From 2821ae4d915f89d0ea685e9411908e96a42d7141 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@matterlabs.dev>
Date: Mon, 27 Jan 2025 11:17:13 +0100
Subject: [PATCH] feat(sgx): try to reduce the docker layers

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
---
 overlays/libTee/sgxGramineContainer.nix | 77 +++++++++++++------------
 1 file changed, 39 insertions(+), 38 deletions(-)

diff --git a/overlays/libTee/sgxGramineContainer.nix b/overlays/libTee/sgxGramineContainer.nix
index 5f581e1..ef24b42 100644
--- a/overlays/libTee/sgxGramineContainer.nix
+++ b/overlays/libTee/sgxGramineContainer.nix
@@ -97,57 +97,58 @@ let
   tomlFormat = pkgs.formats.toml { };
   manifestFile = tomlFormat.generate "${name}.manifest.toml" mergedManifest;
 
+  paths = with pkgs.dockerTools; with nixsgx;[
+    openssl.out
+    curl.out
+    gramine
+    sgx-dcap.quote_verify
+    caCertificates
+  ]
+  ++ (if isAzure then [
+    azure-dcap-client
+  ] else [
+    sgx-dcap.default_qpl
+  ])
+  ++ packages;
+
+  pathsToLink = [ "/bin" "/lib" "/etc" "/share" "${appDir}" ];
+  postBuild = ''
+    (
+      set -e
+      mkdir -p $out/{etc,var/run}
+      mkdir -p $out/${appDir}/{.dcap-qcnl,.az-dcap-client}
+      ln -s ${manifestFile} $out/${appDir}/${appName}.manifest.toml
+      # Increase IPv4 address priority
+      printf "precedence ::ffff:0:0/96  100\n" > $out/etc/gai.conf
+      ${
+          if sgx_default_qcnl_conf != null then
+              "rm -f $out/etc/sgx_default_qcnl.conf; ln -s ${sgx_default_qcnl_conf} $out/etc/sgx_default_qcnl.conf;"
+          else ""
+      }
+      eval "${extraPostBuild}"
+    )
+  '';
+
   contents = pkgs.buildEnv {
     name = "image-root-${appName}";
-
-    paths = with pkgs.dockerTools; with nixsgx;[
-      openssl.out
-      curl.out
-      gramine
-      sgx-dcap.quote_verify
-      caCertificates
-    ]
-    ++ (if isAzure then [
-      azure-dcap-client
-    ] else [
-      sgx-dcap.default_qpl
-    ])
-    ++ packages;
-
-    pathsToLink = [ "/bin" "/lib" "/etc" "/share" "${appDir}" ];
-    postBuild = ''
-      (
-        set -e
-        mkdir -p $out/{etc,var/run}
-        mkdir -p $out/${appDir}/{.dcap-qcnl,.az-dcap-client}
-        ln -s ${manifestFile} $out/${appDir}/${appName}.manifest.toml
-        # Increase IPv4 address priority
-        printf "precedence ::ffff:0:0/96  100\n" > $out/etc/gai.conf
-        ${
-            if sgx_default_qcnl_conf != null then
-                "rm -f $out/etc/sgx_default_qcnl.conf; ln -s ${sgx_default_qcnl_conf} $out/etc/sgx_default_qcnl.conf;"
-            else ""
-        }
-        eval "${extraPostBuild}"
-      )
-    '';
+    inherit paths pathsToLink postBuild;
   };
 
   extendedContents = pkgs.buildEnv {
     name = "extended-root-${appName}";
 
-    paths = with pkgs.dockerTools; with nixsgx;[
+    paths = paths ++ (with pkgs.dockerTools; with nixsgx;[
       coreutils
       restart-aesmd
       sgx-psw
       usrBinEnv
       binSh
       fakeNss
-    ] ++ extendedPackages;
+    ]) ++ extendedPackages;
 
-    pathsToLink = [ "/bin" "/lib" "/etc" "/share" ];
+    pathsToLink = pathsToLink ++ [ "/bin" "/lib" "/etc" "/share" ];
 
-    postBuild =
+    postBuild = postBuild + (
       if sgx_default_qcnl_conf != null then ''
         (
           set -e
@@ -155,7 +156,8 @@ let
           rm -f $out/etc/sgx_default_qcnl.conf
           ln -s ${sgx_default_qcnl_conf} $out/etc/sgx_default_qcnl.conf
         )
-      '' else null;
+      '' else ""
+    );
   };
 
   config = {
@@ -201,7 +203,6 @@ let
         name = "${name}-manifest-${appName}";
         inherit tag;
         inherit contents;
-        inherit fromImage;
         inherit maxLayers;
 
         includeStorePaths = false;