Opensource pcs and dcap_artifact_retrieval #619
Conversation
|
Just a kind reminder that each source file should contain copyright notice at top. |
intel-sgx/dcap_artifact_retrieval/src/provisioning_client/azure.rs
Outdated
Show resolved
Hide resolved
intel-sgx/dcap_artifact_retrieval/src/provisioning_client/intel.rs
Outdated
Show resolved
Hide resolved
| test_helpers, IntelProvisioningClientBuilder, PcsVersion, ProvisioningClient | ||
| }; | ||
|
|
||
| const IAS_TEST_KEY: &str = "<redacted>"; // Primary API key of [email protected] |
There was a problem hiding this comment.
Pass API key as GitHub secret
raoulstrackx
force-pushed
the
raoul/opensource_dcap_artifact_tools
branch
from
2a88905
to
64237b4
Compare
|
@Taowyoo Added licence headers, can you please review it again please? |
|
Hi I think DCAP artifact retrieval tool should be public(with removing some private info) as a README.md file under |
| @@ -53,6 +53,9 @@ jobs: | |||
| - name: cargo test -p async-usercalls --target x86_64-fortanix-unknown-sgx --no-run | |||
| run: cargo +nightly test --verbose --locked -p async-usercalls --target x86_64-fortanix-unknown-sgx --no-run | |||
|
|
|||
| - name: Nightly test -p dcap-artifact-retrieval --target x86_64-fortanix-unknown-sgx --no-default-features --no-run | |||
There was a problem hiding this comment.
If dcap-artifact-retrieval or pcs crates are only test-able on nightly or they need special features to be compiled and run correctly, you need to disable them in test Cargo test --all --exclude sgxs-loaders at line 51.
There was a problem hiding this comment.
I don't understand what has to be changed on line 51. Running the line gives me the following compilation error in 3rd party crate:
error: field must have #[serde(default)] because previous field 2 has #[serde(default)]
--> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-nitro-enclaves-cose-0.1.0/src/sign.rs:129:5
|
129 | ByteBuf,
| ^^^^^^^
error: field must have #[serde(default)] because previous field 2 has #[serde(default)]
--> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-nitro-enclaves-cose-0.1.0/src/sign.rs:131:5
|
131 | ByteBuf,
| ^^^^^^^
error[E0277]: the trait bound `SigStructure: sign::_::_serde::Serialize` is not satisfied
--> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-nitro-enclaves-cose-0.1.0/src/sign.rs:167:28
|
167 | serde_cbor::to_vec(self)
| ------------------ ^^^^ the trait `sign::_::_serde::Serialize` is not implemented for `SigStructure`
| |
| required by a bound introduced by this call
|
= help: the following other types implement trait `sign::_::_serde::Serialize`:
&'a T
&'a mut T
()
(T0, T1)
(T0, T1, T2)
(T0, T1, T2, T3)
(T0, T1, T2, T3, T4)
(T0, T1, T2, T3, T4, T5)
and 136 others
note: required by a bound in `to_vec`
--> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde_cbor-0.11.2/src/ser.rs:22:8
|
20 | pub fn to_vec<T>(value: &T) -> Result<Vec<u8>>
| ------ required by a bound in this function
21 | where
22 | T: ser::Serialize,
| ^^^^^^^^^^^^^^ required by this bound in `to_vec`
For more information about this error, try `rustc --explain E0277`.
error: could not compile `aws-nitro-enclaves-cose` (lib) due to 3 previous errors
There was a problem hiding this comment.
Did you try just cargo test the pcs and dcap-artifact-retrieval locally?
There was a problem hiding this comment.
I think this maybe a dependency issue.
Some old crates have version upgraded when adding new dependencies, the new versions are not compatible with some code or some other dependency.
There was a problem hiding this comment.
I noticed the Cargo.lock there are now two version of serde. This maybe the reason
There was a problem hiding this comment.
@Taowyoo Can you give me a link to a discrepancy you you think is the culprit here? I don't understand what the issue is.
There was a problem hiding this comment.
Yes, pcs and dcap-artifact-retrieval works locally. But new dependencies they introduced breaks the other crates in this workspace.
The error msg above means that the type definition of SigStructure in aws-nitro-enclaves-cose-0.1.0 is not compatible with newer serde.
There are some complex dependency issues here.
- We have a lot of old dependencies which may be not compatible with even latest stable.
- Those old dependencies may also be not compatible with new dependencies needed by
pcsanddcap-artifact-retrieval. - One main reason is we have some patch/fork of some core crates:
serdelibc.
There was a problem hiding this comment.
I tried to fix them by change version of some crates, but failed.
So I would suggest to put pcs and dcap-artifact-retrieval to separate GitHub repo instead.
There are too much tech debts about dependency in this repo.
There was a problem hiding this comment.
For the CI of new repo.
You could use https://github.com/fortanix/rustls-mbedtls-provider/ as example.
There was a problem hiding this comment.
Splitting the repos is a question to @raoulstrackx , I am not sure that this is an intended way to do it. @Taowyoo
There was a problem hiding this comment.
Since PCS_API_KEY is been redacted, all tests use that will fail.
If you want to keep running these tests, please checkout https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions to add secret to this repo and load it from an environment variable.
You will also need to change CI yml file.
raoulstrackx
force-pushed
the
raoul/opensource_dcap_artifact_tools
branch
4 times, most recently
from
538a834
to
7e765ef
Compare
raoulstrackx
force-pushed
the
raoul/opensource_dcap_artifact_tools
branch
from
7e765ef
to
b2fa24d
Compare
raoulstrackx
force-pushed
the
raoul/opensource_dcap_artifact_tools
branch
from
b137928
to
97ee9b2
Compare
raoulstrackx
force-pushed
the
raoul/opensource_dcap_artifact_tools
branch
from
ffb9595
to
6192cba
Compare
|
@Taowyoo Please review. |
No description provided.