diff --git a/.repros/config.yml b/.repros/config.yml index c7ca3668..75051edf 100644 --- a/.repros/config.yml +++ b/.repros/config.yml @@ -1,7 +1,7 @@ build: command: make sign: - file: out/manifest.txt + file: out/digests.txt format: raw method: ssh backing: tpm diff --git a/Makefile b/Makefile index 91e4dac9..0d11badd 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,10 @@ include src/macros.mk REGISTRY := local .DEFAULT_GOAL := .PHONY: default -default: \ +default: out/digests.txt + +.PHONY: all +all: \ out/qos_client/index.json \ out/qos_host/index.json \ out/qos_enclave/index.json @@ -39,6 +42,9 @@ shell: out/.common-loaded qos-local/common:latest \ /bin/bash +out/digests.txt: all + @$(call digests) > $@ + out/nitro.pcrs: out/qos_enclave.tar @$(call run,/src/scripts/extract_oci_file.sh qos_enclave.tar nitro.pcrs) diff --git a/src/macros.mk b/src/macros.mk index 5bd31ce1..1566866c 100644 --- a/src/macros.mk +++ b/src/macros.mk @@ -13,6 +13,18 @@ define run /bin/sh -c "set -eu; $(1)" endef +define digests + find out -iname "index.json" \ + | awk -F/ '{print $$2}' \ + | sort \ + | while IFS= read -r package; do \ + jq \ + -jr '.manifests[].digest | sub ("sha256:";"")' \ + out/$${package}/index.json; \ + printf " %s\n" "$${package}"; \ + done +endef + define build_context $$( \ self=$(1); \