feat: use nixsgx nix function to create containers

It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 07:03:56 +02:00 · 2024-06-03 16:46:21 +02:00 · 2024-06-03 16:46:21 +02:00 · d0c5950c0e
commit d0c5950c0e
parent 93e3e73d56
30 changed files with 337 additions and 897 deletions
--- a/flake.lock
+++ b/flake.lock
@ -76,34 +76,36 @@
        "flake-utils": "flake-utils"
      },
      "locked": {
-        "lastModified": 1696331477,
-        "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
+        "lastModified": 1715533576,
+        "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
        "owner": "gytis-ivaskevicius",
        "repo": "flake-utils-plus",
-        "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
+        "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
        "type": "github"
      },
      "original": {
        "owner": "gytis-ivaskevicius",
        "repo": "flake-utils-plus",
+        "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
        "type": "github"
      }
    },
    "flake-utils-plus_2": {
      "inputs": {
-        "flake-utils": "flake-utils_3"
+        "flake-utils": "flake-utils_4"
      },
      "locked": {
-        "lastModified": 1696331477,
-        "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
+        "lastModified": 1715533576,
+        "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
        "owner": "gytis-ivaskevicius",
        "repo": "flake-utils-plus",
-        "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
+        "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
        "type": "github"
      },
      "original": {
        "owner": "gytis-ivaskevicius",
        "repo": "flake-utils-plus",
+        "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
        "type": "github"
      }
    },
@ -129,6 +131,24 @@
      "inputs": {
        "systems": "systems_3"
      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_4"
+      },
      "locked": {
        "lastModified": 1694529238,
        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
@ -145,32 +165,32 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1710283656,
-        "narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=",
+        "lastModified": 1717281328,
+        "narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "51063ed4f2343a59fdeebb279bb81d87d453942b",
+        "rev": "b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1710283656,
-        "narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=",
+        "lastModified": 1717281328,
+        "narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "51063ed4f2343a59fdeebb279bb81d87d453942b",
+        "rev": "b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -181,11 +201,11 @@
        "snowfall-lib": "snowfall-lib"
      },
      "locked": {
-        "lastModified": 1716280284,
-        "narHash": "sha256-rofvtPgaYEW01OnKsD3DJv2B2j9QovRTWbw8h5lGjkE=",
+        "lastModified": 1717758565,
+        "narHash": "sha256-yscuZ3ixjwTkqS6ew5cB3Uvy9e807szRlMoPSyQuRJM=",
        "owner": "matter-labs",
        "repo": "nixsgx",
-        "rev": "7151f63b1549b65633503f505df1e2a0b5ee844f",
+        "rev": "49a1ae79d92ccb6ed7cabfe5c5042b1399e3cd3e",
        "type": "github"
      },
      "original": {
@ -200,11 +220,11 @@
        "snowfall-lib": "snowfall-lib_2"
      },
      "locked": {
-        "lastModified": 1716280284,
-        "narHash": "sha256-rofvtPgaYEW01OnKsD3DJv2B2j9QovRTWbw8h5lGjkE=",
+        "lastModified": 1717758565,
+        "narHash": "sha256-yscuZ3ixjwTkqS6ew5cB3Uvy9e807szRlMoPSyQuRJM=",
        "owner": "matter-labs",
        "repo": "nixsgx",
-        "rev": "7151f63b1549b65633503f505df1e2a0b5ee844f",
+        "rev": "49a1ae79d92ccb6ed7cabfe5c5042b1399e3cd3e",
        "type": "github"
      },
      "original": {
@ -261,11 +281,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1696432959,
-        "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
+        "lastModified": 1716675292,
+        "narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
        "owner": "snowfallorg",
        "repo": "lib",
-        "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
+        "rev": "5d6e9f235735393c28e1145bec919610b172a20f",
        "type": "github"
      },
      "original": {
@ -285,11 +305,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1696432959,
-        "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
+        "lastModified": 1716675292,
+        "narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
        "owner": "snowfallorg",
        "repo": "lib",
-        "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
+        "rev": "5d6e9f235735393c28e1145bec919610b172a20f",
        "type": "github"
      },
      "original": {
@ -343,25 +363,36 @@
        "type": "github"
      }
    },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "vault-auth-tee-flake": {
      "inputs": {
+        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixsgx-flake",
          "nixpkgs"
        ],
-        "nixsgx-flake": "nixsgx-flake_2",
-        "snowfall-lib": [
-          "vault-auth-tee-flake",
-          "nixsgx-flake",
-          "snowfall-lib"
-        ]
+        "nixsgx-flake": "nixsgx-flake_2"
      },
      "locked": {
-        "lastModified": 1716286642,
-        "narHash": "sha256-luHp8EhKU8ZEcOj/OLGKzOGLej5+xriebNW+unR4DDc=",
+        "lastModified": 1718012107,
+        "narHash": "sha256-uKiUBaEOj9f3NCn6oTw5VqoZJxsTXSoAn2IWVB/LSS0=",
        "owner": "matter-labs",
        "repo": "vault-auth-tee",
-        "rev": "752cdb65bd5658814b3d1a91d7e9f15ee8d5cae6",
+        "rev": "b10204436bc2fbad74c5716bd265fad74acc197c",
        "type": "github"
      },
      "original": {