From e2c0ac646aac0507579ad141ec2bb6c09b21a59c Mon Sep 17 00:00:00 2001 From: Pau Ruiz Safont Date: Fri, 5 Jul 2024 14:36:42 +0100 Subject: [PATCH 1/2] xapi: update mirage-crypto version Also make dune generate the opam metadata Signed-off-by: Pau Ruiz Safont --- dune-project | 62 ++++++++++++++++++++++ ocaml/gencert/dune | 2 + ocaml/gencert/lib.ml | 2 +- ocaml/gencert/selfcert.ml | 2 +- ocaml/gencert/test_lib.ml | 2 +- ocaml/xapi/certificates.ml | 2 +- ocaml/xapi/dune | 1 + xapi.opam | 102 ++++++++++++++++++++----------------- xapi.opam.template | 79 ---------------------------- 9 files changed, 123 insertions(+), 131 deletions(-) diff --git a/dune-project b/dune-project index 3c6620b2c6c..780c227a986 100644 --- a/dune-project +++ b/dune-project @@ -301,6 +301,68 @@ (package (name xapi) + (synopsis "The toolstack daemon which implements the XenAPI") + (description "This daemon exposes the XenAPI and is used by clients such as 'xe' and 'XenCenter' to manage clusters of Xen-enabled hosts.") + (depends + alcotest ; needed for the quicktest binary + angstrom + base-threads + base64 + cdrom + conf-pam + (crowbar :with-test) + ctypes + ctypes-foreign + domain-name + (ezxenstore (= :version)) + (fmt :with-test) + hex + (http-lib (and :with-test (= :version))) ; the public library is only used for testing + ipaddr + mirage-crypto + mirage-crypto-pk + (mirage-crypto-rng (>= "0.11.0")) + (message-switch-unix (= :version)) + mtime + opentelemetry-client-ocurl + pci + (pciutil (= :version)) + ppx_deriving_rpc + ppx_sexp_conv + ppx_deriving + psq + rpclib + (rrdd-plugin (= :version)) + rresult + sexpr + sha + (stunnel (= :version)) + tar + tar-unix + (uuid (= :version)) + x509 + (xapi-client (= :version)) + (xapi-cli-protocol (= :version)) + (xapi-consts (= :version)) + (xapi-datamodel (= :version)) + (xapi-expiry-alerts (= :version)) + (xapi-idl (= :version)) + (xapi-inventory (= :version)) + (xapi-log (= :version)) + (xapi-stdext-date (= :version)) + (xapi-stdext-pervasives (= :version)) + (xapi-stdext-std (= :version)) + (xapi-stdext-threads (= :version)) + (xapi-stdext-unix (= :version)) + (xapi-stdext-zerocheck (= :version)) + (xapi-test-utils :with-test) + (xapi-tracing (= :version)) + (xapi-types (= :version)) + (xapi-xenopsd (= :version)) + (xml-light2 (= :version)) + yojson + (zstd (= :version)) + ) ) (package diff --git a/ocaml/gencert/dune b/ocaml/gencert/dune index f83ed49eb51..ef7875abd29 100644 --- a/ocaml/gencert/dune +++ b/ocaml/gencert/dune @@ -10,6 +10,7 @@ forkexec mirage-crypto mirage-crypto-pk + mirage-crypto-rng mirage-crypto-rng.unix ptime ptime.clock.os @@ -52,6 +53,7 @@ gencertlib mirage-crypto mirage-crypto-pk + mirage-crypto-rng mirage-crypto-rng.unix ptime result diff --git a/ocaml/gencert/lib.ml b/ocaml/gencert/lib.ml index 7eb41411102..d4903924276 100644 --- a/ocaml/gencert/lib.ml +++ b/ocaml/gencert/lib.ml @@ -19,7 +19,7 @@ open Rresult type t_certificate = Leaf | Chain -let () = Mirage_crypto_rng_unix.initialize () +let () = Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna) let validate_private_key pkcs8_private_key = let ensure_rsa_key_length = function diff --git a/ocaml/gencert/selfcert.ml b/ocaml/gencert/selfcert.ml index 02749493f95..7b961a74ff6 100644 --- a/ocaml/gencert/selfcert.ml +++ b/ocaml/gencert/selfcert.ml @@ -43,7 +43,7 @@ let valid_from' date = (** initialize the random number generator at program startup when this module is loaded. *) -let () = Mirage_crypto_rng_unix.initialize () +let () = Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna) (** [write_cert] writes a PKCS12 file to [path]. The typical file extension would be ".pem". It attempts to do that atomically by diff --git a/ocaml/gencert/test_lib.ml b/ocaml/gencert/test_lib.ml index fddee2ad41c..f3a54517ad4 100644 --- a/ocaml/gencert/test_lib.ml +++ b/ocaml/gencert/test_lib.ml @@ -8,7 +8,7 @@ open Rresult.R.Infix let ( let* ) = Rresult.R.bind (* Initialize RNG for testing certificates *) -let () = Mirage_crypto_rng_unix.initialize () +let () = Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna) let time_of_rfc3339 date = match Ptime.of_rfc3339 date with diff --git a/ocaml/xapi/certificates.ml b/ocaml/xapi/certificates.ml index effb154877e..23e8999edc0 100644 --- a/ocaml/xapi/certificates.ml +++ b/ocaml/xapi/certificates.ml @@ -19,7 +19,7 @@ module D = Debug.Make (struct let name = "certificates" end) open D -let () = Mirage_crypto_rng_unix.initialize () +let () = Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna) (* Certificate locations: * a) stunnel external = /etc/xensource/xapi-ssl.pem diff --git a/ocaml/xapi/dune b/ocaml/xapi/dune index 1dd7d06911a..8494f761817 100644 --- a/ocaml/xapi/dune +++ b/ocaml/xapi/dune @@ -121,6 +121,7 @@ message-switch-core message-switch-unix mirage-crypto + mirage-crypto-rng mirage-crypto-rng.unix mtime mtime.clock.os diff --git a/xapi.opam b/xapi.opam index 387ba542fe6..6f67cf1c1f3 100644 --- a/xapi.opam +++ b/xapi.opam @@ -1,20 +1,18 @@ # This file is generated by dune, edit dune-project instead -license: "LGPL-2.1-only WITH OCaml-LGPL-linking-exception" opam-version: "2.0" -maintainer: "xen-api@lists.xen.org" -authors: [ "xen-api@lists.xen.org" ] -homepage: "https://github.com/xapi-project/xen-api" +synopsis: "The toolstack daemon which implements the XenAPI" +description: + "This daemon exposes the XenAPI and is used by clients such as 'xe' and 'XenCenter' to manage clusters of Xen-enabled hosts." +maintainer: ["Xapi project maintainers"] +authors: ["xen-api@lists.xen.org"] +license: "LGPL-2.1-only WITH OCaml-LGPL-linking-exception" +homepage: "https://xapi-project.github.io/" bug-reports: "https://github.com/xapi-project/xen-api/issues" -dev-repo: "git+https://github.com/xapi-project/xen-api.git" -build: [ - ["dune" "build" "-p" name "-j" jobs ] - ["dune" "runtest" "-p" name "-j" jobs] {with-test} -] depends: [ - "ocaml" - "dune" - "alcotest" # needed to generate the quicktest binary + "dune" {>= "3.15"} + "alcotest" "angstrom" + "base-threads" "base64" "cdrom" "conf-pam" @@ -22,56 +20,71 @@ depends: [ "ctypes" "ctypes-foreign" "domain-name" - "ezxenstore" + "ezxenstore" {= version} "fmt" {with-test} "hex" - "http-lib" {with-test} # the public library is only used for testing + "http-lib" {with-test & = version} "ipaddr" - "mirage-crypto" {with-test} + "mirage-crypto" "mirage-crypto-pk" - "mirage-crypto-rng" {with-test} - "message-switch-unix" + "mirage-crypto-rng" {>= "0.11.0"} + "message-switch-unix" {= version} "mtime" "opentelemetry-client-ocurl" "pci" - "pciutil" + "pciutil" {= version} "ppx_deriving_rpc" "ppx_sexp_conv" "ppx_deriving" "psq" "rpclib" - "rrdd-plugin" + "rrdd-plugin" {= version} "rresult" "sexpr" "sha" - "stunnel" + "stunnel" {= version} "tar" "tar-unix" - "base-threads" - "base-unix" - "uuid" + "uuid" {= version} "x509" - "xapi-client" - "xapi-cli-protocol" - "xapi-consts" - "xapi-datamodel" - "xapi-expiry-alerts" - "xapi-stdext-date" - "xapi-stdext-pervasives" - "xapi-stdext-std" - "xapi-stdext-threads" - "xapi-stdext-unix" - "xapi-stdext-zerocheck" + "xapi-client" {= version} + "xapi-cli-protocol" {= version} + "xapi-consts" {= version} + "xapi-datamodel" {= version} + "xapi-expiry-alerts" {= version} + "xapi-idl" {= version} + "xapi-inventory" {= version} + "xapi-log" {= version} + "xapi-stdext-date" {= version} + "xapi-stdext-pervasives" {= version} + "xapi-stdext-std" {= version} + "xapi-stdext-threads" {= version} + "xapi-stdext-unix" {= version} + "xapi-stdext-zerocheck" {= version} "xapi-test-utils" {with-test} - "xapi-tracing" - "xapi-types" - "xapi-xenopsd" - "xapi-idl" - "xapi-inventory" - "xml-light2" + "xapi-tracing" {= version} + "xapi-types" {= version} + "xapi-xenopsd" {= version} + "xml-light2" {= version} "yojson" - "zstd" + "zstd" {= version} + "odoc" {with-doc} ] +build: [ + ["dune" "subst"] {dev} + [ + "dune" + "build" + "-p" + name + "-j" + jobs + "@install" + "@runtest" {with-test} + "@doc" {with-doc} + ] +] +dev-repo: "git+https://github.com/xapi-project/xen-api.git" depexts: [ ["hwdata" "libxxhash-dev" "libxxhash0"] {os-distribution = "debian"} ["hwdata" "libxxhash-dev" "libxxhash0"] {os-distribution = "ubuntu"} @@ -79,10 +92,3 @@ depexts: [ ["hwdata" "xxhash-devel" "xxhash-libs"] {os-distribution = "fedora"} ["hwdata" "xxhash-dev" "xxhash"] {os-distribution = "alpine"} ] -synopsis: "The xapi toolstack daemon which implements the XenAPI" -description: """ -This daemon exposes the XenAPI and is used by clients such as 'xe' -and 'XenCenter' to manage clusters of Xen-enabled hosts.""" -url { - src: "https://github.com/xapi-project/xen-api/archive/master.tar.gz" -} diff --git a/xapi.opam.template b/xapi.opam.template index 49f3902f66a..3dea8527e92 100644 --- a/xapi.opam.template +++ b/xapi.opam.template @@ -1,75 +1,3 @@ -opam-version: "2.0" -maintainer: "xen-api@lists.xen.org" -authors: [ "xen-api@lists.xen.org" ] -homepage: "https://github.com/xapi-project/xen-api" -bug-reports: "https://github.com/xapi-project/xen-api/issues" -dev-repo: "git+https://github.com/xapi-project/xen-api.git" -build: [ - ["dune" "build" "-p" name "-j" jobs ] - ["dune" "runtest" "-p" name "-j" jobs] {with-test} -] -depends: [ - "ocaml" - "dune" - "alcotest" # needed to generate the quicktest binary - "angstrom" - "base64" - "cdrom" - "conf-pam" - "crowbar" {with-test} - "ctypes" - "ctypes-foreign" - "domain-name" - "ezxenstore" - "fmt" {with-test} - "hex" - "http-lib" {with-test} # the public library is only used for testing - "ipaddr" - "mirage-crypto" {with-test} - "mirage-crypto-pk" - "mirage-crypto-rng" {with-test} - "message-switch-unix" - "mtime" - "opentelemetry-client-ocurl" - "pci" - "pciutil" - "ppx_deriving_rpc" - "ppx_sexp_conv" - "ppx_deriving" - "psq" - "rpclib" - "rrdd-plugin" - "rresult" - "sexpr" - "sha" - "stunnel" - "tar" - "tar-unix" - "base-threads" - "base-unix" - "uuid" - "x509" - "xapi-client" - "xapi-cli-protocol" - "xapi-consts" - "xapi-datamodel" - "xapi-expiry-alerts" - "xapi-stdext-date" - "xapi-stdext-pervasives" - "xapi-stdext-std" - "xapi-stdext-threads" - "xapi-stdext-unix" - "xapi-stdext-zerocheck" - "xapi-test-utils" {with-test} - "xapi-tracing" - "xapi-types" - "xapi-xenopsd" - "xapi-idl" - "xapi-inventory" - "xml-light2" - "yojson" - "zstd" -] depexts: [ ["hwdata" "libxxhash-dev" "libxxhash0"] {os-distribution = "debian"} ["hwdata" "libxxhash-dev" "libxxhash0"] {os-distribution = "ubuntu"} @@ -77,10 +5,3 @@ depexts: [ ["hwdata" "xxhash-devel" "xxhash-libs"] {os-distribution = "fedora"} ["hwdata" "xxhash-dev" "xxhash"] {os-distribution = "alpine"} ] -synopsis: "The xapi toolstack daemon which implements the XenAPI" -description: """ -This daemon exposes the XenAPI and is used by clients such as 'xe' -and 'XenCenter' to manage clusters of Xen-enabled hosts.""" -url { - src: "https://github.com/xapi-project/xen-api/archive/master.tar.gz" -} From 34ee1ef5f5fb6296db84aafb217763fde40441d7 Mon Sep 17 00:00:00 2001 From: Pau Ruiz Safont Date: Tue, 23 Jul 2024 15:52:43 +0100 Subject: [PATCH 2/2] mirage-rng: Initialize it only in tests and selfcert Only tests need it to generate crypto keys, but it's needed to create the serial when signing certificates. Signed-off-by: Pau Ruiz Safont --- dune-project | 2 -- ocaml/gencert/lib.ml | 2 -- ocaml/gencert/selfcert.ml | 6 +++--- ocaml/xapi/certificates.ml | 2 -- ocaml/xapi/dune | 2 -- 5 files changed, 3 insertions(+), 11 deletions(-) diff --git a/dune-project b/dune-project index 780c227a986..0e47e350ba1 100644 --- a/dune-project +++ b/dune-project @@ -67,7 +67,6 @@ (synopsis "Xen-API client library for remotely-controlling a xapi host") (authors "David Scott" "Anil Madhavapeddy" "Jerome Maloberti" "John Else" "Jon Ludlam" "Thomas Sanders" "Mike McClurg") (depends - (alcotest :with-test) astring (cohttp (>= "0.22.0")) @@ -188,7 +187,6 @@ (description "This daemon monitors 'datasources' i.e. time-varying values such as performance counters and records the samples in RRD archives. These archives can be used to examine historical performance trends.") (depends (ocaml (>= "4.02.0")) - (alcotest :with-test) astring (gzip (= :version)) diff --git a/ocaml/gencert/lib.ml b/ocaml/gencert/lib.ml index d4903924276..970954a5371 100644 --- a/ocaml/gencert/lib.ml +++ b/ocaml/gencert/lib.ml @@ -19,8 +19,6 @@ open Rresult type t_certificate = Leaf | Chain -let () = Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna) - let validate_private_key pkcs8_private_key = let ensure_rsa_key_length = function | `RSA priv -> diff --git a/ocaml/gencert/selfcert.ml b/ocaml/gencert/selfcert.ml index 7b961a74ff6..3b022bcb19f 100644 --- a/ocaml/gencert/selfcert.ml +++ b/ocaml/gencert/selfcert.ml @@ -41,8 +41,8 @@ let valid_from' date = | None, false -> Ptime_clock.now () -(** initialize the random number generator at program startup when this -module is loaded. *) +(* Needed to initialize the rng to create random serial codes when signing + certificates *) let () = Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna) (** [write_cert] writes a PKCS12 file to [path]. The typical file @@ -158,7 +158,7 @@ let host ~name ~dns_names ~ips ?valid_from ~valid_for_days pemfile cert_gid = in R.failwith_error_msg res -let serial_stamp () = Unix.gettimeofday () |> string_of_float +let serial_stamp () = Ptime_clock.now () |> Ptime.to_float_s |> string_of_float let xapi_pool ?valid_from ~valid_for_days ~uuid pemfile cert_gid = let valid_from = valid_from' valid_from in diff --git a/ocaml/xapi/certificates.ml b/ocaml/xapi/certificates.ml index 23e8999edc0..fe66194cb0e 100644 --- a/ocaml/xapi/certificates.ml +++ b/ocaml/xapi/certificates.ml @@ -19,8 +19,6 @@ module D = Debug.Make (struct let name = "certificates" end) open D -let () = Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna) - (* Certificate locations: * a) stunnel external = /etc/xensource/xapi-ssl.pem * b) stunnel SNI (internal) = /etc/xensource/xapi-pool-tls.pem diff --git a/ocaml/xapi/dune b/ocaml/xapi/dune index 8494f761817..371718d3ed8 100644 --- a/ocaml/xapi/dune +++ b/ocaml/xapi/dune @@ -121,8 +121,6 @@ message-switch-core message-switch-unix mirage-crypto - mirage-crypto-rng - mirage-crypto-rng.unix mtime mtime.clock.os pam