After a year and a half of development, the release of the MirageOS 4.0 project has been published, which allows you to create operating systems for a single application, in which the application is delivered as a self-sufficient βunikernelβ that can run without the use of operating systems, a separate OS kernel and any layers. The application development language is OCaml. The project code is distributed under a free ISC license.
All low-level functionality native to the operating system is implemented as a library attached to the application. An application can be developed on any OS and then compiled into a specialized kernel (unikernel concept) that can run directly on top of Xen, KVM, BHyve and VMM (OpenBSD) hypervisors, on mobile platforms, as a process in a POSIX-compliant environment, or in Amazon Elastic Compute Cloud and Google Compute Engine cloud environments.
The generated environment does not contain anything superfluous and interacts directly with the hypervisor without drivers and system layers, which allows to achieve a significant reduction in overhead costs and increase security. Working with MirageOS comes down to three stages: preparing the configuration with determining the OPAM packages used in the environment, building the environment, and launching the environment. Runtime for providing work on top of hypervisors is built on the basis of the Solo5 kernel.
Despite the fact that applications and libraries are formed in the high-level language OCaml, the resulting environments demonstrate fairly good performance and minimal size (for example, the DNS server takes only 200 KB). The maintenance of environments is also simplified, since if you need to update the program or change the configuration, it is enough to create and run a new environment. Several hundreds of OCaml libraries are supported to perform network operations (DNS, SSH, OpenFlow, HTTP, XMPP, Matrix, OpenVPN, etc.), work with storages and provide parallel data processing.
Key improvements:
- Changed the process of compiling projects and unikernel. Instead of the previously used ocamlbuild build system, the dune toolkit and local repositories (monorepo) are used. To create such repositories, a new utility opam-monorepo has been added, which allowed separating package management from building from source. The opam-monorepo utility does the work of creating lockfiles for project-related dependencies, downloading and extracting dependency code, and setting up the environment to use the dune build system. The build itself is done by the dune toolkit.
- A repeatable build process is provided. The use of lock files provides binding to dependency versions and allows you to completely repeat the build process at any time with the same code.
- A new cross-compilation process has been implemented and it is possible to cross-compile for all supported target platforms from one common build environment, in which, among other things, dependencies and libraries with C bindings are cross-compiled without the need to add these bindings to the main package . Cross compilation is organized using the workspaces provided by the dune build system.
- Support for new target platforms has been added, for example, an experimental ability to build self-contained applications for work on Raspberry Pi 4 boards has been provided.
- Work has been done to integrate parts of MirageOS into ecosystems related to OCaml development to simplify building applications in the form of unikernel. Many MirageOS packages have been ported to the dune build system. The opam-monorepo utility is available for installation with the opam package manager and can be used in projects using the dune build system. To maintain patches that solve problems with building dependencies in dune, two repositories dune-universe/opam-overlays and dune-universe/mirage-opam-overlays have been created, which are enabled by default when using the mirage CLI utility.
- Simplified integration of MirageOS with C and Rust libraries.
- A new OCaml runtime has been proposed to do without libc (libc-free).
- Provided the ability to use the Merlin service for integration with standard integrated development environments.
Source: opennet.ru