gsc

gsc copied to clipboard

GSC Build Image Couldn't Create Temporary File

9

## Description of the problem We have been trying to use gramine and gsc to build our custom graminized image. However, when we use Debian:12 as the base image, it...

vicshi06

## Description of the changes The original app image may have changed the permissions of `/tmp` dir. At the same time, correct permissions are required for installation of packages during...

dimakuv

python3-pip package is removed after container sign

5

## My container requires the python3-pip package to run, however when migrating from gsc 1.4 to gsc 1.6, the package is removed after sign ## Steps to reproduce I used...

Villain88

Alpine Linux support

7

## Description of the problem Since Gramine doesn't support Alpine Linux (https://github.com/gramineproject/gramine/issues/993), same thing for GSC. Note that this issue depends on the feature of supporting Gramine in Alpine.

mssun

GSC failed to run signed Docker image

93

## Description of the problem We are trying to run a Docker image using Gramine shielded containers. We are successfully able to create the signed image but the container is...

NandiniKJ

In the current implementation in `gsc.py`, we add all CLI arguments into the environment, which may create conflicting names(variables passed from command line and internal variables used in script). Based...

amathew3

RFC: Plugins/templates in GSC

5

### What is missing in SGX signing flows, what is needed for "plugins/templates" in GSC? The context are these PRs and discussions: - https://github.com/gramineproject/gramine/pull/1118 - https://github.com/gramineproject/gramine/pull/1197 - https://github.com/gramineproject/gsc/pull/112 - https://github.com/gramineproject/gsc/pull/118...

dimakuv

DONTMERGE Fix `excluded_paths_regex` in `finalize_manifest.py`

2

## Description of the changes The updated list of excluded "trusted files" paths better follows the Filesystem Hierarchy Standard (FHS). Based on: - https://manpages.debian.org/testing/manpages/hier.7.en.html - https://manpages.debian.org/testing/systemd/file-hierarchy.7.en.html - https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Fixes #128....

dimakuv

Enable `--template` option to use with `sign-image` (for use with HSMs, for example)

1

Signed-off-by: Sankaranarayanan Venkatasubramanian ## Description The `gsc` tool cannot do production signing on the gramized docker images today, and this PR enables that. This PR introduces passing a 'self-contained' Dockerfile...

svenkata9

bonnie++ benchmark fails

7

## Description of the problem I want to benchmark a graminized image with bonnie++ to compare it with a normal docker image and native system. Bonnie++ is a small utility...

A-Reser