search

gramineproject / gsc

Gramine Shielded Containers (Docker integration)
BSD 3-Clause "New" or "Revised" License
46 stars 37 forks source link

Drop support for TOML-dict syntax for files in manifest #185

Closed jkr0103 closed 11 months ago

jkr0103 commented 11 months ago

Description of the changes

GSC still supports below mentioned very old style syntax:

    sgx.allowed_files.[identifier] = "[URI]"
    sgx.trusted_files.[identifier] = "[URI]"
    sgx.protected_files.[identifier] = "[URI]"

Examples:

sgx.trusted_files.mysqld = "file:/var/run/mysqld/"
sgx.trusted_files.tmp = "file:/tmp/"

This was dropped in Gramine v1.2 release with PR 374. This PR drops the support for the same.

How to test this PR?

Add the old style syntax as mentioned above in the user manifest and test with and without this PR. Old style syntax should work without this PR but should fail with this PR.

This change is Reviewable

anjalirai-intel commented 11 months ago

I tested old manifest syntax with and without your PR, without PR 185 it has worked, and with PR 185, it has failed with below error

Error:

Traceback (most recent call last):
  File "/gramine/app_files/finalize_manifest.py", line 151, in <module>
    main(sys.argv)
  File "/gramine/app_files/finalize_manifest.py", line 142, in main
    rendered_manifest_dict['sgx'].setdefault('trusted_files', []).extend(trusted_files)
AttributeError: 'dict' object has no attribute 'extend'

Failed to build unsigned graminized Docker image `gsc-ubuntu20.04-helloworld-unsigned`.

cat test/ubuntu20.04-hello-world.manifest

# intentionally left empty so that GSC uses default manifest options
#
sgx.trusted_files.tmp = "file:/tmp/"
sgx.allowed_files.scripts = "file:scripts/"
sgx.protected_files.model = "file:alexnet-pretrained-encrypted.pt"