On Saturday, December 10, 2016 at 5:36:29 PM UTC, Reg Tiangha wrote:
> On Saturday, December 10, 2016 at 6:03:17 AM UTC-7, jkitt wrote:
> > What's it like to update - is it relatively simple? Would you say it's more 
> > secure than Debian or Fedora?
> It's easy. Shut down your Mirage OS Firewall VMs, copy over the new kernel 
> files to the relevant directory in /var/lib/qubes/vm-kernels in dom0, and 
> then restart the Mirage firewalls.
> Note that if you're trying to compile the latest mirage firewall code from 
> github (which isn't reflected on the Release pages yet; there have been some 
> minor changes since the last one), it might be a bit tricky since if you 
> follow the default github instructions, the compilation will eventually fail 
> as mirage-nat tries to pull in older versions of its package dependencies by 
> default.

It seems to work for me. To make things more predictable, I've added a script 
to build it with Docker:

sudo yum install docker
sudo systemctl start docker
git clone https://github.com/talex5/qubes-mirage-firewall.git
cd qubes-mirage-firewall
sudo ./build-with-docker.sh

The Dockerfile uses a fixed version of opam-repository, so it shouldn't break 
even if something gets updated. It also prints out the sha256sum of the binary 
it built and the expected hash (hard-coded in the file), e.g.

$ sudo ./build-with-docker.sh
SHA2 of build:   
SHA2 last known: 

I'd be interested to know if other people get the same hash (of course, the 
hash will change if you e.g. modify the rules.ml file to change the policy).

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to