Requirements for building an EIF image
This section presents the minimal requirements for the environment needed to
build an EIF image with anjuna-nitro-cli build-enclave
.
Installation
See Getting the Anjuna Nitro Runtime for information on obtaining and installing the Anjuna Nitro Runtime that is needed for building EIF images.
Requirements
Basic System Requirements
-
x86-64 Linux system
-
Docker installed and Docker daemon (
dockerd
) running -
Logged into the system as
root
or a user that is in thedocker
group
A Nitro Enclave enabled machine is not required to create an EIF image. |
The Anjuna Nitro Runtime has been tested on Amazon Linux 2 (a Fedora-based distribution), but it should work on any recent Linux distribution. |
File Access Patterns
In the following lists, $ANJUNA_NITRO_PATH
refers to the install directory of the Anjuna Nitro Runtime
that defaults to /opt/anjuna/nitro
.
Device and Process Files
Device, control, and process files that are read.
-
/dev/null
-
/proc/self/exe
-
/proc/self/maps
-
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
-
/var/run/docker.sock
System Config Files
System configuration files that are read.
-
/etc/ld.so.cache
-
/etc/localtime
-
/etc/passwd
Included Executables
Executable programs that are included with the Anjuna Nitro distribution that are executed.
-
$ANJUNA_NITRO_PATH/bin/linuxkit
Included Files
Files that are part of the Anjuna Nitro distribution that are read in the course of building an EIF file.
-
$ANJUNA_NITRO_PATH/blobs/*
(recursively) -
$ANJUNA_NITRO_PATH/enclave/*
(recursively) -
$ANJUNA_NITRO_PATH/internal/bootstrap-disk-manifest.yaml
Written Files
Several files are written and read back when building an EIF file.
-
$TMPDIR
or/tmp
- Multiple temporary files are written to the directory specified by theTMPDIR
environment variable or/tmp
if it is not set -
~/.nitro_cli/bootstrap-initrd.img
-
~/.nitro_cli/customer-initrd.img
-
The output EIF file specified with the
--output-file
command line option