Hello, this maybe off-topic because it may be more a debian10 / docker / mirage topic, but maybe someone has been able to build the mirage firewall with a more recent template than fedora-30.
Has someone successfully build the mirage kernel on an AppVM which is newer that fedora-30? I tried to do so with an AppVM based on a debian-10 template and Docker CE (version 20.10.9) Docker installed correctly and has been verified by the "docker run hello-world" command. Trying to build mirage gives the following error: ./build-with-docker.sh' [...] Step 8/8 : CMD opam config exec -- mirage configure -t xen && opam config exec -- make tar ---> Using cache ---> af7a122a9bdb Successfully built af7a122a9bdb Successfully tagged qubes-mirage-firewall:latest Building Firewall... mirage: unknown option `-t'. Usage: mirage configure [OPTION]... Try `mirage configure --help' or `mirage --help' for more information. create temporary file /home/opam/qubes-mirage-firewall/bos-1cf2b3.tmp: Permission denied To reproduce my notes during installation (all from dom0): TemplateVM=debian-10 MirageFWBuildVM=debian-10-miragbuildvm MirageFWAppVM=sys-mirage-fw # create a temporary BuildVM to build the mirage kernel qvm-create $MirageFWBuildVM --class=AppVM --label=red --template=$TemplateVM qvm-volume resize $MirageFWBuildVM:private 10GB qvm-prefs --set $MirageFWBuildVM netvm sys-firewall # prequisitis to add the docker repository qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM \ 'curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg' qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM \ 'echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list' # update system & install & test docker qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get update --allow-releaseinfo-change' qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get update && apt-get -y upgrade' qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release git' qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'apt-get -y install docker-ce docker-ce-cli containerd.io' qvm-run --auto --pass-io --no-gui --user=root $MirageFWBuildVM 'docker run hello-world' # Launch docker & build mirage qvm-run --pass-io --no-gui --user=root $MirageFWBuildVM 'systemctl start docker' qvm-run --pass-io --no-gui --user=root $MirageFWBuildVM 'git clone https://github.com/mirage/qubes-mirage-firewall.git && \ cd qubes-mirage-firewall && \ mkdir -p /home/opam/qubes-mirage-firewall && \ ./build-with-docker.sh' 799 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uV_i4aXnJaw%3DnAumKqtXeKAWCBgnJD--NqXo4mit5pCw%40mail.gmail.com.