Merge pull request #46 from matter-labs/fmt_and_readme

feat: add `fmt` nix package and update README.md

README.md

@@ -1,9 +1,11 @@
 # teepot
+
 Key Value store in a TEE with Remote Attestation for Authentication
 
 ## Introduction
 
-This project is a key-value store that runs in a Trusted Execution Environment (TEE) and uses Remote Attestation for Authentication.
+This project is a key-value store that runs in a Trusted Execution Environment (TEE) and uses Remote Attestation for
+Authentication.
 The key-value store is implemented using Hashicorp Vault running in an Intel SGX enclave via the Gramine runtime.
 
 ## Parts of this project
@@ -13,7 +15,82 @@ The key-value store is implemented using Hashicorp Vault running in an Intel SGX
 - `vault-unseal`: A client utility, that talks to `tee-vault-unseal` to unseal a vault.
 - `tee-vault-admin`: An enclave that uses the Vault API to administer a vault as a proxy.
 - `vault-admin`: A client utility, that talks to `tee-vault-admin` to administer a vault.
-- `teepot-read` : A pre-exec utility that reads from the key-value store and passes the key-value pairs as environment variables to the enclave.
-- `teepot-write` : A pre-exec utility that reads key-values from the environment variables and writes them to the key-value store.
+- `teepot-read` : A pre-exec utility that reads from the key-value store and passes the key-value pairs as environment
+  variables to the enclave.
+- `teepot-write` : A pre-exec utility that reads key-values from the environment variables and writes them to the
+  key-value store.
 - `verify-attestation`: A client utility that verifies the attestation of an enclave.
-- `tee-key-preexec`: A pre-exec utility that generates a p256 secret key and passes it as an environment variable to the enclave along with the attestation quote containing the hash of the public key.
+- `tee-key-preexec`: A pre-exec utility that generates a p256 secret key and passes it as an environment variable to the
+  enclave along with the attestation quote containing the hash of the public key.
+
+## Development
+
+### Prerequisites
+
+Install [nix](https://zero-to-nix.com/start/install).
+
+In `~/.config/nix/nix.conf`
+
+```ini
+experimental-features = nix-command flakes
+```
+
+or on nixos in `/etc/nixos/configuration.nix` add the following lines:
+
+```nix
+{
+  nix = {
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+}
+```
+
+Optionally install cachix (to save build time) and use the nixsgx cache:
+
+```shell
+$ nix-env -iA cachix -f https://cachix.org/api/v1/install
+$ cachix use nixsgx
+```
+
+### Develop
+
+```shell
+$ nix develop --impure
+```
+
+optionally create `.envrc` for `direnv` to automatically load the environment when entering the directory:
+
+```shell
+$ cat <<EOF > .envrc
+use flake .#teepot
+EOF
+$ direnv allow
+```
+
+### Format for commit
+
+```shell
+$ nix run .#fmt
+```
+
+### Build as the CI would
+
+```shell
+$ nix run nixpgks#ci
+```
+
+### Build and test individual container
+
+See the `packages` directory for the available packages.
+
+```shell
+$ nix build -L .#container-vault-sgx-azure
+$ docker load -i result
+$ docker build --progress plain --no-cache -f packages/container-vault-sgx-azure/Dockerfile -t vault-sgx-azure:latest  .
+[...]
+#8 5.966 Measurement:
+#8 5.966     96602d8ae60673b3c44b6198b4b5f728480b1f00e9d48e7d3979cf1cf075bb5d
+[...]
+```

packages/fmt/default.nix

@@ -0,0 +1,28 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ lib
+, pkgs
+, teepot
+, ...
+}:
+pkgs.writeShellApplication {
+  name = "fmt-teepot";
+
+  runtimeInputs = with pkgs;
+    [ nixpkgs-fmt coreutils taplo ]
+    ++ teepot.teepot.nativeBuildInputs;
+
+  text = ''
+    # .nix
+    echo "* Formatting nix files"
+    nixpkgs-fmt .
+
+    # .toml
+    echo "* Formatting toml files"
+    taplo fmt
+
+    # .rs
+    echo "* Formatting rust files"
+    cargo fmt
+  '';
+}