harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-21 07:33:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add GRAMINE_DIRECT

Browse source 
if the container is passed `GRAMINE_DIRECT=1` then `gramine-direct`
is executed. This helps debugging on non-sgx machines.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2024-06-14 14:25:46 +02:00
parent 070abadeb7
commit ec8f336547
Signed by: harald
GPG key ID: F519A1143B3FBE32
3 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/nix.yml vendored
View file

@ -63,3 +63,9 @@ jobs:
- name: nix build - name: nix build
run: nix run github:nixos/nixpkgs/nixos-23.11#nixci run: nix run github:nixos/nixpkgs/nixos-23.11#nixci
- name: integration check
run: |
nix build --accept-flake-config -L .#nixsgx-test-sgx-azure
docker load -i result
docker run -i --env GRAMINE_DIRECT=1 --privileged --init --rm nixsgx-test-sgx-azure:latest | grep -q -F 'Hello, world!'

1
.gitignore vendored
View file

@ -4,3 +4,4 @@
/.envrc /.envrc
/.direnv /.direnv
/result /result
/result-*

12
lib/default.nix
View file

@ -166,7 +166,17 @@ _:
"LD_LIBRARY_PATH=${lib.makeLibraryPath [ pkgs.curl.out (if isAzure then nixsgx.azure-dcap-client.out else nixsgx.sgx-dcap.default_qpl)]}" "LD_LIBRARY_PATH=${lib.makeLibraryPath [ pkgs.curl.out (if isAzure then nixsgx.azure-dcap-client.out else nixsgx.sgx-dcap.default_qpl)]}"
]; ];
Entrypoint = [ "/bin/sh" "-c" ]; Entrypoint = [ "/bin/sh" "-c" ];
Cmd = [ "${extraCmd}; [[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd >&2; exec gramine-sgx ${name}" ]; Cmd = [
''
${extraCmd};
if [ -n \"$GRAMINE_DIRECT\" ]; then
exec gramine-direct ${name};
else
[[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd >&2;
exec gramine-sgx ${name};
fi
''
];
WorkingDir = "${appDir}"; WorkingDir = "${appDir}";
}; };