Add Dockerfile to build on Alpine Linux (static musl binaries) #81
Conversation
|
Hi, we already integrated ACM for Nitro Enclaves on Alpine. See here an example: https://github.com/aws/aws-nitro-enclaves-acm/blob/main/env/enclave/Dockerfile. And while it would be nice to have multiple base images build support, we usually prefer the integration product/project that ingests this SDK to handle that. |
|
kmstool-enclave-cli depends on a bunch of c libraries. that seems like a lot of build logic to push into consuming applications that otherwise don't need (or want) to manage a c toolchain. Since kmstool-enclave-cli is meant to run in an enclave where you want to really control and constrain dependencies, it seems like a statically-linked option would be broadly useful to enclave-users. The best thing would be if you could just call KMS from the enclave in the native SDK for your language, but if you have to use kmstool-enclave-cli, it would be nice to at least not have a dependency on dynamic linking to an amazon-linux image |
Description of changes:
I am building a nitro-enclave container on Alpine Linux. Alpine uses musl instead of glibc. That means that I can't use the kmstool* binaries that are built on Amazon Linux. This PR adds a Dockerfile that can build everything in Alpine. A container that uses alpine as its base and adds the
gcompatpackage can use the kmstool* binaries produced by this change.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.