-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdefault.nix
71 lines (69 loc) · 2.04 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
{
nixpkgs,
systemConfig,
nitro-util,
supervisord,
keygen,
raw-proxy,
attestation-server,
vet,
kernels,
creator,
}: let
system = systemConfig.system;
nitro = nitro-util.lib.${system};
eifArch = systemConfig.eif_arch;
pkgs = nixpkgs.legacyPackages."${system}";
supervisord' = "${supervisord}/bin/supervisord";
keygenSecp256k1 = "${keygen}/bin/keygen-secp256k1";
itvroProxy = "${raw-proxy}/bin/ip-to-vsock-raw-outgoing";
vtiriProxy = "${raw-proxy}/bin/vsock-to-ip-raw-incoming";
attestationServer = "${attestation-server}/bin/oyster-attestation-server";
vet' = "${vet}/bin/vet";
creator' = "${creator}/bin/kms-creator";
kernel = kernels.kernel;
kernelConfig = kernels.kernelConfig;
nsmKo = kernels.nsmKo;
init = kernels.init;
setup = ./. + "/setup.sh";
supervisorConf = ./. + "/supervisord.conf";
app = pkgs.runCommand "app" {} ''
echo Preparing the app folder
pwd
mkdir -p $out
mkdir -p $out/app
mkdir -p $out/etc
cp ${supervisord'} $out/app/supervisord
cp ${keygenSecp256k1} $out/app/keygen-secp256k1
cp ${itvroProxy} $out/app/ip-to-vsock-raw-outgoing
cp ${vtiriProxy} $out/app/vsock-to-ip-raw-incoming
cp ${attestationServer} $out/app/attestation-server
cp ${vet'} $out/app/vet
cp ${creator'} $out/app/kms-creator
cp ${setup} $out/app/setup.sh
chmod +x $out/app/*
cp ${supervisorConf} $out/etc/supervisord.conf
'';
# kinda hacky, my nix-fu is not great, figure out a better way
initPerms = pkgs.runCommand "initPerms" {} ''
cp ${init} $out
chmod +x $out
'';
in {
default = nitro.buildEif {
name = "enclave";
arch = eifArch;
init = initPerms;
kernel = kernel;
kernelConfig = kernelConfig;
nsmKo = nsmKo;
cmdline = builtins.readFile nitro.blobs.${eifArch}.cmdLine;
entrypoint = "/app/setup.sh";
env = "";
copyToRoot = pkgs.buildEnv {
name = "image-root";
paths = [app pkgs.busybox pkgs.nettools pkgs.iproute2 pkgs.iptables-legacy pkgs.ipset];
pathsToLink = ["/bin" "/app" "/etc"];
};
};
}