harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 07:03:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add Google Metadata support and TDX container test

Browse source 
- Introduced `google-metadata` binary for reading GCP instance attributes.
- Added TDX container test with new `container-test-tdx` package.
- Updated Nix workflow and deployment scripts for Google Metadata integration.
- Bumped `anyhow` to 1.0.95 and updated Cargo.lock.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2025-01-21 16:42:52 +01:00
parent e2c31919c9
commit 11a22c9e67
Signed by: harald
GPG key ID: F519A1143B3FBE32
16 changed files with 286 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

8
packages/cargoClippy/default.nix
View file

@ -1,8 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2024 Matter Labs
{ teepotCrate }: teepotCrate.craneLib.cargoClippy (
teepotCrate.commonArgs // {
pname = "teepot";
inherit (teepotCrate) cargoArtifacts;
}
)

7
packages/cargoDeny/default.nix
View file

@ -1,7 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2024 Matter Labs
{ teepotCrate }: teepotCrate.craneLib.cargoDeny (
teepotCrate.commonArgs // {
pname = "teepot";
}
)

7
packages/cargoFmt/default.nix
View file

@ -1,7 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2024 Matter Labs
{ teepotCrate }: teepotCrate.craneLib.cargoFmt (
teepotCrate.commonArgs // {
pname = "teepot";
}
)

24
packages/container-test-tdx/default.nix Normal file
View file

@ -0,0 +1,24 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2024 Matter Labs
{ dockerTools
, buildEnv
, teepot
}:
dockerTools.buildLayeredImage {
name = "test-tdx";
config.Entrypoint = [ "${teepot.teepot.google_metadata}/bin/google-metadata" ];
config.Env = [ "LD_LIBRARY_PATH=/lib" ];
contents = buildEnv {
name = "image-root";
paths = with dockerTools;[
teepot.teepot.google_metadata
usrBinEnv
binSh
caCertificates
fakeNss
];
pathsToLink = [ "/bin" "/lib" "/etc" "/share" ];
};
}

5
packages/teepot/default.nix
View file

@ -1,6 +1,8 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2024 Matter Labs
{ lib, pkgs, makeWrapper, teepotCrate }: teepotCrate.craneLib.buildPackage (
{ lib, pkgs, makeWrapper, teepot }:
let teepotCrate = teepot.teepotCrate; in
teepotCrate.craneLib.buildPackage (
teepotCrate.commonArgs // {
pname = "teepot";
inherit (teepotCrate) cargoArtifacts;
@ -17,6 +19,7 @@
outputs = [
"out"
"google_metadata"
"rtmr_calc"
"sha384_extend"
"tdx_extend"

65
packages/teepotCrate/default.nix Normal file
View file

@ -0,0 +1,65 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2024 Matter Labs
{ lib
, inputs
, makeRustPlatform
, nixsgx
, pkg-config
, rust-bin
, pkgs
, openssl
}:
let
rustVersion = rust-bin.fromRustupToolchainFile (inputs.src + "/rust-toolchain.toml");
rustPlatform = makeRustPlatform {
cargo = rustVersion;
rustc = rustVersion;
};
craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rustVersion;
commonArgs = {
nativeBuildInputs = [
pkg-config
rustPlatform.bindgenHook
];
buildInputs = [
openssl
nixsgx.sgx-sdk
nixsgx.sgx-dcap
nixsgx.sgx-dcap.quote_verify
nixsgx.sgx-dcap.libtdx_attest
];
strictDeps = true;
src = with lib.fileset; toSource {
root = inputs.src;
fileset = unions [
# Default files from crane (Rust and cargo files)
(craneLib.fileset.commonCargoSources inputs.src)
(fileFilter (file: file.hasExt "hcl") (inputs.src + "/bin"))
# deny.toml and friends
(fileFilter (file: file.hasExt "toml") inputs.src)
# Custom test data files
(maybeMissing (inputs.src + "/crates/teepot/tests/data"))
];
};
checkType = "debug";
env = {
OPENSSL_NO_VENDOR = "1";
NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
};
};
cargoArtifacts = craneLib.buildDepsOnly (commonArgs // {
pname = "teepot-workspace";
});
in
{
inherit rustPlatform
rustVersion
commonArgs
craneLib
cargoArtifacts;
}