You need to install Nix and enable flakes to use this repo. Examples are structured as an additional Nix flake containing derivations (ie, build recipes, like Dockerfiles) for potential EIFs.
To see the overall plumbing to use the aws-nitro-util flake, see flake.nix.
To see examples for specific EIFs, see the individual package definitions:
- Booting an enclave with a shell script only:
withShellScript.nix - Booting an enclave with your own, compiled-from-source kernel:
bringYourOwnKernel.nix
nix flake shownix build '.#shellScriptEif'Note this will produce an aarch64-linux EIF if you are running it in an ARM Mac.
Nix allows compiling 'natively' for other architectures by building in a different machine.
To do this you need to set up a linux remote builder first. This can be any machine you can SSH into, including a VM.
Then, for example, to compile EIFs natively for x86_64-linux on an ARM Mac:
nix build '.#packages.x86_64-linux-crossCompiledEif'Using remote builders makes builds simpler (because it is a linux x86 machine compiling linux x86 binaries) but requires setting up that additional machine and telling your local Nix installation about it.
If you do not have remote builders, you can cross-compile. Keep in mind this requires all dependencies of your EIF to be cross-compiled too (which is tricky for bash scripts).
To cross-compile an EIF from your local system
to x86_64-linux:
nix build '.#x86_64-linux-crossCompiledEif'