On Saturday, December 10, 2016 at 5:36:29 PM UTC, Reg Tiangha wrote: > On Saturday, December 10, 2016 at 6:03:17 AM UTC-7, jkitt wrote: > > What's it like to update - is it relatively simple? Would you say it's more > > secure than Debian or Fedora? > > It's easy. Shut down your Mirage OS Firewall VMs, copy over the new kernel > files to the relevant directory in /var/lib/qubes/vm-kernels in dom0, and > then restart the Mirage firewalls. > [...] > Note that if you're trying to compile the latest mirage firewall code from > github (which isn't reflected on the Release pages yet; there have been some > minor changes since the last one), it might be a bit tricky since if you > follow the default github instructions, the compilation will eventually fail > as mirage-nat tries to pull in older versions of its package dependencies by > default.
It seems to work for me. To make things more predictable, I've added a script to build it with Docker: sudo yum install docker sudo systemctl start docker git clone https://github.com/talex5/qubes-mirage-firewall.git cd qubes-mirage-firewall sudo ./build-with-docker.sh The Dockerfile uses a fixed version of opam-repository, so it shouldn't break even if something gets updated. It also prints out the sha256sum of the binary it built and the expected hash (hard-coded in the file), e.g. $ sudo ./build-with-docker.sh [...] SHA2 of build: f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3 mir-qubes-firewall.xen SHA2 last known: f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3 I'd be interested to know if other people get the same hash (of course, the hash will change if you e.g. modify the rules.ml file to change the policy). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c6a4c3d-b03d-4528-8996-eed684ac8eb1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
