After a year and a half of development the launch of the new version of the project "Mirage OS 4.0" which allows creating operating systems for a single application, in which the application is delivered as a self-contained "unikernel" that can run without the use of operating systems, a separate OS kernel, and any layers.
All low-level functionality native to the operating system is implemented as a library attached to the application.
About Mirage OS
an app can be developed on any operating system and then compiled into a specialized kernel (the unikernel concept) that can run directly on top of Xen, KVM, BHyve and VMM (OpenBSD) hypervisors, on mobile platforms, as a POSIX process. compatible, or in cloud environments of Amazon Elastic Compute Cloud and Google Compute Engine.
The generated environment contains nothing superfluous and interacts directly with the hypervisor without drivers or system layers, leading to significant reduction in overhead and increased security.
Work with Mirage OS It boils down to three stages: prepare the configuration with the definition of the OPAM packages used in the environment, build the environment and launch the environment. The runtime to run on top of hypervisors is based on the Solo5 kernel.
Although the applications and libraries are built on the high-level language OCaml, the resulting environments show fairly good performance and minimal size (for example, the DNS server is only 200 KB).
Environment maintenance is also simplified, since if you need to update the program or change the configuration, it is enough to create and run a new environment. Several hundred libraries in the OCaml language are supported to perform network operations (DNS, SSH, OpenFlow, HTTP, XMPP, Matrix, OpenVPN, etc.), work with storages, and provide parallel data processing.
Main news of MirageOS 4.0
In this new version of MirageOS that is presented changed project build process and unikernel. Instead of the build system ocamlbuild previously used, are used dune and local repositories (monorepos).
To create such repositories, added a new utility, opam-monorepo, which allowed us to separate package management from building from source. The opam-monorepo utility does the job of creating lock files for project-related dependencies, downloading and extracting the dependency code and configuring the environment to use the dune build system, it's also worth mentioning that the actual build is done by dune.
Another change that stands out is that a repeatable build process is provided. The use of lock files provides a link to the dependency versions and allows you to completely repeat the build process at any time with the same code.
It is also highlighted that implemented a new cross-compilation process and cross-compilation capability is provided for all supported target platforms from a common build environment, in which, among other things, C-linked libraries and dependencies are cross-compiled, with no need to add these links to the main package.
On the other hand, it is mentioned that the opam-monorepo utility is available for installation with the opam package manager and can be used in projects that use the dune build system. To maintain patches that resolve issues with dependency creation in dune, two repositories were created dune-universe/opam-overlays and dune-universe/mirage-opam-overlays, which are enabled by default when using the mirage CLI utility.
Of the other changes that stand out:
- Cross-compiling is organized using the workspaces provided by the dune build system.
- Support for new target platforms has been added, for example, the ability to create stand-alone applications to work on Raspberry Pi 4 boards has been experimentally provided.
- Work has been done to integrate parts of MirageOS into ecosystems related to OCaml development to simplify the assembly of applications in the form of a unikernel.
- Many MirageOS packages have been ported to the dune build system.
- Simplified integration of MirageOS with C and Rust libraries.
- New OCaml runtime proposed to avoid libc (libc free).
- Provided the ability to use the Merlin service for integration with standard integrated development environments.
Finally, if you are interested in knowing more about it, you can check the details In the following link.