mystikos icon indicating copy to clipboard operation
mystikos copied to clipboard

Published 20 hours ago verified publisher icon deislabs

mystikos container base image should have cryptsetup-bin preinstalled

Open jupacaza opened this issue 2 years ago • 0 comments

When using the mystikos base image to build a container one library that needs to be installed is cryptsetup-bin:

RUN apt-get update && apt-get install -y cryptsetup-bin

The ask is to ship mystikos-bionic with this preinstalled so that the consumer of mystikos-bionic does not have to do apt-get, which requires internet connection.

Example dockerfile:

FROM mystikos.azurecr.io/mystikos-bionic:v0.8.0 AS build

WORKDIR /home
RUN apt-get update && apt-get install -y cryptsetup-bin
...
RUN myst mkext2 appdir-tokenservice rootfs
RUN myst fssig --roothash rootfs > roothash
RUN openssl genrsa -out private.pem -3 3072
RUN myst package-sgx --roothash=roothash private.pem config.json
...

CMD [ "/home/myst/bin/dotnet" ]

Desired: no need to run apt-get update and install

FROM mystikos.azurecr.io/mystikos-bionic:v0.8.0 AS build

WORKDIR /home
...

RUN myst mkext2 appdir-tokenservice rootfs
RUN myst fssig --roothash rootfs > roothash
RUN openssl genrsa -out private.pem -3 3072
RUN myst package-sgx --roothash=roothash private.pem config.json
...

CMD [ "/home/myst/bin/dotnet" ]

jupacaza avatar May 23 '22 23:05 jupacaza