[Python,CI-Examples] Hide loader.entrypoint manifest option
#1716
Conversation
There was a problem hiding this comment.
Reviewable status: 0 of 22 files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @dimakuv)
a discussion (no related file):
As it's user facing, maybe we can discuss this and #1717 in our next meeting (for quicker and wider feedback)?
There was a problem hiding this comment.
Reviewable status: 0 of 22 files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @kailun-qin)
a discussion (no related file):
Previously, kailun-qin (Kailun Qin) wrote…
As it's user facing, maybe we can discuss this and #1717 in our next meeting (for quicker and wider feedback)?
Done, see the updated meeting agenda: #1713
Blocking here until we discuss in the meeting.
dimakuv
force-pushed
the
dimakuv/rm-loader-entrypoint
branch
from
71d2424
to
34b1d30
Compare
There was a problem hiding this comment.
Reviewable status: 0 of 22 files reviewed, 1 unresolved discussion, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @kailun-qin)
a discussion (no related file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
Done, see the updated meeting agenda: #1713
Blocking here until we discuss in the meeting.
Done, we discussed and it was accepted.
There was a problem hiding this comment.
Reviewed 2 of 22 files at r1, 20 of 20 files at r2, all commit messages.
Reviewable status: all files reviewed, 4 unresolved discussions, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @dimakuv and @kailun-qin)
Documentation/manifest-syntax.rst line 73 at r2 (raw file):
loader.entrypoint = "[URI]" (Default: "<path to libsysdb.so>")
Suggestion:
loader.entrypoint = "[URI]"
(Default: "<path to libsysdb.so>")Documentation/manpages/gramine-manifest.rst line 107 at r2 (raw file):
.. code-block:: jinja loader.entrypoint = "file:{{ gramine.libos }}"
Shouldn't we drop it from here?
python/graminelibos/manifest.py line 350 at r2 (raw file):
loader = manifest.setdefault('loader', {}) if 'entrypoint' not in loader: loader['entrypoint'] = f"file:{_env.globals['gramine']['libos']}"
Suggestion:
loader['entrypoint'] = f'file:{_env.globals["gramine"]["libos"]}'
There was a problem hiding this comment.
Reviewable status: 19 of 22 files reviewed, 5 unresolved discussions, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: Intel), "fixup! " found in commit messages' one-liners (waiting on @kailun-qin and @mkow)
a discussion (no related file):
Putting a blocking comment to not forget to do the same for the Examples repo (see also the checkbox in the PR desc)
Documentation/manifest-syntax.rst line 73 at r2 (raw file):
loader.entrypoint = "[URI]" (Default: "<path to libsysdb.so>")
Done.
Documentation/manpages/gramine-manifest.rst line 107 at r2 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
Shouldn't we drop it from here?
Yeah, I think so. It's an example manifest file, so it should be aligned with the best practices and other example files.
python/graminelibos/manifest.py line 350 at r2 (raw file):
loader = manifest.setdefault('loader', {}) if 'entrypoint' not in loader: loader['entrypoint'] = f"file:{_env.globals['gramine']['libos']}"
Done.
There was a problem hiding this comment.
Reviewed 3 of 3 files at r3, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @kailun-qin)
There was a problem hiding this comment.
Reviewed 2 of 22 files at r1, 17 of 20 files at r2, 3 of 3 files at r3, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion, "fixup! " found in commit messages' one-liners
For end users, the `loader.entrypoint` manifest option is always the LibOS binary. Similarly, `sgx.trusted_files` must always contain the LibOS binary. To preserve special cases like PAL tests (where `loader.entrypoint` points to the PAL test binary), we allow special `loader.entrypoint`. In this case, the LibOS binary is not appended to `sgx.trusted_files`. Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
mkow
force-pushed
the
dimakuv/rm-loader-entrypoint
branch
from
ecfdda1
to
4fa74d8
Compare
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion
There was a problem hiding this comment.
Reviewable status:
complete! all files reviewed, all discussions resolved
a discussion (no related file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
Putting a blocking comment to not forget to do the same for the Examples repo (see also the checkbox in the PR desc)
gramineproject/examples#99 -- done
Description of the changes
For end users, the
loader.entrypointmanifest option is always the LibOS binary. Similarly,sgx.trusted_filesmust always contain the LibOS binary.To preserve special cases like PAL tests (where
loader.entrypointpoints to the PAL test binary), we allow specialloader.entrypoint. In this case, the LibOS binary is not appended tosgx.trusted_files.Rationale
I was asked too many times by casual users what the hell this is. I don't see any point in not allowing this info to go implicit.
So, it's a small user-friendliness improvement.
TODOs
If folks agree that it's a good change, then I'll do the same for:
How to test this PR?
Changes CI-Examples.
This change is