eiffel/Dockerfile at master · 0xsequence/eiffel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
###############################################################################
FROM rust:1.88.0 AS eif_build

RUN mkdir /workspace
WORKDIR /workspace

RUN git clone https://github.com/aws/aws-nitro-enclaves-image-format.git . \
    && git checkout d0d224b8b626db5fcc2d7b685bdd229991bbf0a7

RUN RUSTFLAGS="--allow non_local_definitions" cargo build --example eif_build
# Executable at /workspace/target/debug/examples/eif_build


###############################################################################
FROM alpine:3.23 AS chrony

RUN apk add git linux-headers build-base bison asciidoctor

RUN mkdir /workspace
RUN git clone --depth 1 -b 4.8 https://gitlab.com/chrony/chrony.git /workspace

WORKDIR /workspace

RUN mkdir /out
ENV SOURCE_DATE_EPOCH=1707421839
RUN ./configure --prefix=/out
RUN make && make install


###############################################################################
FROM golang:1.26.2-alpine3.23 AS pid1

RUN mkdir /workspace
WORKDIR /workspace

ADD pid1/go.mod pid1/go.sum ./
RUN go mod download
ADD pid1/ ./
RUN go build -trimpath -buildvcs=false -ldflags="-s -w -buildid=" -o /out/pid1 .


###############################################################################
FROM ubuntu:26.04

COPY --chmod=755 --from=eif_build /workspace/target/debug/examples/eif_build /usr/bin/eif_build
ADD --chmod=755 https://github.com/linuxkit/linuxkit/releases/download/v1.8.2/linuxkit-linux-amd64 /usr/bin/linuxkit

# TODO: compile all these blobs at build-time
RUN mkdir /blobs
ADD https://github.com/aws/aws-nitro-enclaves-cli/raw/refs/tags/v1.4.4/blobs/x86_64/init /blobs/init
ADD https://github.com/aws/aws-nitro-enclaves-cli/raw/refs/tags/v1.4.4/blobs/x86_64/nsm.ko /blobs/nsm.ko
ADD https://github.com/aws/aws-nitro-enclaves-cli/raw/refs/tags/v1.4.4/blobs/x86_64/bzImage /blobs/bzImage
ADD https://github.com/aws/aws-nitro-enclaves-cli/raw/refs/tags/v1.4.4/blobs/x86_64/bzImage.config /blobs/bzImage.config
ADD https://github.com/aws/aws-nitro-enclaves-cli/raw/refs/tags/v1.4.4/blobs/x86_64/cmdline /blobs/cmdline

COPY --from=pid1 /out/pid1 /blobs/pid1
COPY --from=chrony /out/sbin/chronyd /blobs/chronyd
COPY --from=chrony /lib/ld-musl-x86_64.so.1 /blobs/ld-musl-x86_64.so.1
COPY --from=chrony /etc/ssl/certs/ca-certificates.crt /blobs/ca-certificates.crt

ADD --chmod=755 eiffel.sh /app/

WORKDIR /eiffel
ADD ./config ./

ENTRYPOINT ["/app/eiffel.sh"]

CMD ["app"]