Commit graph

3 commits

Author SHA1 Message Date
Harald Hoyer
9a35ad60ad
fix: get rid of /dev/ in containers
`enableFakechroot = true` somehow triggered the inclusion of `/dev`.

Some fake chroots included `/dev/kvm` with different permissions,
so the produced container was not the same.

As this fake chroot is not needed anymore with using `--chroot` for `gramine-sgx-sign`,
it can be turned off.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2024-07-02 12:12:22 +02:00
Harald Hoyer
4a6aff1d2e
fix: make containers reproducible again
by providing the `--chroot` argument to `gramine-sgx-sign` and with
a careful assembled `nix` directory, containing no build root artifacts.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2024-07-02 11:17:10 +02:00
Harald Hoyer
2d39aee8b4
feat: use overlay to specify mkSGXContainer
will simplify `pkgs.callPackage lib.nixsgx.mkSGXContainer`
to `nixsgxLib.mkSGXContainer`.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2024-07-01 16:06:23 +02:00