teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00

Author	SHA1	Message	Date
Harald Hoyer	160d133383	fix: hardcode VAULT_AUTH_TEE_VERSION in vault manifest Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-03 09:21:25 +02:00
Harald Hoyer	fc3fe37f81	fix: `sgx.nonpie_binary` option is deprecated see https://github.com/gramineproject/gramine/pull/1187 Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-02 13:14:38 +02:00
Harald Hoyer	943ef8c878	feat: use `nixsgxLib.mkSGXContainer` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-07-01 17:25:00 +02:00
Harald Hoyer	43a7931a40	fix(container-vault-unseal): remove azure config Not needed anymore. Stuff can be gathered via the default qpl Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-12 13:32:51 +02:00
Harald Hoyer	9c01b0a281	feat: add `container-vault-admin` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-12 13:32:34 +02:00
Harald Hoyer	de06acbef9	fix: don't tag the nix produced container with `latest` leave it to the github workflow on push to main Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-12 13:21:44 +02:00
Harald Hoyer	d0c5950c0e	feat: use nixsgx nix function to create containers It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-10 16:32:02 +02:00
Harald Hoyer	284393bf76	fix: only restart `aesmd` if `aesm.socket` is not readable Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-05-21 13:41:08 +02:00
Harald Hoyer	5fd8df4c2e	fix(deps): use craneLib.removeReferencesToVendoredSources to reduce the dependencies pulled in. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-04-09 09:08:07 +02:00
Harald Hoyer	ee7c4ee177	feat: add `fmt` nix package ```shell $ nix run .#fmt ``` does all the automatic formatting the CI checks for. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-11 12:39:02 +01:00
Harald Hoyer	0654bacdb5	ci: use `crane` flake to build with nix This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results. Move the `teepot` crate to the `crates` subdir to make the life easier for the `crane` flake. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-11 10:01:59 +01:00
Harald Hoyer	9680e32e82	fix: cleanup the nix packages `curl` and `openssl` have to be specified with `.out` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-08 14:19:31 +01:00
Harald Hoyer	97420df006	feat: attestation test on azure and default dcap ``` ❯ docker run -i --rm --privileged --device /dev/sgx_enclave --net host \ matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \ \| base64 -d --ignore-garbage \ \| docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest ``` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-07 16:05:27 +01:00
Harald Hoyer	91f1612e0f	chore: cleanup and nixify * create containers with nix * updated README.md * added SPDX license headers Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-28 11:09:34 +01:00
Harald Hoyer	bf2e4a1b8e	chore(nix): replace nix-filter with `lib.fileset` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-15 11:23:22 +01:00
Harald Hoyer	d8110f3720	feat: build and push container-verify-attestation Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-14 16:01:59 +01:00
Harald Hoyer	30539e068f	feat: use snowfall flake for nix to make packages reusable by other flakes Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-14 11:39:39 +01:00

17 commits