harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-22 07:24:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #145 from matter-labs/fix_readme

Browse source 
chore: misc fixes
This commit is contained in:
Harald Hoyer 2024-07-02 14:31:03 +02:00 committed by GitHub
commit 70e743f994
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 14 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

25
README.md
View file

@ -33,6 +33,7 @@ In `~/.config/nix/nix.conf`
```ini ```ini
experimental-features = nix-command flakes experimental-features = nix-command flakes
sandbox = true
``` ```
or on nixos in `/etc/nixos/configuration.nix` add the following lines: or on nixos in `/etc/nixos/configuration.nix` add the following lines:
@ -42,22 +43,16 @@ or on nixos in `/etc/nixos/configuration.nix` add the following lines:
nix = { nix = {
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
sandbox = true
''; '';
}; };
} }
``` ```
Optionally install cachix (to save build time) and use the nixsgx cache:
```shell
$ nix-env -iA cachix -f https://cachix.org/api/v1/install
$ cachix use nixsgx
```
### Develop ### Develop
```shell ```shell
$ nix develop --impure $ nix develop
``` ```
optionally create `.envrc` for `direnv` to automatically load the environment when entering the directory: optionally create `.envrc` for `direnv` to automatically load the environment when entering the directory:
@ -86,17 +81,17 @@ $ nix run github:nixos/nixpkgs/nixos-23.11#nixci
See the `packages` directory for the available packages and containers. See the `packages` directory for the available packages and containers.
```shell ```shell
$ nix build -L .#container-vault-sgx-azure $ nix build -L .#container-self-attestation-test-sgx-azure
[...] [...]
#8 5.966 Measurement: teepot-self-attestation-test-sgx-azure-manifest-app-customisation-layer> Measurement:
#8 5.966 45b9f90fc2562e66516f40c83adc30007c88427d8d9fa7a35718f4cbdeac3efd teepot-self-attestation-test-sgx-azure-manifest-app-customisation-layer> eaaabf210797606bcfde818a52e4a434fbf4f2e620d7edcc7025e3e1bbaa95c4
[...] [...]
$ docker load -i result $ export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*')
$ docker run -v $(pwd):/mnt -i --init --rm teepot-vault-sgx-azure:latest "cp teepot-vault-sgx-azure.sig /mnt" $ docker run -v $(pwd):/mnt -i --init --rm $IMAGE_TAG "cp app.sig /mnt"
$ nix shell github:matter-labs/nixsgx#gramine -c gramine-sgx-sigstruct-view teepot-vault-sgx-azure.sig $ nix shell github:matter-labs/nixsgx#gramine -c gramine-sgx-sigstruct-view app.sig
Attributes: Attributes:
mr_signer: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d mr_signer: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
mr_enclave: 45b9f90fc2562e66516f40c83adc30007c88427d8d9fa7a35718f4cbdeac3efd mr_enclave: eaaabf210797606bcfde818a52e4a434fbf4f2e620d7edcc7025e3e1bbaa95c4
isv_prod_id: 0 isv_prod_id: 0
isv_svn: 0 isv_svn: 0
debug_enclave: False debug_enclave: False

10
flake.nix
View file

@ -1,12 +1,10 @@
{ {
description = "teepot"; description = "teepot";
nixConfig.extra-substituters = [ nixConfig = {
"https://nixsgx.cachix.org" extra-substituters = [ "https://attic.teepot.org/tee-pot" ];
]; extra-trusted-public-keys = [ "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=" ];
nixConfig.extra-trusted-public-keys = [ };
"nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="
];
inputs = { inputs = {
nixsgx-flake.url = "github:matter-labs/nixsgx"; nixsgx-flake.url = "github:matter-labs/nixsgx";

1
packages/container-vault-sgx-azure/default.nix
View file

@ -69,7 +69,6 @@ nixsgxLib.mkSGXContainer {
edmm_enable = false; edmm_enable = false;
enclave_size = "8G"; enclave_size = "8G";
max_threads = 64; max_threads = 64;
nonpie_binary = true;
trusted_files = [ trusted_files = [
"file:/opt/vault/plugins/" "file:/opt/vault/plugins/"