teepot-v0.3.0

What's Changed

• feat: initial commit by @haraldh in #2
• chore(deps): update rust crate bytemuck to 1.14.3 by @renovate in #3
• chore(deps): update trufflesecurity/trufflehog action to v3.67.5 by @renovate in #9
• chore(deps): update rust crate clap to 4.5 by @renovate in #8
• chore: change the source repo of nixsgx by @haraldh in #6
• chore(deps): update rust crate thiserror to 1.0.57 by @renovate in #12
• chore: do not publish containers to ghcr.io anymore by @haraldh in #7
• chore(deps): update trufflesecurity/trufflehog action to v3.67.6 by @renovate in #13
• feat: use snowfall flake for nix by @haraldh in #14
• feat: remove intel-tee-quote-verification-sys by @haraldh in #15
• feat: build and push container-verify-attestation by @haraldh in #16
• fix: use matterlabsrobot docker namespace by @haraldh in #17
• ci: fix pushing to docker by @haraldh in #18
• ci: fix docker push by @haraldh in #19
• chore(deps): rustls-pemfile 2 by @haraldh in #20
• fix(tee-key-preexec): don't hash public key by @haraldh in #21
• chore(nix): replace nix-filter with lib.fileset by @haraldh in #22
• chore(deps): update rust crate ring to 0.17.8 by @renovate in #23
• chore(deps): update rust crate anyhow to 1.0.80 by @renovate in #24
• chore(deps): update trufflesecurity/trufflehog action to v3.68.0 by @renovate in #25
• chore(deps): update rust crate pgp to 0.11 by @renovate in #26
• feat: use real RA-TLS for everything by @haraldh in #28
• chore: cleanup and nixify by @haraldh in #29
• chore(deps): remove unused dependencies by @haraldh in #30
• chore(deps): update rust crate mio to v0.8.11 [security] by @renovate in #34
• chore(deps): update trufflesecurity/trufflehog action to v3.68.4 by @renovate in #27
• chore(deps): update rust crate mio to 0.8.11 by @renovate in #32
• chore(deps): update rust crate base64 to 0.22.0 by @haraldh in #35
• chore(deps): update trufflesecurity/trufflehog action to v3.68.5 by @renovate in #36
• feat: attestation test on azure and default dcap by @haraldh in #37
• ci: fix nix push_to_docker concurrency group by @haraldh in #40
• fix: cleanup the nix packages by @haraldh in #41
• chore(deps): update cachix/install-nix-action action to v26 by @renovate in #39
• chore(deps): update trufflesecurity/trufflehog action to v3.69.0 by @renovate in #38
• ci: use --check for nix fmt by @haraldh in #43
• docs: add bin/tee-self-attestation-test/README.md by @haraldh in #44
• ci: use crane flake to build with nix by @haraldh in #45
• feat: add fmt nix package and update README.md by @haraldh in #46
• chore(deps): update rust crate thiserror to 1.0.58 by @renovate in #49
• chore(deps): update rust crate anyhow to 1.0.81 by @renovate in #48
• chore(deps): update rust crate serde_with to 3.7 by @renovate in #47
• chore: rename intel-tee-quote-verification-rs to teepot-tee-quote-verification-rs by @haraldh in #50
• chore: release by @haraldh in #51
• chore(deps): update rust crate bytemuck to 1.15.0 by @renovate in #52
• chore: strip release executables by default by @haraldh in #53
• chore: fix typos by @xiaoxianBoy in #56
• fix(flake): follow the inputs of nixsgx by @haraldh in #58
• ci: remove workflows already in nix check by @haraldh in #59
• chore(deps): update trufflesecurity/trufflehog action to v3.71.1 by @renovate in #54
• chore(deps): update rust crate bitflags to 2.5 by @renovate in #57
• chore(deps): update trufflesecurity/trufflehog action to v3.71.2 by @renovate in #60
• fix(deps): use craneLib.removeReferencesToVendoredSources by @haraldh in #64
• chore(deps): update rust crate anyhow to 1.0.82 by @renovate in #65
• chore(deps): update rust crate der to 0.7.9 by @renovate in #61
• chore(deps): update trufflesecurity/trufflehog action to v3.73.0 by @renovate in #62
• chore(deps): update rust crate getrandom to 0.2.14 by @renovate in #63
• ci: pin nixci version to the 23.11 release by @haraldh in #72
• chore(deps): update rust crate serde_with to 3.8 by @renovate in #71
• chore(deps): update trufflesecurity/trufflehog action to v3.74.0 by @renovate in #69
• chore(deps): update actions/checkout digest to 0ad4b8f by @renovate in #68
• chore(deps): update rust crate thiserror to 1.0.59 by @renovate in #67
• chore(deps): update rust crate rustls to v0.22.4 [security] by @renovate in #66
• chore(deps): update trufflesecurity/trufflehog action to v3.75.1 by @renovate in #92
• chore(deps): update rust crate tokio to v1.37.0 by @renovate in #91
• chore(deps): update rust crate bytes to v1.6.0 by @renovate in #90
• chore(deps): update rust crate serde to v1.0.200 by @renovate in #87
• chore(deps): update rust crate anyhow to v1.0.83 by @renovate in #93
• chore(deps): flake update by @haraldh in #99
• chore(deps): update rust crate bytemuck to v1.16.0 by @renovate in #98
• chore(deps): update actions/checkout digest to a5ac7e5 by @renovate in #100
• chore(deps): cargo update by @haraldh in #102
• fix: only restart aesmd if aesm.socket is not readable by @haraldh in #103
• chore(deps): update trufflesecurity/trufflehog action to v3.76.3 by @renovate in #104
• chore(deps): update cachix/cachix-action action to v15 by @renovate in #105
• chore(deps): update cachix/install-nix-action action to v27 by @renovate in #106
• chore(deps): update to rust version 1.78 by @haraldh in #114
• feat(tee-vault-unseal): add VAULT_AUTH_TEE_SHA256_FILE by @haraldh in #115
• feat: use nixsgx nix function to create containers by @haraldh in #116
• chore(deps): update trufflesecurity/trufflehog action to v3.78.1 by @renovate in #108
• ci: fix and revise docker push strategy by @haraldh in #117
• chore(deps): update deps and licenses by @haraldh in #118
• ci: fix infra docker push by @haraldh in #119
• fix(tee-key-preexec): export the key in PEM by @haraldh in #120
• chore(deps): update actions/checkout digest to 692973e by @renovate in #121
• feat: remove mio workaround with gramine 1.7 by @haraldh in #124
• chore(deps): update rust crate pgp to 0.13 by @renovate in #123
• chore: cargo update + taplo fmt by @haraldh in #128
• chore(deps): update trufflesecurity/trufflehog action to v3.78.2 by @renovate in #129
• chore: remove obsolete Dockerfiles by @haraldh in #130
• chore(deps): update rust crate bitflags to v2.6.0 by @renovate in #131
• chore(deps): update rust crate serde_json to v1.0.118 by @renovate in #132
• chore(deps): update trufflesecurity/trufflehog action to v3.79.0 by @renovate in #133
• chore(deps): update rust crate log to v0.4.22 by @renovate in #134
• chore: Update GitHub actions to run on custom runner and push to infra by @haraldh in #135
• chore: update GitHub Actions workflow configuration by @haraldh in #136
• Replace k256 with secp256k1 crate by @pbeza in #141
• chore: use attic nix cache by @haraldh in #142
• feat: use nixsgxLib.mkSGXContainer by @haraldh in #143
• chore: update nixsgx-flake by @haraldh in #144
• chore: misc fixes by @haraldh in #145
• chore: update k8s example files by @haraldh in #146
• chore(deps): update rust crate serde_json to v1.0.120 by @renovate in #139
• chore(deps): update rust crate clap to v4.5.8 by @renovate in #137
• chore(deps): update rust crate pgp to v0.13.1 by @renovate in #138
• chore(deps): update rust crate serde_with to v3.8.2 by @renovate in #140
• fix: hardcode VAULT_AUTH_TEE_VERSION in vault manifest by @haraldh in #147
• fix: update the common cacert and include it in the unseal container by @haraldh in #148
• fix(container-vault-unseal-sgx-azure): correct VAULT_AUTH_TEE_SHA256_FILE by @haraldh in #149
• fix(tee-vault-unseal): pick either VAULT_AUTH_TEE_SHA256 string or file by @haraldh in #150
• chore: change dns names for the vault cluster by @haraldh in #154
• fix: dns for vault nodes by @otani88 in #155
• feat(verify-attestation): attestation and batch signature verification binary by @pbeza in #156
• fix(verify-attestation): simplify dependencies by @pbeza in #161
• ci: change runners for execute jobs by @otani88 in #163
• chore(deps): update rust crate tokio to v1.39.1 by @renovate in #159
• chore: debug vault with gramine warning by @haraldh in #169
• chore: debug vault with gramine trace by @haraldh in #170
• chore: debug vault with gramine debug by @haraldh in #171
• chore: tweak vault parameters for slow plugin loading by @haraldh in #172
• chore: turn off debug again by @haraldh in #173
• fix(teepot-vault-unseal-sgx): pass CA_CERT_FILE by @haraldh in #174
• feat: add Kubernetes pod spec for vault-unseal and update docs by @haraldh in #175
• chore: cargo update by @haraldh in #176
• chore(deps): update trufflesecurity/trufflehog action to v3.81.6 by @renovate in #160
• fix: use performance_multiplier by @haraldh in #177
• fix: increase performance_multiplier by @haraldh in #178
• chore(deps): update rust crate serde to v1.0.205 by @renovate in #180
• chore(deps): update trufflesecurity/trufflehog action to v3.81.7 by @renovate in #179
• fix(container-vault-sgx-azure): increase max file descriptors for vault by @haraldh in #181
• fix(vault): maybe fix netpollBreak issues by @haraldh in #182
• fix(container-vault-sgx-azure): remove insecure eventfd setting by @haraldh in #193
• feat(verify-attestation): RPC attestation and batch signature verification binary by @pbeza in #189
• feat(tee-key-preexec): add cmdline arg for env prefix by @haraldh in #196
• feat(verify-era-proof-attestation): add support for verifying a range of batches by @pbeza in #194
• chore: cargo and flake update by @haraldh in #195
• chore(deps): update trufflesecurity/trufflehog action to v3.81.10 by @renovate in #184
• chore: add extra startup information to unseal and admin enclaves by @haraldh in #197
• chore(nix): set shell environment for openssl by @haraldh in #199
• feat(verify-era-proof-attestation): added continuous mode with attestation policies by @pbeza in #198
• chore: prepare release tags by @haraldh in #205

New Contributors

• @xiaoxianBoy made their first contribution in #56
• @pbeza made their first contribution in #141
• @otani88 made their first contribution in #155