and developer guides
Attendees: Reynir Björnsson, Amir Chaudhry (chair), Thomas Gazagnaire, David Kaloper, Masoud Koleini, Thomas Leonard, Hannes Mehnert, Richard Mortier, Dave Scott, Balraj Singh, Anil Madhavapeddy, Jon Ludlum, Jeremy Yallop and Mindy Preston
Mindy has written some tests for networking and they're passing. A point was made that they could be functorised. Other tests that force error loops would also be useful. For example, the 'while true curl' route? There's also the desire to be able to run tests on live sites (e.g. mirage-www). For example, something like http-perf when a new kernel is booted? Mindy suggested something that Anil would look into.
We've also noticed an issue with https://mirageos.org as it goes unresponsive after few days. We're not really sure what the issue is but it's not strictly within the the TLS stack (Piñata and handshake server have been fine). If anyone else can stress test what's going on, that would be very useful.
We'll soon be doing a set of releases that are related to native TLS support. We do need more tests and deployments of the combined stack because right now there are only two deployments that are providing feedback. We really need more people to try this out and report feedback.
Some of the releases will involve fixing conduit
patches and changing the
mirage
tool to adapt to new the API. There was also one person on the opam
repository who complained about issues around zarith. Hannes has a PR to fix
this and it also works on his Cubieboard. The other big thing to deal with is
mirage-entropy-xen
.
Anil had some ideas on how to fix the launchpad PPA for binutils
and gcc
.
The workaround is ok for now but the main thing is to make sure it doesn't
affect other packages in opam.
A TLS tunnel unix binary is also in production to replace stunnel
. It's
almost a slot-in replacement but has a slightly different CLI. It's worth
trying out now and Dave said he'd take a look.
The TLS stack has been deployed on https://realworldocaml.org and Anil has found that it's been rock solid for weeks. Balraj couldn't get it to work from Chrome from a hotel connection from his laptop. This was probably a transient issue or due to odd middle-box behaviour.
The Logjam attack was also announced in the morning and the team is checking over things to understand how it affects us (if at all, since we don't support 'export'). You can follow the discussions at mirleft/ocaml-tls#271.
This is running a unikernel with the TLS stack. Also running its own DNS servers again, which means it's back to being fully self-hosted (hasn't been that way for 6 months). There are patches to submit to TCP/IP.
Jitsu itself seems to be working well - Magnus has been running a public, low-traffic DNS server ever since NSDI. A few minor bugs have been discovered but nothing major so far. We questioned whether there was a way to to use Jitsu on XenServer. This might be possible on the development version but probably not on the currently released version.
Irmin sync in the browser is now working! It's going to a memory store on
Unix using Irmin native. ThomasL had to patch bin_prot
as apparently it
didn't like being turned into JavaScript. Everyone should be able to check it
out and test it.
There are some serialisation issues though. When you serialise a value in Irmin it doesn't include length so you can't compose them. This is fixable and ThomasG will go and check it. We should make sure to upstream the various patches too.
It's important that we put some content on the Xen Project wiki pages about MirageOS. A number of newcomers find out about MirageOS via Xen Project, yet the content on the wiki there is quite limited and also out of date. The best approach is probably to put some stable content there and point people to the docs page on our own site at: https://mirageos.org/docs — Amir will look at this over the coming weeks.
We have more tests and more quality libraries. Continuing the efforts around test would be great and we should think of this as being the 'production-ready' release.
Beyond 3.0, it would be great to be in a position to support multiple backends. We'll be able to think about this once all the details of compatibility become clearer. OCamlJava would be one of the things to think about but this is necessarily a longer term effort.
--
Regarding some of the (TCP) patches, we note that libvirt
doesn't support
command line arguments. Perhaps we can ask Dave about this. Might even be
worth getting in touch to see if they can add this.
Security mailing list — We've internally discussed the need for a lightweight security advisory process, so this should be added to list of items before release.
Cross-compilation: This is going well. Question about when we drop 4.01
support. Not clear that anyone is tied to 4.01 for production code. May well
be that MirageOS 3.0 will be the one to drop 4.01 support but will need to
define a cut off date. Must also comprehensively replace camlp4, which is
necessary to improve the situation on ARM. The cutoff should be defined when
all our libs are released using ppx
instead, with the same functionality —
cf. typeconv from JaneStreet.
The next call is scheduled for Wednesday, 3rd June. Please add any agenda items you wish to discuss in advance and refer to the mailing list for actual details a day or so in advance.