search

edgelesssys / contrast

Deploy and manage confidential containers on Kubernetes
https://docs.edgeless.systems/contrast
GNU Affero General Public License v3.0
183 stars 7 forks source link

use self-built runtime #444

Closed malt3 closed 4 months ago

malt3 commented 4 months ago

With this PR, we switch from a pinned CoCo runtime provided by Microsoft Azure to one we build from source.

As a reviewer, please validate if the runtime works and if you can reproduce the launch digest locally. We need to ensure that a launch digest can be reproduced from source.

nix build .#runtime-class-files
cat result/launch-digest.hex

The result should be 05cccd97d1eab6bf36497a6685753a043d0a91524c2825f4fb059da787823a7f9ac6263302dd299a9f9c4d88b6527bd6 (if you are on Git commit c59b3abd742fd013aba06fd93bc8fb9f01369753).

Additionally, you can try to build (and rebuild) the following targets to check if they appear to always yield identical outputs:

nix build .#{kata-runtime,kata-agent,kata-image,kata-igvm,runtime-class-files}
nix build --rebuild --keep-failed --builders "" .#{kata-runtime,kata-agent,kata-image,kata-igvm,runtime-class-files}
wirungu commented 4 months ago

I've also managed to reproduce the launch digest