From 36449980c2948af55b7e60960ca91fc7d764f8be Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 7 Aug 2024 14:03:11 +0200 Subject: [PATCH] fix(teepot-vault-unseal-sgx): pass `CA_CERT_FILE` Although the file was included, it was not in the standard location. Passing the absolute path fixes the issue. The CA file is needed for the raft join command. Signed-off-by: Harald Hoyer --- packages/container-vault-unseal-sgx-azure/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/container-vault-unseal-sgx-azure/default.nix b/packages/container-vault-unseal-sgx-azure/default.nix index 3512395..ef31b0b 100644 --- a/packages/container-vault-unseal-sgx-azure/default.nix +++ b/packages/container-vault-unseal-sgx-azure/default.nix @@ -41,6 +41,7 @@ nixsgxLib.mkSGXContainer { VAULT_AUTH_TEE_SHA256_FILE = "${vat.vault-auth-tee.sha}/share/vault-auth-tee.sha256"; ### TODO: remove hardcoded version ### VAULT_AUTH_TEE_VERSION = "0.1.0+dev"; + CA_CERT_FILE = "${teepot.container-vault-start-config}/opt/vault/cacert.pem"; }; };