-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve examples/ subfolder with cross-compilation and more docs (#25)
- Adds examples for cross-compilation of EIFs in `./examples`, and gives more detail on what commands to run in order to build EIFs. - Fixes a bug where the examples lockfile would fail to find the parent flake if the flake is not already in the Nix store. - Updates architecture diagram to reflect changes from #24 - Removes quick start example as it is redundant with `./examples/` and means maintaining an extra flake in markdown
- Loading branch information
Showing
6 changed files
with
125 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,53 @@ | ||
# Usage examples | ||
|
||
Examples are structured as a single flake containing packages of potential EIFs. | ||
You need to install [Nix](https://nixos.org/) and [enable flakes](https://nixos.wiki/wiki/Flakes) to use this repo. | ||
Examples are structured as an additional Nix flake containing [derivations](https://zero-to-nix.com/concepts/derivations) (ie, build recipes, like Dockerfiles) for potential EIFs. | ||
|
||
To see the overall plumbing to use the aws-nitro-util flake, see [flake.nix](./flake.nix). | ||
|
||
To see examples for specific EIFs, see the individual package definitions: | ||
|
||
- Booting an enclave with a shell script only: [`withShellScript.nix`](./withShellScript.nix) | ||
- Booting an enclave with your own, compiled-from-source kernel: [`bringYourOwnKernel.nix`](./bringYourOwnKernel.nix) | ||
- Booting an enclave with your own, compiled-from-source kernel: [`bringYourOwnKernel.nix`](./bringYourOwnKernel.nix) | ||
|
||
## Building the examples | ||
|
||
### To show what examples can be built | ||
|
||
```bash | ||
nix flake show | ||
``` | ||
|
||
### To build `shellScriptEif` for your current architecture: | ||
```bash | ||
nix build '.#shellScriptEif' | ||
``` | ||
Note this will produce an `aarch64-linux` EIF if you are running it in an ARM Mac. | ||
|
||
|
||
### To build for a different architecture via a remote builder | ||
Nix allows compiling 'natively' for other architectures by building in a different machine. | ||
|
||
To do this you need to set up a [linux remote builder](https://nix.dev/manual/nix/2.18/advanced-topics/distributed-builds) first. | ||
This can be any machine you can SSH into, including a VM. | ||
|
||
Then, for example, to compile EIFs natively for `x86_64-linux` on an ARM Mac: | ||
```bash | ||
nix build '.#packages.x86_64-linux-crossCompiledEif' | ||
``` | ||
|
||
Using remote builders makes builds simpler (because it is a linux x86 machine compiling linux x86 binaries) but requires setting | ||
up that additional machine and telling your local Nix installation about it. | ||
|
||
### To build for a different architecture via cross-compilation | ||
|
||
If you do not have remote builders, you can cross-compile. Keep in mind this requires all dependencies | ||
of your EIF to be cross-compiled too (which is tricky for bash scripts). | ||
|
||
|
||
To cross-compile an EIF from your local system | ||
to `x86_64-linux`: | ||
|
||
```bash | ||
nix build '.#x86_64-linux-crossCompiledEif' | ||
``` |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ buildEnv | ||
, hello | ||
, nitro # when you call this function pass `nitro-util.lib.${system}` here | ||
, crossArch | ||
}: | ||
nitro.buildEif { | ||
arch = crossArch; | ||
kernel = nitro.blobs.${crossArch}.kernel; | ||
kernelConfig = nitro.blobs.${crossArch}.kernelConfig; | ||
|
||
name = "eif-hello-world"; | ||
|
||
nsmKo = nitro.blobs.${crossArch}.nsmKo; | ||
|
||
copyToRoot = buildEnv { | ||
name = "image-root"; | ||
# the image passed here must be a Nix derivation that can be cross-compiled | ||
# we did not use a shell script here because that is hard for GNU coreutils | ||
paths = [ hello ]; | ||
pathsToLink = [ "/bin" ]; | ||
}; | ||
|
||
entrypoint = '' | ||
/bin/hello | ||
''; | ||
|
||
env = ""; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters