gramine-manifest – Gramine manifest preprocessor

Synopsis

gramine-manifest [OPTION]… [SOURCE-FILE [OUTPUT-FILE]]

Description

gramine-manifest is used to preprocess manifests for Gramine using Jinja markup.

Command line arguments

--define <key>=<value>, -D <key>=<value>

Have a variable available in the template.

Functions and constants available in templates

gramine.libos

Path to libsysdb.so.

gramine.runtimedir(libc='glibc')

The path to runtime directory with patched libc. Currently supported options are: 'glibc' and 'musl'.

python.stdlib

stdlib installation path from sysconfig module

python.platstdlib

platstdlib installation path from sysconfig module

python.purelib

purelib installation path from sysconfig module

python.distlib

On Debian systems, this is /usr/lib/python3/dist-packages.

python.get_path(...)

sysconfig.get_path

python.get_paths(...)

sysconfig.get_paths

python.implementation

sys.implementation

env.[ENVVAR]

The content of $ENVVAR environment variable.

ldd(*executables)

List of libraries which are linked from executables. Each library is provided at most once.

Example

manifest.template:

loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ entrypoint }}"
loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr{{ arch_libdir }}"

fs.mounts = [
  { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
]

sgx.trusted_files = [
  "file:{{ entrypoint }}",
  "file:{{ gramine.runtimedir() }}/",
]

Makefile:

%.manifest: manifest.template
   gramine-manifest \
      -Dentrypoint=$(ENTRYPOINT) \
      -Darch_libdir=$(ARCH_LIBDIR) \
      $< $@