MirageOS is a library operating system that constructs unikernels for secure, high-performance, low-energy footprint applications across various hypervisor and embedded platforms.
Since the first release of 2013, MirageOS has made steady progress towards deploying self-managed internet infrastructure. The project’s initial aim was to self-host as many services as possible to empower internet users to securely deploy infrastructure to own their data and take back control of their privacy. MirageOS can securely deploy static website hosting with “Let’s Encrypt” certificate provisioning and a secure SMTP stack with security extensions. MirageOS can also deploy decentralized communication infrastructure like Matrix, OpenVPN servers, and TLS tunnels to ensure data privacy or DNS(SEC) servers for better authentication.
The protocol ecosystem now contains hundreds of libraries and millions of daily users. Over these years, major commercial users have joined the projects. They rely on MirageOS libraries to secure their product. For instance, the MirageOS networking code powers Docker Desktop’s VPNKit, which serves the traffic of millions of containers daily. Citrix Hypervisor uses MirageOS to interact with Xen, the hypervisor that powers most of today’s public cloud. Nitrokey is developing a new hardware security module based on MirageOS. Robur develops a unikernel orchestration system for fleets of MirageOS unikernels. Tarides uses MirageOS to improve the Tezos blockchain, and Hyper uses MirageOS to build sensor analytics and an automation platform for sustainable agriculture.
We dedicate this release of MirageOS 4.0 to Lars Kurth. Unfortunately, he passed away early in 2020, leaving a big hole in our community. Lars was instrumental in bringing the Xen Project to fruition, and we wouldn’t be here without him.
The MirageOS4 release focuses on better integration with existing ecosystems. For instance, parts of MirageOS are now merged into the OCaml ecosystem, making it easier to deploy OCaml applications into a unikernel. Plus, we improved the cross-compilation support, added more compilation targets to MirageOS (for instance, for bare-metal Raspberry-Pi 4), and made it easier to integrate MirageOS with non-OCaml libraries.
This release introduces a significant change in how MirageOS compiles projects. We developed a new tool called opam-monorepo, which separates package management from building the resulting source code. It creates a lock file for the project dependencies, downloads and extracts the dependency sources locally, and sets up a Dune Workspace, enabling dune build to build everything simultaneously. The MirageOS 4.0 release also contains improvements in the Mirage CLI tool, a new libc-free OCaml runtime, and a cross-compiler for OCaml. Finally, MirageOS 4.0 now supports familiar IDE tools while developing unikernels, making day-to-day coding much faster.