From 284393bf76d8a530c7c213d3a3b1cb048d68cddb Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@matterlabs.dev>
Date: Tue, 21 May 2024 10:33:39 +0200
Subject: [PATCH] fix: only restart `aesmd` if `aesm.socket` is not readable

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
---
 packages/container-self-attestation-test-sgx-azure/Dockerfile | 2 +-
 packages/container-self-attestation-test-sgx-dcap/Dockerfile  | 2 +-
 packages/container-vault-admin-sgx-azure/Dockerfile           | 2 +-
 packages/container-vault-sgx-azure/Dockerfile                 | 2 +-
 packages/container-vault-unseal-sgx-azure/Dockerfile          | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/container-self-attestation-test-sgx-azure/Dockerfile b/packages/container-self-attestation-test-sgx-azure/Dockerfile
index 8a7fc84..8b823da 100644
--- a/packages/container-self-attestation-test-sgx-azure/Dockerfile
+++ b/packages/container-self-attestation-test-sgx-azure/Dockerfile
@@ -20,4 +20,4 @@ EXPOSE 8443
 
 ENTRYPOINT ["/bin/sh", "-c"]
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
-CMD [ "restart-aesmd >&2; exec gramine-sgx tee-self-attestation-test" ]
+CMD [ "[[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd >&2; exec gramine-sgx tee-self-attestation-test" ]
diff --git a/packages/container-self-attestation-test-sgx-dcap/Dockerfile b/packages/container-self-attestation-test-sgx-dcap/Dockerfile
index a8d879b..aede075 100644
--- a/packages/container-self-attestation-test-sgx-dcap/Dockerfile
+++ b/packages/container-self-attestation-test-sgx-dcap/Dockerfile
@@ -22,4 +22,4 @@ EXPOSE 8443
 
 ENTRYPOINT ["/bin/sh", "-c"]
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
-CMD [ "restart-aesmd >&2; exec gramine-sgx tee-self-attestation-test" ]
+CMD [ "[[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd >&2; exec gramine-sgx tee-self-attestation-test" ]
diff --git a/packages/container-vault-admin-sgx-azure/Dockerfile b/packages/container-vault-admin-sgx-azure/Dockerfile
index 09a9d23..0ce4d49 100644
--- a/packages/container-vault-admin-sgx-azure/Dockerfile
+++ b/packages/container-vault-admin-sgx-azure/Dockerfile
@@ -22,4 +22,4 @@ EXPOSE 8443
 
 ENTRYPOINT ["/bin/sh", "-c"]
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
-CMD [ "echo tee-vault-admin in SGX mode starting; restart-aesmd ; exec gramine-sgx tee-vault-admin" ]
+CMD [ "echo tee-vault-admin in SGX mode starting; [[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd ; exec gramine-sgx tee-vault-admin" ]
diff --git a/packages/container-vault-sgx-azure/Dockerfile b/packages/container-vault-sgx-azure/Dockerfile
index e1530fc..ef8e14c 100644
--- a/packages/container-vault-sgx-azure/Dockerfile
+++ b/packages/container-vault-sgx-azure/Dockerfile
@@ -22,4 +22,4 @@ VOLUME /opt/vault/data
 
 ENTRYPOINT ["/bin/sh", "-c"]
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
-CMD [ "echo vault in SGX mode starting; restart-aesmd ; exec gramine-sgx vault" ]
+CMD [ "echo vault in SGX mode starting; [[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd ; exec gramine-sgx vault" ]
diff --git a/packages/container-vault-unseal-sgx-azure/Dockerfile b/packages/container-vault-unseal-sgx-azure/Dockerfile
index f4dcbe5..4d845bb 100644
--- a/packages/container-vault-unseal-sgx-azure/Dockerfile
+++ b/packages/container-vault-unseal-sgx-azure/Dockerfile
@@ -22,4 +22,4 @@ EXPOSE 8443
 
 ENTRYPOINT ["/bin/sh", "-c"]
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
-CMD [ "echo tee-vault-unseal in SGX mode starting; restart-aesmd ; exec gramine-sgx tee-vault-unseal" ]
+CMD [ "echo tee-vault-unseal in SGX mode starting; [[ -r /var/run/aesmd/aesm.socket ]] || restart-aesmd ; exec gramine-sgx tee-vault-unseal" ]