mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-10-30 14:11:21 +00:00
nixos/aesmd: add option environment
This commit is contained in:
parent
4e937f0d6b
commit
dbff3c22c1
@ -25,6 +25,16 @@ in
|
||||
default = false;
|
||||
description = lib.mdDoc "Whether to build the PSW package in debug mode.";
|
||||
};
|
||||
environment = mkOption {
|
||||
type = with types; attrsOf str;
|
||||
default = { };
|
||||
description = mdDoc "Additional environment variables to pass to the AESM service.";
|
||||
# Example environment variable for `sgx-azure-dcap-client` provider library
|
||||
example = {
|
||||
AZDCAP_COLLATERAL_VERSION = "v2";
|
||||
AZDCAP_DEBUG_LOG_LEVEL = "INFO";
|
||||
};
|
||||
};
|
||||
quoteProviderLibrary = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
@ -104,7 +114,7 @@ in
|
||||
NAME = "aesm_service";
|
||||
AESM_PATH = storeAesmFolder;
|
||||
LD_LIBRARY_PATH = makeLibraryPath [ cfg.quoteProviderLibrary ];
|
||||
};
|
||||
} // cfg.environment;
|
||||
|
||||
# Make sure any of the SGX application enclave devices is available
|
||||
unitConfig.AssertPathExists = [
|
||||
|
@ -28,7 +28,12 @@
|
||||
|
||||
specialisation = {
|
||||
withQuoteProvider.configuration = { ... }: {
|
||||
services.aesmd.quoteProviderLibrary = pkgs.sgx-azure-dcap-client;
|
||||
services.aesmd = {
|
||||
quoteProviderLibrary = pkgs.sgx-azure-dcap-client;
|
||||
environment = {
|
||||
AZDCAP_DEBUG_LOG_LEVEL = "INFO";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -89,5 +94,9 @@
|
||||
ld_library_path = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep LD_LIBRARY_PATH")
|
||||
assert ld_library_path.startswith("LD_LIBRARY_PATH=${pkgs.sgx-azure-dcap-client}/lib:"), \
|
||||
"LD_LIBRARY_PATH is not set to the configured quote provider library"
|
||||
|
||||
with subtest("aesmd.service with quote provider library has set AZDCAP_DEBUG_LOG_LEVEL"):
|
||||
azdcp_debug_log_level = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep AZDCAP_DEBUG_LOG_LEVEL")
|
||||
assert azdcp_debug_log_level == "AZDCAP_DEBUG_LOG_LEVEL=INFO\n", "AZDCAP_DEBUG_LOG_LEVEL is not set to INFO"
|
||||
'';
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user