From 8c0f53c27677421c38704bfad8d85a7ed869fbdb Mon Sep 17 00:00:00 2001 From: peg Date: Wed, 10 Dec 2025 21:13:08 +0100 Subject: [PATCH] Switch bob-common from cvm-reverse-proxy to attested-tls-proxy --- bob-common/mkosi.build | 14 ++++++++------ bob-common/mkosi.conf | 4 ++++ .../systemd/system/attested-tls-proxy.service | 16 ++++++++++++++++ .../etc/systemd/system/cvm-reverse-proxy.service | 16 ---------------- bob-common/mkosi.postinst | 2 +- 5 files changed, 29 insertions(+), 23 deletions(-) create mode 100644 bob-common/mkosi.extra/etc/systemd/system/attested-tls-proxy.service delete mode 100644 bob-common/mkosi.extra/etc/systemd/system/cvm-reverse-proxy.service diff --git a/bob-common/mkosi.build b/bob-common/mkosi.build index 78c42366..925020c3 100755 --- a/bob-common/mkosi.build +++ b/bob-common/mkosi.build @@ -40,9 +40,11 @@ make_git_package \ 'go build -trimpath -ldflags "-s -w -buildid= -X github.com/flashbots/go-template/common.Version=v1.0.0" -o ./build/ssh-pubkey-server cmd/httpserver/main.go' \ "build/ssh-pubkey-server:/usr/bin/ssh-pubkey-server" -make_git_package \ - "cvm-reverse-proxy" \ - "v0.1.8" \ - "https://github.com/flashbots/cvm-reverse-proxy" \ - "make build-proxy-server" \ - "build/proxy-server:/usr/bin/cvm-reverse-proxy" +# Build attested-tls-proxy +build_rust_package \ + "attested-tls-proxy" \ + "bob-test-00" \ + "https://github.com/flashbots/attested-tls-proxy.git" \ + "" \ + "" \ + "-l z -l zstd" diff --git a/bob-common/mkosi.conf b/bob-common/mkosi.conf index 06070f55..86514e14 100644 --- a/bob-common/mkosi.conf +++ b/bob-common/mkosi.conf @@ -27,6 +27,8 @@ Packages=podman openssh-sftp-server udev libsnappy1v5 + libtss2-esys-3.0.2-0t64 + libtss2-tctildr0t64 BuildPackages=build-essential git @@ -45,3 +47,5 @@ BuildPackages=build-essential libjson-c-dev gettext autopoint + libtss2-dev + zlib1g-dev diff --git a/bob-common/mkosi.extra/etc/systemd/system/attested-tls-proxy.service b/bob-common/mkosi.extra/etc/systemd/system/attested-tls-proxy.service new file mode 100644 index 00000000..79b91246 --- /dev/null +++ b/bob-common/mkosi.extra/etc/systemd/system/attested-tls-proxy.service @@ -0,0 +1,16 @@ +[Unit] +Description=Attested TLS proxy +After=ssh-pubkey-server.service +Requires=ssh-pubkey-server.service + +[Service] +Type=simple +ExecStart=attested-tls-proxy server --listen-addr 0.0.0.0:8745 \ + --server-attestation-type auto \ + 127.0.0.1:5001 + +Restart=always +RestartSec=5 + +[Install] +WantedBy=minimal.target diff --git a/bob-common/mkosi.extra/etc/systemd/system/cvm-reverse-proxy.service b/bob-common/mkosi.extra/etc/systemd/system/cvm-reverse-proxy.service deleted file mode 100644 index d7dcc7fe..00000000 --- a/bob-common/mkosi.extra/etc/systemd/system/cvm-reverse-proxy.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=SSH Public Key Server -After=ssh-pubkey-server.service -Requires=ssh-pubkey-server.service - -[Service] -Type=simple -ExecStart=cvm-reverse-proxy --listen-addr=0.0.0.0:8745 \ - --target-addr=http://localhost:5001 \ - --server-attestation-type=auto \ - --override-azurev6-tcbinfo -Restart=always -RestartSec=5 - -[Install] -WantedBy=minimal.target diff --git a/bob-common/mkosi.postinst b/bob-common/mkosi.postinst index a5a01654..ab490b35 100755 --- a/bob-common/mkosi.postinst +++ b/bob-common/mkosi.postinst @@ -29,7 +29,7 @@ for service in \ dropbear.service \ searcher-container.service \ ssh-pubkey-server.service \ - cvm-reverse-proxy.service + attested-tls-proxy.service do mkosi-chroot systemctl enable "$service" ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/"