-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change positional args manifest
and key
to optional args
#118
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: Sankaranarayanan Venkatasubramanian <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 4 of 4 files at r1, all commit messages.
Reviewable status: all files reviewed, 6 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @svenkata9)
-- commits
line 2 at r1:
Can we shorten this title by replacing arguments
-> args
(2x)
-- commits
line 2 at r1:
I think Change
sounds better than Update
gsc.py
line 229 at r1 (raw file):
user_manifest_contents = user_manifest_file.read() user_manifest_dict = tomli.loads(user_manifest_contents)
If I understand correctly, if user skips --manifest ...
, then ./gsc build
will fail here.
Instead, we should allow to omit --manifest
, in this case user_manifest_dict
should be assigned to empty dict. So I think we need something like this:
if args.manifest:
user_manifest_contents = ''
if not os.path.exists(args.manifest):
raise FileNotFoundError(f'Manifest file {args.manifest} does not exist')
with open(args.manifest, 'r') as user_manifest_file:
user_manifest_contents = user_manifest_file.read()
user_manifest_dict = tomli.loads(user_manifest_contents)
else:
user_manifest_dict = {} # no user-provided manifest
Please test GSC when --manifest
is used and when it is omitted.
gsc.py
line 363 at r1 (raw file):
tmp_build_key_path = tmp_build_path / 'gsc-signer-key.pem' tmp_build_sign_path = tmp_build_path / 'sign.sh' shutil.copyfile(os.path.abspath(args.key), tmp_build_key_path)
What happens if user didn't specify --key some.key
? Will GSC fail with some complicated error at this line?
Can we add a check here that if not args.key or not os.path.exists(args.key): print("some error"); sys.exit(1)
?
gsc.py
line 503 at r1 (raw file):
sub_sign.add_argument('-c', '--config_file', type=argparse.FileType('r', encoding='UTF-8'), default='config.yaml', help='Specify configuration file.') sub_sign.add_argument('image', help='Name of the application (base) Docker image.')
Can we also move this argument after all args (i.e., after -p
)? So that it's easy to see that this is the positional mandatory arg.
Documentation/index.rst
line 150 at r1 (raw file):
.. option:: -k Used to sign the Intel SGX enclave
I would expand to Key file used to sign the Intel SGX enclave
manifest
and key
to optional argumentsmanifest
and key
to optional args
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 2 of 4 files reviewed, 6 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ), "fixup! " found in commit messages' one-liners (waiting on @dimakuv)
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
Can we shorten this title by replacing
arguments
->args
(2x)
Done
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
I think
Change
sounds better thanUpdate
Done
gsc.py
line 229 at r1 (raw file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
If I understand correctly, if user skips
--manifest ...
, then./gsc build
will fail here.Instead, we should allow to omit
--manifest
, in this caseuser_manifest_dict
should be assigned to empty dict. So I think we need something like this:if args.manifest: user_manifest_contents = '' if not os.path.exists(args.manifest): raise FileNotFoundError(f'Manifest file {args.manifest} does not exist') with open(args.manifest, 'r') as user_manifest_file: user_manifest_contents = user_manifest_file.read() user_manifest_dict = tomli.loads(user_manifest_contents) else: user_manifest_dict = {} # no user-provided manifest
Please test GSC when
--manifest
is used and when it is omitted.
Done.
gsc.py
line 363 at r1 (raw file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
What happens if user didn't specify
--key some.key
? Will GSC fail with some complicated error at this line?Can we add a check here that
if not args.key or not os.path.exists(args.key): print("some error"); sys.exit(1)
?
Done.
gsc.py
line 503 at r1 (raw file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
Can we also move this argument after all args (i.e., after
-p
)? So that it's easy to see that this is the positional mandatory arg.
Done.
Documentation/index.rst
line 150 at r1 (raw file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
I would expand to
Key file used to sign the Intel SGX enclave
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 2 files at r2, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel), "fixup! " found in commit messages' one-liners
Signed-off-by: Sankaranarayanan Venkatasubramanian [email protected]
Description of the changes
This PR changes the positional arguments
manifest
andkey
thatgsc build
andgsc sign-image
commands take respectively to optional ones. This change is being done separately now to accommodate change for production signing #112 (to avoid introducing the breaking change forkey
as optional argument)How to test this PR?
and run the resulting gsc-python image.
This change is