Code & tooling update

0.9.2 (2024-10-16)

• Code refactoring and improvements (#197, @dinosaure)
• Build tooling updates: opam 2.2.1, solo5 0.9, mirage 4.8.1 (#199, #201, #202, #203, @hannesm)

Less dependencies and allow firewall rules with domain names

• Drop astring dependency, update mirage-net-xen, and OCaml 4.14.2 -- the latest LTS release (#193, @hannesm)
• Allow the firewall to use domains requests in rules (#193, @palainp, reported in the Qubes forum, fix confirmed by @neoniobium)

Update to mirage 4.5.0 and improve netvm features

• Fix an incorrect free memory estimation (fix in mirage/ocaml-solo5#135 @palainp)
• Update to mirage 4.5.0, allowing openBSD to be used as netvm (#146 reported by @Szewcson), and recover from a netvm change (#156 reported by @xaki23) (#178 @palainp)

Fix docker build & update build scripts

• With Qubes 4.2 SELinux policies on Fedora AppVMS are enforced and now we need to run an additional command to be allowed to store docker images in the user homedir (#183 @palainp, reported by @Szewcson)
• Updated the build scripts for more build reproducibility (change for official debian repositories, update debian image, update opam-repository commit, set commit for opam-overlay and mirage-overlay) (#184 @palainp, reported by @ben-grande)
• Update disk usage value during local compilation (#186 @palainp, reported by @ben-grande)

Fix startup crash and memory reporting to Xen

• Remove memreport to Xen to avoid Qubes trying to get back some memory (#176 @palainp, reported from Qubes forum[1], this also fixes #177 reported by @bluesteal and @xaki23)
• Use bookworm and snapshot.notset.fr debian packages for reproducibility (#175 @palainp, reported by @hannesm #165)

[1]: https://forum.qubes-os.org/t/new-usability-issues-dom0-processes-making-system-unusable/18301/2 and https://forum.qubes-os.org/t/memory-allocation-problem-remains-in-low-allocation-for-minutes/18787

Avoid denial of service with console output

• Fix remote denial of service due to excessive console output (#166 @burghardt,
  fix in Solo5/solo5#538 by @palainp)
• Use Ubuntu container for build, now GitHub action, ./build-with-docker.sh and
  builds.robur.coop are synchronized (and result in the same artifact)
  (#164 @hannesm)

autumn 2022 bugfixes

• Fix "DNS issues", a firewall ruleset with a domain name lead to 100% CPU usage
  (reported by fiftyfourthparallel on
  https://forum.qubes-os.org/t/mirage-firewall-0-8-2-broken-new-users-should-install-0-8-1/14566,
  re-reported by @palainp in #158, fixed by @hannesm in mirage/mirage-nat#48
  (release 3.0.1)) - underlying issue was a wrong definition of is_port_free
  (since 3.0.0, used since mirage-qubes-firewall 0.8.2).
• Fix "crash on downstream vm start", after more than 64 client VMs have been
  connected and disconnected with the qubes-mirage-firewall (reported by @xaki23
  in #155, fixed by @hannesm in #161) - underlying issue was a leak of xenstore
  watchers and a hard limit in xen on the amount of watchers
• Fix "detach netvm fails" (reported by @rootnoob in #157, fixed by @palainp
  in mirage/mirage-net-xen#105 (release 2.1.2)) - underlying issue was that the
  network interface state was never set to closed, but directly removed
• Fix potential DoS in handling DNS replies (#162 @hannesm)
• Avoid potential forever loop in My_nat.free_udp_port (#159 @hannesm)
• Assorted code removals (#161 @hannesm)
• Update to dns 6.4.0 changes (#154, @hannesm)

Memory improvements

• Advise to use 32 MB memory, which is sufficient (#150, @palainp)
• Improve documentation (#150, @palainp)
• Remove unneeded memory management code and log messages (#150, @palainp)
• Use mirage-nat 3.0.0, remove global mutable state (#151, @hannesm)

various bug fixes

• support qrexec protocol version 3 (@reynir @palainp in mirage-qubes 0.9.3)
• remove special DNS rule (which used to be required for Qubes 3, issue #63, fix #142, @hannesm)
• use DNS servers from QubesDB instead of hardcoded ones for evaluation of the DNS rule (#142 @hannesm)
• remove the GUI code (not needed in Qubes 4.1 anymore, issue #62, fix #144, @palainp)
• trigger GC slightly earlier (at < 50% free space, issue #143, fix #147, @palainp)

PVH support

The major change is to use PVH instead of PV. The effort was in solo5 (https://github.com/solo5/solo5) which since 0.6.6 supports Xen and PVH (developed by @mato, with some fixes (multiboot, mem size computed uniformly, not skipping first token of command line arguments) by @marmarek, @xaki23, @palainp, and @hannesm).

Another user-visible change is that the DNS resolver is read from QubesDB /qubes-primary-dns instead of using a hardcoded IP address (@palainp and @hannesm).

Also, the qrexec version negotiation has been implemented (in mirage-qubes by @reynir).

Thanks to @palainp and @winux138 keeping track of memory allocation has been improved, and also memory can be freed now.

This release uses the latest mirage release (4.2.1). It can be built with a Fedora 35 container. It uses OCaml 4.14.0.

Thanks to @talex5 for lots of code cleanups, reviews, and merges. Also thanks to @xaki23 for early and detailed feedback. Testing was done by @TommyTran732 and @Szewcson. Thanks to @burghardt for documentation improvements.