Address code review comments

Dockerfile

@@ -23,15 +23,15 @@ RUN apt-get update && \
 RUN mkdir -p \
     ./bin \
     ./guests/sgx \
-    /etc/opt/raiko/config \
-    /etc/opt/raiko/secrets \
+    /root/.config/raiko/config \
+    /root/.config/raiko/secrets \
     /tmp/sgx \
     /var/log/raiko
 
-COPY --from=builder /opt/raiko/target/release/raiko-guest ./guests/sgx/
-COPY --from=builder /opt/raiko/raiko-guest/config/raiko-guest.manifest.template ./guests/sgx/
+COPY --from=builder /opt/raiko/target/release/raiko-guest ./guests/sgx
+COPY --from=builder /opt/raiko/raiko-guest/config/raiko-guest.manifest.template ./guests/sgx
 COPY --from=builder /opt/raiko/target/release/raiko-host ./bin
-COPY --from=builder /opt/raiko/raiko-host/config/config.toml /etc/opt/raiko/config/
+COPY --from=builder /opt/raiko/raiko-host/config/config.toml /root/.config/raiko/config
 COPY --from=builder /opt/raiko/docker/entrypoint.sh ./bin
 COPY ./sgx-ra/src/*.so /usr/lib/
 
@@ -41,4 +41,4 @@ RUN cd ./guests/sgx && \
     gramine-sgx-sign --manifest raiko-guest.manifest --output raiko-guest.manifest.sgx && \
     cd -
 
-# ENTRYPOINT [ "/opt/raiko/bin/entrypoint.sh" ]
+ENTRYPOINT [ "/opt/raiko/bin/entrypoint.sh" ]

README_Raiko.md

@@ -116,7 +116,7 @@ To run `raiko-guest` in _one-shot_ mode with SGX using Gramine:
    -----------------------------------------------------------------------------------------------------------------------
    Bootstrapping the app
    Next public key: 0x021d90eee5c402692fa3a3d3edd43a052367efbd6e4d26b9ca14099516525b9d09
-   Entry: /etc/opt/raiko/secrets/priv.key
+   Entry: /root/.config/raiko/secrets/priv.key
    ```
 1. Run `raiko-guest` with the input file of your choice:
 

docker/docker-compose-pos.yml

@@ -3,14 +3,14 @@ services:
   raiko:
     image: gcr.io/evmchain/raiko:latest-pos
     container_name: raiko
-    command: --config-path=/etc/opt/raiko/config/config.toml
+    command: --config-path=/root/.config/raiko/config/config.toml
     devices:
       - "/dev/sgx_enclave:/dev/sgx_enclave"
       - "/dev/sgx_provision:/dev/sgx_provision"
     volumes:
       - /tmp/sgx:/tmp/sgx
       - /var/log/raiko:/var/log/raiko
-      # - YOUR_CONFIG_PATH:/etc/opt/raiko/config.toml
-      - ${HOME}/.config/raiko:/etc/opt/raiko
+      # - YOUR_CONFIG_PATH:$HOME/.config/raiko/config/config.toml
+      - ${HOME}/.config/raiko:/root/.config/raiko
     ports:
       - "8080:8080"

docker/docker-compose.yml

@@ -3,13 +3,13 @@ services:
   raiko:
     image: gcr.io/evmchain/raiko:latest
     container_name: raiko
-    command: --config-path=/etc/opt/raiko/config/config.toml
+    command: --config-path=/root/.config/raiko/config/config.toml
     devices:
       - "/dev/sgx_enclave:/dev/sgx_enclave"
       - "/dev/sgx_provision:/dev/sgx_provision"
     volumes:
       - /tmp/sgx:/tmp/sgx
       - /var/log/raiko:/var/log/raiko
-      - ${HOME}/.config/raiko:/etc/opt/raiko
+      - ${HOME}/.config/raiko:/root/.config/raiko
     ports:
       - "8080:8080"

raiko-guest/Cargo.toml

@@ -18,7 +18,7 @@ secp256k1 = { version = "0.27.0", features = [
 ] }
 rand = "0.8.5"
 hex = "0.4.3"
-clap = { version = "4.4.6", features = ["derive"] }
+clap = { version = "4.4.6", features = ["derive", "string"] }
 ethers-core = { version = "2.0", features = ["optimism"] }
 zeth-primitives = { path = "../primitives", features = ["taiko"] }
 rand_core = "0.6.4"
@@ -27,6 +27,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 base64-serde = "0.7.0"
 base64 = "0.21.7"
+dirs = "5.0.1"
 
 [features]
 sgx-ra = ["dep:sgx-ra"]

raiko-guest/config/raiko-guest.manifest.template

@@ -4,6 +4,7 @@
 loader.entrypoint = "file:{{ gramine.libos }}"
 libos.entrypoint = "/raiko-guest"
 loader.log_level = "{{ log_level }}"
+loader.env.HOME = "/root"
 loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}"
 loader.env.RUST_LOG = "info"
 
@@ -13,8 +14,8 @@ fs.mounts = [
   { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
   { path = "/usr/lib/ssl/certs/", uri = "file:/usr/lib/ssl/certs/" },
   { path = "/tmp", uri = "file:/tmp" },
-  { path = "/etc/opt/raiko/config", uri = "file:/etc/opt/raiko/config" },
-  { path = "/etc/opt/raiko/secrets", uri = "file:{{ env.get('SECRETS_DIR', '/etc/opt/raiko/secrets') }}", type = "encrypted", key_name = "_sgx_mrsigner" },
+  { path = "/root/.config/raiko/config", uri = "file:/root/.config/raiko/config" },
+  { path = "/root/.config/raiko/secrets", uri = "file:{{ '/root/.config/raiko/secrets' }}", type = "encrypted", key_name = "_sgx_mrsigner" },
 ]
 sys.insecure__allow_eventfd = true
 loader.insecure__use_cmdline_argv = true
@@ -36,6 +37,6 @@ sys.enable_extra_runtime_domain_names_conf = true
 sgx.remote_attestation = "dcap"
 
 sgx.allowed_files = [
-  "file:{{ env.get('INPUT_FILES_DIR', '/tmp') }}",
-  "file:/etc/opt/raiko/config",
+  "file:/tmp/sgx",
+  "file:/root/.config/raiko/config",
 ]

raiko-guest/src/app_args.rs

@@ -3,6 +3,8 @@ use std::path::PathBuf;
 use clap::{ArgAction, Args, Parser, Subcommand};
 use zeth_primitives::{Address, B256};
 
+const DEFAULT_RAIKO_USER_CONFIG_SUBDIR_PATH: &str = ".config/raiko";
+
 #[derive(Debug, Parser)]
 pub struct App {
     #[clap(flatten)]
@@ -44,15 +46,22 @@ pub struct OneShotArgs {
     pub l2_chain: Option<String>,
 }
 
+fn get_default_raiko_user_config_path(subdir: &str) -> PathBuf {
+    let mut home_dir = dirs::home_dir().unwrap();
+    home_dir.push(DEFAULT_RAIKO_USER_CONFIG_SUBDIR_PATH);
+    home_dir.push(subdir);
+    home_dir
+}
+
 #[derive(Debug, Args)]
 pub struct GlobalOpts {
-    #[clap(short, long, default_value = "/etc/opt/raiko/secrets")]
+    #[clap(short, long, default_value=get_default_raiko_user_config_path("secrets").into_os_string())]
     /// Path to the directory with the encrypted private keys being used to sign the
     /// blocks. For more details on the encryption see:
     /// https://gramine.readthedocs.io/en/stable/manifest-syntax.html#encrypted-files
     pub secrets_dir: PathBuf,
 
-    #[clap(short, long, default_value = "/etc/opt/raiko/config")]
+    #[clap(short, long, default_value=get_default_raiko_user_config_path("config").into_os_string())]
     /// Path to the directory with raiko configuration files.
     pub config_dir: PathBuf,
 

raiko-guest/src/one_shot.rs

@@ -71,7 +71,7 @@ fn save_bootstrap_details(
     bootstrap_details_file_path: &Path,
 ) -> Result<(), Error> {
     let bootstrap_details = BootstrapData {
-        public_key: key_pair.public_key().to_string(),
+        public_key: format!("0x{}", key_pair.public_key().to_string()),
         new_instance,
         quote,
     };
@@ -94,9 +94,10 @@ pub fn bootstrap(global_opts: GlobalOpts) -> Result<()> {
     let bootstrap_details_file_path = global_opts.config_dir.join(BOOTSTRAP_INFO_FILENAME);
     save_bootstrap_details(&key_pair, new_instance, quote, &bootstrap_details_file_path)?;
     println!(
-        "Boostrap details saved in {}",
+        "Bootstrap details saved in {}",
         bootstrap_details_file_path.display()
     );
+    println!("Encrypted private key saved in {}", privkey_path.display());
     Ok(())
 }