feat: use nixsgx nix function to create containers

It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-22 07:24:48 +02:00 · 2024-06-03 16:46:21 +02:00 · 2024-06-03 16:46:21 +02:00 · d0c5950c0e
commit d0c5950c0e
parent 93e3e73d56
30 changed files with 337 additions and 897 deletions
--- a/packages/teepot/default.nix
+++ b/packages/teepot/default.nix
@ -1,18 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2024 Matter Labs
-{ lib
-, inputs
-, makeRustPlatform
-, nixsgx
-, pkg-config
-, rust-bin
-, pkgs
-, ...
-}@args:
-let
-  teepotCrate = import ./teepot.nix args;
-in
-teepotCrate.craneLib.buildPackage (
+{ teepotCrate }: teepotCrate.craneLib.buildPackage (
  teepotCrate.commonArgs // {
    pname = "teepot";
    inherit (teepotCrate) cargoArtifacts
--- a/packages/teepot/teepot.nix
+++ b/packages/teepot/teepot.nix
@ -1,61 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-# Copyright (c) 2024 Matter Labs
-{ lib
-, inputs
-, makeRustPlatform
-, nixsgx
-, pkg-config
-, rust-bin
-, pkgs
-, ...
-}:
-let
-  rustVersion = rust-bin.fromRustupToolchainFile ../../rust-toolchain.toml;
-  rustPlatform = makeRustPlatform {
-    cargo = rustVersion;
-    rustc = rustVersion;
-  };
-  craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rustVersion;
-  commonArgs = {
-    nativeBuildInputs = [
-      pkg-config
-      rustPlatform.bindgenHook
-    ];
-
-    buildInputs = [
-      nixsgx.sgx-sdk
-      nixsgx.sgx-dcap
-      nixsgx.sgx-dcap.quote_verify
-    ];
-
-    strictDeps = true;
-    src = with lib.fileset; toSource {
-      root = ../../.;
-      fileset = unions [
-        ../../Cargo.lock
-        ../../Cargo.toml
-        ../../bin
-        ../../crates
-        ../../rust-toolchain.toml
-        ../../deny.toml
-        ../../taplo.toml
-      ];
-    };
-
-    RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
-    checkType = "debug";
-  };
-  cargoArtifacts = craneLib.buildDepsOnly (commonArgs // {
-    pname = "teepot-workspace";
-    inherit NIX_OUTPATH_USED_AS_RANDOM_SEED;
-  });
-  NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
-in
-{
-  inherit rustPlatform
-    rustVersion
-    commonArgs
-    craneLib
-    cargoArtifacts;
-  NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
-}