rofl

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2025 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AppKindRaw       = "raw"
	AppKindContainer = "container"
)

Supported ROFL app kinds.

View Source 
const (
	TEETypeSGX = "sgx"
	TEETypeTDX = "tdx"
)

Supported TEE types.

View Source 
const (
	ScriptBuildPre   = "build-pre"
	ScriptBuildPost  = "build-post"
	ScriptBundlePost = "bundle-post"
)

Well-known scripts.

View Source 
const (
	StorageKindNone           = "none"
	StorageKindDiskEphemeral  = "disk-ephemeral"
	StorageKindDiskPersistent = "disk-persistent"
	StorageKindRAM            = "ram"
)

Supported storage kinds.

View Source 
const DefaultDeploymentName = "default"

DefaultDeploymentName is the name of the default deployment that must always be defined and is used in case no deployment is passed.

Variables

View Source 
var LatestBasicArtifacts = ArtifactsConfig{
	Firmware: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.1/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f",
	Kernel:   "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.1/stage1.bin#06e12cba9b2423b4dd5916f4d84bf9c043f30041ab03aa74006f46ef9c129d22",
	Stage2:   "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.1/stage2-basic.tar.bz2#72c84d2566959799fdd98fae08c143a8572a5a09ee426be376f9a8bbd1675f2b",
}

LatestBasicArtifacts are the latest TDX ROFL basic app artifacts.

View Source 
var LatestContainerArtifacts = ArtifactsConfig{
	Firmware: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.1/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f",
	Kernel:   "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.1/stage1.bin#06e12cba9b2423b4dd5916f4d84bf9c043f30041ab03aa74006f46ef9c129d22",
	Stage2:   "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.1/stage2-podman.tar.bz2#6f2487aa064460384309a58c858ffea9316e739331b5c36789bb2f61117869d6",
	Container: ContainerArtifactsConfig{
		Runtime: "https://github.com/oasisprotocol/oasis-sdk/releases/download/rofl-containers%2Fv0.4.1/rofl-containers#bdd2735af9ff10c9b1c1e8db535f4751739bd3707600c57b81e80195e6207673",
		Compose: "compose.yaml",
	},
}

LatestContainerArtifacts are the latest TDX container app artifacts.

View Source 
var ManifestFileNames = []string{
	"rofl.yaml",
	"rofl.yml",
}

ManifestFileNames are the manifest file names that are tried when loading the manifest.

Functions

func EncryptSecret 

func EncryptSecret(name string, value []byte, sek x25519.PublicKey) (string, error)

EncryptSecret encrypts the given secret given its plain-text name and value together with the secrets encryption key (SEK) obtained for the given application. Returns the Base64-encoded value that can be used in the configuration.

func ManifestExists 

func ManifestExists() bool

ManifestExists checks whether a manifest file exist. No attempt is made to load, parse or validate any of the found manifest files.

func PrepareSecrets 

func PrepareSecrets(cfg []*SecretConfig) map[string][]byte

PrepareSecrets transforms the secrets configuration into a format suitable for updating the ROFL app configuration.

Panics in case the configuration is malformed.

Types

type ArtifactsConfig 

type ArtifactsConfig struct {
	// Firmware is the URI/path to the firmware artifact (empty to use default).
	Firmware string `yaml:"firmware,omitempty" json:"firmware,omitempty"`
	// Kernel is the URI/path to the kernel artifact (empty to use default).
	Kernel string `yaml:"kernel,omitempty" json:"kernel,omitempty"`
	// Stage2 is the URI/path to the stage 2 disk artifact (empty to use default).
	Stage2 string `yaml:"stage2,omitempty" json:"stage2,omitempty"`
	// Container is the container artifacts configuration.
	Container ContainerArtifactsConfig `yaml:"container,omitempty" json:"container,omitempty"`
}

ArtifactsConfig is the artifact location override configuration.

type ContainerArtifactsConfig 

type ContainerArtifactsConfig struct {
	// Runtime is the URI/path to the container runtime artifact (empty to use default).
	Runtime string `yaml:"runtime,omitempty" json:"runtime,omitempty"`
	// Compose is the URI/path to the docker-compose.yaml artifact (empty to use default).
	Compose string `yaml:"compose,omitempty" json:"compose,omitempty"`
}

ContainerArtifactsConfig is the container artifacts configuration.

type Deployment 

type Deployment struct {
	// AppID is the Bech32-encoded ROFL app ID.
	AppID string `yaml:"app_id,omitempty" json:"app_id,omitempty"`
	// Network is the identifier of the network to deploy to.
	Network string `yaml:"network" json:"network"`
	// ParaTime is the identifier of the paratime to deploy to.
	ParaTime string `yaml:"paratime" json:"paratime"`
	// Admin is the identifier of the admin account.
	Admin string `yaml:"admin,omitempty" json:"admin,omitempty"`
	// Debug is a flag denoting whether this is a debuggable deployment.
	Debug bool `yaml:"debug,omitempty" json:"debug,omitempty"`
	// TrustRoot is the optional trust root configuration.
	TrustRoot *TrustRootConfig `yaml:"trust_root,omitempty" json:"trust_root,omitempty"`
	// Policy is the ROFL app policy.
	Policy *rofl.AppAuthPolicy `yaml:"policy,omitempty" json:"policy,omitempty"`
	// Metadata contains custom metadata.
	Metadata map[string]string `yaml:"metadata,omitempty" json:"metadata,omitempty"`
	// Secrets contains encrypted secrets.
	Secrets []*SecretConfig `yaml:"secrets,omitempty" json:"secrets,omitempty"`
}

Deployment describes a single ROFL app deployment.

func (*Deployment) HasAppID 

func (d *Deployment) HasAppID() bool

HasAppID returns true iff the deployment has an application identifier set.

func (*Deployment) Validate 

func (d *Deployment) Validate() error

Validate validates the manifest for correctness.

type Manifest 

type Manifest struct {
	// Name is the human readable ROFL app name.
	Name string `yaml:"name" json:"name"`
	// Version is the ROFL app version.
	Version string `yaml:"version" json:"version"`
	// Repository is the ROFL app repository URL.
	Repository string `yaml:"repository,omitempty" json:"repository,omitempty"`
	// Author is the ROFL app author full name and e-mail.
	Author string `yaml:"author,omitempty" json:"author,omitempty"`
	// License is the ROFL app SPDX license expression.
	License string `yaml:"license,omitempty" json:"license,omitempty"`
	// Homepage is the ROFL app homepage.
	Homepage string `yaml:"homepage,omitempty" json:"homepage,omitempty"`
	// Description is the ROFL app description.
	Description string `yaml:"description,omitempty" json:"description,omitempty"`
	// TEE is the type of TEE to build for.
	TEE string `yaml:"tee" json:"tee"`
	// Kind is the kind of ROFL app to build.
	Kind string `yaml:"kind" json:"kind"`
	// Resources are the requested ROFL app resources.
	Resources ResourcesConfig `yaml:"resources" json:"resources"`
	// Artifacts are the optional artifact location overrides.
	Artifacts *ArtifactsConfig `yaml:"artifacts,omitempty" json:"artifacts,omitempty"`

	// Deployments are the ROFL app deployments.
	Deployments map[string]*Deployment `yaml:"deployments,omitempty" json:"deployments,omitempty"`

	// Scripts are custom scripts that are executed by the build system at specific stages.
	Scripts map[string]string `yaml:"scripts,omitempty" json:"scripts,omitempty"`
	// contains filtered or unexported fields
}

Manifest is the ROFL app manifest that configures various aspects of the app in a single place.

func LoadManifest 

func LoadManifest() (*Manifest, error)

LoadManifest attempts to find and load the ROFL app manifest from a local file.

func (*Manifest) GetMetadata added in v0.12.0 

func (m *Manifest) GetMetadata(deployment string) map[string]string

GetMetadata derives metadata from the attributes defined in the manifest and combines it with the metadata for the specified deployment.

func (*Manifest) Save 

func (m *Manifest) Save() error

Save serializes the manifest and writes it to the file returned by `SourceFileName`, overwriting any previous manifest.

If no previous source filename is available, a default one is set.

func (*Manifest) SourceFileName 

func (m *Manifest) SourceFileName() string

SourceFileName returns the filename of the manifest file from which the manifest was loaded or an empty string in case the filename is not available.

func (*Manifest) Validate 

func (m *Manifest) Validate() error

Validate validates the manifest for correctness.

type ResourcesConfig 

type ResourcesConfig struct {
	// Memory is the amount of memory needed by the app in megabytes.
	Memory uint64 `yaml:"memory" json:"memory"`
	// CPUCount is the number of vCPUs needed by the app.
	CPUCount uint8 `yaml:"cpus" json:"cpus"`
	// Storage is the storage configuration.
	Storage *StorageConfig `yaml:"storage,omitempty" json:"storage,omitempty"`
}

ResourcesConfig is the resources configuration.

func (*ResourcesConfig) Validate 

func (r *ResourcesConfig) Validate() error

Validate validates the resources configuration for correctness.

type SecretConfig 

type SecretConfig struct {
	// Name is the name of the secret.
	Name string `yaml:"name" json:"name"`
	// PublicName is the public name of the secret. It will be visible to everyone on-chain, but is
	// otherwise ignored.
	PublicName string `yaml:"public_name,omitempty" json:"public_name,omitempty"`
	// Value is the Base64-encoded encrypted value.
	Value string `yaml:"value" json:"value"`
}

SecretConfig is the configuration of a given secret.

func (*SecretConfig) Validate 

func (s *SecretConfig) Validate() error

Validate validates the secret configuration for correctness.

type SecretEnvelope 

type SecretEnvelope struct {
	// Pk is the ephemeral public key used for X25519.
	Pk x25519.PublicKey `json:"pk"`
	// Nonce.
	Nonce [deoxysii.NonceSize]byte `json:"nonce"`
	// Name is the encrypted secret name.
	Name []byte `json:"name"`
	// Value is the encrypted secret value.
	Value []byte `json:"value"`
}

SecretEnvelope is the envelope used for storing encrypted secrets.

type StorageConfig 

type StorageConfig struct {
	// Kind is the storage kind.
	Kind string `yaml:"kind" json:"kind"`
	// Size is the amount of storage in megabytes.
	Size uint64 `yaml:"size" json:"size"`
}

StorageConfig is the storage configuration.

func (*StorageConfig) Validate 

func (e *StorageConfig) Validate() error

Validate validates the storage configuration for correctness.

type TrustRootConfig 

type TrustRootConfig struct {
	// Height is the consensus layer block height where to take the trust root.
	Height uint64 `yaml:"height,omitempty" json:"height,omitempty"`
	// Hash is the consensus layer block header hash corresponding to the passed height.
	Hash string `yaml:"hash,omitempty" json:"hash,omitempty"`
}

TrustRootConfig is the trust root configuration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.