Patches adding TLS support

[talex5]

This builds and tests everything with all the TLS patches in. I assume we now wait for these patches to be accepted upstream and update to the release archives as they happen?

Things needing to be merged/released:

• Added 'error_message' function mirage-console#33
• Added 'error_message' function ocaml-vchan#60
• Added 'error_message' functions mirage-tcpip#98
• Added error_message function to FLOW mirage#346 (mirage and mirage-types)
• Added 'error_message' function mirleft/ocaml-tls#225 (superseded by Mirage 2.3.0 mirleft/ocaml-tls#258)
• Copy out-bound data into pre-shared pages mirage-net-xen#17
• Mirage TLS support ocaml-conduit#37
• Build C stubs for Xen too mirleft/ocaml-nocrypto#44
• Add linker options for Xen/Mini-OS yallop/ocaml-ctypes#231
• fatal error: ctypes_cstubs_internals.h: No such file or directory yallop/ocaml-ctypes#253
• mirage-entropy
• mirleft/ocaml-x509@67488b6 (needed by latest tls)
• Finalizing the new entropy mirleft/ocaml-nocrypto#55

And, afterwards:

• Updated for Conduit TLS support mirage-skeleton#67

[hannesm]

should mirleft/ocaml-nocrypto#44 also be in this list??

[talex5]

@hannesm you're right - I didn't realise that still wasn't merged. Is there a problem with it?

[hannesm]

@talex5 I think it's fine, but it's @pqwy territory (whom I keep busy with various PRs) ;)

[talex5]

OK, I think we have all the required libraries in now! I added a Travis check to try building mirage-skeleton with --xen and also an https_website example that checks the TLS stuff builds for Xen.

[avsm]

mirage-console 2.1.1 in ocaml/opam-repository#3445

[pqwy]

mirleft/ocaml-nocrypto#44 can be crossed off the list too.

[talex5]

@pqwy - not yet - it hasn't been released yet.

[avsm]

tcpip.2.2.3 is now released, so checked that one off.

[avsm]

I've added a ctypes.0.4.0 working version in #55, as that's necessary for the Xen compilation.

[hannesm]

I believe mirage-entropy needs to be somewhere in here... and to get this released, mirage/mirage-platform#120 needs to be merged and released first..

[avsm]

mirage-platform 2.2.2 packages going out in ocaml/opam-repository#3667, so mirage-entropy is releasable now.

[hannesm]

there is no mirage-types-lwt-2.3.0?

[avsm]

am just adding it now!

[avsm]

ocaml/opam-repository#3694 has mirage-types-lwt.2.3.0

[amirmc]

Seems to me that mirleft/ocaml-nocrypto#44 was released. Checking it off this list.

[talex5]

Seems various APIs had changed. I've updated the mirage and conduit PRs to the new APIs and removed the released components from this repository. Should be working again now.

[hannesm]

getting there... ocaml/opam-repository#3770

[samoht]

I've checked more boxes, the missing bits are cleaning-up out TLS support forconduit and solving the entropy/nocrypto coupling (which is worked on)

[pqwy]

That last bit is being tracked here.

[hannesm]

once mirage mirage/mirage#394 PR is merged, and there are some releases (nocrypto, tls, mirage-entropy-xen), we'll need gmp-xen and zarith-xen; which might both be sensible to drag in via a mirage-no-xen | (mirage-xen & x) dependency (zarith onto gmp, nocrypto onto zarith)..

[samoht]

Indeed, we need the mirage-no-xen stuff. Do you want to look into that tomorrow (I'm fine to do it too)?

[hannesm]

@samoht as a start #63

[hannesm]

would also be nice to release a mirage-xen which is compatible with cstruct-1.6.0 (e.g. master)

[samoht]

Almost done now, I've merged most of the things in mirage-dev. Only missing parts are optional but which would be nice to have:

• support cstruct 1.6.0 in mirage-xen
• better entropy and conduit integration (without mirage) Mirage Nocrypto initialise should be done within Lwt main loop ocaml-conduit#67

[hannesm]

@samoht great work, thanks! I believe #74 should be there as well. we can do some more testing, and then move it towards the main opam repository!?

[samoht]

Ha yes good point! Indeed, I plan to run a bit of more tests and then we can do a big pull-request to opam-repository with a coordinated announcement and blog post.

[hannesm]

this can be closed as well, or?

[talex5]

The extra tests added to .travis-ci.sh are probably worth keeping (it now checks we can build mirage-skeleton for Xen, and also tests building a tls example). Apart from that, if the work is now happening on master then we can close this.

[samoht]

@talex5 can you create a new PR with your travis improvement? thanks!

[talex5]

@samoht I've made a PR here: #77

The mirage-skeleton TLS example was for the old API, so I've left that out for now. I assume someone else has a test for the new API.

[samoht]

Thanks all for the efforts, we are almost seeing the light :-)

[avsm]

Just one thing I'm missing for the record: mirleft/ocaml-tls#250 (comment) -- will release this to get it working with cstruct 1.6.0 (@samoht tells me its cstruct 1.5.0 only atm)

[hannesm]

this PR in tls is intentionally not merged, to not introduce a dependency on cstruct-1.6.0. there are various other libraries (such as mirage-xen and dns) which required < cstruct-1.6.0.. will merge the tls PR (and maybe re-release) once releases of mirage-xen/dns/.. are done which support cstruct >= 1.6.0.

[hannesm]

also, keep in mind that tls-0.5.0 already works flawlessly with cstruct-1.6.0!

[pqwy]

Congrats, everyone!

This turned out to be soooo much hairier than initially expected... 😄