From 22be4f6ee1cbea66a62f838723e465317f40b48e Mon Sep 17 00:00:00 2001 From: Calascibetta Romain Date: Tue, 4 Jun 2024 19:01:55 +0200 Subject: [PATCH 1/8] Try to integrate a CI --- .dockerignore | 6 ++++++ .github/workflows/docker.yml | 32 ++++++++++++++++++++++++++++++++ .github/workflows/podman.yml | 32 ++++++++++++++++++++++++++++++++ Dockerfile | 36 ++++++++++++++++++++++++++++++++++++ build-with.sh | 24 ++++++++++++++++++++++++ config.ml | 2 +- unikernel.ml | 3 ++- 7 files changed, 133 insertions(+), 2 deletions(-) create mode 100644 .dockerignore create mode 100644 .github/workflows/docker.yml create mode 100644 .github/workflows/podman.yml create mode 100644 Dockerfile create mode 100755 build-with.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..dbaf2e0 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +.git +_build +*.xen +*.bz2 +*.tar.bz2 +*.tgz diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..f392bf9 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,32 @@ +name: Main workflow + +on: + pull_request: + push: + schedule: + # Prime the caches every Monday + - cron: 0 1 * * MON + +jobs: + build: + strategy: + fail-fast: false + matrix: + os: + - ubuntu-latest + + runs-on: ${{ matrix.os }} + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - run: ./build-with.sh docker + + - run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen | cut -d " " -f 1) = $(grep "SHA2 last known" build-with.sh | rev | cut -d ":" -f 1 | rev | cut -d "\"" -f 1 | tr -d " ") ]; then echo "SHA256 MATCHES"; else exit 42; fi' + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: miragevpn.tar.bz2 + path: miragevpn.tar.bz2 diff --git a/.github/workflows/podman.yml b/.github/workflows/podman.yml new file mode 100644 index 0000000..fba19eb --- /dev/null +++ b/.github/workflows/podman.yml @@ -0,0 +1,32 @@ +name: Main workflow + +on: + pull_request: + push: + schedule: + # Prime the caches every Monday + - cron: 0 1 * * MON + +jobs: + build: + strategy: + fail-fast: false + matrix: + os: + - ubuntu-latest + + runs-on: ${{ matrix.os }} + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - run: ./build-with.sh podman + + - run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen | cut -d " " -f 1) = $(grep "SHA2 last known" build-with.sh | rev | cut -d ":" -f 1 | rev | cut -d "\"" -f 1 | tr -d " ") ]; then echo "SHA256 MATCHES"; else exit 42; fi' + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: mirage-firewall.tar.bz2 + path: mirage-firewall.tar.bz2 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3598b94 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,36 @@ +# Pin the base image to a specific hash for maximum reproducibility. +# It will probably still work on newer images, though, unless an update +# changes some compiler optimisations (unlikely). +# bookworm-slim taken from https://hub.docker.com/_/debian/tags?page=1&name=bookworm-slim +FROM debian@sha256:3d5df92588469a4c503adbead0e4129ef3f88e223954011c2169073897547cac +# install remove default packages repository +RUN rm /etc/apt/sources.list.d/debian.sources +# and set the package source to a specific release too +# taken from https://snapshot.debian.org/archive/debian +RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20240419T024211Z bookworm main\n" > /etc/apt/sources.list +# taken from https://snapshot.debian.org/archive/debian-security/ +RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20240419T111010Z bookworm-security main\n" >> /etc/apt/sources.list + +RUN apt update && apt install --no-install-recommends --no-install-suggests -y wget ca-certificates git patch unzip bzip2 make gcc g++ libc-dev +RUN wget -O /usr/bin/opam https://github.com/ocaml/opam/releases/download/2.1.5/opam-2.1.5-i686-linux && chmod 755 /usr/bin/opam +# taken from https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh +RUN test `sha512sum /usr/bin/opam | cut -d' ' -f1` = \ +"38802b3079eeceb27aab3465bfd0f9f05a710dccf9487eb35fa2c02fbaf9a0659e1447aa19dd36df9cd01f760229de28c523c08c1c86a3aa3f5e25dbe7b551dd" || exit + +ENV OPAMROOT=/tmp +ENV OPAMCONFIRMLEVEL=unsafe-yes +# Pin last known-good version for reproducible builds. +# Remove this line (and the base image pin above) if you want to test with the +# latest versions. +# taken from https://github.com/ocaml/opam-repository +RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repository.git#f9f113a6bb242a13702859873fa0fcef9146eb6a +RUN opam switch create myswitch 4.14.2 +RUN opam exec -- opam install -y mirage opam-monorepo ocaml-solo5 +RUN opam pin https://github.com/robur-coop/miragevpn.git#cd7d999321e13993862af649977689aa96a7e114 +RUN mkdir /tmp/orb-build +ADD config.ml /tmp/orb-build/config.ml +WORKDIR /tmp/orb-build +CMD opam exec -- sh -exc 'mirage configure -t xen --extra-repos=\ +opam-overlays:https://github.com/dune-universe/opam-overlays.git#4e75ee36715b27550d5bdb87686bb4ae4c9e89c4,\ +mirage-overlays:https://github.com/dune-universe/mirage-opam-overlays.git#797cb363df3ff763c43c8fbec5cd44de2878757e \ +&& make depend && make build' diff --git a/build-with.sh b/build-with.sh new file mode 100755 index 0000000..fd52bc9 --- /dev/null +++ b/build-with.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -eu + +if [[ $# -ne 1 ]] ; then + echo "Usage: build-with.sh { docker | podman }" + exit 1 +fi + +builder=$1 +case $builder in + docker|podman) + ;; + *) + echo "You should use either docker or podman for building" + exit 2 +esac + +echo Building $builder image with dependencies.. +$builder build -t qubes-miragevpn . +echo Building MirageVPN... +$builder run --rm -i -v `pwd`:/tmp/orb-build:Z qubes-miragevpn +echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)" +echo "SHA2 last known: 0cbb202c1b93e10ad115c9e988f9384005656c0855ec9deaf05a5e9ac9972984" +echo "(hashes should match for released versions)" diff --git a/config.ml b/config.ml index 4d04a5f..2504019 100644 --- a/config.ml +++ b/config.ml @@ -29,7 +29,7 @@ let main = (random @-> mclock @-> pclock @-> time @-> qubesdb @-> stackv4v6 @-> kv_ro @-> job) let () = - register "qubes-unikernel" + register "qubes-miragevpn" [ main $ default_random $ default_monotonic_clock $ default_posix_clock $ default_time diff --git a/unikernel.ml b/unikernel.ml index 7c42366..c5391ad 100644 --- a/unikernel.ml +++ b/unikernel.ml @@ -307,5 +307,6 @@ struct ; oc= Lwt_stream.create () ; ic= Lwt_stream.create () ; clients } in - Lwt.pick [ shutdown; wait_clients t; ovpn_loop t; ingest_private t; packets_to_clients t ] + let* () = Lwt.pick [ shutdown; wait_clients t; ovpn_loop t; ingest_private t; packets_to_clients t ] in + S.disconnect vif0 end From 135ed501f0f3df42f30591d2f28aa796c5e64550 Mon Sep 17 00:00:00 2001 From: Pierre Alain Date: Wed, 5 Jun 2024 16:43:39 +0200 Subject: [PATCH 2/8] update build system --- Dockerfile | 6 ++++-- build-with.sh | 4 ++-- qubes-miragevpn.sha256 | 1 + 3 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 qubes-miragevpn.sha256 diff --git a/Dockerfile b/Dockerfile index 3598b94..901a67c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,10 +23,12 @@ ENV OPAMCONFIRMLEVEL=unsafe-yes # Remove this line (and the base image pin above) if you want to test with the # latest versions. # taken from https://github.com/ocaml/opam-repository -RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repository.git#f9f113a6bb242a13702859873fa0fcef9146eb6a +RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repository.git#5979d639be2999663a41c1d1b8a73ce3036dcb41 RUN opam switch create myswitch 4.14.2 RUN opam exec -- opam install -y mirage opam-monorepo ocaml-solo5 -RUN opam pin https://github.com/robur-coop/miragevpn.git#cd7d999321e13993862af649977689aa96a7e114 +RUN opam exec -- opam install -y tls +RUN opam pin https://github.com/palainp/miragevpn.git#update +RUN opam pin https://github.com/palainp/mirage-qubes.git#update RUN mkdir /tmp/orb-build ADD config.ml /tmp/orb-build/config.ml WORKDIR /tmp/orb-build diff --git a/build-with.sh b/build-with.sh index fd52bc9..57aa5d8 100755 --- a/build-with.sh +++ b/build-with.sh @@ -19,6 +19,6 @@ echo Building $builder image with dependencies.. $builder build -t qubes-miragevpn . echo Building MirageVPN... $builder run --rm -i -v `pwd`:/tmp/orb-build:Z qubes-miragevpn -echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)" -echo "SHA2 last known: 0cbb202c1b93e10ad115c9e988f9384005656c0855ec9deaf05a5e9ac9972984" +echo "SHA2 of build: $(sha256sum ./dist/qubes-miragevpn.xen)" +echo "SHA2 last known: $(cat qubes-miragevpn.sha256)" echo "(hashes should match for released versions)" diff --git a/qubes-miragevpn.sha256 b/qubes-miragevpn.sha256 new file mode 100644 index 0000000..2fa2139 --- /dev/null +++ b/qubes-miragevpn.sha256 @@ -0,0 +1 @@ +d825a4d1e72708863c21b245a553a09ddcf9c89866cd8e195ccccc82634fe258 dist/qubes-miragevpn.xen From e6b846b5d312454ffe6bca64d08cb4f0cbe1d74f Mon Sep 17 00:00:00 2001 From: Pierre Alain Date: Wed, 5 Jun 2024 16:43:53 +0200 Subject: [PATCH 3/8] fix compilation --- dao.ml | 2 +- unikernel.ml | 7 ++----- vif.ml | 2 +- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/dao.ml b/dao.ml index 006ff41..71149fc 100644 --- a/dao.ml +++ b/dao.ml @@ -139,4 +139,4 @@ let print_network_config config = Ipaddr.V4.pp config.ip Ipaddr.V4.pp (fst config.dns) Ipaddr.V4.pp (snd config.dns)) -let set_iptables_error db = Qubes.DB.write db "/qubes-iptables-error" +let _set_iptables_error db = Qubes.DB.write db "/qubes-iptables-error" diff --git a/unikernel.ml b/unikernel.ml index c5391ad..bd7b215 100644 --- a/unikernel.ml +++ b/unikernel.ml @@ -1,5 +1,3 @@ -open Qubes - let ( let* ) = Lwt.bind let ( % ) f g = fun x -> f (g x) @@ -150,9 +148,8 @@ struct | exn -> Lwt.fail exn in Finaliser.add ~finaliser:(fun () -> Lwt.cancel listener) finalisers; - let rec transmit = + let transmit = let rec fn () = - let open Lwt.Syntax in Lwt_stream.get (fst ic) >>= function | Some packet -> (snd t.ic) (Some (vif, packet)); fn () | None -> Lwt.return_unit in @@ -214,7 +211,7 @@ struct msg Cstruct.hexdump_pp cs); Lwt.return fragments | Ok (hdr, payload) -> - let fragments, packet = Fragments.process fragments now hdr payload in + let fragments, _packet = Fragments.process fragments now hdr payload in let packet = Nat.of_ipv4 hdr payload in let packet = Option.map (Mirage_nat_lru.translate table) packet in let packet = Option.map Result.to_option packet in diff --git a/vif.ml b/vif.ml index 272422b..2d90e6d 100644 --- a/vif.ml +++ b/vif.ml @@ -50,7 +50,7 @@ type t = ; ip : Client_ip.t ; domid : int } -let make backend { Dao.Client_vif.domid; device_id } ~gateway ipaddr = +let make backend { Dao.Client_vif.domid; _ } ~gateway ipaddr = let open Lwt.Syntax in let* ethernet = Client_ethernet.connect backend in let ((my_mac, your_mac) as mac) = From 34add628e3e588e9acbdd953541021d241655928 Mon Sep 17 00:00:00 2001 From: Pierre Alain Date: Wed, 5 Jun 2024 16:50:44 +0200 Subject: [PATCH 4/8] update workflows --- .github/workflows/docker.yml | 2 +- .github/workflows/podman.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f392bf9..35cbb85 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,7 +23,7 @@ jobs: - run: ./build-with.sh docker - - run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen | cut -d " " -f 1) = $(grep "SHA2 last known" build-with.sh | rev | cut -d ":" -f 1 | rev | cut -d "\"" -f 1 | tr -d " ") ]; then echo "SHA256 MATCHES"; else exit 42; fi' + - run: sh -exc 'diff <(sha256sum dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' - name: Upload Artifact uses: actions/upload-artifact@v3 diff --git a/.github/workflows/podman.yml b/.github/workflows/podman.yml index fba19eb..b4b0f65 100644 --- a/.github/workflows/podman.yml +++ b/.github/workflows/podman.yml @@ -23,7 +23,7 @@ jobs: - run: ./build-with.sh podman - - run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen | cut -d " " -f 1) = $(grep "SHA2 last known" build-with.sh | rev | cut -d ":" -f 1 | rev | cut -d "\"" -f 1 | tr -d " ") ]; then echo "SHA256 MATCHES"; else exit 42; fi' + - run: sh -exc 'diff <(sha256sum dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' - name: Upload Artifact uses: actions/upload-artifact@v3 From ea1a4746b2637869641c2181fe95794c51e0329a Mon Sep 17 00:00:00 2001 From: Calascibetta Romain Date: Thu, 6 Jun 2024 14:14:32 +0200 Subject: [PATCH 5/8] Patches are merged on miragevpn and mirage-qubes, we don't need to use a specific branch for them to build the unikernel --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 901a67c..97630c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,8 +27,8 @@ RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repos RUN opam switch create myswitch 4.14.2 RUN opam exec -- opam install -y mirage opam-monorepo ocaml-solo5 RUN opam exec -- opam install -y tls -RUN opam pin https://github.com/palainp/miragevpn.git#update -RUN opam pin https://github.com/palainp/mirage-qubes.git#update +RUN opam pin https://github.com/robur-coop/miragevpn.git +RUN opam pin https://github.com/mirage/mirage-qubes.git RUN mkdir /tmp/orb-build ADD config.ml /tmp/orb-build/config.ml WORKDIR /tmp/orb-build From 23059f6a0e269483e2b61c2bffca1ba4abd04d2b Mon Sep 17 00:00:00 2001 From: Calascibetta Romain Date: Thu, 6 Jun 2024 14:33:21 +0200 Subject: [PATCH 6/8] Better to add pin into the Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 97630c2..34dfc96 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,8 +27,8 @@ RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repos RUN opam switch create myswitch 4.14.2 RUN opam exec -- opam install -y mirage opam-monorepo ocaml-solo5 RUN opam exec -- opam install -y tls -RUN opam pin https://github.com/robur-coop/miragevpn.git -RUN opam pin https://github.com/mirage/mirage-qubes.git +RUN opam pin add -y https://github.com/robur-coop/miragevpn.git +RUN opam pin add -y https://github.com/mirage/mirage-qubes.git RUN mkdir /tmp/orb-build ADD config.ml /tmp/orb-build/config.ml WORKDIR /tmp/orb-build From d34cb7874ab2903c171da92686a8781e7e295f5b Mon Sep 17 00:00:00 2001 From: Pierre Alain Date: Fri, 7 Jun 2024 12:36:39 +0200 Subject: [PATCH 7/8] update opam-repository, opam version, add xz-utils for gmp --- .github/workflows/docker.yml | 2 +- .github/workflows/podman.yml | 2 +- Dockerfile | 12 ++++++------ qubes-miragevpn.sha256 | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 35cbb85..976ad69 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,7 +23,7 @@ jobs: - run: ./build-with.sh docker - - run: sh -exc 'diff <(sha256sum dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' + - run: sh -exc 'diff <(sha256sum ./dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' - name: Upload Artifact uses: actions/upload-artifact@v3 diff --git a/.github/workflows/podman.yml b/.github/workflows/podman.yml index b4b0f65..a002821 100644 --- a/.github/workflows/podman.yml +++ b/.github/workflows/podman.yml @@ -23,7 +23,7 @@ jobs: - run: ./build-with.sh podman - - run: sh -exc 'diff <(sha256sum dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' + - run: sh -exc 'diff <(sha256sum ./dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' - name: Upload Artifact uses: actions/upload-artifact@v3 diff --git a/Dockerfile b/Dockerfile index 34dfc96..a726314 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,11 +11,11 @@ RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian # taken from https://snapshot.debian.org/archive/debian-security/ RUN printf "deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20240419T111010Z bookworm-security main\n" >> /etc/apt/sources.list -RUN apt update && apt install --no-install-recommends --no-install-suggests -y wget ca-certificates git patch unzip bzip2 make gcc g++ libc-dev -RUN wget -O /usr/bin/opam https://github.com/ocaml/opam/releases/download/2.1.5/opam-2.1.5-i686-linux && chmod 755 /usr/bin/opam +RUN apt update && apt install --no-install-recommends --no-install-suggests -y wget ca-certificates git patch unzip bzip2 xz-utils make gcc g++ libc-dev +RUN wget -O /usr/bin/opam https://github.com/ocaml/opam/releases/download/2.1.6/opam-2.1.6-i686-linux && chmod 755 /usr/bin/opam # taken from https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh RUN test `sha512sum /usr/bin/opam | cut -d' ' -f1` = \ -"38802b3079eeceb27aab3465bfd0f9f05a710dccf9487eb35fa2c02fbaf9a0659e1447aa19dd36df9cd01f760229de28c523c08c1c86a3aa3f5e25dbe7b551dd" || exit +"2b308e7a848252d831a1e046b70156cd901e8a5d95405fc03244fc69ce08222675871d3bcc35352b4448f15787f68a16491c574a6f9d5d8c9bcab81eb6d71ef8" || exit ENV OPAMROOT=/tmp ENV OPAMCONFIRMLEVEL=unsafe-yes @@ -23,12 +23,12 @@ ENV OPAMCONFIRMLEVEL=unsafe-yes # Remove this line (and the base image pin above) if you want to test with the # latest versions. # taken from https://github.com/ocaml/opam-repository -RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repository.git#5979d639be2999663a41c1d1b8a73ce3036dcb41 +RUN opam init --disable-sandboxing -a --bare https://github.com/ocaml/opam-repository.git#2926702fdd0fe7cab6ee1fa26ccecd28c3c3dd95 RUN opam switch create myswitch 4.14.2 RUN opam exec -- opam install -y mirage opam-monorepo ocaml-solo5 RUN opam exec -- opam install -y tls -RUN opam pin add -y https://github.com/robur-coop/miragevpn.git -RUN opam pin add -y https://github.com/mirage/mirage-qubes.git +RUN opam pin add -y https://github.com/robur-coop/miragevpn.git#0a502cafd0824888c194039fae32a9e1e65cd356 +RUN opam pin add -y https://github.com/mirage/mirage-qubes.git#6d4745eb111c84d68efc8bb14e03d4c5c761df3b RUN mkdir /tmp/orb-build ADD config.ml /tmp/orb-build/config.ml WORKDIR /tmp/orb-build diff --git a/qubes-miragevpn.sha256 b/qubes-miragevpn.sha256 index 2fa2139..82bb162 100644 --- a/qubes-miragevpn.sha256 +++ b/qubes-miragevpn.sha256 @@ -1 +1 @@ -d825a4d1e72708863c21b245a553a09ddcf9c89866cd8e195ccccc82634fe258 dist/qubes-miragevpn.xen +ca8791d985a8d85e85e3d44b091edfa19c3f80649632b50b912d61f2d71a33d3 ./dist/qubes-miragevpn.xen From 2bfa30a65c2b4fefff47292cf80170c8575cddd6 Mon Sep 17 00:00:00 2001 From: Pierre Alain Date: Mon, 10 Jun 2024 13:03:45 +0200 Subject: [PATCH 8/8] update hashsum and github action scripts --- .github/workflows/docker.yml | 2 +- .github/workflows/podman.yml | 2 +- build-with.sh | 2 +- qubes-miragevpn.sha256 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 976ad69..4f5485a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,7 +23,7 @@ jobs: - run: ./build-with.sh docker - - run: sh -exc 'diff <(sha256sum ./dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' + - run: sh -exc 'if [ "$(sha256sum ./dist/qubes-miragevpn.xen)" = "$(cat ./qubes-miragevpn.sha256)" ]; then echo "SHA256 MATCHES"; else exit 42; fi' - name: Upload Artifact uses: actions/upload-artifact@v3 diff --git a/.github/workflows/podman.yml b/.github/workflows/podman.yml index a002821..f3f732d 100644 --- a/.github/workflows/podman.yml +++ b/.github/workflows/podman.yml @@ -23,7 +23,7 @@ jobs: - run: ./build-with.sh podman - - run: sh -exc 'diff <(sha256sum ./dist/qubes-miragevpn.xen) qubes-miragevpn.sha256 && echo "SHA256 MATCHES" || exit 42' + - run: sh -exc 'if [ "$(sha256sum ./dist/qubes-miragevpn.xen)" = "$(cat ./qubes-miragevpn.sha256)" ]; then echo "SHA256 MATCHES"; else exit 42; fi' - name: Upload Artifact uses: actions/upload-artifact@v3 diff --git a/build-with.sh b/build-with.sh index 57aa5d8..f2b1f49 100755 --- a/build-with.sh +++ b/build-with.sh @@ -1,7 +1,7 @@ #!/bin/sh set -eu -if [[ $# -ne 1 ]] ; then +if [ $# -ne 1 ] ; then echo "Usage: build-with.sh { docker | podman }" exit 1 fi diff --git a/qubes-miragevpn.sha256 b/qubes-miragevpn.sha256 index 82bb162..0311878 100644 --- a/qubes-miragevpn.sha256 +++ b/qubes-miragevpn.sha256 @@ -1 +1 @@ -ca8791d985a8d85e85e3d44b091edfa19c3f80649632b50b912d61f2d71a33d3 ./dist/qubes-miragevpn.xen +c38251c9c0e72e891b0bffeba3ab4a14244360df3eaea4b87af778e299f1d2b7 ./dist/qubes-miragevpn.xen