remove AWS nitro dependencies & add libcryptsetup

Signed-off-by: Malte Poll <mp@edgeless.systems>
This commit is contained in:
Malte Poll 2022-04-20 11:33:02 +02:00 committed by Malte Poll
parent 4e29c38027
commit 98aced1b36
9 changed files with 9 additions and 1110 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,17 +0,0 @@
[package]
name = "aws-nitro-enclaves-ffi"
version = "0.1.0"
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
nsm-lib = { git = "https://github.com/aws/aws-nitro-enclaves-nsm-api", rev = "4f468c467583bbd55429935c4f09448dd43f48a0" }
aws-nitro-enclaves-attestation-ffi = { git = "https://github.com/ppmag/aws-nitro-enclaves-attestation", rev = "83ca87233298c302973a5bdbbb394c36cd7eb6e6" }
[lib]
name = "nitro"
crate-type = ["staticlib"]
[profile.release]
lto = true

View File

@ -1,2 +0,0 @@
pub use nitroattest::*;
pub use nsm::*;

View File

@ -2,29 +2,6 @@ cmake_minimum_required(VERSION 3.11)
project(coordinator LANGUAGES C VERSION 0.1.0) project(coordinator LANGUAGES C VERSION 0.1.0)
enable_testing() enable_testing()
option(COORDINATOR_STATIC_MUSL "use musl and compile coordinator statically")
if(NOT CMAKE_BUILD_TYPE)
set(CMAKE_BUILD_TYPE Debug)
endif()
if(CMAKE_BUILD_TYPE STREQUAL Debug)
set(CARGOTARGET debug)
else()
set(CARGOTARGET release)
set(CARGOFLAGS --release)
endif()
if(COORDINATOR_STATIC_MUSL)
set(RUST_STATICLIB_LDFLAGS -static ${RUST_STATICLIB_LDFLAGS})
set(RUSTTARGETTRIPLE x86_64-unknown-linux-musl)
set(CARGOFLAGS ${CARGOFLAGS} "--target=${RUSTTARGETTRIPLE}")
set(CARGOTARGET ${RUSTTARGETTRIPLE}/${CARGOTARGET})
else()
set(RUST_STATICLIB_LDFLAGS -ldl -lm -lrt ${RUST_STATICLIB_LDFLAGS})
endif()
set(NITRO_CFLAGS '-I${CMAKE_BINARY_DIR}/nitro/${CARGOTARGET} -I${CMAKE_BINARY_DIR}/nitro/${CARGOTARGET}/headers')
set(NITRO_LDFLAGS '${CMAKE_BINARY_DIR}/nitro/${CARGOTARGET}/libnitro.a ${RUST_STATICLIB_LDFLAGS}')
# #
# core-os disk-mapper # core-os disk-mapper
@ -38,30 +15,19 @@ add_custom_target(disk-mapper
# coordinator # coordinator
# #
add_custom_target(nitro
CARGO_TARGET_DIR=${CMAKE_BINARY_DIR}/nitro cargo build ${CARGOFLAGS}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/3rdparty/aws-nitro-enclaves-ffi)
add_custom_target(coordinator ALL add_custom_target(coordinator ALL
${CMAKE_COMMAND} -E env CGO_CFLAGS=${NITRO_CFLAGS} go build -o ${CMAKE_BINARY_DIR} -tags=gcp -buildvcs=false -ldflags "-s -w -buildid='' -X main.version=${PROJECT_VERSION}"
${CMAKE_COMMAND} -E env CGO_LDFLAGS=${NITRO_LDFLAGS}
go build -o ${CMAKE_BINARY_DIR} -tags=aws,gcp -buildvcs=false -ldflags "-buildid='' -X main.version=${PROJECT_VERSION}"
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/coordinator/cmd/coordinator) WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/coordinator/cmd/coordinator)
add_dependencies(coordinator nitro)
# #
# cli # cli
# #
add_custom_target(cli ALL add_custom_target(cli ALL
${CMAKE_COMMAND} -E env CGO_CFLAGS=${NITRO_CFLAGS} go build -o ${CMAKE_BINARY_DIR}/constellation -buildvcs=false -tags=gcp -ldflags "-buildid='' -X github.com/edgelesssys/constellation/internal/constants.CliVersion=${PROJECT_VERSION}"
${CMAKE_COMMAND} -E env CGO_LDFLAGS=${NITRO_LDFLAGS}
go build -o ${CMAKE_BINARY_DIR}/constellation -buildvcs=false -tags=aws,gcp -ldflags "-buildid='' -X github.com/edgelesssys/constellation/internal/constants.CliVersion=${PROJECT_VERSION}"
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cli) WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cli)
add_dependencies(cli nitro)
# #
# testing / debugging # testing / debugging
# #

View File

@ -1,7 +1,7 @@
FROM ubuntu@sha256:7cc0576c7c0ec2384de5cbf245f41567e922aab1b075f3e8ad565f508032df17 as build FROM ubuntu@sha256:7cc0576c7c0ec2384de5cbf245f41567e922aab1b075f3e8ad565f508032df17 as build
ENV DEBIAN_FRONTEND="noninteractive" ENV DEBIAN_FRONTEND="noninteractive"
RUN apt-get update && apt-get install cmake iproute2 iputils-ping wget curl git jq libssl-dev musl-tools=1.1.24-1 -y RUN apt-get update && apt-get install pkg-config cmake iproute2 iputils-ping wget git jq libssl-dev libcryptsetup12 libcryptsetup-dev -y
# Install Go # Install Go
ARG GO_VER=1.18 ARG GO_VER=1.18
@ -9,14 +9,6 @@ RUN wget https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz
RUN tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && rm go${GO_VER}.linux-amd64.tar.gz RUN tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && rm go${GO_VER}.linux-amd64.tar.gz
ENV PATH ${PATH}:/usr/local/go/bin ENV PATH ${PATH}:/usr/local/go/bin
# Install Rust
ARG RUST_VER=1.58.0
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
ENV PATH /root/.cargo/bin:${PATH}
RUN rustup install ${RUST_VER}
RUN rustup override set ${RUST_VER}
RUN rustup target add x86_64-unknown-linux-musl
# Download go dependencies # Download go dependencies
WORKDIR /constellation/ WORKDIR /constellation/
COPY go.mod ./ COPY go.mod ./
@ -29,7 +21,7 @@ COPY . /constellation
# Build # Build
RUN mkdir -p /constellation/build RUN mkdir -p /constellation/build
WORKDIR /constellation/build WORKDIR /constellation/build
RUN cmake -DCMAKE_BUILD_TYPE=Release -DCOORDINATOR_STATIC_MUSL=ON .. && make coordinator RUN cmake .. && make coordinator
RUN mv coordinator coordinator-$(sha512sum coordinator | cut -d " " -f 1) RUN mv coordinator coordinator-$(sha512sum coordinator | cut -d " " -f 1)

View File

@ -10,11 +10,9 @@ import (
"strings" "strings"
"github.com/edgelesssys/constellation/cli/file" "github.com/edgelesssys/constellation/cli/file"
"github.com/edgelesssys/constellation/coordinator/attestation/aws"
"github.com/edgelesssys/constellation/coordinator/attestation/azure" "github.com/edgelesssys/constellation/coordinator/attestation/azure"
"github.com/edgelesssys/constellation/coordinator/attestation/gcp" "github.com/edgelesssys/constellation/coordinator/attestation/gcp"
"github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
awscloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/aws"
azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure" azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure"
gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp" gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp"
"github.com/edgelesssys/constellation/coordinator/config" "github.com/edgelesssys/constellation/coordinator/config"
@ -30,7 +28,6 @@ import (
) )
const ( const (
gvisorIP = "192.168.127.2"
defaultIP = "0.0.0.0" defaultIP = "0.0.0.0"
defaultPort = "9000" defaultPort = "9000"
defaultEtcdEndpoint = "127.0.0.1:2379" defaultEtcdEndpoint = "127.0.0.1:2379"
@ -74,19 +71,7 @@ func main() {
switch strings.ToLower(os.Getenv(config.ConstellationCSP)) { switch strings.ToLower(os.Getenv(config.ConstellationCSP)) {
case "aws": case "aws":
issuer = aws.NewIssuer() panic("AWS cloud provider currently unsupported")
validator = aws.NewValidator(aws.NaAdGetVerifiedPayloadAsJson)
kube = kubernetes.New(&k8sapi.KubernetesUtil{}, &k8sapi.AWSConfiguration{}, kubectl.New())
metadata = awscloud.Metadata{}
cloudControllerManager = awscloud.CloudControllerManager{}
cloudNodeManager = &awscloud.CloudNodeManager{}
autoscaler = awscloud.Autoscaler{}
bindIP = gvisorIP
bindPort = defaultPort
etcdEndpoint = defaultEtcdEndpoint
enforceEtcdTls = true
openTPM = vtpm.OpenNOPTPM
fs = afero.NewOsFs()
case "gcp": case "gcp":
pcrs, err := vtpm.GetSelectedPCRs(vtpm.OpenVTPM, vtpm.GCPPCRSelection) pcrs, err := vtpm.GetSelectedPCRs(vtpm.OpenVTPM, vtpm.GCPPCRSelection)
if err != nil { if err != nil {

2
go.mod
View File

@ -213,4 +213,4 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
) )
replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20220408122750-67430e0bf2a1 replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20220414083925-585f9cbb005d

4
go.sum
View File

@ -512,8 +512,8 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S
github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
github.com/daniel-weisse/go-cryptsetup v0.0.0-20220408122750-67430e0bf2a1 h1:CAejoYbBO85QYASn/RaPZVml5i8yjiQ56QoWuXGMjVU= github.com/daniel-weisse/go-cryptsetup v0.0.0-20220414083925-585f9cbb005d h1:LrRZ4W0me32ZbT6xyWSRD/A6EvFM9JUjVQCyrRxj69A=
github.com/daniel-weisse/go-cryptsetup v0.0.0-20220408122750-67430e0bf2a1/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU= github.com/daniel-weisse/go-cryptsetup v0.0.0-20220414083925-585f9cbb005d/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU=
github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

View File

@ -1,7 +1,7 @@
FROM golang:1.18 FROM golang:1.18
ENV GOPRIVATE=github.com/edgelesssys/* ENV GOPRIVATE=github.com/edgelesssys/*
RUN apt-get update && apt-get install cmake iproute2 iputils-ping libssl-dev -y RUN apt-get update && apt-get install pkg-config cmake iproute2 iputils-ping libssl-dev libcryptsetup12 libcryptsetup-dev -y
WORKDIR /constellation WORKDIR /constellation
COPY go.mod . COPY go.mod .