What's New in MirageOS 4!by Thomas Gazagnaire on Apr 14th, 2022
Tarides is thrilled to see the great responses to MirageOS 4.0 and the excitement that’s building across the community. We’re proud to have played an important part in its development and release, bringing great tools and opportunities to OCaml developers. If you haven’t kept up with what’s been going on since the release, here is a summary of several articles posted by various OCaml users.
The MirageOS 4.0 update brings with it a major change in its build
system to support the Dune build system.
Tarides has been working on this feature since 2019,
iterating on various design solutions in the
mirage tool with
This incremental process resulted in making several contributions to
upstream OCaml for features and tools required to support
the flexible building of MirageOS libraries: for
instance, adding support for virtual library and
variants in Dune
ocaml/dune#2169; or the
development or a new opam plugin to manage
are happy to see it released to all with Mirage 4.0.
What makes Dune a great option to build MirageOS is that it allows for
customisable cross-compilation flags to compile MirageOS to different
architectures. Using Dune also enables developers to use the Merlin
tool to access a rich set of IDE features when writing
applications. It unlocks a new development workflow based on
opam-monorepo, which downloads all the unikernel dependencies into a
single Dune workspace. Having a single workspace containing all of the
unikernel’s code lets developers edit code anywhere in the stack,
which makes work like debugging libraries and improving APIs a faster
and more enjoyable experience. In his excellent article on build
contexts in MirageOS
Pluvinage goes into detail about how to use the new cross-compilation
features to build MirageOS unikernels for new architectures.
Mr. MIME is an OCaml library that aims to give its users peace of mind when it comes to the security of their email communications. Mr. MIME is built on unikernels and deploys them to handle email traffic. At Tarides, we got a grant from NGI DAPSI to work on this project, and several of our engineers have been busy working hard to make it happen.
Several other libraries support the Mr. MIME library and enable it to
transform an email into an OCaml value, then create an email from it
again. An amazing thing about Mr. MIME is its reliability. Using the
hamlet tool, which proposes a
large corpus of emails for Mr. MIME to parse and re-encode, the team
can prove that Mr. MIME doesn’t alter anything in the message between
the parser and the encoder.
The team behind Mr. MIME has also created the library Colombe that implements the foundations of an SMTP protocol with the ability to upgrade its flow to TLS, giving its users an extra layer of security. A goal for the future is to provide a full SMTP stack that’s able to send and receive emails.
Mr. MIME also allows its users to manipulate emails through the use of
CLI tools, including
ocaml-dkim, a tool to verify
and sign an email, and
spamtacus, a tool which
analyses the incoming email to determine if it’s spam or not. The
ptt repo contains several more as well.
If you want to find out more information about Mr. MIME, including details about its architecture, please read Romain Calascibetta’s article.
The use of MirageOS benefits not only Tarides, but it also enables several other companies to make their products better. Below are a couple of examples from Docker and Robur on how they use MirageOS to their advantage.
Docker Desktop is a tool that enables its users to build and share containerised or isolated applications in either a Mac or Windows environment. Its main challenge is that running Docker on macOS or Windows is difficult in terms of compatibility, as Linux primitives are unavailable on those platforms.
This is where VPN Kit comes in; it uses MirageOS to bridge the gap between Linux primitives and macOS or Windows by reading the raw ethernet frames coming out of the Linux VM and translating them into macOS or Windows high-level syscalls. In this way, MirageOS networking libraries transparently handle the traffic of millions of containers every day.
Robur uses MirageOS for several of their projects, including OpenVPN, DNS Projects, and CalDAV. All of these projects are written in OCaml and are deployed as MirageOS unikernels.
The DNS Projects include the ‘Let’s Encrypt’-Certified DNS solver, a DNS resolver, and an authoritative DNS server. Robur’s DNS server ensures that the internet user gets to the right IP address, whilst its DNS resolver finds the exact server to handle the user’s request. Only strictly necessary elements are included in order to keep the codebase as small as possible for security and simplicity.
CalDAV is the most recent unikernel released by Robur. As the name implies, CalDAV is a protocol used to synchronise calendars. Its minimal codebase comes with significant security benefits.
To find out more go read the article “MirageOS Unikernels at Robur” on mirage.io.
To learn more about MirageOS, take a look at some recent articles at mirage.io. If you’re interested in working with Tarides or incorporating MirageOS tools in your project, please contact us via our website.