keep only change for nitro-enclaves-vsock-proxy.service
OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-nitro-enclaves-cli?expand=0&rev=7
This commit is contained in:
parent
85f3606ff7
commit
12ee4d93e8
@ -1,55 +1,16 @@
|
|||||||
--- a/enclave_build/src/docker.rs
|
|
||||||
+++ b/enclave_build/src/docker.rs
|
|
||||||
@@ -344,7 +344,13 @@ impl DockerUtil {
|
|
||||||
|
|
||||||
let act = async {
|
|
||||||
match self.docker.images().get(&self.docker_image).inspect().await {
|
|
||||||
- Ok(image) => Ok((image.config.cmd.unwrap(), image.config.env.unwrap())),
|
|
||||||
+ Ok(image) => {
|
|
||||||
+ let env: Vec<String> = vec![ "a=b".to_string() ];
|
|
||||||
+ info!("{:?}", image);
|
|
||||||
+ Ok((
|
|
||||||
+ image.config.cmd.unwrap(),
|
|
||||||
+ env,
|
|
||||||
+ ))},
|
|
||||||
Err(e) => {
|
|
||||||
error!("{:?}", e);
|
|
||||||
Err(DockerError::InspectError)
|
|
||||||
--- a/init.c
|
|
||||||
+++ b/init.c
|
|
||||||
@@ -386,6 +386,9 @@ void init_nsm_driver() {
|
|
||||||
die_on(rc < 0, "failed to insert nsm driver");
|
|
||||||
|
|
||||||
die_on(close(fd), "close nsm fd");
|
|
||||||
+ rc = unlink(NSM_PATH);
|
|
||||||
+ if (rc < 0)
|
|
||||||
+ warn("Could not unlink " NSM_PATH);
|
|
||||||
}
|
|
||||||
|
|
||||||
int main() {
|
|
||||||
@@ -418,6 +421,9 @@ int main() {
|
|
||||||
fclose(env_file);
|
|
||||||
fclose(cmd_file);
|
|
||||||
|
|
||||||
+ unlink("/env");
|
|
||||||
+ unlink("/cmd");
|
|
||||||
+
|
|
||||||
die_on(chdir("/rootfs") != 0, "chdir /rootfs");
|
|
||||||
die_on(chroot("/rootfs") != 0, "chroot /rootfs");
|
|
||||||
|
|
||||||
--- a/vsock_proxy/service/nitro-enclaves-vsock-proxy.service
|
--- a/vsock_proxy/service/nitro-enclaves-vsock-proxy.service
|
||||||
+++ b/vsock_proxy/service/nitro-enclaves-vsock-proxy.service
|
+++ b/vsock_proxy/service/nitro-enclaves-vsock-proxy.service
|
||||||
@@ -8,11 +8,12 @@ Type=simple
|
@@ -8,11 +8,12 @@ Type=simple
|
||||||
StandardOutput=journal
|
StandardOutput=journal
|
||||||
StandardError=journal
|
StandardError=journal
|
||||||
SyslogIdentifier=vsock-proxy
|
SyslogIdentifier=vsock-proxy
|
||||||
+Environment=VSOCK_PROXY_YAML=/etc/nitro_enclaves/vsock-proxy.yaml
|
+Environment=VSOCK_PROXY_CONFIG=/etc/nitro_enclaves/vsock-proxy.yaml
|
||||||
ExecStart=/bin/bash -ce "TOKEN=$(curl --silent -X PUT \"http://169.254.169.254/latest/api/token\" -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\") ; \
|
ExecStart=/bin/bash -ce "TOKEN=$(curl --silent -X PUT \"http://169.254.169.254/latest/api/token\" -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\") ; \
|
||||||
REGION=$(curl --silent -H \"X-aws-ec2-metadata-token: $TOKEN\" http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \
|
REGION=$(curl --silent -H \"X-aws-ec2-metadata-token: $TOKEN\" http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \
|
||||||
[ -z \"$REGION\" ] && REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \
|
[ -z \"$REGION\" ] && REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \
|
||||||
exec /usr/bin/vsock-proxy 8000 kms.$${REGION}.amazonaws.com 443 \
|
exec /usr/bin/vsock-proxy 8000 kms.$${REGION}.amazonaws.com 443 \
|
||||||
- --config /etc/nitro_enclaves/vsock-proxy.yaml"
|
- --config /etc/nitro_enclaves/vsock-proxy.yaml"
|
||||||
+ --config $VSOCK_PROXY_YAML"
|
+ --config $VSOCK_PROXY_CONFIG"
|
||||||
Restart=always
|
Restart=always
|
||||||
TimeoutSec=0
|
TimeoutSec=0
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ Summary: Tools for managing enclaves
|
|||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
Url: https://github.com/aws/aws-nitro-enclaves-cli
|
Url: https://github.com/aws/aws-nitro-enclaves-cli
|
||||||
ExclusiveArch: aarch64 x86_64
|
ExclusiveArch: aarch64 x86_64
|
||||||
#atch0: %name.patch
|
Patch0: %name.patch
|
||||||
Source0: %name-%version.tar.xz
|
Source0: %name-%version.tar.xz
|
||||||
Source1: vendor.tar.xz
|
Source1: vendor.tar.xz
|
||||||
Source2: cargo_config
|
Source2: cargo_config
|
||||||
|
Loading…
Reference in New Issue
Block a user