Conversation
9104719 to
81ebdf6
Compare
81ebdf6 to
8824c6e
Compare
|
@veehaitch PR updated as discussed, PTAL! I highly doubt anyone apart from us uses it though, since there's no kernel package with SGX support in nixpkgs anyway AFAIK |
|
Looks good to me, thanks! However, you have to convert the We should definitely add an alias through # zcat /proc/config.gz | grep "SGX"
CONFIG_X86_SGX=y
CONFIG_X86_SGX_KVM=y |
8824c6e to
5513d11
Compare
5513d11 to
4be9397
Compare
veehaitch
left a comment
There was a problem hiding this comment.
Thanks for working on this!
|
Any update on this PR? |
| options.defaultQuotingType = mkOption { | ||
| type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]); | ||
| options.retryDelay = mkOption { | ||
| type = with types; nullOr ints.u32; |
There was a problem hiding this comment.
First time I am seeing this type being used.
| type = with types; nullOr ints.u32; | ||
| default = null; | ||
| example = 6; | ||
| description = mdDoc '' | ||
| Maximum retry times for QCNL. When `null` or set to `0`, no retry will be performed. |
There was a problem hiding this comment.
| type = with types; nullOr ints.u32; | |
| default = null; | |
| example = 6; | |
| description = mdDoc '' | |
| Maximum retry times for QCNL. When `null` or set to `0`, no retry will be performed. | |
| type = types.ints.u32; | |
| default = 0; | |
| example = 6; | |
| description = mdDoc '' | |
| Maximum retry times for QCNL. When set to `0`, no retry will be performed. |
Why not do this instead?
There was a problem hiding this comment.
I agree that's better UX, but I directly matched upstream behavior here https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/68a77a852cd911a44a97733aec870e9bd93a3b86/QuoteGeneration/qcnl/linux/sgx_default_qcnl.conf#L23-L26
There was a problem hiding this comment.
I don't think we need to mirror the null here. Not defined would be equal to the option having not default and for clarity we can then also set the default to 0 which is equal to null.
|
@rvolosatovs @SuperSandro2000 anything needed for this PR to be merged? |
I'll try to get this addressed today #181347 (comment) and it should be good to go |
@rvolosatovs any progress? 😉 |
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
Flatten to better match other services Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
Getting back to this now, sorry for the delay - I have unarchived the source repository to be able to update the branch, but honestly not sure what to do about #181347 (comment) I did a direct translation of upstream config here, if the intention is to "do things better" in the NixOS module, then it'd make sense to not change this one field semantics, but also other fields. I'd rather just stick with upstream, which would simplify things like e.g. migration from existing configs and further maintenance in case upstream changes something |
4be9397 to
a7fab34
Compare
| ]; | ||
| "${aesmdConfigFile}:/etc/aesmd.conf" | ||
| ] | ||
| ++ optional (!isNull cfg.qcnl) (let |
There was a problem hiding this comment.
| ++ optional (!isNull cfg.qcnl) (let | |
| ++ optional (cfg.qcnl != null) (let |
| }; | ||
| options.useSecureCert = mkOption { | ||
| type = with types; nullOr bool; | ||
| default = null; |
There was a problem hiding this comment.
What does null mean here? true? From the description this is unclear.
Description of changes
QCNL is used by AESMD internally, this allows for configuring the library.
See https://profianinc.github.io/nixpkgs/options.html#opt-services.aesmd.qcnl.settings for rendered doc
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes