-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathdcap_test.Dockerfile
148 lines (118 loc) · 6 KB
/
dcap_test.Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
FROM --platform=linux/amd64 ubuntu:22.04 AS builder
ARG TZ="Etc/UTC"
ARG RUST_TOOLCHAIN="1.73.0"
WORKDIR /root
RUN DEBIAN_FRONTEND="noninteractive" apt-get update && \
DEBIAN_FRONTEND="noninteractive" apt-get upgrade -y && \
DEBIAN_FRONTEND="noninteractive" apt-get install -y apt-utils apt-transport-https software-properties-common readline-common curl vim wget gnupg gnupg2 gnupg-agent ca-certificates cmake pkg-config libssl-dev git build-essential llvm clang libclang-dev rsync libboost-all-dev libssl-dev zlib1g-dev miniupnpc
RUN curl --proto "=https" --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain="${RUST_TOOLCHAIN}" && \
$HOME/.cargo/bin/rustup target add wasm32-unknown-unknown --toolchain "${RUST_TOOLCHAIN}"
RUN curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/intel-sgx.list
RUN curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/gramine.list
RUN DEBIAN_FRONTEND="noninteractive" apt-get update && \
DEBIAN_FRONTEND="noninteractive" apt-get install -y \
libsgx-headers \
libsgx-ae-epid \
libsgx-ae-le \
libsgx-ae-pce \
libsgx-aesm-ecdsa-plugin \
libsgx-aesm-epid-plugin \
libsgx-aesm-launch-plugin \
libsgx-aesm-pce-plugin \
libsgx-aesm-quote-ex-plugin \
libsgx-enclave-common \
libsgx-enclave-common-dev \
libsgx-epid \
libsgx-epid-dev \
libsgx-launch \
libsgx-launch-dev \
libsgx-quote-ex \
libsgx-quote-ex-dev \
libsgx-uae-service \
libsgx-urts \
libsgx-ae-qe3 \
libsgx-pce-logic \
libsgx-qe3-logic \
libsgx-ra-network \
libsgx-ra-uefi \
libsgx-dcap-default-qpl \
libsgx-dcap-default-qpl-dev \
libsgx-dcap-quote-verify \
libsgx-dcap-quote-verify-dev \
libsgx-dcap-ql \
libsgx-dcap-ql-dev \
sgx-aesm-service \
gramine && \
apt-get clean -y
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y rsync unzip lsb-release debhelper gettext cmake reprepro autoconf automake bison build-essential curl dpkg-dev expect flex gcc gdb git git-core gnupg kmod libboost-system-dev libboost-thread-dev libcurl4-openssl-dev libiptcdata0-dev libjsoncpp-dev liblog4cpp5-dev libprotobuf-dev libssl-dev libtool libxml2-dev uuid-dev ocaml ocamlbuild pkg-config protobuf-compiler gawk nasm ninja-build python3 python3-pip python3-click python3-jinja2 texinfo llvm clang libclang-dev && \
DEBIAN_FRONTEND="noninteractive" apt-get clean -y
RUN PATH="$PATH:$HOME/.cargo/bin" cargo install sgxs-tools
ARG APP_GIT_REPO="https://github.com/Phala-Network/dcap-test.git"
ARG APP_GIT_TAG="main"
ARG APP_NAME="dcap-test"
RUN git clone --depth 1 --recurse-submodules --shallow-submodules -j 8 -b ${APP_GIT_TAG} ${APP_GIT_REPO} $HOME/${APP_NAME}
ARG RA_TYPE="dcap"
ARG SGX_SIGNER_KEY="private.dev.pem"
ARG APP_DEPLOYMENT_DIR="/opt/dcap-test"
COPY priv.build_stage .priv
RUN cd $HOME/${APP_NAME}/gramine-build && \
PATH="$PATH:$HOME/.cargo/bin" make dist PREFIX="${APP_DEPLOYMENT_DIR}" && \
PATH="$PATH:$HOME/.cargo/bin" make clean && \
rm -rf $HOME/.priv/*
# ====
FROM --platform=linux/amd64 ubuntu:22.04
ARG TZ="Etc/UTC"
RUN DEBIAN_FRONTEND="noninteractive" apt-get update && \
DEBIAN_FRONTEND="noninteractive" apt-get upgrade -y && \
DEBIAN_FRONTEND="noninteractive" apt-get install -y apt-utils apt-transport-https software-properties-common readline-common curl vim wget gnupg gnupg2 gnupg-agent ca-certificates git unzip tini
RUN curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/intel-sgx.list
RUN curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/gramine.list
RUN DEBIAN_FRONTEND="noninteractive" apt-get update && \
DEBIAN_FRONTEND="noninteractive" apt-get install -y \
python3 python3-pip \
libsgx-headers \
libsgx-ae-epid \
libsgx-ae-le \
libsgx-ae-pce \
libsgx-aesm-ecdsa-plugin \
libsgx-aesm-epid-plugin \
libsgx-aesm-launch-plugin \
libsgx-aesm-pce-plugin \
libsgx-aesm-quote-ex-plugin \
libsgx-enclave-common \
libsgx-enclave-common-dev \
libsgx-epid \
libsgx-epid-dev \
libsgx-launch \
libsgx-launch-dev \
libsgx-quote-ex \
libsgx-quote-ex-dev \
libsgx-uae-service \
libsgx-urts \
libsgx-ae-qe3 \
libsgx-pce-logic \
libsgx-qe3-logic \
libsgx-ra-network \
libsgx-ra-uefi \
libsgx-dcap-default-qpl \
libsgx-dcap-quote-verify \
libsgx-dcap-ql \
sgx-aesm-service \
gramine && \
DEBIAN_FRONTEND="noninteractive" apt-get clean -y
COPY --from=builder /root/.cargo/bin/sgx-detect /usr/local/bin
ARG APP_DEPLOYMENT_DIR="/opt/dcap-test"
COPY --from=builder ${APP_DEPLOYMENT_DIR} ${APP_DEPLOYMENT_DIR}
ADD dockerfile.d/start_dcap_test.sh ${APP_DEPLOYMENT_DIR}/start_dcap_test.sh
ADD dockerfile.d/conf /opt/conf
WORKDIR ${APP_DEPLOYMENT_DIR}
ENV SGX=1
ENV SKIP_AESMD=0
ENV SLEEP_BEFORE_START=6
ENV RUST_LOG="info"
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/bin/bash", "start_dcap_test.sh"]