harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
280 commits 23 branches 61 tags 2.2 MiB
Commit graph

280 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patryk Bęza
5e4b8901b0
feat(verify-attestation): RPC attestation and batch signature verification binary 
This is another variant of the binary tool for verifying attestation and
the signature of a given batch. Unlike the existing tool, this variant
does not require you to provide two separate files—one for the
attestation and one for the signature. Instead, it automatically fetches
both from the RPC node.

Unfortunately, after discussing with @popzxc, we found that there is no way
to reuse the RPC client because our published crates on crates.io are
outdated and do not include the recently merged TEE-specific code
changes. To be fixed in the future.
 2024-08-30 12:14:55 +02:00
Harald Hoyer
27f35a7432
Merge pull request #193 from matter-labs/secure-eventfd 
fix(container-vault-sgx-azure): remove insecure eventfd setting
 2024-08-29 11:22:50 +02:00
Harald Hoyer
8d3f378392
fix(container-vault-sgx-azure): remove insecure eventfd setting 
Removed the sys.insecure__allow_eventfd setting, because gramine
has a secure eventfd implementation since
[v1.7](https://github.com/gramineproject/gramine/releases/tag/v1.7).
 2024-08-29 10:58:46 +02:00
Harald Hoyer
8ce8f5bccb
Merge pull request #182 from matter-labs/vault_netpoll 
fix(vault): maybe fix `netpollBreak` issues
 2024-08-08 15:11:27 +02:00
Harald Hoyer
33fe7f17fa
fix(vault): maybe fix netpollBreak issues 
- Updated the flake.lock for nixsgx dependency with new revision to get a patched gramine
  https://github.com/matter-labs/nixsgx/pull/54

- Enabled `sys.insecure__allow_eventfd` to support recent golang changes in the `netpoll` implementation
 2024-08-08 14:51:04 +02:00
Harald Hoyer
49fb234d2a
Merge pull request #181 from matter-labs/ulimit 
fix(container-vault-sgx-azure): increase max file descriptors for vault
 2024-08-08 12:19:40 +02:00
Harald Hoyer
2d1d68210b
fix(container-vault-sgx-azure): increase max file descriptors for vault 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-08 11:06:56 +02:00
Harald Hoyer
bb93775252
Merge pull request #179 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.81.7
 2024-08-08 10:20:46 +02:00
renovate[bot]
cec4785d49
chore(deps): update trufflesecurity/trufflehog action to v3.81.7 2024-08-08 08:12:27 +00:00
Harald Hoyer
9b34b30d24
Merge pull request #180 from matter-labs/renovate/serde-monorepo 
chore(deps): update rust crate serde to v1.0.205
 2024-08-08 10:11:58 +02:00
renovate[bot]
6b7e1b09cb
chore(deps): update rust crate serde to v1.0.205 2024-08-08 02:33:26 +00:00
Harald Hoyer
4f606d0117
Merge pull request #178 from matter-labs/performance_multiplier 
fix: increase `performance_multiplier`
 2024-08-07 16:55:59 +02:00
Harald Hoyer
c92cb4e0b1
fix: increase performance_multiplier 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 16:43:30 +02:00
Harald Hoyer
af9ee3df2e
Merge pull request #177 from matter-labs/performance_multiplier 
fix: use `performance_multiplier`
 2024-08-07 16:06:16 +02:00
Harald Hoyer
6be0ac561e
fix: use performance_multiplier 
The vault instances lose the raft leader status, while loading
the `vault-auth-tee` plugin, because the gramine enviroment slows
down the `execve` significantly.

Using `performance_multiplier` relaxes the timeouts for the raft protocol.

see also: https://github.com/hashicorp/vault/issues/28009

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 15:54:22 +02:00
Harald Hoyer
e476792bfe
Merge pull request #160 from matter-labs/renovate/trufflesecurity-trufflehog-3.x 
chore(deps): update trufflesecurity/trufflehog action to v3.81.6
 2024-08-07 15:54:08 +02:00
renovate[bot]
847a950500
chore(deps): update trufflesecurity/trufflehog action to v3.81.6 2024-08-07 13:47:32 +00:00
Harald Hoyer
09aa640c65
Merge pull request #176 from matter-labs/cargo_update 
chore: cargo update
 2024-08-07 15:47:08 +02:00
Harald Hoyer
0bdc3425e4
chore: cargo update 
and fix `cargo clippy` issues.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 15:26:20 +02:00
Harald Hoyer
64715ccbdf
Merge pull request #175 from matter-labs/unseal 
feat: add Kubernetes pod spec for vault-unseal and update docs
 2024-08-07 15:24:46 +02:00
Harald Hoyer
eae8b860a9
feat: add Kubernetes pod spec for vault-unseal and update docs 
- Add `vault-unseal-pod-*.yaml` for Kubernetes deployment.
- Update `README.md` to reflect changes in unseal and sign commands.
- Add `vault` to the `shells/teepot/default.nix` package list.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 14:46:10 +02:00
Harald Hoyer
4ed311a16a
Merge pull request #174 from matter-labs/raft_join 
fix(teepot-vault-unseal-sgx): make ca files readable
 2024-08-07 14:45:39 +02:00
Harald Hoyer
36449980c2
fix(teepot-vault-unseal-sgx): pass CA_CERT_FILE 
Although the file was included, it was not in the standard location.
Passing the absolute path fixes the issue.

The CA file is needed for the raft join command.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 14:34:25 +02:00
Harald Hoyer
42aa0ed6b0
Merge pull request #173 from matter-labs/debug_vault 
chore: turn off debug again
 2024-08-07 13:10:25 +02:00
Harald Hoyer
97a1654c59
chore: turn off debug again 
The increase of `max_threads` and `stack.size` did the trick.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 12:22:17 +02:00
Harald Hoyer
68c8bda0e4
Merge pull request #172 from matter-labs/debug_vault 
chore: tweak vault parameters for slow plugin loading
 2024-08-07 10:25:00 +02:00
Harald Hoyer
0de5447580
chore: tweak vault parameters for slow plugin loading 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-07 10:12:36 +02:00
Harald Hoyer
0541bbabf4
Merge pull request #171 from matter-labs/debug_vault 
chore: debug vault with gramine debug
 2024-08-06 17:05:10 +02:00
Harald Hoyer
a0a08d2ce7
chore: debug vault with gramine debug 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-06 16:34:36 +02:00
Harald Hoyer
57b25f65f5
Merge pull request #170 from matter-labs/debug_vault 
chore: debug vault with gramine trace
 2024-08-06 15:53:32 +02:00
Harald Hoyer
a0144973f1
Merge branch 'main' into debug_vault 2024-08-06 15:20:46 +02:00
Harald Hoyer
cd108a5d9f
chore: debug vault with gramine trace 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-06 15:12:12 +02:00
Harald Hoyer
738412a13c
Merge pull request #169 from matter-labs/debug_vault 
chore: debug vault with gramine warning
 2024-08-06 13:10:48 +02:00
Harald Hoyer
840730d598
chore: debug vault with gramine warning 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-08-06 12:57:48 +02:00
Harald Hoyer
7daeb1b323
Merge pull request #159 from matter-labs/renovate/tokio-1.x-lockfile 
chore(deps): update rust crate tokio to v1.39.1
 2024-07-26 10:52:09 +02:00
renovate[bot]
6b3a60c3d1
chore(deps): update rust crate tokio to v1.39.1 2024-07-23 16:34:36 +00:00
D025
7f525eb172
ci: change runners for execute jobs 2024-07-23 13:55:01 +00:00
Harald Hoyer
1397e3c2dd
Merge pull request #161 from matter-labs/patrick/simplify-dependencies 
fix(verify-attestation): simplify dependencies
 2024-07-22 15:41:48 +02:00
Patryk Bęza
ad6ce872f8
fix(verify-attestation): simplify dependencies 
The zksync crates have recently been published on crates.io. Let's take
advantage of them! Specifically, we are replacing alloy-primitives with
zksync_basic_types to avoid the additional transitive dependencies
introduced by alloy.
 2024-07-22 14:45:27 +02:00
Harald Hoyer
c48cbc636d
Merge pull request #156 from matter-labs/patrick/sgx-attestation-verifier 
feat(verify-attestation): attestation and batch signature verification binary
 2024-07-12 08:54:36 +02:00
Patryk Bęza
51c1e72a03
Use Docker's entrypoint instead of command 2024-07-11 17:49:37 +02:00
Patryk Bęza
78447ea307
Unify verify-attestation-sgx and verify-attestation 
Rationale: too much copy-paste
 2024-07-11 17:13:11 +02:00
Patryk Bęza
0a0811e99e
Fix formatting 2024-07-11 13:16:16 +02:00
Patryk Bęza
f3f6ea1dba
Introduce root_hash option 2024-07-11 11:29:37 +02:00
Patryk Bęza
f90088be76
SGX attestation & batch signature verification tool 2024-07-10 14:47:07 +02:00
Harald Hoyer
0d8943c582
Merge pull request #155 from matter-labs/fix_config_dns 
fix: dns for vault nodes
 2024-07-09 15:50:09 +02:00
otani
ace415a43e
fix: dns for vault nodes 2024-07-09 16:39:04 +03:00
Harald Hoyer
9826f028b4
Merge pull request #154 from matter-labs/teepot-dns 
chore: change dns names for the vault cluster
 2024-07-09 12:13:52 +02:00
Harald Hoyer
ae01290bcc
chore: change dns names for the vault cluster 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-09 11:11:10 +02:00
Harald Hoyer
8dadc1f76b
Merge pull request #150 from matter-labs/VAULT_AUTH_TEE_SHA256_FILE 
fix(tee-vault-unseal): pick either `VAULT_AUTH_TEE_SHA256` string or file
 2024-07-03 14:58:37 +02:00