remove AWS nitro dependencies & add libcryptsetup

Signed-off-by: Malte Poll <mp@edgeless.systems>

3rdparty/aws-nitro-enclaves-ffi/Cargo.toml

@@ -1,17 +0,0 @@
-[package]
-name = "aws-nitro-enclaves-ffi"
-version = "0.1.0"
-edition = "2018"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]
-nsm-lib = { git = "https://github.com/aws/aws-nitro-enclaves-nsm-api", rev = "4f468c467583bbd55429935c4f09448dd43f48a0" }
-aws-nitro-enclaves-attestation-ffi = { git = "https://github.com/ppmag/aws-nitro-enclaves-attestation", rev = "83ca87233298c302973a5bdbbb394c36cd7eb6e6" }
-
-[lib]
-name = "nitro"
-crate-type = ["staticlib"]
-
-[profile.release]
-lto = true

3rdparty/aws-nitro-enclaves-ffi/src/lib.rs

@@ -1,2 +0,0 @@
-pub use nitroattest::*;
-pub use nsm::*;

CMakeLists.txt

@@ -2,29 +2,6 @@ cmake_minimum_required(VERSION 3.11)
 project(coordinator LANGUAGES C VERSION 0.1.0)
 
 enable_testing()
-option(COORDINATOR_STATIC_MUSL "use musl and compile coordinator statically")
-
-if(NOT CMAKE_BUILD_TYPE)
-  set(CMAKE_BUILD_TYPE Debug)
-endif()
-if(CMAKE_BUILD_TYPE STREQUAL Debug)
-  set(CARGOTARGET debug)
-else()
-  set(CARGOTARGET release)
-  set(CARGOFLAGS --release)
-endif()
-
-if(COORDINATOR_STATIC_MUSL)
-  set(RUST_STATICLIB_LDFLAGS -static ${RUST_STATICLIB_LDFLAGS})
-  set(RUSTTARGETTRIPLE x86_64-unknown-linux-musl)
-  set(CARGOFLAGS ${CARGOFLAGS} "--target=${RUSTTARGETTRIPLE}")
-  set(CARGOTARGET ${RUSTTARGETTRIPLE}/${CARGOTARGET})
-else()
-   set(RUST_STATICLIB_LDFLAGS -ldl -lm -lrt ${RUST_STATICLIB_LDFLAGS})
-endif()
-
-set(NITRO_CFLAGS '-I${CMAKE_BINARY_DIR}/nitro/${CARGOTARGET} -I${CMAKE_BINARY_DIR}/nitro/${CARGOTARGET}/headers')
-set(NITRO_LDFLAGS '${CMAKE_BINARY_DIR}/nitro/${CARGOTARGET}/libnitro.a ${RUST_STATICLIB_LDFLAGS}')
 
 #
 # core-os disk-mapper
@@ -38,30 +15,19 @@ add_custom_target(disk-mapper
 # coordinator
 #
 
-add_custom_target(nitro
-  CARGO_TARGET_DIR=${CMAKE_BINARY_DIR}/nitro cargo build ${CARGOFLAGS}
-  WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/3rdparty/aws-nitro-enclaves-ffi)
-
 add_custom_target(coordinator ALL
-  ${CMAKE_COMMAND} -E env CGO_CFLAGS=${NITRO_CFLAGS}
-  ${CMAKE_COMMAND} -E env CGO_LDFLAGS=${NITRO_LDFLAGS}
-  go build -o ${CMAKE_BINARY_DIR} -tags=aws,gcp -buildvcs=false -ldflags "-buildid='' -X main.version=${PROJECT_VERSION}"
+  go build -o ${CMAKE_BINARY_DIR} -tags=gcp -buildvcs=false -ldflags "-s -w -buildid='' -X main.version=${PROJECT_VERSION}"
   WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/coordinator/cmd/coordinator)
 
-add_dependencies(coordinator nitro)
 
 #
 # cli
 #
 
 add_custom_target(cli ALL
-  ${CMAKE_COMMAND} -E env CGO_CFLAGS=${NITRO_CFLAGS}
-  ${CMAKE_COMMAND} -E env CGO_LDFLAGS=${NITRO_LDFLAGS}
-  go build -o ${CMAKE_BINARY_DIR}/constellation -buildvcs=false -tags=aws,gcp -ldflags "-buildid='' -X github.com/edgelesssys/constellation/internal/constants.CliVersion=${PROJECT_VERSION}"
+  go build -o ${CMAKE_BINARY_DIR}/constellation -buildvcs=false -tags=gcp -ldflags "-buildid='' -X github.com/edgelesssys/constellation/internal/constants.CliVersion=${PROJECT_VERSION}"
   WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cli)
 
-add_dependencies(cli nitro)
-
 #
 # testing / debugging
 #

Dockerfile.build

@@ -1,7 +1,7 @@
 FROM ubuntu@sha256:7cc0576c7c0ec2384de5cbf245f41567e922aab1b075f3e8ad565f508032df17 as build
 
 ENV DEBIAN_FRONTEND="noninteractive"
-RUN apt-get update && apt-get install cmake iproute2 iputils-ping wget curl git jq libssl-dev musl-tools=1.1.24-1 -y
+RUN apt-get update && apt-get install pkg-config cmake iproute2 iputils-ping wget git jq libssl-dev libcryptsetup12 libcryptsetup-dev -y
 
 # Install Go
 ARG GO_VER=1.18
@@ -9,14 +9,6 @@ RUN wget https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz
 RUN tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && rm go${GO_VER}.linux-amd64.tar.gz
 ENV PATH ${PATH}:/usr/local/go/bin
 
-# Install Rust
-ARG RUST_VER=1.58.0
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
-ENV PATH /root/.cargo/bin:${PATH}
-RUN rustup install ${RUST_VER}
-RUN rustup override set ${RUST_VER}
-RUN rustup target add x86_64-unknown-linux-musl
-
 # Download go dependencies
 WORKDIR /constellation/
 COPY go.mod ./
@@ -29,7 +21,7 @@ COPY . /constellation
 # Build
 RUN mkdir -p /constellation/build
 WORKDIR /constellation/build
-RUN cmake -DCMAKE_BUILD_TYPE=Release -DCOORDINATOR_STATIC_MUSL=ON .. && make coordinator
+RUN cmake .. && make coordinator
 
 RUN mv coordinator coordinator-$(sha512sum coordinator | cut -d " " -f 1)
 

coordinator/cmd/coordinator/main.go

@@ -10,11 +10,9 @@ import (
 	"strings"
 
 	"github.com/edgelesssys/constellation/cli/file"
-	"github.com/edgelesssys/constellation/coordinator/attestation/aws"
 	"github.com/edgelesssys/constellation/coordinator/attestation/azure"
 	"github.com/edgelesssys/constellation/coordinator/attestation/gcp"
 	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
-	awscloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/aws"
 	azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure"
 	gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp"
 	"github.com/edgelesssys/constellation/coordinator/config"
@@ -30,7 +28,6 @@ import (
 )
 
 const (
-	gvisorIP            = "192.168.127.2"
 	defaultIP           = "0.0.0.0"
 	defaultPort         = "9000"
 	defaultEtcdEndpoint = "127.0.0.1:2379"
@@ -74,19 +71,7 @@ func main() {
 
 	switch strings.ToLower(os.Getenv(config.ConstellationCSP)) {
 	case "aws":
-		issuer = aws.NewIssuer()
-		validator = aws.NewValidator(aws.NaAdGetVerifiedPayloadAsJson)
-		kube = kubernetes.New(&k8sapi.KubernetesUtil{}, &k8sapi.AWSConfiguration{}, kubectl.New())
-		metadata = awscloud.Metadata{}
-		cloudControllerManager = awscloud.CloudControllerManager{}
-		cloudNodeManager = &awscloud.CloudNodeManager{}
-		autoscaler = awscloud.Autoscaler{}
-		bindIP = gvisorIP
-		bindPort = defaultPort
-		etcdEndpoint = defaultEtcdEndpoint
-		enforceEtcdTls = true
-		openTPM = vtpm.OpenNOPTPM
-		fs = afero.NewOsFs()
+		panic("AWS cloud provider currently unsupported")
 	case "gcp":
 		pcrs, err := vtpm.GetSelectedPCRs(vtpm.OpenVTPM, vtpm.GCPPCRSelection)
 		if err != nil {

go.mod

@@ -213,4 +213,4 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 )
 
-replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20220408122750-67430e0bf2a1
+replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20220414083925-585f9cbb005d

go.sum

@@ -512,8 +512,8 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S
 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/daniel-weisse/go-cryptsetup v0.0.0-20220408122750-67430e0bf2a1 h1:CAejoYbBO85QYASn/RaPZVml5i8yjiQ56QoWuXGMjVU=
-github.com/daniel-weisse/go-cryptsetup v0.0.0-20220408122750-67430e0bf2a1/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU=
+github.com/daniel-weisse/go-cryptsetup v0.0.0-20220414083925-585f9cbb005d h1:LrRZ4W0me32ZbT6xyWSRD/A6EvFM9JUjVQCyrRxj69A=
+github.com/daniel-weisse/go-cryptsetup v0.0.0-20220414083925-585f9cbb005d/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU=
 github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

test/Dockerfile

@@ -1,7 +1,7 @@
 FROM golang:1.18
 ENV GOPRIVATE=github.com/edgelesssys/*
 
-RUN apt-get update && apt-get install cmake iproute2 iputils-ping libssl-dev -y
+RUN apt-get update && apt-get install  pkg-config cmake iproute2 iputils-ping libssl-dev libcryptsetup12 libcryptsetup-dev -y
 
 WORKDIR /constellation
 COPY go.mod .