known: 
f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3

I'd be interested to know if other people get the same hash (of course, the 
hash will change if you e.g. modify the rules.ml file to change the policy).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c6a4c3d-b03d-4528-8996-eed684ac8eb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to