fix: get rid of /dev/ in containers

`enableFakechroot = true` somehow triggered the inclusion of `/dev`. Some fake chroots included `/dev/kvm` with different permissions, so the produced container was not the same. As this fake chroot is not needed anymore with using `--chroot` for `gramine-sgx-sign`, it can be turned off. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 23:43:56 +02:00 · 2024-07-02 12:12:22 +02:00 · 2024-07-02 12:12:22 +02:00 · 9a35ad60ad
commit 9a35ad60ad
parent 4a6aff1d2e
1 changed files with 0 additions and 1 deletions
--- a/overlays/nixsgxLib/default.nix
+++ b/overlays/nixsgxLib/default.nix
@ -211,7 +211,6 @@ final: _:
                  inherit fromImage;

                  includeStorePaths = false;
-                  enableFakechroot = true;
                  extraCommands = (mkNixStore contents) + ''
                    (
                      set -e