diff --git a/Cargo.lock b/Cargo.lock index baab4771f..f798888b3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -869,6 +869,7 @@ dependencies = [ "base64 0.21.5", "clap 4.2.7", "ctr", + "daemonize", "env_logger 0.10.1", "futures", "jwt-simple", @@ -1236,6 +1237,15 @@ dependencies = [ "syn 2.0.41", ] +[[package]] +name = "daemonize" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab8bfdaacb3c887a54d41bdf48d3af8873b3f5566469f8ba21b92057509f116e" +dependencies = [ + "libc", +] + [[package]] name = "darling" version = "0.13.4" diff --git a/attestation-agent/coco_keyprovider/Cargo.toml b/attestation-agent/coco_keyprovider/Cargo.toml index 82f2917ed..8735478f1 100644 --- a/attestation-agent/coco_keyprovider/Cargo.toml +++ b/attestation-agent/coco_keyprovider/Cargo.toml @@ -11,6 +11,7 @@ anyhow.workspace = true base64.workspace = true clap = { workspace = true, features = ["derive"] } ctr.workspace = true +daemonize = "0.5.0" env_logger = "0.10.0" futures = "0.3.5" jwt-simple = "0.11.4" diff --git a/attestation-agent/coco_keyprovider/src/main.rs b/attestation-agent/coco_keyprovider/src/main.rs index 67911032d..a52503b8d 100644 --- a/attestation-agent/coco_keyprovider/src/main.rs +++ b/attestation-agent/coco_keyprovider/src/main.rs @@ -5,8 +5,10 @@ use anyhow::*; use clap::{arg, command, Parser}; +use daemonize::Daemonize; use log::*; -use std::{net::SocketAddr, path::PathBuf}; +use std::{fs::File, net::SocketAddr, path::PathBuf}; +use tokio::fs; pub mod enc_mods; pub mod grpc; @@ -30,6 +32,15 @@ struct Cli { /// will be automatically registered into the KBS. #[arg(long)] kbs: Option, + + /// Whether this process is launched in daemon mode. If it is set to + /// true, the stdio and stderr will be redirected to + /// `/run/confidential-containers/coco_keyprovider.out` and + /// `/run/confidential-containers/coco_keyprovider.err`. + /// The pid will be recorded in + /// `/run/confidential-containers/coco_keyprovider.pid` + #[arg(short, long, default_value = "false")] + daemon: bool, } #[tokio::main] @@ -48,6 +59,25 @@ async fn main() -> Result<()> { ); } + if cli.daemon { + fs::create_dir_all("/run/confidential-containers") + .await + .context("create coco run dir failed.")?; + let stdout = File::create("/run/confidential-containers/coco_keyprovider.out") + .context("create stdout redirect file failed.")?; + let stderr = File::create("/run/confidential-containers/coco_keyprovider.err") + .context("create stderr redirect file failed.")?; + + let daemonize = Daemonize::new() + .pid_file("/run/confidential-containers/coco_keyprovider.pid") + .chown_pid_file(true) + .working_directory("/run/confidential-containers") + .stdout(stdout) + .stderr(stderr); + + daemonize.start().context("daemonize failed")?; + } + grpc::start_service(cli.socket, cli.auth_private_key, cli.kbs).await?; Ok(())