This PR (which is based off of #127 - so ignore the diff on the "build" directory), adds two sub-commands to enclaver-run:
describe-eif calculates and dumps the EIFInfo for the local EIF
print-manifest writes the images manifest to stdout
In future PRs these can be used to build things like enclaver trust or smarter port mapping in enclaver run.
Note that I also slightly changed the formatting of the EIFInfo which is dumped at the end of enclaver build to be JSON instead of the rust debug display format:
INFO enclaver::build > no ingress specified in manifest; there will be no way to connect to this enclave
INFO enclaver::build > no egress specified in manifest; this enclave will have no network access
INFO enclaver::build > using app image: sha256:fadc81a749bfd5c90ec2de7423ace6d164649f76881b9c45101752a34ced00ba
INFO enclaver::build > using supervisor image: sha256:deaac7336ee0781a36dd98502c9fbeab18abc76117a78fe66ca32f1efee096b2
INFO enclaver::build > using wrapper base image: sha256:032183345d1450c12c94dc883966feaf6c15917b5e4702c70a424b57ec272182
INFO enclaver::build > built intermediate image: sha256:c32f0642901e627d3c57ae0ef7eca7bc886dee9dec0af7f9c5f59319509519b9
INFO enclaver::build > starting nitro-cli build-eif in container: b359a7ea18dbe8b150fbbb3e1704724a7a9885aff8e8d43446dcb1a2bfb30de3
INFO nitro-cli::build-eif > Start building the Enclave Image...
INFO nitro-cli::build-eif > Using the locally available Docker image...
INFO nitro-cli::build-eif > Enclave Image successfully created.
INFO enclaver::build > packaging EIF into release image
Built Release Image: sha256:79ed52d90a8dc7c769a1ab6cf6a2137d5a89d377af14d2ca5a29b6da7963c07b (us-docker.pkg.dev/edgebit-containers/containers/no-fly-list:enclaver)
EIF Info:
{
"Measurements": {
"PCR0": "c6855762b3eff0780b32213ffc730eb0fc558be2493ea9b725b76e9e62ba6cf5295a83078fe569c7a798d55765f0724e",
"PCR1": "5d3938eb05288e20a981038b1861062ff4174884968a39aee5982b312894e60561883576cc7381d1a7d05b809936bd16",
"PCR2": "1eab8ada444d3d39c5fc225ff4845da9f2659fa369a924140c7b977f4514a0814b634382bc8bddaadd5f84dc272b0b69"
}
}
eyakubovich
commented
1 year ago
This PR (which is based off of #127 - so ignore the diff on the "build" directory), adds two sub-commands to
enclaver-run:describe-eifcalculates and dumps the EIFInfo for the local EIFprint-manifestwrites the images manifest to stdoutIn future PRs these can be used to build things like
enclaver trustor smarter port mapping inenclaver run.Note that I also slightly changed the formatting of the EIFInfo which is dumped at the end of
enclaver buildto be JSON instead of the rust debug display format: