diff --git a/.merlin b/.merlin deleted file mode 100644 index d00b855..0000000 --- a/.merlin +++ /dev/null @@ -1,10 +0,0 @@ -S src -S stats -S app -S provision - -B _build/** - -PKG topkg logs ipaddr x509 tls rresult bos lwt cmdliner hex duration -PKG ptime ptime.clock.os ipaddr.unix decompress -PKG lwt.unix \ No newline at end of file diff --git a/.travis.yml b/.travis.yml index 1e9c203..4c14132 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,10 +10,9 @@ env: - DISTRO=ubuntu - TESTS=false matrix: - - OCAML_VERSION=4.05 - - OCAML_VERSION=4.06 - OCAML_VERSION=4.07 - OCAML_VERSION=4.08 - OCAML_VERSION=4.09 + - OCAML_VERSION=4.10 notifications: email: false diff --git a/albatross.opam b/albatross.opam index 814dab6..9ee9d7c 100644 --- a/albatross.opam +++ b/albatross.opam @@ -6,8 +6,8 @@ dev-repo: "git+https://github.com/hannesm/albatross.git" bug-reports: "https://github.com/hannesm/albatross/issues" depends: [ - "ocaml" {>= "4.05.0"} - "dune" {build} + "ocaml" {>= "4.07.0"} + "dune" "lwt" {>= "3.0.0"} "ipaddr" {>= "4.0.0"} "hex" @@ -20,9 +20,10 @@ depends: [ "fmt" "astring" "jsonm" - "x509" {>= "0.9.0"} - "tls" {>= "0.9.0"} - "nocrypto" + "x509" {>= "0.10.0"} + "tls" {>= "0.11.0"} + "mirage-crypto-pk" + "mirage-crypto-rng" "asn1-combinators" {>= "0.2.0"} "duration" "decompress" {>= "0.9.0" & < "1.0.0"} diff --git a/client/albatross_client_bistro.ml b/client/albatross_client_bistro.ml index 927c019..f416444 100644 --- a/client/albatross_client_bistro.ml +++ b/client/albatross_client_bistro.ml @@ -47,7 +47,7 @@ let handle (host, port) cert key ca id (cmd : Vmm_commands.t) = | _, Error (`Msg e) -> Lwt.fail_with ("couldn't parse private key (" ^ key ^ "): " ^ e) | Ok cert, Ok key -> - let tmpkey = Nocrypto.Rsa.generate 4096 in + let tmpkey = Mirage_crypto_pk.Rsa.generate ~bits:4096 () in let name = Vmm_core.Name.to_string id in let extensions = let v = Vmm_asn.to_cert_extension cmd in @@ -65,7 +65,7 @@ let handle (host, port) cert key ca id (cmd : Vmm_commands.t) = in let valid_from, valid_until = timestamps 300 in let extensions = - let capub = match key with `RSA key -> Nocrypto.Rsa.pub_of_priv key in + let capub = match key with `RSA key -> Mirage_crypto_pk.Rsa.pub_of_priv key in key_ids extensions Signing_request.((info csr).public_key) (`RSA capub) in let issuer = Certificate.subject cert in diff --git a/client/albatross_client_remote_tls.ml b/client/albatross_client_remote_tls.ml index 481029b..efa4607 100644 --- a/client/albatross_client_remote_tls.ml +++ b/client/albatross_client_remote_tls.ml @@ -14,7 +14,6 @@ let rec read_tls_write_cons t = read_tls_write_cons t let client cas host port cert priv_key = - Nocrypto_entropy_lwt.initialize () >>= fun () -> let auth = if Sys.is_directory cas then `Ca_dir cas else `Ca_file cas in X509_lwt.authenticator auth >>= fun authenticator -> Lwt.catch (fun () -> @@ -52,6 +51,7 @@ let run_client _ cas cert key (host, port) = | Tls_lwt.Tls_failure f -> Some ("TLS failure: " ^ Tls.Engine.string_of_failure f) | _ -> None) ; Sys.(set_signal sigpipe Signal_ignore) ; + Mirage_crypto_rng_unix.initialize (); Lwt_main.run (client cas host port cert key) open Cmdliner diff --git a/provision/albatross_provision.ml b/provision/albatross_provision.ml index 67f77f1..747a4c9 100644 --- a/provision/albatross_provision.ml +++ b/provision/albatross_provision.ml @@ -49,7 +49,7 @@ let sign ?dbname ?certname extensions issuer key csr delta = | Some _ -> match key with | `RSA priv -> - let capub = `RSA (Nocrypto.Rsa.pub_of_priv priv) in + let capub = `RSA (Mirage_crypto_pk.Rsa.pub_of_priv priv) in key_ids extensions X509.Signing_request.((info csr).public_key) capub in X509.Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer >>= fun cert -> @@ -69,7 +69,7 @@ let priv_key ?(bits = 2048) fn name = Bos.OS.File.exists file >>= function | false -> Logs.info (fun m -> m "creating new RSA key %a" Fpath.pp file) ; - let priv = `RSA (Nocrypto.Rsa.generate bits) in + let priv = `RSA (Mirage_crypto_pk.Rsa.generate ~bits ()) in Bos.OS.File.write ~mode:0o400 file (Cstruct.to_string (X509.Private_key.encode_pem priv)) >>= fun () -> Ok priv | true -> diff --git a/provision/albatross_provision_ca.ml b/provision/albatross_provision_ca.ml index 0d867ef..e41fcd3 100644 --- a/provision/albatross_provision_ca.ml +++ b/provision/albatross_provision_ca.ml @@ -59,7 +59,7 @@ let sign_csr dbname cacert key csr days = | Error e -> Error e let sign_main _ db cacert cakey csrname days = - Nocrypto_entropy_unix.initialize () ; + Mirage_crypto_rng_unix.initialize () ; Bos.OS.File.read (Fpath.v cacert) >>= fun cacert -> Certificate.decode_pem (Cstruct.of_string cacert) >>= fun cacert -> Bos.OS.File.read (Fpath.v cakey) >>= fun pk -> @@ -74,7 +74,7 @@ let help _ man_format cmds = function | Some _ -> List.iter print_endline cmds; `Ok () let generate _ name db days sname sdays = - Nocrypto_entropy_unix.initialize () ; + Mirage_crypto_rng_unix.initialize () ; priv_key ~bits:4096 None name >>= fun key -> let name = [ Distinguished_name.(Relative_distinguished_name.singleton (CN name)) ] in let csr = Signing_request.create name key in diff --git a/provision/albatross_provision_request.ml b/provision/albatross_provision_request.ml index e3bafa0..75ed9b5 100644 --- a/provision/albatross_provision_request.ml +++ b/provision/albatross_provision_request.ml @@ -16,7 +16,7 @@ let csr priv name cmd = X509.Signing_request.create name ~extensions priv let jump id cmd = - Nocrypto_entropy_unix.initialize () ; + Mirage_crypto_rng_unix.initialize () ; let name = Vmm_core.Name.to_string id in priv_key None name >>= fun priv -> let csr = csr priv name cmd in diff --git a/provision/dune b/provision/dune index 851ec87..68f3fde 100644 --- a/provision/dune +++ b/provision/dune @@ -4,7 +4,7 @@ (public_name albatross.provision) (wrapped false) (modules albatross_provision) - (libraries albatross.cli x509 nocrypto.unix)) + (libraries albatross.cli x509 mirage-crypto-pk mirage-crypto-rng.unix)) (executable (name albatross_provision_ca) diff --git a/stats/dune b/stats/dune index 4879890..15cbaca 100644 --- a/stats/dune +++ b/stats/dune @@ -26,7 +26,8 @@ let () = (package albatross) (modules albatross_stat_client) %s - (libraries albatross.cli albatross.stats albatross)) |} + (libraries albatross.cli albatross.stats albatross)) + |} (if freebsd then "(link_flags (-ccopt \"-lvmmapi\"))" else "") (if freebsd then "(link_flags (-ccopt \"-lvmmapi\"))" else "") diff --git a/tls/albatross_tls_common.ml b/tls/albatross_tls_common.ml index eada76b..7240147 100644 --- a/tls/albatross_tls_common.ml +++ b/tls/albatross_tls_common.ml @@ -15,7 +15,7 @@ let tls_config cacert cert priv_key = let client_auth ca tls = let authenticator = - let time = Ptime_clock.now () in + let time () = Some (Ptime_clock.now ()) in X509.Authenticator.chain_of_trust ~time (* ~crls:!state.Vmm_engine.crls *) [ca] in Lwt.catch diff --git a/tls/albatross_tls_endpoint.ml b/tls/albatross_tls_endpoint.ml index 5ff78d2..2c1f668 100644 --- a/tls/albatross_tls_endpoint.ml +++ b/tls/albatross_tls_endpoint.ml @@ -15,10 +15,10 @@ let server_socket port = let jump _ cacert cert priv_key port tmpdir = Sys.(set_signal sigpipe Signal_ignore); + Mirage_crypto_rng_unix.initialize (); Albatross_cli.set_tmpdir tmpdir; Lwt_main.run - (Nocrypto_entropy_lwt.initialize () >>= fun () -> - server_socket port >>= fun socket -> + (server_socket port >>= fun socket -> tls_config cacert cert priv_key >>= fun (config, ca) -> let rec loop () = Lwt.catch (fun () -> diff --git a/tls/albatross_tls_inetd.ml b/tls/albatross_tls_inetd.ml index f560984..9b9096d 100644 --- a/tls/albatross_tls_inetd.ml +++ b/tls/albatross_tls_inetd.ml @@ -5,10 +5,10 @@ open Albatross_tls_common let jump cacert cert priv_key tmpdir = Sys.(set_signal sigpipe Signal_ignore) ; + Mirage_crypto_rng_unix.initialize (); Albatross_cli.set_tmpdir tmpdir; Lwt_main.run - (Nocrypto_entropy_lwt.initialize () >>= fun () -> - tls_config cacert cert priv_key >>= fun (config, ca) -> + (tls_config cacert cert priv_key >>= fun (config, ca) -> let fd = Lwt_unix.of_unix_file_descr Unix.stdin in Lwt.catch (fun () -> Tls_lwt.Unix.server_of_fd config fd)