forked from pool/aws-nitro-enclaves-cli
Olaf Hering
4b62ae6a08
OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-nitro-enclaves-cli?expand=0&rev=5
56 lines
2.1 KiB
Diff
56 lines
2.1 KiB
Diff
--- a/enclave_build/src/docker.rs
|
|
+++ b/enclave_build/src/docker.rs
|
|
@@ -344,7 +344,13 @@ impl DockerUtil {
|
|
|
|
let act = async {
|
|
match self.docker.images().get(&self.docker_image).inspect().await {
|
|
- Ok(image) => Ok((image.config.cmd.unwrap(), image.config.env.unwrap())),
|
|
+ Ok(image) => {
|
|
+ let env: Vec<String> = vec![ "a=b".to_string() ];
|
|
+ info!("{:?}", image);
|
|
+ Ok((
|
|
+ image.config.cmd.unwrap(),
|
|
+ env,
|
|
+ ))},
|
|
Err(e) => {
|
|
error!("{:?}", e);
|
|
Err(DockerError::InspectError)
|
|
--- a/init.c
|
|
+++ b/init.c
|
|
@@ -386,6 +386,9 @@ void init_nsm_driver() {
|
|
die_on(rc < 0, "failed to insert nsm driver");
|
|
|
|
die_on(close(fd), "close nsm fd");
|
|
+ rc = unlink(NSM_PATH);
|
|
+ if (rc < 0)
|
|
+ warn("Could not unlink " NSM_PATH);
|
|
}
|
|
|
|
int main() {
|
|
@@ -418,6 +421,9 @@ int main() {
|
|
fclose(env_file);
|
|
fclose(cmd_file);
|
|
|
|
+ unlink("/env");
|
|
+ unlink("/cmd");
|
|
+
|
|
die_on(chdir("/rootfs") != 0, "chdir /rootfs");
|
|
die_on(chroot("/rootfs") != 0, "chroot /rootfs");
|
|
|
|
--- a/vsock_proxy/service/nitro-enclaves-vsock-proxy.service
|
|
+++ b/vsock_proxy/service/nitro-enclaves-vsock-proxy.service
|
|
@@ -8,11 +8,12 @@ Type=simple
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=vsock-proxy
|
|
+Environment=VSOCK_PROXY_YAML=/etc/nitro_enclaves/vsock-proxy.yaml
|
|
ExecStart=/bin/bash -ce "TOKEN=$(curl --silent -X PUT \"http://169.254.169.254/latest/api/token\" -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\") ; \
|
|
REGION=$(curl --silent -H \"X-aws-ec2-metadata-token: $TOKEN\" http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \
|
|
[ -z \"$REGION\" ] && REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \
|
|
exec /usr/bin/vsock-proxy 8000 kms.$${REGION}.amazonaws.com 443 \
|
|
- --config /etc/nitro_enclaves/vsock-proxy.yaml"
|
|
+ --config $VSOCK_PROXY_YAML"
|
|
Restart=always
|
|
TimeoutSec=0
|
|
|