-
Notifications
You must be signed in to change notification settings - Fork 9
/
exex.manifest.template
74 lines (59 loc) · 2.56 KB
/
exex.manifest.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# Copyright (C) 2023 Gramine contributors
# SPDX-License-Identifier: BSD-3-Clause
# Rust manifest example
libos.entrypoint = "target/release/teleport"
loader.log_level = "{{ log_level }}"
loader.env.LD_LIBRARY_PATH = "/usr/local/lib:/usr{{ arch_libdir }}:{{ arch_libdir }}"
loader.env.MALLOC_ARENA_MAX = "1"
loader.env.RUST_BACKTRACE = "full"
loader.env.RUST_LOG = "info"
loader.env.RPC_KEY = { passthrough = true }
loader.env.NFT_MINTER_MNEMONIC = { passthrough = true }
loader.env.APP_URL = { passthrough = true }
loader.env.TWITTER_CONSUMER_KEY = { passthrough = true }
loader.env.TWITTER_CONSUMER_SECRET = { passthrough = true }
loader.env.OPENAI_API_KEY = { passthrough = true }
loader.env.DATABASE_URL = { passthrough = true }
loader.env.BOOTSTRAP = { passthrough = true }
loader.env.ONBOARD = { passthrough = true }
loader.argv = ["target/release/teleport"]
loader.entrypoint = "file:{{ gramine.libos }}"
loader.uid = 65534
loader.gid = 65534
fs.mounts = [
{ type = "encrypted", path = "/root/save", uri = "file:save_dir/sealed", key_name = "_sgx_mrenclave" },
{ type = "encrypted", path = "/root/shared", uri = "file:save_dir/shared", key_name = "shared" },
{ path = "/teleport.env", uri = "file:teleport.env" },
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
{ path = "/tmp", type = "tmpfs" },
{ path = "/usr/lib/ssl/certs/", uri = "file:/usr/lib/ssl/certs/" }, # add this line
{ path = "/etc/ssl/certs/", uri = "file:/etc/ssl/certs/" }, # add this line
{ path = "/untrustedhost", uri = "file:untrustedhost/" },
]
# fs.insecure__keys.debug_sgx_mrenclave = "ffeeddccbbaa99887766554433221100"
sys.enable_extra_runtime_domain_names_conf = true
sgx.debug = false
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.remote_attestation = "dcap"
sgx.allowed_files = [
"file:untrustedhost"
]
sgx.trusted_files = [
"file:/usr{{ arch_libdir }}/",
"file:{{ gramine.libos }}",
"file:{{ self_exe }}",
"file:{{ gramine.runtimedir() }}/",
"file:{{ arch_libdir }}/",
"file:teleport.env",
"file:/usr/lib/ssl/certs/",
"file:/etc/ssl/certs/",
]
# The maximum number of threads in a single process needs to be declared in advance.
# You need to account for:
# - one main thread
# - the tokio worker threads
# - any threads and threadpools you might be starting
# - helper threads internal to Gramine — see:
# https://gramine.readthedocs.io/en/stable/manifest-syntax.html#number-of-threads
sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '48' }}