Mirage Firewall SHA256 Checksum Does Not Match Expected Value

I build Mirage firewall from source based on official instructions. After that when I check sha256 sum for qubes-firewall.xen it’s different than mentioned in qubes-firewall-release.sha256 and match with qubes-firewall.sha256
So should I trust my build package and transfer it to dom0 or not? @palainp

1 Like

Dear @fdhhjigf, yes this is correct.

When building with docker or podman, the current head of the qubes-mirage-firewall repository should always match qubes-firewall.sha256. The other file is used to check against the latest release version (for example when using the salt script to automatically update the unikernel).
I plan to release a new version soon as an issue has been resolved for use with mullvad (and possibly other vpn providers). But in the meantime, the current head is in advance vs the latest release :slight_smile:

EDIT: In addition you can rollback some commits (here up to release v0.9.3 · mirage/qubes-mirage-firewall@32394c7 · GitHub), clean everything, recompile and you should get a unikernel that matches the release hashsum.

2 Likes

One more thing can I make it disposable vm?

1 Like

Yes you can, but it does not serves a purpose as the unikernel only uses a kernel image and doesn’t use the disks (you can reduce their size too if you want).

1 Like