Update AKS attestation example to use Gramine 1.3.1 #14
Conversation
Signed-off-by: aneessahib <[email protected]>
There was a problem hiding this comment.
Reviewed 12 of 12 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @aneessahib)
Examples/aks-attestation/aks-secret-prov-server.dockerfile line 32 at r1 (raw file):
ARG server_dcap_pf="n" RUN if [ $server_dcap_pf="y" ]; then \ sed -i "s|verify_measurements_callback,|NULL,|g" \
Please don't patch sources with sed. Also, why do you even need this?
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @mkow)
Examples/aks-attestation/aks-secret-prov-server.dockerfile line 32 at r1 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
Please don't patch sources with
sed. Also, why do you even need this?
This file is taken as is from https://github.com/gramineproject/contrib/blob/master/Curated-Apps/verifier/verifier.dockerfile.template
This change will force the verification logic to default to https://github.com/gramineproject/gramine/blob/da990909010a5989dc89c63f4c7a22d78fb3f5c6/tools/sgx/ra-tls/ra_tls_verify_dcap.c#L206, and this is more secure. ( verify_measurements_callback which only prints the different quote attributes)
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @mkow)
Examples/aks-attestation/aks-secret-prov-server.dockerfile line 32 at r1 (raw file):
Previously, aneessahib (Anees Sahib) wrote…
This file is taken as is from https://github.com/gramineproject/contrib/blob/master/Curated-Apps/verifier/verifier.dockerfile.template
This change will force the verification logic to default to https://github.com/gramineproject/gramine/blob/da990909010a5989dc89c63f4c7a22d78fb3f5c6/tools/sgx/ra-tls/ra_tls_verify_dcap.c#L206, and this is more secure. (
verify_measurements_callbackwhich only prints the different quote attributes)
btw - we should be ok to modify examples to suit our needs, no?
Signed-off-by: aneessahib [email protected]
fixes #8
This change is