Created
February 1, 2026 02:22
-
-
Save raiym/d5e916e915cb3e146d3b46d4a50344f8 to your computer and use it in GitHub Desktop.
cocoon.patch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/runners/client/ClientRunner.cpp b/runners/client/ClientRunner.cpp | |
| index f39442e..a19779a 100644 | |
| --- a/runners/client/ClientRunner.cpp | |
| +++ b/runners/client/ClientRunner.cpp | |
| @@ -93,7 +93,7 @@ void ClientRunner::run_get_models_request( | |
| jb.stop_object(); | |
| auto res = jb.as_cslice().str(); | |
| - http_send_static_answer(std::move(res), std::move(promise)); | |
| + http_send_static_answer(std::move(res), std::move(promise), "application/json"); | |
| }); | |
| } else { | |
| auto request = cocoon::create_serialize_tl_object<cocoon_api::client_getWorkerTypesV2>(); | |
| @@ -134,7 +134,7 @@ void ClientRunner::run_get_models_request( | |
| jb.stop_object(); | |
| auto res = jb.as_cslice().str(); | |
| - http_send_static_answer(std::move(res), std::move(promise)); | |
| + http_send_static_answer(std::move(res), std::move(promise), "application/json"); | |
| }); | |
| } | |
| } | |
| diff --git a/scripts/cocoon-launch b/scripts/cocoon-launch | |
| index 228e9de..eac4335 100755 | |
| --- a/scripts/cocoon-launch | |
| +++ b/scripts/cocoon-launch | |
| @@ -506,13 +506,15 @@ def run_client_local(cfg: Config): | |
| # Start router (SOCKS5 only, no reverse proxy) with colored output | |
| router = f'{cfg.build_dir}/tee/router' | |
| - router_proc = popen([router, '-S', '8116@tdx', '--serialize-info'], | |
| + router_policy = os.environ.get('COCOON_ROUTER_POLICY', 'tdx') | |
| + router_proc = popen([router, '-S', f'8116@{router_policy}', '--serialize-info'], | |
| stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, bufsize=1) | |
| router_thread = threading.Thread(target=stream_output, args=(router_proc, 'ROUTER', '36'), daemon=True) | |
| router_thread.start() | |
| # Run client with colored output | |
| - client_cmd = [f'{cfg.build_dir}/client-runner', '--config', f'{cfg.local_run_dir}/client-config.json', '-v3'] | |
| + client_verbosity = os.environ.get('COCOON_CLIENT_VERBOSITY', '3') | |
| + client_cmd = [f'{cfg.build_dir}/client-runner', '--config', f'{cfg.local_run_dir}/client-config.json', f'-v{client_verbosity}'] | |
| if cfg.fake_ton: | |
| client_cmd += ['--disable-ton', f'{cfg.local_run_dir}/fake-ton-config.json'] | |
| diff --git a/tee/cocoon/tdx.cpp b/tee/cocoon/tdx.cpp | |
| index c164c40..848fa00 100644 | |
| --- a/tee/cocoon/tdx.cpp | |
| +++ b/tee/cocoon/tdx.cpp | |
| @@ -29,6 +29,7 @@ | |
| #include "td/utils/Time.h" | |
| #include "td/utils/Variant.h" | |
| #include <cstring> | |
| +#include <cstdlib> | |
| #include <mutex> | |
| #include <optional> | |
| #include <unordered_map> | |
| @@ -1027,8 +1028,9 @@ struct DefaultPolicy : public Policy { | |
| CHECK(attestation_data.is_tdx()); | |
| const auto &attestation = attestation_data.as_tdx(); | |
| - // Verify reportdata matches user claims | |
| - if (user_claims.to_hash() != attestation.reportdata) { | |
| + // Verify reportdata matches user claims (unless explicitly skipped) | |
| + const bool skip_user_claims = std::getenv("COCOON_SKIP_TDX_USERCLAIMS") != nullptr; | |
| + if (!skip_user_claims && user_claims.to_hash() != attestation.reportdata) { | |
| return td::Status::Error("Report data mismatch (user claims don't match attestation)"); | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment