cli: derive runtime class name from launch digest

cli/cmd/common.go

@@ -6,6 +6,7 @@ package cmd
 import (
 	"context"
 	_ "embed"
+	"fmt"
 	"os"
 	"path/filepath"
 	"time"
@@ -41,8 +42,14 @@ var (
 	//
 	// It is intentionally left empty for dev builds.
 	DefaultCoordinatorPolicyHash = ""
+	// This value is injected at build time.
+	launchDigest = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
 )
 
+func runtimeHandler() string {
+	return fmt.Sprintf("contrast-cc-%s", launchDigest[:32])
+}
+
 func cachedir(subdir string) (string, error) {
 	dir := os.Getenv(cacheDirEnv)
 	if dir == "" {

cli/cmd/generate.go

@@ -335,13 +335,14 @@ func injectServiceMesh(resources []any) error {
 }
 
 func runtimeClassNamePatcher() func(*applycorev1.PodSpecApplyConfiguration) *applycorev1.PodSpecApplyConfiguration {
+	handler := runtimeHandler()
 	return func(spec *applycorev1.PodSpecApplyConfiguration) *applycorev1.PodSpecApplyConfiguration {
-		if spec.RuntimeClassName == nil || *spec.RuntimeClassName == runtimeHandler {
+		if spec.RuntimeClassName == nil || *spec.RuntimeClassName == handler {
 			return spec
 		}
 
 		if strings.HasPrefix(*spec.RuntimeClassName, "contrast-cc") || *spec.RuntimeClassName == "kata-cc-isolation" {
-			spec.RuntimeClassName = &runtimeHandler
+			spec.RuntimeClassName = &handler
 		}
 		return spec
 	}

cli/cmd/runtime.go

@@ -7,9 +7,6 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// This value is injected at build time.
-var runtimeHandler = "contrast-cc"
-
 // NewRuntimeCmd creates the contrast runtime subcommand.
 func NewRuntimeCmd() *cobra.Command {
 	cmd := &cobra.Command{
@@ -28,5 +25,5 @@ have the runtimeClassName set to the value returned by this command.
 }
 
 func runRuntime(cmd *cobra.Command, _ []string) {
-	cmd.Println(runtimeHandler)
+	cmd.Println(runtimeHandler())
 }

cli/main.go

@@ -30,7 +30,6 @@ func execute() error {
 
 var (
 	version          = "0.0.0-dev"
-	runtimeHandler   = "contrast-cc"
 	launchDigest     = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
 	genpolicyVersion = "0.0.0-dev"
 )
@@ -40,7 +39,7 @@ func newRootCmd() *cobra.Command {
 	var versionsBuilder strings.Builder
 	versionsWriter := tabwriter.NewWriter(&versionsBuilder, 0, 0, 4, ' ', 0)
 	fmt.Fprintf(versionsWriter, "%s\n\n", version)
-	fmt.Fprintf(versionsWriter, "\truntime handler:\t%s\n", runtimeHandler)
+	fmt.Fprintf(versionsWriter, "\truntime handler:\tcontrast-cc-%s\n", launchDigest[:32])
 	fmt.Fprintf(versionsWriter, "\tlaunch digest:\t%s\n", launchDigest)
 	fmt.Fprintf(versionsWriter, "\tgenpolicy version:\t%s\n", genpolicyVersion)
 	fmt.Fprintf(versionsWriter, "\timage versions:\n")

packages/by-name/contrast/package.nix

@@ -20,7 +20,7 @@ let
     ldflags = [
       "-s"
       "-X github.com/edgelesssys/contrast/internal/manifest.trustedMeasurement=${launchDigest}"
-      "-X github.com/edgelesssys/contrast/cli/cmd.runtimeHandler=${runtimeHandler}"
+      "-X github.com/edgelesssys/contrast/cli/cmd.launchDigest=${launchDigest}"
       "-X github.com/edgelesssys/contrast/internal/kuberesource.runtimeHandler=${runtimeHandler}"
     ];
 
@@ -78,11 +78,10 @@ buildGoModule rec {
     "-s"
     "-w"
     "-X main.version=v${version}"
-    "-X main.runtimeHandler=${runtimeHandler}"
     "-X main.launchDigest=${launchDigest}"
     "-X main.genpolicyVersion=${genpolicy.version}"
     "-X github.com/edgelesssys/contrast/internal/manifest.trustedMeasurement=${launchDigest}"
-    "-X github.com/edgelesssys/contrast/cli/cmd.runtimeHandler=${runtimeHandler}"
+    "-X github.com/edgelesssys/contrast/cli/cmd.launchDigest=${launchDigest}"
     "-X github.com/edgelesssys/contrast/internal/kuberesource.runtimeHandler=${runtimeHandler}"
   ];