[qubes-users] Failure - Building mirage unikernel with debian-10 and Docker CE

799 Sat, 16 Oct 2021 10:24:19 -0700

Hello,

this maybe off-topic because it may be more a debian10 / docker / mirage
topic, but maybe someone has been able to build the mirage firewall with a
more recent template than fedora-30.


Has someone successfully build the mirage kernel on an AppVM which is newer
that fedora-30?
I tried to do so with an AppVM based on a debian-10 template and Docker CE
(version 20.10.9)
Docker installed correctly and has been verified by the "docker run
hello-world" command.

Trying to build mirage gives the following error:

 ./build-with-docker.sh'
[...]
Step 8/8 : CMD opam config exec -- mirage configure -t xen &&     opam
config exec -- make tar
 ---> Using cache
 ---> af7a122a9bdb
Successfully built af7a122a9bdb
Successfully tagged qubes-mirage-firewall:latest
Building Firewall...
mirage: unknown option `-t'.
Usage: mirage configure [OPTION]...
Try `mirage configure --help' or `mirage --help' for more information.
create temporary file /home/opam/qubes-mirage-firewall/bos-1cf2b3.tmp:
Permission denied

To reproduce my notes during installation (all from dom0):

TemplateVM=debian-10
MirageFWBuildVM=debian-10-miragbuildvm
MirageFWAppVM=sys-mirage-fw

# create a temporary BuildVM to build the mirage kernel
qvm-create $MirageFWBuildVM --class=AppVM --label=red --template=$TemplateVM
qvm-volume resize $MirageFWBuildVM:private 10GB
qvm-prefs --set $MirageFWBuildVM netvm sys-firewall

# prequisitis to add the docker repository
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM \
    'curl -fsSL https://download.docker.com/linux/debian/gpg | gpg
--dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM \
  'echo "deb [arch=$(dpkg --print-architecture)
signed-by=/usr/share/keyrings/docker-archive-keyring.gpg]
https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee
/etc/apt/sources.list.d/docker.list'

# update system & install & test docker
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get
update --allow-releaseinfo-change'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get
update && apt-get -y upgrade'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get -y
install apt-transport-https ca-certificates curl gnupg lsb-release git'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get -y
install docker-ce docker-ce-cli containerd.io'
qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'docker run
hello-world'

# Launch docker & build mirage
qvm-run --pass-io --no-gui --user=root $MirageFWBuildVM  'systemctl start
docker'
qvm-run --pass-io --no-gui --user=root $MirageFWBuildVM 'git clone
https://github.com/mirage/qubes-mirage-firewall.git && \
    cd qubes-mirage-firewall && \
    mkdir -p /home/opam/qubes-mirage-firewall && \
    ./build-with-docker.sh'

799

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uV_i4aXnJaw%3DnAumKqtXeKAWCBgnJD--NqXo4mit5pCw%40mail.gmail.com.

[qubes-users] Failure - Building mirage unikernel with debian-10 and Docker CE

Reply via email to