[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [MirageOS-devel] OCaml bindings for EC2 API
That's a very comprehensive blog post Jyotsna! It would be good to verify if the ec2.sh script below works using the CLI tools and modern Mirage kernels. Mindy has had this working on her blog (see http://www.somerandomidiot.com/blog/2014/03/24/arriving-at-the-mirage/) and I've booted several test kernels (but haven't touched my EC2 CLI setup for years so it might not be useful).
Once that works, we can start bisecting the issues in your bindings (which seem to be really really close to working!)
Anil mirari is deprecated, you should use mirage/mirage
Sorry, half my sentence disappeared!
- There is something wrong with the method I am using to turn xen kernels
into images. The script, which I originally obtained from the mirage docs (
http://openmirage.org/docs/xen-boot), was working earlier this summer. I
may have accidentally deleted the line that generates an initrd. The
original script is, linked from the mirage docs, is missing.
On Mon, Aug 4, 2014 at 11:50 AM, Jyotsna Prakash <jyotsna.prakash@xxxxxxxxx>
wrote:
Hello,
I've written a blog post
<http://1000hippos.wordpress.com/2014/08/04/ec2-bundling-images/> about
the EC2 image bundling process, and what I have left to do. The short of it
is:
- There is something wrong with the method I am using to turn xen kernels
into images. The script, which I originally obtained from the mirage docs (
http://openmirage.org/docs/xen-boot), was working earlier this summer. I
may have accidentally deleted the line that generates an initrd. The
original script
- I am running shell command with OCaml's `Unix.open_process_in`. I need
to figure out why the command is not giving consistent results... about 1
out of 10 times it will produce the correct digest. (A SHA1 digest of the
input image after it is compressed and encrypted.)
The shell command is
openssl sha1 < /tmp/ec2-bundle-image-digest-pipe-10174 & tar -c -h -S
--owner 0 --group 0 -C /tmp mymirage.img | tee
/tmp/ec2-bundle-image-digest-pipe-10174 | gzip -9 | openssl enc -e
-aes-128-cbc -K aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -iv
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb > ec2_tmp/mymirage.img.tar.gz.enc
And Hannes, thanks for your help! I was able to use nocrypto and
ocaml-x509 to extract RSA keys and encrypt. I will look into replacing
cryptokit with ocaml-sha.
Best,
Jyotsna
On Thu, Jul 17, 2014 at 11:59 AM, Hannes Mehnert <hannes@xxxxxxxxxxx>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Hi Jyotsna,
On 07/17/2014 19:48, Jyotsna Prakash wrote:
For my GSoC project I've been working on OCaml bindings to the EC2
API. The code is at https://github.com/moonlightdrive/ocaml-ec2
Awesome!
I've yet to launch a Mirage-backed VM without using the Amazon's
CLI tools. The process involves producing an xml manifest
describing an image; the manifest contains fields of RSA encrypted
data. Problem is, I don't have any way to take my public keys (pem
files) and turn them into `Cryptokit.RSA.key`s.
AFAICS you're only using SHA256 from Cryptokit so far -- you might
want to use ocaml-sha (https://github.com/vincenthz/ocaml-sha) for that.
Also, David wrote ocaml-nocrypto
(https://github.com/mirleft/ocaml-nocrypto) and we further developed
ocaml-x509 (https://github.com/mirleft/ocaml-x509/) where you can
parse pem to get a certificate
(https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L18)
or a private key (RSA)
https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L30
(example usage:
https://github.com/mirleft/ocaml-tls/blob/master/lwt/x509_lwt.ml#L49)
What do you need to do with the RSA key? The nocrypto API is at
https://github.com/mirleft/ocaml-nocrypto/blob/master/src/rsa.mli
Cheers,
Hannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCQAGBQJTyB0eAAoJELyJZYjffCjuns8P/AnRdjFMIcs0PA0tdvUVuNDI
JbViUzCvhyQbDQYdVpLLoub/BZAz6A2WrVbHOuJ3DpaqB+qPLESB094hS9Fqds1/
xy20RthXkZwKOFYRKJ8flHBaRqaZV/ffXCb3qpEOpo8RrN4NutcV1OTBRi9ysOVM
eXD2qbLUq6CqAzenks3r8G7Rkk1uzKcu2pxixDygx60EU8JPBw0m50j3ZrOXpJYU
7iq6fsNuLYV4NyvZYizkLROL/6G0sfYTLjnPWmR5hAXypjqt1Ad5n1VYhq3oEt8d
PMSoQQtWTEGrfGyxKDQQfo0feQ2r5/lsqDVXcuCZhWDrguBDId08zc1tnmCej7EW
Eq9vw2pZ2tDbOkwDcIHtb/ACuNjXSP1XmP/1VcWSCHly8mSnLkbCKE6Nkz4e345k
pJoENKXAcap9ktW996QAPdhKgck/sVVQOxEZ3BkFMThL2pjrw6v6RRCJq3nNCroG
AP6SUCU6JzhJfoloTnfCDGao/JGBaG+2vq1fTArXhc7WHPd1OLuC+lAlxScoLJ4p
XHakfCuiMjAvk8WPBjhZXMi9ce0O4bv5CSFLYUlT5+H1XcXTpmibc5M3KxKdk25s
8WreBAVLdshBaOaOOcr8GOqgTxMrgIb6uipjChuYKmebl0EpsAN+h+p7S5YoQJYz
pgdhpVDaP3Ocu+kRpFEB
=zzgd
-----END PGP SIGNATURE-----
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
