cli: derive runtime class name from launch digest

edgelesssys · Jun 24, 2024 · f75335c · f75335c
1 parent 1b6ea63
commit f75335c
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 16 deletions.
diff --git a/cli/cmd/common.go b/cli/cmd/common.go
@@ -6,6 +6,7 @@ package cmd
 import (
 	"context"
 	_ "embed"
+	"fmt"
 	"os"
 	"path/filepath"
 	"time"
@@ -43,6 +44,10 @@ var (
 	DefaultCoordinatorPolicyHash = ""
 )
 
+func runtimeHandler(digest string) string {
+	return fmt.Sprintf("contrast-cc-%s", digest[:32])
+}
+
 func cachedir(subdir string) (string, error) {
 	dir := os.Getenv(cacheDirEnv)
 	if dir == "" {

diff --git a/cli/cmd/generate.go b/cli/cmd/generate.go
@@ -335,13 +335,14 @@ func injectServiceMesh(resources []any) error {
 }
 
 func runtimeClassNamePatcher() func(*applycorev1.PodSpecApplyConfiguration) *applycorev1.PodSpecApplyConfiguration {
+	handler := runtimeHandler(manifest.TrustedMeasurement)
 	return func(spec *applycorev1.PodSpecApplyConfiguration) *applycorev1.PodSpecApplyConfiguration {
-		if spec.RuntimeClassName == nil || *spec.RuntimeClassName == runtimeHandler {
+		if spec.RuntimeClassName == nil || *spec.RuntimeClassName == handler {
 			return spec
 		}
 
 		if strings.HasPrefix(*spec.RuntimeClassName, "contrast-cc") || *spec.RuntimeClassName == "kata-cc-isolation" {
-			spec.RuntimeClassName = &runtimeHandler
+			spec.RuntimeClassName = &handler
 		}
 		return spec
 	}

diff --git a/cli/cmd/runtime.go b/cli/cmd/runtime.go
@@ -4,12 +4,10 @@
 package cmd
 
 import (
+	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/spf13/cobra"
 )
 
-// This value is injected at build time.
-var runtimeHandler = "contrast-cc"
-
 // NewRuntimeCmd creates the contrast runtime subcommand.
 func NewRuntimeCmd() *cobra.Command {
 	cmd := &cobra.Command{
@@ -28,5 +26,5 @@ have the runtimeClassName set to the value returned by this command.
 }
 
 func runRuntime(cmd *cobra.Command, _ []string) {
-	cmd.Println(runtimeHandler)
+	cmd.Println(runtimeHandler(manifest.TrustedMeasurement))
 }
diff --git a/cli/main.go b/cli/main.go
@@ -12,6 +12,7 @@ import (
 	"text/tabwriter"
 
 	"github.com/edgelesssys/contrast/cli/cmd"
+	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/spf13/cobra"
 )
 
@@ -30,8 +31,6 @@ func execute() error {
 
 var (
 	version          = "0.0.0-dev"
-	runtimeHandler   = "contrast-cc"
-	launchDigest     = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
 	genpolicyVersion = "0.0.0-dev"
 )
 
@@ -40,8 +39,8 @@ func newRootCmd() *cobra.Command {
 	var versionsBuilder strings.Builder
 	versionsWriter := tabwriter.NewWriter(&versionsBuilder, 0, 0, 4, ' ', 0)
 	fmt.Fprintf(versionsWriter, "%s\n\n", version)
-	fmt.Fprintf(versionsWriter, "\truntime handler:\t%s\n", runtimeHandler)
-	fmt.Fprintf(versionsWriter, "\tlaunch digest:\t%s\n", launchDigest)
+	fmt.Fprintf(versionsWriter, "\truntime handler:\tcontrast-cc-%s\n", manifest.TrustedMeasurement[:32])
+	fmt.Fprintf(versionsWriter, "\tlaunch digest:\t%s\n", manifest.TrustedMeasurement)
 	fmt.Fprintf(versionsWriter, "\tgenpolicy version:\t%s\n", genpolicyVersion)
 	fmt.Fprintf(versionsWriter, "\timage versions:\n")
 	imageReplacements := strings.Trim(string(cmd.ReleaseImageReplacements), "\n")

diff --git a/internal/manifest/constants.go b/internal/manifest/constants.go
@@ -4,7 +4,7 @@
 package manifest
 
 // This value is injected at build time.
-var trustedMeasurement = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+var TrustedMeasurement = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
 
 // Default returns a default manifest.
 func Default() Manifest {
@@ -18,7 +18,7 @@ func Default() Manifest {
 					MicrocodeVersion:  115,
 				},
 			},
-			TrustedMeasurement: HexString(trustedMeasurement),
+			TrustedMeasurement: HexString(TrustedMeasurement),
 		},
 	}
 }
diff --git a/packages/by-name/contrast/package.nix b/packages/by-name/contrast/package.nix
@@ -20,7 +20,6 @@ let
     ldflags = [
       "-s"
       "-X github.com/edgelesssys/contrast/internal/manifest.trustedMeasurement=${launchDigest}"
-      "-X github.com/edgelesssys/contrast/cli/cmd.runtimeHandler=${runtimeHandler}"
       "-X github.com/edgelesssys/contrast/internal/kuberesource.runtimeHandler=${runtimeHandler}"
     ];
 
@@ -78,11 +77,8 @@ buildGoModule rec {
     "-s"
     "-w"
     "-X main.version=v${version}"
-    "-X main.runtimeHandler=${runtimeHandler}"
-    "-X main.launchDigest=${launchDigest}"
     "-X main.genpolicyVersion=${genpolicy.version}"
     "-X github.com/edgelesssys/contrast/internal/manifest.trustedMeasurement=${launchDigest}"
-    "-X github.com/edgelesssys/contrast/cli/cmd.runtimeHandler=${runtimeHandler}"
     "-X github.com/edgelesssys/contrast/internal/kuberesource.runtimeHandler=${runtimeHandler}"
   ];