harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-21 23:43:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
101 commits 7 branches 0 tags 345 KiB
Commit graph

101 commits

This branch
This branch
All branches
Author SHA1 Message Date
Harald Hoyer
0309a20ee5
Merge pull request #50 from matter-labs/repro_func 
fix: get rid of `/dev/` in containers
 2024-07-02 12:32:45 +02:00
Harald Hoyer
9a35ad60ad
fix: get rid of /dev/ in containers 
`enableFakechroot = true` somehow triggered the inclusion of `/dev`.

Some fake chroots included `/dev/kvm` with different permissions,
so the produced container was not the same.

As this fake chroot is not needed anymore with using `--chroot` for `gramine-sgx-sign`,
it can be turned off.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-02 12:12:22 +02:00
Harald Hoyer
3897de057d
Merge pull request #49 from matter-labs/repro_func 
fix: make containers reproducible again
 2024-07-02 11:22:56 +02:00
Harald Hoyer
4a6aff1d2e
fix: make containers reproducible again 
by providing the `--chroot` argument to `gramine-sgx-sign` and with
a careful assembled `nix` directory, containing no build root artifacts.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-02 11:17:10 +02:00
Harald Hoyer
07ae787761
Merge pull request #46 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.79.0
 2024-07-01 16:45:53 +02:00
renovate[bot]
1517da817f
chore(deps): update trufflesecurity/trufflehog action to v3.79.0 2024-07-01 14:15:08 +00:00
Harald Hoyer
b78f837b73
Merge pull request #48 from matter-labs/overlay_func 
feat: use overlay to specify `mkSGXContainer`
 2024-07-01 16:14:46 +02:00
Harald Hoyer
2d39aee8b4
feat: use overlay to specify mkSGXContainer 
will simplify `pkgs.callPackage lib.nixsgx.mkSGXContainer`
to `nixsgxLib.mkSGXContainer`.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 16:06:23 +02:00
Harald Hoyer
347a89b6da
Merge pull request #47 from matter-labs/attic 
chore: Migrate from cachix to Attic in nix and github workflows
 2024-07-01 16:02:26 +02:00
Harald Hoyer
971e63784c
chore: Migrate from cachix to Attic in nix and github workflows 
- Updated nix config to use Attic substituter and trusted public key
- Modified github workflows to use Attic cache instead of Cachix
- Removed the now unnecessary cachix config settings and Cachix workflow actions
- Update `flake.lock`
- Run on our own CI runners

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 14:00:14 +02:00
Harald Hoyer
3a272950fa
Merge pull request #45 from matter-labs/app_name 
feat: rename manifest and sigs to `app` by default via `appName` parameter
 2024-06-26 14:05:31 +02:00
Harald Hoyer
83f9cc24ee
feat: rename manifest and sigs to app by default via appName parameter 
This will ease the creation of scripts processing containers further.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-26 12:26:40 +02:00
Harald Hoyer
f6c55e4229
Merge pull request #44 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.78.2
 2024-06-21 11:16:36 +02:00
renovate[bot]
5cbc803ff8
chore(deps): update trufflesecurity/trufflehog action to v3.78.2 2024-06-21 02:08:11 +00:00
Harald Hoyer
d9eb744741
Merge pull request #43 from matter-labs/fix_cmd 
fix: correct `CMD`
 2024-06-18 10:36:42 +02:00
Harald Hoyer
dba206cc75
fix: correct CMD 
incorrectly escaped `[ -n "$GRAMINE_DIRECT" ]`

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-18 10:33:57 +02:00
Harald Hoyer
b6c1b5dd0a
Merge pull request #42 from matter-labs/gramine-direct 
feat: add GRAMINE_DIRECT
 2024-06-15 12:56:37 +02:00
Harald Hoyer
ec8f336547
feat: add GRAMINE_DIRECT 
if the container is passed `GRAMINE_DIRECT=1` then `gramine-direct`
is executed. This helps debugging on non-sgx machines.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-14 20:43:03 +02:00
Harald Hoyer
070abadeb7
Merge pull request #39 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.78.1
 2024-06-14 20:41:17 +02:00
renovate[bot]
d65766ca62
chore(deps): update trufflesecurity/trufflehog action to v3.78.1 2024-06-14 15:34:21 +00:00
Harald Hoyer
eba8b34c29
Merge pull request #41 from matter-labs/gramine-1.7 
feat: gramine 1.7
 2024-06-14 17:34:00 +02:00
Harald Hoyer
18963c7e6b
feat: gramine 1.7 
This release supports eventfd, so the patched `libuv` can be omitted.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-14 14:27:06 +02:00
Harald Hoyer
7601533d04
Merge pull request #40 from matter-labs/renovate/actions-checkout-digest 
chore(deps): update actions/checkout digest to 692973e
 2024-06-14 11:47:24 +02:00
renovate[bot]
6cc33e4cb2
chore(deps): update actions/checkout digest to 692973e 2024-06-13 20:53:47 +00:00
Harald Hoyer
49a1ae79d9
Merge pull request #37 from matter-labs/recursiveMerge 
feat: merge the manifest attribute sets better
 2024-06-07 13:09:25 +02:00
Harald Hoyer
7050f3b049
feat: merge the manifest attribute sets better 
* merge the arrays `fs.mounts` and `sgx.trusted_files`
  instead of replacing them.
* append `loader.env.LD_LIBRARY_PATH`
  instead of replacing it.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-07 10:55:00 +02:00
Harald Hoyer
9fc590adf9
Merge pull request #33 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.78.0
 2024-06-06 15:01:42 +02:00
renovate[bot]
30f806d406
chore(deps): update trufflesecurity/trufflehog action to v3.78.0 2024-06-06 12:59:33 +00:00
Harald Hoyer
e2e53424d1
Merge pull request #36 from matter-labs/nixos-24.05 
chore: update to nixos 24.05
 2024-06-06 14:59:22 +02:00
Harald Hoyer
ea5b94f682
chore: update to nixos 24.05 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-06 13:57:02 +02:00
Harald Hoyer
74a45f2eb2
Merge pull request #35 from matter-labs/mkSGXContainer-recursiveMerge 
fix: use `lib.recursiveUpdate` by default
 2024-06-05 14:24:50 +02:00
Harald Hoyer
a969fffac9
fix: use lib.recursiveUpdate by default 
the custom `recursiveMerge` function was not working as expected.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-05 14:19:58 +02:00
Harald Hoyer
b6e9f1e229
Merge pull request #34 from matter-labs/mkSGXContainer 
feat: add `mkSGXContainer` nix function
 2024-06-05 14:10:20 +02:00
Harald Hoyer
d2b836216b
feat: add mkSGXContainer nix function 
to build SGX container in one go.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-05 13:53:22 +02:00
Harald Hoyer
7151f63b15
Merge pull request #28 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.76.3
 2024-05-21 10:31:24 +02:00
renovate[bot]
b0deee55d9
chore(deps): update trufflesecurity/trufflehog action to v3.76.3 2024-05-21 08:26:59 +00:00
Harald Hoyer
d2fee8c340
Merge pull request #31 from matter-labs/renovate/actions-checkout-digest 
chore(deps): update actions/checkout digest to a5ac7e5
 2024-05-21 10:26:02 +02:00
renovate[bot]
e7fded4a16
chore(deps): update actions/checkout digest to a5ac7e5 2024-05-21 08:24:13 +00:00
Harald Hoyer
ce6cc96e19
Merge pull request #29 from matter-labs/renovate/cachix-install-nix-action-27.x 
chore(deps): update cachix/install-nix-action action to v27
 2024-05-21 10:23:51 +02:00
renovate[bot]
7961c8bb29
chore(deps): update cachix/install-nix-action action to v27 2024-05-21 08:21:40 +00:00
Harald Hoyer
c5356198d1
Merge pull request #32 from matter-labs/renovate/cachix-cachix-action-15.x 
chore(deps): update cachix/cachix-action action to v15
 2024-05-21 10:21:13 +02:00
renovate[bot]
0a9deb6619
chore(deps): update cachix/cachix-action action to v15 2024-05-20 17:45:09 +00:00
Harald Hoyer
5f62851666
Merge pull request #30 from matter-labs/sgx-sdk-2.24 
chore: sgx-sdk: 2.23 -> 2.24 sgx-dcap: 1.20 -> 1.21
 2024-05-17 18:07:36 +02:00
Harald Hoyer
46ccd164d1
chore: sgx-dcap: 1.20 -> 1.21 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-05-17 12:17:32 +02:00
Harald Hoyer
e9a6d7a4dc
chore: sgx-sdk: 2.23 -> 2.24 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-05-17 12:17:31 +02:00
Harald Hoyer
b792d5ea46
Merge pull request #27 from matter-labs/nixci_build 
feat(flake): add cache config
 2024-05-13 17:02:23 +02:00
Harald Hoyer
d9a38404a7
feat(flake): add cache config 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-05-13 16:52:05 +02:00
Harald Hoyer
524d75f62a
Merge pull request #25 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.75.1
 2024-05-13 15:46:44 +02:00
renovate[bot]
1a367f830c
chore(deps): update trufflesecurity/trufflehog action to v3.75.1 2024-05-07 00:20:05 +00:00
Harald Hoyer
c8538d32ed
Merge pull request #24 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.75.0
 2024-05-06 13:23:37 +02:00