harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-21 07:33:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(sgx): try to reduce the docker layers

Browse source 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2025-01-27 11:17:13 +01:00
parent 788ff52330
commit 2821ae4d91
Signed by: harald
GPG key ID: F519A1143B3FBE32
1 changed files with 39 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

77
overlays/libTee/sgxGramineContainer.nix
View file

@ -97,57 +97,58 @@ let
tomlFormat = pkgs.formats.toml { }; tomlFormat = pkgs.formats.toml { };
manifestFile = tomlFormat.generate "${name}.manifest.toml" mergedManifest; manifestFile = tomlFormat.generate "${name}.manifest.toml" mergedManifest;
paths = with pkgs.dockerTools; with nixsgx;[
openssl.out
curl.out
gramine
sgx-dcap.quote_verify
caCertificates
]
++ (if isAzure then [
azure-dcap-client
] else [
sgx-dcap.default_qpl
])
++ packages;
pathsToLink = [ "/bin" "/lib" "/etc" "/share" "${appDir}" ];
postBuild = ''
(
set -e
mkdir -p $out/{etc,var/run}
mkdir -p $out/${appDir}/{.dcap-qcnl,.az-dcap-client}
ln -s ${manifestFile} $out/${appDir}/${appName}.manifest.toml
# Increase IPv4 address priority
printf "precedence ::ffff:0:0/96 100\n" > $out/etc/gai.conf
${
if sgx_default_qcnl_conf != null then
"rm -f $out/etc/sgx_default_qcnl.conf; ln -s ${sgx_default_qcnl_conf} $out/etc/sgx_default_qcnl.conf;"
else ""
}
eval "${extraPostBuild}"
)
'';
contents = pkgs.buildEnv { contents = pkgs.buildEnv {
name = "image-root-${appName}"; name = "image-root-${appName}";
inherit paths pathsToLink postBuild;
paths = with pkgs.dockerTools; with nixsgx;[
openssl.out
curl.out
gramine
sgx-dcap.quote_verify
caCertificates
]
++ (if isAzure then [
azure-dcap-client
] else [
sgx-dcap.default_qpl
])
++ packages;
pathsToLink = [ "/bin" "/lib" "/etc" "/share" "${appDir}" ];
postBuild = ''
(
set -e
mkdir -p $out/{etc,var/run}
mkdir -p $out/${appDir}/{.dcap-qcnl,.az-dcap-client}
ln -s ${manifestFile} $out/${appDir}/${appName}.manifest.toml
# Increase IPv4 address priority
printf "precedence ::ffff:0:0/96 100\n" > $out/etc/gai.conf
${
if sgx_default_qcnl_conf != null then
"rm -f $out/etc/sgx_default_qcnl.conf; ln -s ${sgx_default_qcnl_conf} $out/etc/sgx_default_qcnl.conf;"
else ""
}
eval "${extraPostBuild}"
)
'';
}; };
extendedContents = pkgs.buildEnv { extendedContents = pkgs.buildEnv {
name = "extended-root-${appName}"; name = "extended-root-${appName}";
paths = with pkgs.dockerTools; with nixsgx;[ paths = paths ++ (with pkgs.dockerTools; with nixsgx;[
coreutils coreutils
restart-aesmd restart-aesmd
sgx-psw sgx-psw
usrBinEnv usrBinEnv
binSh binSh
fakeNss fakeNss
] ++ extendedPackages; ]) ++ extendedPackages;
pathsToLink = [ "/bin" "/lib" "/etc" "/share" ]; pathsToLink = pathsToLink ++ [ "/bin" "/lib" "/etc" "/share" ];
postBuild = postBuild = postBuild + (
if sgx_default_qcnl_conf != null then '' if sgx_default_qcnl_conf != null then ''
( (
set -e set -e
@ -155,7 +156,8 @@ let
rm -f $out/etc/sgx_default_qcnl.conf rm -f $out/etc/sgx_default_qcnl.conf
ln -s ${sgx_default_qcnl_conf} $out/etc/sgx_default_qcnl.conf ln -s ${sgx_default_qcnl_conf} $out/etc/sgx_default_qcnl.conf
) )
'' else null; '' else ""
);
}; };
config = { config = {
@ -201,7 +203,6 @@ let
name = "${name}-manifest-${appName}"; name = "${name}-manifest-${appName}";
inherit tag; inherit tag;
inherit contents; inherit contents;
inherit fromImage;
inherit maxLayers; inherit maxLayers;
includeStorePaths = false; includeStorePaths = false;