[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [MirageOS-devel] OCaml bindings for EC2 API
mirari is deprecated, you should use mirage/mirage
Sorry, half my sentence disappeared! - There is something wrong with the method I am using to turn xen kernels into images. The script, which I originally obtained from the mirage docs ( http://openmirage.org/docs/xen-boot), was working earlier this summer. I may have accidentally deleted the line that generates an initrd. The original script is, linked from the mirage docs, is missing.
On Mon, Aug 4, 2014 at 11:50 AM, Jyotsna Prakash <jyotsna.prakash@xxxxxxxxx> wrote:
Hello,
I've written a blog post <http://1000hippos.wordpress.com/2014/08/04/ec2-bundling-images/> about the EC2 image bundling process, and what I have left to do. The short of it is:
- There is something wrong with the method I am using to turn xen kernels into images. The script, which I originally obtained from the mirage docs ( http://openmirage.org/docs/xen-boot), was working earlier this summer. I may have accidentally deleted the line that generates an initrd. The original script
- I am running shell command with OCaml's `Unix.open_process_in`. I need to figure out why the command is not giving consistent results... about 1 out of 10 times it will produce the correct digest. (A SHA1 digest of the input image after it is compressed and encrypted.) The shell command is openssl sha1 < /tmp/ec2-bundle-image-digest-pipe-10174 & tar -c -h -S --owner 0 --group 0 -C /tmp mymirage.img | tee /tmp/ec2-bundle-image-digest-pipe-10174 | gzip -9 | openssl enc -e -aes-128-cbc -K aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -iv bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb > ec2_tmp/mymirage.img.tar.gz.enc
And Hannes, thanks for your help! I was able to use nocrypto and ocaml-x509 to extract RSA keys and encrypt. I will look into replacing cryptokit with ocaml-sha.
Best, Jyotsna
On Thu, Jul 17, 2014 at 11:59 AM, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384
Hi Jyotsna,
On 07/17/2014 19:48, Jyotsna Prakash wrote:
For my GSoC project I've been working on OCaml bindings to the EC2 API. The code is at https://github.com/moonlightdrive/ocaml-ec2
Awesome!
I've yet to launch a Mirage-backed VM without using the Amazon's CLI tools. The process involves producing an xml manifest describing an image; the manifest contains fields of RSA encrypted data. Problem is, I don't have any way to take my public keys (pem files) and turn them into `Cryptokit.RSA.key`s.
AFAICS you're only using SHA256 from Cryptokit so far -- you might want to use ocaml-sha (https://github.com/vincenthz/ocaml-sha) for that.
Also, David wrote ocaml-nocrypto (https://github.com/mirleft/ocaml-nocrypto) and we further developed ocaml-x509 (https://github.com/mirleft/ocaml-x509/) where you can parse pem to get a certificate (https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L18) or a private key (RSA) https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L30 (example usage: https://github.com/mirleft/ocaml-tls/blob/master/lwt/x509_lwt.ml#L49)
What do you need to do with the RSA key? The nocrypto API is at https://github.com/mirleft/ocaml-nocrypto/blob/master/src/rsa.mli
Cheers,
Hannes
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCQAGBQJTyB0eAAoJELyJZYjffCjuns8P/AnRdjFMIcs0PA0tdvUVuNDI JbViUzCvhyQbDQYdVpLLoub/BZAz6A2WrVbHOuJ3DpaqB+qPLESB094hS9Fqds1/ xy20RthXkZwKOFYRKJ8flHBaRqaZV/ffXCb3qpEOpo8RrN4NutcV1OTBRi9ysOVM eXD2qbLUq6CqAzenks3r8G7Rkk1uzKcu2pxixDygx60EU8JPBw0m50j3ZrOXpJYU 7iq6fsNuLYV4NyvZYizkLROL/6G0sfYTLjnPWmR5hAXypjqt1Ad5n1VYhq3oEt8d PMSoQQtWTEGrfGyxKDQQfo0feQ2r5/lsqDVXcuCZhWDrguBDId08zc1tnmCej7EW Eq9vw2pZ2tDbOkwDcIHtb/ACuNjXSP1XmP/1VcWSCHly8mSnLkbCKE6Nkz4e345k pJoENKXAcap9ktW996QAPdhKgck/sVVQOxEZ3BkFMThL2pjrw6v6RRCJq3nNCroG AP6SUCU6JzhJfoloTnfCDGao/JGBaG+2vq1fTArXhc7WHPd1OLuC+lAlxScoLJ4p XHakfCuiMjAvk8WPBjhZXMi9ce0O4bv5CSFLYUlT5+H1XcXTpmibc5M3KxKdk25s 8WreBAVLdshBaOaOOcr8GOqgTxMrgIb6uipjChuYKmebl0EpsAN+h+p7S5YoQJYz pgdhpVDaP3Ocu+kRpFEB =zzgd -----END PGP SIGNATURE-----
_______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
_______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|