search

edgelesssys / contrast

Deploy and manage confidential containers on Kubernetes
https://docs.edgeless.systems/contrast
GNU Affero General Public License v3.0
160 stars 6 forks source link

cli: use manifest reference values for attestation #608

Closed davidweisse closed 1 week ago

davidweisse commented 1 week ago

This changes the Coordinator validate options to use the reference values from the local manifest in the set and verify command. The verify command takes an additional flag --manifest for this to provide the path to the manifest.

The default workspace directory for the verify command is no longer ./verify, because the manifest lies in the current directory. Instead, the output files for the verify command are always written to the verify directory in the current workspace directory.

msanft commented 1 week ago

Could you make it so that runtimeHandler is not passed to the CLI in the build process anymore, but deduced from the trusted measurement too?

katexochen commented 1 week ago

Could you make it so that runtimeHandler is not passed to the CLI in the build process anymore, but deduced from the trusted measurement too?

Should be done in a separate PR.