harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use Docker's entrypoint instead of command

Browse source
This commit is contained in:
Patryk Bęza 2024-07-11 17:49:37 +02:00
parent 78447ea307
commit 51c1e72a03
No known key found for this signature in database
GPG key ID: 9AD1B44D9F6258EC
3 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bin/tee-self-attestation-test/README.md
View file

@ -14,7 +14,7 @@ $ nix build -L .#container-self-attestation-test-sgx-azure && docker load -i res
docker run -i --init --rm --privileged --device /dev/sgx_enclave \ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \ matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
| base64 -d --ignore-garbage \ | base64 -d --ignore-garbage \
| docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest -
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground. aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time... Gramine is starting. Parsing TOML manifest file, this may take some time...
@ -33,7 +33,7 @@ reportdata: 00000000000000000000000000000000000000000000000000000000000000000000
docker run -i --init --rm --privileged --device /dev/sgx_enclave \ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \ matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
| base64 -d --ignore-garbage \ | base64 -d --ignore-garbage \
| docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest -
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground. aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time... Gramine is starting. Parsing TOML manifest file, this may take some time...
@ -50,7 +50,7 @@ On an outdated machine, this might look like this:
docker run -i --init --rm --privileged --device /dev/sgx_enclave \ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \ matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
| base64 -d --ignore-garbage \ | base64 -d --ignore-garbage \
| docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest | docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest -
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground. aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time... Gramine is starting. Parsing TOML manifest file, this may take some time...

2
bin/verify-attestation/src/main.rs
View file

@ -17,7 +17,7 @@ use teepot::{
#[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)] #[command(author = "Matter Labs", version, about = "SGX attestation and batch signature verifier", long_about = None)]
struct Arguments { struct Arguments {
/// Attestation quote proving the signature originated from a TEE enclave. /// Attestation quote proving the signature originated from a TEE enclave.
#[clap(value_parser)] #[clap(name = "attestation_file", value_parser)]
attestation: ArgSource, attestation: ArgSource,
/// An optional subcommand, for instance, for optional signature verification. /// An optional subcommand, for instance, for optional signature verification.
#[clap(subcommand)] #[clap(subcommand)]

2
packages/container-verify-attestation-sgx/default.nix
View file

@ -10,7 +10,7 @@
dockerTools.buildLayeredImage { dockerTools.buildLayeredImage {
name = "verify-attestation-sgx"; name = "verify-attestation-sgx";
config.Cmd = [ "${teepot.teepot.verify_attestation}/bin/verify-attestation" ]; config.Entrypoint = [ "${teepot.teepot.verify_attestation}/bin/verify-attestation" ];
config.Env = [ "LD_LIBRARY_PATH=/lib" ]; config.Env = [ "LD_LIBRARY_PATH=/lib" ];
contents = buildEnv { contents = buildEnv {
name = "image-root"; name = "image-root";