Skip to content
This repository was archived by the owner on Aug 28, 2024. It is now read-only.

Commit e0975db

Browse files
haraldhharaldh
authored
feat: add zksync_tee_prover and container to nix (matter-labs#2403)
``` $ nix build -L .#tee_prover $ nix build -L .#container-tee_prover-dcap $ nix build -L .#container-tee_prover-azure $ export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*') $ docker run -i --env GRAMINE_DIRECT=1 --env TEE_API_URL="http://127.0.0.1:3320" --privileged --init $IMAGE_TAG ``` ## What ❔ <!-- What are the changes this PR brings about? --> <!-- Example: This PR adds a PR template to the repo. --> <!-- (For bigger PRs adding more context is appreciated) --> ## Why ❔ <!-- Why are these changes done? What goal do they contribute to? What are the principles behind them? --> <!-- Example: PR templates ensure PR reviewers, observers, and future iterators are in context about the evolution of repos. --> ## Checklist <!-- Check your PR fulfills the following items. --> <!-- For draft PRs check the boxes as you complete them. --> - [x] PR title corresponds to the body of PR (we generate changelog entries from PRs). - [ ] Tests for the changes have been added / updated. - [x] Documentation comments have been added / updated. - [x] Code has been formatted via `zk fmt` and `zk lint`. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
1 parent f4410e3 commit e0975db

File tree

8 files changed

+899
-218
lines changed

8 files changed

+899
-218
lines changed

core/bin/zksync_tee_prover/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "zksync_tee_prover"
3-
version.workspace = true
3+
version = "0.1.0"
44
edition.workspace = true
55
authors.workspace = true
66
homepage.workspace = true

etc/nix/README.md

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
# Declarative and Reproducible builds with Nix
2+
3+
This directory contains the nix build recipes for various components of this project. Most importantly it is used to
4+
reproducible build `zksync_tee_prover` reproducibly and create a container containing all what is needed to run it on an
5+
SGX machine.
6+
7+
## Prerequisites
8+
9+
Install [nix](https://zero-to-nix.com/start/install).
10+
11+
In `~/.config/nix/nix.conf`
12+
13+
```ini
14+
experimental-features = nix-command flakes
15+
sandbox = true
16+
```
17+
18+
or on nixos in `/etc/nixos/configuration.nix` add the following lines:
19+
20+
```nix
21+
{
22+
nix = {
23+
extraOptions = ''
24+
experimental-features = nix-command flakes
25+
sandbox = true
26+
'';
27+
};
28+
}
29+
```
30+
31+
## Build
32+
33+
Build various components of this project with `nix`.
34+
35+
### Build as the CI would
36+
37+
```shell
38+
nix run github:nixos/nixpkgs/nixos-23.11#nixci
39+
```
40+
41+
### Build individual parts
42+
43+
```shell
44+
nix build .#zksync_server
45+
```
46+
47+
or
48+
49+
```shell
50+
nix build .#zksync_server.contract_verifier
51+
nix build .#zksync_server.external_node
52+
nix build .#zksync_server.server
53+
nix build .#zksync_server.snapshots_creator
54+
nix build .#zksync_server.block_reverter
55+
```
56+
57+
or
58+
59+
```shell
60+
nix build .#tee_prover
61+
nix build .#container-tee_prover-dcap
62+
nix build .#container-tee_prover-azure
63+
```
64+
65+
## Develop
66+
67+
`nix` can provide the build environment for this project.
68+
69+
```shell
70+
nix develop
71+
```
72+
73+
optionally create `.envrc` for `direnv` to automatically load the environment when entering the main directory:
74+
75+
```shell
76+
$ cat <<EOF > .envrc
77+
use flake .#
78+
EOF
79+
$ direnv allow
80+
```
81+
82+
### Format for commit
83+
84+
```shell
85+
nix run .#fmt
86+
```

etc/nix/container-tee-prover.nix

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{ pkgs
2+
, nixsgxLib
3+
, teepot
4+
, tee_prover
5+
, container-name
6+
, isAzure ? true
7+
, tag ? null
8+
}:
9+
let
10+
name = container-name;
11+
entrypoint = "${teepot.teepot.tee_key_preexec}/bin/tee-key-preexec";
12+
in
13+
nixsgxLib.mkSGXContainer {
14+
inherit name;
15+
inherit tag;
16+
17+
packages = [ teepot.teepot.tee_key_preexec tee_prover ];
18+
inherit entrypoint;
19+
inherit isAzure;
20+
21+
manifest = {
22+
loader = {
23+
argv = [
24+
entrypoint
25+
"${tee_prover}/bin/zksync_tee_prover"
26+
];
27+
28+
log_level = "error";
29+
30+
env = {
31+
TEE_API_URL.passthrough = true;
32+
API_PROMETHEUS_LISTENER_PORT.passthrough = true;
33+
API_PROMETHEUS_PUSHGATEWAY_URL.passthrough = true;
34+
API_PROMETHEUS_PUSH_INTERVAL_MS.passthrough = true;
35+
36+
### DEBUG ###
37+
RUST_BACKTRACE = "1";
38+
RUST_LOG = "warning,zksync_tee_prover=debug";
39+
};
40+
};
41+
42+
sgx = {
43+
edmm_enable = false;
44+
enclave_size = "32G";
45+
max_threads = 128;
46+
};
47+
};
48+
}

etc/nix/devshell.nix

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
{ pkgs
2+
, zksync_server
3+
, commonArgs
4+
}:
5+
pkgs.mkShell {
6+
inputsFrom = [ zksync_server ];
7+
8+
packages = with pkgs; [
9+
docker-compose
10+
nodejs
11+
yarn
12+
axel
13+
postgresql
14+
python3
15+
solc
16+
sqlx-cli
17+
];
18+
19+
inherit (commonArgs) env hardeningEnable;
20+
21+
shellHook = ''
22+
export ZKSYNC_HOME=$PWD
23+
export PATH=$ZKSYNC_HOME/bin:$PATH
24+
25+
if [ "x$NIX_LD" = "x" ]; then
26+
export NIX_LD=$(<${pkgs.clangStdenv.cc}/nix-support/dynamic-linker)
27+
fi
28+
if [ "x$NIX_LD_LIBRARY_PATH" = "x" ]; then
29+
export NIX_LD_LIBRARY_PATH="$ZK_NIX_LD_LIBRARY_PATH"
30+
else
31+
export NIX_LD_LIBRARY_PATH="$NIX_LD_LIBRARY_PATH:$ZK_NIX_LD_LIBRARY_PATH"
32+
fi
33+
'';
34+
35+
ZK_NIX_LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath [ ];
36+
}
37+

etc/nix/tee-prover.nix

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
{ cargoArtifacts
2+
, craneLib
3+
, versionSuffix
4+
, commonArgs
5+
}:
6+
craneLib.buildPackage (commonArgs // {
7+
pname = "zksync_tee_prover";
8+
version = (builtins.fromTOML (builtins.readFile ../../core/bin/zksync_tee_prover/Cargo.toml)).package.version + versionSuffix;
9+
cargoExtraArgs = "-p zksync_tee_prover --bin zksync_tee_prover";
10+
inherit cargoArtifacts;
11+
})

etc/nix/zksync-server.nix

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
{ cargoArtifacts
2+
, craneLib
3+
, versionSuffix
4+
, commonArgs
5+
}:
6+
craneLib.buildPackage (commonArgs // {
7+
pname = "zksync";
8+
version = (builtins.fromTOML (builtins.readFile ../../core/bin/zksync_tee_prover/Cargo.toml)).package.version + versionSuffix;
9+
cargoExtraArgs = "--all";
10+
inherit cargoArtifacts;
11+
12+
outputs = [
13+
"out"
14+
"contract_verifier"
15+
"external_node"
16+
"server"
17+
"snapshots_creator"
18+
"block_reverter"
19+
];
20+
21+
postInstall = ''
22+
mkdir -p $out/nix-support
23+
for i in $outputs; do
24+
[[ $i == "out" ]] && continue
25+
mkdir -p "''${!i}/bin"
26+
echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
27+
if [[ -e "$out/bin/zksync_$i" ]]; then
28+
mv "$out/bin/zksync_$i" "''${!i}/bin"
29+
else
30+
mv "$out/bin/$i" "''${!i}/bin"
31+
fi
32+
done
33+
34+
mkdir -p $external_node/nix-support
35+
echo "block_reverter" >> $external_node/nix-support/propagated-user-env-packages
36+
37+
mv $out/bin/merkle_tree_consistency_checker $server/bin
38+
mkdir -p $server/nix-support
39+
echo "block_reverter" >> $server/nix-support/propagated-user-env-packages
40+
'';
41+
})

0 commit comments

Comments
 (0)