feat: initial commit

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 07:03:56 +02:00 · 2024-02-09 10:10:53 +01:00 · 2024-02-09 10:10:53 +01:00 · 89ffbd35a8
commit 89ffbd35a8
parent aff4dd30bd
123 changed files with 16508 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,115 @@
+{
+  description = "teepot";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+
+    nix-filter.url = "github:numtide/nix-filter";
+    flake-utils.url = "github:numtide/flake-utils";
+
+    nixsgx-flake = {
+      url = "github:matter-labs/nixsgx";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    rust-overlay.url = "github:oxalica/rust-overlay";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, nix-filter, nixsgx-flake, rust-overlay }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs { inherit system; overlays = [ (import rust-overlay) nixsgx-flake.overlays.default ]; };
+        rustVersion = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
+        makeRustPlatform = pkgs.makeRustPlatform.override {
+          stdenv = pkgs.stdenvAdapters.useMoldLinker pkgs.gccStdenv;
+        };
+        rustPlatform = makeRustPlatform {
+          cargo = rustVersion;
+          rustc = rustVersion;
+        };
+
+        filter = nix-filter.lib;
+
+        bin = rustPlatform.buildRustPackage {
+          pname = "teepot";
+          version = "0.1.0";
+
+          nativeBuildInputs = with pkgs; [
+            pkg-config
+            rustPlatform.bindgenHook
+          ];
+
+          buildInputs = with pkgs; [
+            nixsgx.sgx-sdk
+            nixsgx.sgx-dcap
+            nixsgx.sgx-dcap.quote_verify
+          ];
+
+          src = filter {
+            root = ./.;
+            exclude = [
+              ".github"
+              ".gitignore"
+              "flake.lock"
+              "flake.nix"
+              "LICENSE-APACHE"
+              "LICENSE-MIT"
+              "README.md"
+              "renovate.json"
+              "deny.toml"
+              (filter.inDirectory "examples")
+              (filter.inDirectory "vault")
+            ];
+          };
+          RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
+          cargoBuildFlags = "--all";
+          checkType = "debug";
+          cargoLock = {
+            lockFile = ./Cargo.lock;
+          };
+
+          outputs = [
+            "out"
+            "tee_key_preexec"
+            "tee_self_attestation_test"
+            "tee_stress_client"
+            "tee_vault_admin"
+            "tee_vault_unseal"
+            "teepot_read"
+            "teepot_write"
+            "vault_admin"
+            "vault_unseal"
+            "verify_attestation"
+          ];
+
+          postInstall = ''
+            mkdir -p $out/nix-support
+            for i in $outputs; do
+              [[ $i == "out" ]] && continue
+              mkdir -p "''${!i}/bin"
+              echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
+              binname=''${i//_/-}
+              mv "$out/bin/$binname" "''${!i}/bin/"
+            done
+          '';
+        };
+      in
+      {
+        formatter = pkgs.nixpkgs-fmt;
+
+        packages = rec {
+          teepot = bin;
+          default = teepot;
+        };
+
+        devShells = {
+          default = pkgs.mkShell {
+            inputsFrom = [ bin ];
+            nativeBuildInputs = with pkgs; [
+              rustup
+              rustVersion
+            ];
+          };
+        };
+      });
+}