Requirements for building an EIF image

This section presents the minimal requirements for the environment needed to build an EIF image with anjuna-nitro-cli build-enclave.

Installation

See Getting the Anjuna Nitro Runtime for information on obtaining and installing the Anjuna Nitro Runtime that is needed for building EIF images.

Requirements

Basic system requirements

  • A supported Linux system with the Anjuna Nitro Runtime installed

    • Note that an instance does not need to enable AWS Nitro Enclaves to build an EIF. Enabling AWS Nitro Enclaves for the instance is only required to run the EIF.

  • Docker installed and Docker daemon (dockerd) running

  • Logged into the system as root or a user that is in the docker group

The Prerequisites section has more details on the Anjuna Nitro Runtime requirements.

Docker image requirements

Building any Docker image into an EIF is supported, including images with any base image.

External library dependencies

anjuna-nitro-cli is statically built and does not have dynamic library dependencies.

If you upgrade to a newer version of the Anjuna Nitro Runtime, you will need to rebuild the EIF, because the EIF runtime version must be the same as the Anjuna Nitro Runtime version.

File access patterns

In the following lists, $ANJUNA_NITRO_PATH refers to the install directory of the Anjuna Nitro Runtime that defaults to /opt/anjuna/nitro.

Device and process files

Device, control, and process files that are read.

  • /dev/null

  • /proc/self/exe

  • /proc/self/maps

  • /sys/kernel/mm/transparent_hugepage/hpage_pmd_size

  • /var/run/docker.sock

System config files

System configuration files that are read.

  • /etc/ld.so.cache

  • /etc/localtime

  • /etc/passwd

Included executables

Executable programs that are included with the Anjuna Nitro distribution that are executed.

  • $ANJUNA_NITRO_PATH/bin/linuxkit

Included files

Files that are part of the Anjuna Nitro distribution that are read in the course of building an EIF file.

  • $ANJUNA_NITRO_PATH/blobs/* (recursively)

  • $ANJUNA_NITRO_PATH/enclave/* (recursively)

  • $ANJUNA_NITRO_PATH/internal/bootstrap-disk-manifest.yaml

Written files

Several files are written and read back when building an EIF file.

  • $TMPDIR or /tmp - Multiple temporary files are written to the directory specified by the TMPDIR environment variable or /tmp if it is not set

  • ~/.nitro_cli/bootstrap-initrd.img

  • ~/.nitro_cli/customer-initrd.img

  • The output EIF file specified with the --output-file command line option