On Sunday, April 7, 2019 at 6:06:13 AM UTC+1, haaber wrote:
> Hey Thomas,
>
> I are right, it that was definitely better to put the FAQ on the site
> (and this list). I did set up a standalone debian-10 to build, and the
> process went through smoothly. Thank you. The 'but' comes now: BUT, in
> the end the checksum fails!
>
> sha256sum vmlinuz
> 570be5685298acb014cfaec132a35469e1cafbe2f731945dc5c57e8956e6638f
Did you use Docker to build it in your standalone qube? It should match if so.
If not, it's unlikely to match because you're probably building against
different library versions.
> I stored the output of find . -type f -exec sha256sum \{} \; of the
> qubes-mirage-firewall folder in this file
>
> https://framabin.org/p/?d9b2b5de724e5c2a#20uFbk/hVlaZnMqHYQ/DXjv9Lav3+Y8Fw7rU05k1IhY=
>
> to avoid sending 260 lines here. If someone has recently build the
> version 0.5, could you run a diff on that to see what happened ? Cheers,
> Bernhard
If you want to check that building without Docker gives exactly the same result
as building with it (which might not be too easy...) you'll need to make sure
that every installed OCaml library has the same version at least.
I'd suggest copying the firewall directory and building the copy with Docker
(be sure to delete the copied _build directory first). Then you can compare
between the two on your own computer.
For example, running "opam list" will show you the local (non-Docker) versions
chosen.
To enter the Docker virtual build environment (after building), do:
$ docker run --rm -it --entrypoint bash qubes-mirage-firewall
That will get you a bash prompt, and you can run "opam list" there to see which
versions the Docker build is using, and compare.
Note that any changes you make within the Docker build environment will be lost
when you exit the shell.
To make sure it always uses the same version, the Docker image contains a Git
clone of the opam repository, which it pins (in Dockerfile) to a particular
commit. That means that the build-with-docker script will always build against
the versions available at that fixed point in time, not the latest ones.
You might also find that Debian packages affect it (e.g. make sure you have the
same version of gcc, as there are a few C source files used too).
If you need to get things in or out of the Docker environment, you can use -v
to share a directory. e.g.
$ docker run --rm -it -v $(pwd):/mnt --entrypoint bash qubes-mirage-firewall
will share the current directory with Docker, mounted at `/mnt` in the virtual
environment.
You might also be interested in the console output from the Travis CI build
(this also lists the versions used):
https://travis-ci.org/mirage/qubes-mirage-firewall/builds/515629873
Hope that helps.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8e80a54d-a0b4-41cb-969e-01950f6f49a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
