harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-21 07:33:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
119 commits 6 branches 0 tags 340 KiB
Commit graph

119 commits

This branch
This branch
All branches
Author SHA1 Message Date
renovate[bot]
547c844b3a
chore(deps): update cachix/install-nix-action action to v30 2024-10-15 15:35:01 +00:00
Harald Hoyer
747fe8c8e0
Merge pull request #60 from matter-labs/renovate/actions-checkout-digest 
chore(deps): update actions/checkout digest to eef6144
 2024-10-15 17:34:35 +02:00
renovate[bot]
7df1662308
chore(deps): update actions/checkout digest to eef6144 2024-10-15 15:27:16 +00:00
Harald Hoyer
c575b7d69a
Merge pull request #62 from matter-labs/nixpkgs 
chore(deps): update nixpkgs
 2024-10-15 17:27:00 +02:00
Harald Hoyer
6ad0eb76d5
chore(deps): update nixpkgs 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-10-15 11:21:38 +02:00
Harald Hoyer
d00fbd916b
Merge pull request #61 from matter-labs/sgx_2.25 
feat: sgx-2.25 dcap-1.22
 2024-10-15 10:59:34 +02:00
Harald Hoyer
41b3543753
feat: sgx-2.25 dcap-1.22 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-10-15 08:30:27 +02:00
Harald Hoyer
00bb72e3ef
Merge pull request #56 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.81.10
 2024-09-02 12:04:00 +02:00
renovate[bot]
2ad232abb7
chore(deps): update trufflesecurity/trufflehog action to v3.81.10 2024-08-29 21:35:20 +00:00
Harald Hoyer
4f91ba517f
Merge pull request #52 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.81.7
 2024-08-08 17:55:45 +02:00
renovate[bot]
79fc31888d
chore(deps): update trufflesecurity/trufflehog action to v3.81.7 2024-08-08 15:42:52 +00:00
Harald Hoyer
2bd581eb30
Merge pull request #55 from matter-labs/pkgs.lib.tee.sgxGramineContainer 
refactor: replace mkSGXContainer with sgxGramineContainer
 2024-08-08 17:42:29 +02:00
Harald Hoyer
1e8c8ed1c7
refactor: replace mkSGXContainer with sgxGramineContainer 
- Deprecate `mkSGXContainer` in favor of `sgxGramineContainer`.
- Update references to use the new container creation function.
- Streamline the codebase by simplifying `overlays/libTee/default.nix`.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-08 14:34:34 +02:00
Harald Hoyer
b080c32f2a
Merge pull request #54 from matter-labs/gramine-pipes 
fix(gramine): maybe fix problem with golang `netpollBreak`
 2024-08-08 14:34:25 +02:00
Harald Hoyer
7eb96bec6a
fix(gramine): maybe fix problem with golang netpollBreak 
Old golang uses pipes for netpoll. And occasionally -EACCES was seen
with golang `netpollBreak` writing to a non-blocking pipe.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-08 14:18:43 +02:00
D025
be2c19592d
ci: change runners for execute jobs (#53) 2024-07-23 13:24:52 +00:00
Harald Hoyer
520ad62275
Merge pull request #51 from matter-labs/fix_readme 
docs: fix links in readme
 2024-07-02 14:31:49 +02:00
Harald Hoyer
a54aaacd46
docs: fix links in readme 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-02 13:06:23 +02:00
Harald Hoyer
0309a20ee5
Merge pull request #50 from matter-labs/repro_func 
fix: get rid of `/dev/` in containers
 2024-07-02 12:32:45 +02:00
Harald Hoyer
9a35ad60ad
fix: get rid of /dev/ in containers 
`enableFakechroot = true` somehow triggered the inclusion of `/dev`.

Some fake chroots included `/dev/kvm` with different permissions,
so the produced container was not the same.

As this fake chroot is not needed anymore with using `--chroot` for `gramine-sgx-sign`,
it can be turned off.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-02 12:12:22 +02:00
Harald Hoyer
3897de057d
Merge pull request #49 from matter-labs/repro_func 
fix: make containers reproducible again
 2024-07-02 11:22:56 +02:00
Harald Hoyer
4a6aff1d2e
fix: make containers reproducible again 
by providing the `--chroot` argument to `gramine-sgx-sign` and with
a careful assembled `nix` directory, containing no build root artifacts.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-02 11:17:10 +02:00
Harald Hoyer
07ae787761
Merge pull request #46 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.79.0
 2024-07-01 16:45:53 +02:00
renovate[bot]
1517da817f
chore(deps): update trufflesecurity/trufflehog action to v3.79.0 2024-07-01 14:15:08 +00:00
Harald Hoyer
b78f837b73
Merge pull request #48 from matter-labs/overlay_func 
feat: use overlay to specify `mkSGXContainer`
 2024-07-01 16:14:46 +02:00
Harald Hoyer
2d39aee8b4
feat: use overlay to specify mkSGXContainer 
will simplify `pkgs.callPackage lib.nixsgx.mkSGXContainer`
to `nixsgxLib.mkSGXContainer`.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 16:06:23 +02:00
Harald Hoyer
347a89b6da
Merge pull request #47 from matter-labs/attic 
chore: Migrate from cachix to Attic in nix and github workflows
 2024-07-01 16:02:26 +02:00
Harald Hoyer
971e63784c
chore: Migrate from cachix to Attic in nix and github workflows 
- Updated nix config to use Attic substituter and trusted public key
- Modified github workflows to use Attic cache instead of Cachix
- Removed the now unnecessary cachix config settings and Cachix workflow actions
- Update `flake.lock`
- Run on our own CI runners

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 14:00:14 +02:00
Harald Hoyer
3a272950fa
Merge pull request #45 from matter-labs/app_name 
feat: rename manifest and sigs to `app` by default via `appName` parameter
 2024-06-26 14:05:31 +02:00
Harald Hoyer
83f9cc24ee
feat: rename manifest and sigs to app by default via appName parameter 
This will ease the creation of scripts processing containers further.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-26 12:26:40 +02:00
Harald Hoyer
f6c55e4229
Merge pull request #44 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.78.2
 2024-06-21 11:16:36 +02:00
renovate[bot]
5cbc803ff8
chore(deps): update trufflesecurity/trufflehog action to v3.78.2 2024-06-21 02:08:11 +00:00
Harald Hoyer
d9eb744741
Merge pull request #43 from matter-labs/fix_cmd 
fix: correct `CMD`
 2024-06-18 10:36:42 +02:00
Harald Hoyer
dba206cc75
fix: correct CMD 
incorrectly escaped `[ -n "$GRAMINE_DIRECT" ]`

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-18 10:33:57 +02:00
Harald Hoyer
b6c1b5dd0a
Merge pull request #42 from matter-labs/gramine-direct 
feat: add GRAMINE_DIRECT
 2024-06-15 12:56:37 +02:00
Harald Hoyer
ec8f336547
feat: add GRAMINE_DIRECT 
if the container is passed `GRAMINE_DIRECT=1` then `gramine-direct`
is executed. This helps debugging on non-sgx machines.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-14 20:43:03 +02:00
Harald Hoyer
070abadeb7
Merge pull request #39 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.78.1
 2024-06-14 20:41:17 +02:00
renovate[bot]
d65766ca62
chore(deps): update trufflesecurity/trufflehog action to v3.78.1 2024-06-14 15:34:21 +00:00
Harald Hoyer
eba8b34c29
Merge pull request #41 from matter-labs/gramine-1.7 
feat: gramine 1.7
 2024-06-14 17:34:00 +02:00
Harald Hoyer
18963c7e6b
feat: gramine 1.7 
This release supports eventfd, so the patched `libuv` can be omitted.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-14 14:27:06 +02:00
Harald Hoyer
7601533d04
Merge pull request #40 from matter-labs/renovate/actions-checkout-digest 
chore(deps): update actions/checkout digest to 692973e
 2024-06-14 11:47:24 +02:00
renovate[bot]
6cc33e4cb2
chore(deps): update actions/checkout digest to 692973e 2024-06-13 20:53:47 +00:00
Harald Hoyer
49a1ae79d9
Merge pull request #37 from matter-labs/recursiveMerge 
feat: merge the manifest attribute sets better
 2024-06-07 13:09:25 +02:00
Harald Hoyer
7050f3b049
feat: merge the manifest attribute sets better 
* merge the arrays `fs.mounts` and `sgx.trusted_files`
  instead of replacing them.
* append `loader.env.LD_LIBRARY_PATH`
  instead of replacing it.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-07 10:55:00 +02:00
Harald Hoyer
9fc590adf9
Merge pull request #33 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.78.0
 2024-06-06 15:01:42 +02:00
renovate[bot]
30f806d406
chore(deps): update trufflesecurity/trufflehog action to v3.78.0 2024-06-06 12:59:33 +00:00
Harald Hoyer
e2e53424d1
Merge pull request #36 from matter-labs/nixos-24.05 
chore: update to nixos 24.05
 2024-06-06 14:59:22 +02:00
Harald Hoyer
ea5b94f682
chore: update to nixos 24.05 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-06 13:57:02 +02:00
Harald Hoyer
74a45f2eb2
Merge pull request #35 from matter-labs/mkSGXContainer-recursiveMerge 
fix: use `lib.recursiveUpdate` by default
 2024-06-05 14:24:50 +02:00
Harald Hoyer
a969fffac9
fix: use lib.recursiveUpdate by default 
the custom `recursiveMerge` function was not working as expected.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-05 14:19:58 +02:00