Requirements for building an EIF image
This section presents the minimal requirements for the environment needed to
build an EIF image with anjuna-nitro-cli build-enclave.
Installation
See Getting the Anjuna Nitro Runtime for information on obtaining and installing the Anjuna Nitro Runtime that is needed for building EIF images.
Requirements
Basic System Requirements
-
x86-64 Linux system
-
Docker installed and Docker daemon (
dockerd) running -
Logged into the system as
rootor a user that is in thedockergroup
| A Nitro Enclave enabled machine is not required to create an EIF image. |
| The Anjuna Nitro Runtime has been tested on Amazon Linux 2 (a Fedora-based distribution), but it should work on any recent Linux distribution. |
File Access Patterns
In the following lists, $ANJUNA_NITRO_PATH refers to the install directory of the Anjuna Nitro Runtime
that defaults to /opt/anjuna/nitro.
Device and Process Files
Device, control, and process files that are read.
-
/dev/null -
/proc/self/exe -
/proc/self/maps -
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size -
/var/run/docker.sock
System Config Files
System configuration files that are read.
-
/etc/ld.so.cache -
/etc/localtime -
/etc/passwd
Included Executables
Executable programs that are included with the Anjuna Nitro distribution that are executed.
-
$ANJUNA_NITRO_PATH/bin/linuxkit
Included Files
Files that are part of the Anjuna Nitro distribution that are read in the course of building an EIF file.
-
$ANJUNA_NITRO_PATH/blobs/*(recursively) -
$ANJUNA_NITRO_PATH/enclave/*(recursively) -
$ANJUNA_NITRO_PATH/internal/bootstrap-disk-manifest.yaml
Written Files
Several files are written and read back when building an EIF file.
-
$TMPDIRor/tmp- Multiple temporary files are written to the directory specified by theTMPDIRenvironment variable or/tmpif it is not set -
~/.nitro_cli/bootstrap-initrd.img -
~/.nitro_cli/customer-initrd.img -
The output EIF file specified with the
--output-filecommand line option