mirror of
				https://github.com/matter-labs/teepot.git
				synced 2025-10-25 12:24:06 +02:00 
			
		
		
		
	fix: cleanup the nix packages
`curl` and `openssl` have to be specified with `.out` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
		
							parent
							
								
									5d2f58d9a2
								
							
						
					
					
						commit
						9680e32e82
					
				
					 10 changed files with 18 additions and 36 deletions
				
			
		|  | @ -1,14 +1,12 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| { pkgs | ||||
| , vat | ||||
| , nixsgx | ||||
| , curl | ||||
| , teepot | ||||
| , bash | ||||
| , coreutils | ||||
| , openssl | ||||
| , vault | ||||
| }: | ||||
| let manifest = ./tee-self-attestation-test.manifest.toml; | ||||
| in pkgs.dockerTools.buildLayeredImage { | ||||
|  |  | |||
|  | @ -1,7 +1,6 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| { pkgs | ||||
| , vat | ||||
| , nixsgx | ||||
| , curl | ||||
| , teepot | ||||
|  |  | |||
|  | @ -1,14 +1,12 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| { pkgs | ||||
| , vat | ||||
| , nixsgx | ||||
| , curl | ||||
| , teepot | ||||
| , bash | ||||
| , coreutils | ||||
| , openssl | ||||
| , vault | ||||
| }: | ||||
| let manifest = ./tee-vault-admin.manifest.toml; | ||||
| in pkgs.dockerTools.buildLayeredImage { | ||||
|  | @ -20,13 +18,12 @@ in pkgs.dockerTools.buildLayeredImage { | |||
|   contents = pkgs.buildEnv { | ||||
|     name = "image-root"; | ||||
| 
 | ||||
|     paths = with pkgs.dockerTools; with nixsgx; with teepot;[ | ||||
|     paths = with pkgs.dockerTools; with nixsgx;[ | ||||
|       bash | ||||
|       coreutils | ||||
|       openssl | ||||
|       vault | ||||
|       openssl.out | ||||
|       azure-dcap-client | ||||
|       curl | ||||
|       curl.out | ||||
|       teepot.teepot.tee_vault_admin | ||||
|       gramine | ||||
|       restart-aesmd | ||||
|  |  | |||
|  | @ -26,7 +26,8 @@ in pkgs.dockerTools.buildLayeredImage { | |||
|       teepot.teepot.tee_ratls_preexec | ||||
|       vault | ||||
|       azure-dcap-client | ||||
|       curl | ||||
|       openssl.out | ||||
|       curl.out | ||||
|       vat.vault-auth-tee | ||||
|       gramine | ||||
|       restart-aesmd | ||||
|  |  | |||
|  | @ -1,13 +1,10 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| 
 | ||||
| # TODO: This derivation is a temporary workaround for | ||||
| # creating a self-signed certificate for Vault and the unseal TEE. | ||||
| # It will be replaced with real RA-TLS. | ||||
| { lib | ||||
| , stdenv | ||||
| }: | ||||
| stdenv.mkDerivation rec { | ||||
| stdenv.mkDerivation { | ||||
|   name = "container-vault-start-config"; | ||||
|   src = with lib.fileset; toSource { | ||||
|     root = ./.; | ||||
|  |  | |||
|  | @ -8,7 +8,6 @@ | |||
| , bash | ||||
| , coreutils | ||||
| , openssl | ||||
| , vault | ||||
| }: | ||||
| let manifest = ./tee-vault-unseal.manifest.toml; | ||||
| in pkgs.dockerTools.buildLayeredImage { | ||||
|  | @ -20,13 +19,12 @@ in pkgs.dockerTools.buildLayeredImage { | |||
|   contents = pkgs.buildEnv { | ||||
|     name = "image-root"; | ||||
| 
 | ||||
|     paths = with pkgs.dockerTools; with nixsgx; with teepot;[ | ||||
|     paths = with pkgs.dockerTools; with nixsgx;[ | ||||
|       bash | ||||
|       coreutils | ||||
|       openssl | ||||
|       vault | ||||
|       openssl.out | ||||
|       azure-dcap-client | ||||
|       curl | ||||
|       curl.out | ||||
|       vat.vault-auth-tee.sha | ||||
|       teepot.teepot.tee_vault_unseal | ||||
|       gramine | ||||
|  |  | |||
|  | @ -1,12 +1,10 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| { lib | ||||
| , dockerTools | ||||
| { dockerTools | ||||
| , nixsgx | ||||
| , teepot | ||||
| , buildEnv | ||||
| , curl | ||||
| , ... | ||||
| }: | ||||
| dockerTools.buildLayeredImage { | ||||
|   name = "vault-unseal"; | ||||
|  | @ -18,7 +16,7 @@ dockerTools.buildLayeredImage { | |||
|     name = "image-root"; | ||||
|     paths = with dockerTools; with nixsgx;[ | ||||
|       azure-dcap-client | ||||
|       curl | ||||
|       curl.out | ||||
|       sgx-dcap.quote_verify | ||||
|       usrBinEnv | ||||
|       binSh | ||||
|  |  | |||
|  | @ -1,13 +1,11 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| { lib | ||||
| , dockerTools | ||||
| { dockerTools | ||||
| , buildEnv | ||||
| , teepot | ||||
| , openssl | ||||
| , curl | ||||
| , nixsgx | ||||
| , ... | ||||
| }: | ||||
| dockerTools.buildLayeredImage { | ||||
|   name = "verify-attestation-sgx-azure"; | ||||
|  | @ -15,9 +13,9 @@ dockerTools.buildLayeredImage { | |||
| 
 | ||||
|   config.Cmd = [ "${teepot.teepot.verify_attestation}/bin/verify-attestation" ]; | ||||
|   config.Env = [ | ||||
|    "LD_LIBRARY_PATH=/lib" | ||||
| "AZDCAP_DEBUG_LOG_LEVEL=ignore" | ||||
| "AZDCAP_COLLATERAL_VERSION=v4" | ||||
|     "LD_LIBRARY_PATH=/lib" | ||||
|     "AZDCAP_DEBUG_LOG_LEVEL=ignore" | ||||
|     "AZDCAP_COLLATERAL_VERSION=v4" | ||||
|   ]; | ||||
|   contents = buildEnv { | ||||
|     name = "image-root"; | ||||
|  |  | |||
|  | @ -1,13 +1,11 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| { lib | ||||
| , dockerTools | ||||
| { dockerTools | ||||
| , buildEnv | ||||
| , teepot | ||||
| , openssl | ||||
| , curl | ||||
| , nixsgx | ||||
| , ... | ||||
| }: | ||||
| dockerTools.buildLayeredImage { | ||||
|   name = "verify-attestation-sgx-dcap"; | ||||
|  |  | |||
|  | @ -1,15 +1,13 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| # Copyright (c) 2024 Matter Labs | ||||
| { lib | ||||
| , gccStdenv | ||||
| , makeRustPlatform | ||||
| , nixsgx | ||||
| , pkg-config | ||||
| , rust-bin | ||||
| , ... | ||||
| }: | ||||
| let | ||||
|   cargoToml = (builtins.fromTOML (builtins.readFile ../../Cargo.toml)); | ||||
|   cargoToml = builtins.fromTOML (builtins.readFile ../../Cargo.toml); | ||||
|   rustVersion = rust-bin.fromRustupToolchainFile ../../rust-toolchain.toml; | ||||
|   rustPlatform = makeRustPlatform { | ||||
|     cargo = rustVersion; | ||||
|  | @ -18,7 +16,7 @@ let | |||
| in | ||||
| rustPlatform.buildRustPackage { | ||||
|   pname = cargoToml.package.name; | ||||
|   version = cargoToml.workspace.package.version; | ||||
|   inherit (cargoToml.workspace.package) version; | ||||
| 
 | ||||
|   nativeBuildInputs = [ | ||||
|     pkg-config | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Harald Hoyer
						Harald Hoyer