gramine-manifest – Gramine manifest preprocessor
Synopsis
gramine-manifest [OPTION]… [SOURCE-FILE [OUTPUT-FILE]]
Description
gramine-manifest is used to preprocess manifests for Gramine using Jinja markup.
Command line arguments
- --define <key>=<value>, -D <key>=<value>
Have a variable available in the template.
- --check
After rendering manifest from template, perform validation against manifest schema to check for unknown manifest entries and/or missing mandatory options. See gramine-manifest-check – Gramine manifest schema validator for more details.
The check is enabled by default. This option serves to re-enable the check after
--no-check.For the 1.7 release, only a warning is issued and gramine-manifest proceeds to write the faulty manifest. In version 1.8 this will be a hard error.
Functions and constants available in templates
- gramine.libos
Path to
libsysdb.so.
- gramine.runtimedir(libc='glibc')
The path to runtime directory with patched libc. Currently supported options are:
'glibc'and'musl'.
- python.stdlib
stdlibinstallation path from sysconfig module
- python.platstdlib
platstdlibinstallation path from sysconfig module
- python.purelib
purelibinstallation path from sysconfig module
- python.distlib
On Debian systems, this is
/usr/lib/python3/dist-packages.
- python.get_path(...)
- python.get_paths(...)
- python.implementation
- env.[ENVVAR]
The content of
$ENVVARenvironment variable.
- ldd(\*executables)
List of libraries which are linked from executables. Each library is provided at most once.
Example
manifest.template:
loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ entrypoint }}"
loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr{{ arch_libdir }}"
fs.mounts = [
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
]
sgx.trusted_files = [
"file:{{ entrypoint }}",
"file:{{ gramine.runtimedir() }}/",
]
Makefile:
%.manifest: manifest.template
gramine-manifest \
-Dentrypoint=$(ENTRYPOINT) \
-Darch_libdir=$(ARCH_LIBDIR) \
$< $@