diff --git a/aws-nitro-enclaves-cli.patch b/aws-nitro-enclaves-cli.patch index 8194378..923e336 100644 --- a/aws-nitro-enclaves-cli.patch +++ b/aws-nitro-enclaves-cli.patch @@ -1,55 +1,16 @@ ---- a/enclave_build/src/docker.rs -+++ b/enclave_build/src/docker.rs -@@ -344,7 +344,13 @@ impl DockerUtil { - - let act = async { - match self.docker.images().get(&self.docker_image).inspect().await { -- Ok(image) => Ok((image.config.cmd.unwrap(), image.config.env.unwrap())), -+ Ok(image) => { -+ let env: Vec = vec![ "a=b".to_string() ]; -+ info!("{:?}", image); -+ Ok(( -+ image.config.cmd.unwrap(), -+ env, -+ ))}, - Err(e) => { - error!("{:?}", e); - Err(DockerError::InspectError) ---- a/init.c -+++ b/init.c -@@ -386,6 +386,9 @@ void init_nsm_driver() { - die_on(rc < 0, "failed to insert nsm driver"); - - die_on(close(fd), "close nsm fd"); -+ rc = unlink(NSM_PATH); -+ if (rc < 0) -+ warn("Could not unlink " NSM_PATH); - } - - int main() { -@@ -418,6 +421,9 @@ int main() { - fclose(env_file); - fclose(cmd_file); - -+ unlink("/env"); -+ unlink("/cmd"); -+ - die_on(chdir("/rootfs") != 0, "chdir /rootfs"); - die_on(chroot("/rootfs") != 0, "chroot /rootfs"); - --- a/vsock_proxy/service/nitro-enclaves-vsock-proxy.service +++ b/vsock_proxy/service/nitro-enclaves-vsock-proxy.service @@ -8,11 +8,12 @@ Type=simple StandardOutput=journal StandardError=journal SyslogIdentifier=vsock-proxy -+Environment=VSOCK_PROXY_YAML=/etc/nitro_enclaves/vsock-proxy.yaml ++Environment=VSOCK_PROXY_CONFIG=/etc/nitro_enclaves/vsock-proxy.yaml ExecStart=/bin/bash -ce "TOKEN=$(curl --silent -X PUT \"http://169.254.169.254/latest/api/token\" -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\") ; \ REGION=$(curl --silent -H \"X-aws-ec2-metadata-token: $TOKEN\" http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \ [ -z \"$REGION\" ] && REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \ exec /usr/bin/vsock-proxy 8000 kms.$${REGION}.amazonaws.com 443 \ - --config /etc/nitro_enclaves/vsock-proxy.yaml" -+ --config $VSOCK_PROXY_YAML" ++ --config $VSOCK_PROXY_CONFIG" Restart=always TimeoutSec=0 diff --git a/aws-nitro-enclaves-cli.spec b/aws-nitro-enclaves-cli.spec index 36ad29a..784a908 100644 --- a/aws-nitro-enclaves-cli.spec +++ b/aws-nitro-enclaves-cli.spec @@ -25,7 +25,7 @@ Summary: Tools for managing enclaves License: Apache-2.0 Url: https://github.com/aws/aws-nitro-enclaves-cli ExclusiveArch: aarch64 x86_64 -#atch0: %name.patch +Patch0: %name.patch Source0: %name-%version.tar.xz Source1: vendor.tar.xz Source2: cargo_config