harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
teepot/packages/container-vault-sgx-azure/Dockerfile
Harald Hoyer 284393bf76
fix: only restart aesmd if aesm.socket is not readable 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2024-05-21 13:41:08 +02:00

25 lines
865 B
Docker
Raw Blame History

# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2024 Matter Labs
FROM teepot-vault-sgx-azure:base
WORKDIR /opt/vault
COPY packages/container-vault-sgx-azure/test-enclave-key.pem /tmp/
RUN set -eux; \
gramine-manifest \
-Dtee_ratls_preexec=$(readlink /bin/tee-ratls-preexec) \
-Dvault_exec=$(readlink /bin/vault) \
-Darch_libdir=/lib/x86_64-linux-gnu \
-Dexecdir=/bin \
-Dlog_level=warning \
vault.manifest.toml vault.manifest; \
gramine-sgx-sign --manifest vault.manifest --output vault.manifest.sgx --key /tmp/test-enclave-key.pem; \
rm /tmp/test-enclave-key.pem
VOLUME /opt/vault/tls
VOLUME /opt/vault/data
ENTRYPOINT ["/bin/sh", "-c"]
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
CMD [ "echo vault in SGX mode starting; [[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd ; exec gramine-sgx vault" ]
Reference in a new issue View git blame Copy permalink