benchmark.manifest.template

# This is a general manifest template for running DuckDB.
# Don't use this manifest in production

loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ entrypoint }}"

#loader.log_level = "{{ log_level }}"
#loader.log_level = "trace"
#loader.log_level = "debug"
loader.log_level = "error"

# This is to enable calling the benchmark securely with different scripts
loader.insecure__use_cmdline_argv = true

#loader.insecure__use_host_env = true
loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
loader.env.PATH = "{{ execdir }}"

# Set HOME to suppress "warning: cannot find home directory"
loader.env.HOME = "/"

#loader.env.MALLOC_ARENA_MAX = "1"

fs.mounts = [
  { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
  { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
  { path = "/bin", uri = "file:/bin" },
  { path = "/usr/bin", uri = "file:/usr/bin" },
  { path = "/etc", uri = "file:/etc" },
  { path = "{{ entrypoint }}", uri = "file:{{ entrypoint }}" },
  { path = "/usr/share/zoneinfo", uri = "file:/usr/share/zoneinfo" },
  { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" },
  { path = "/tmp", uri = "file:/tmp" },
  { path = "/usr/local/lib/python3.11/dist-packages", uri = "file:/usr/local/lib/python3.11/dist-packages" },
  { path = "/usr/lib/python3/dist-packages", uri = "file:/usr/lib/python3/dist-packages" },
  { path = "/usr/lib/python3.11", uri = "file:/usr/lib/python3.11" },
  { path = "/home/sdp/.local/lib/python3.11/site-packages", uri = "file:/home/sdp/.local/lib/python3.11/site-packages" },
{% for path in python.get_sys_path(entrypoint) %}
  { path = "{{ path }}", uri = "file:{{ path }}" },
{% endfor %}
  { path = "{{ execdir }}", uri = "file:{{ execdir }}" },
  { path = "{{ execdir }}/duckdb-parquet-encrypted", uri = "file:{{ execdir }}/duckdb-parquet-encrypted" },
]

# Unfortunately, non-SGX Gramine cannot use special keys such as "_sgx_mrenclave", so for this
# example to work on both non-SGX and SGX versions we hardcode a dummy key. In SGX production case,
# it is recommended to remove this insecure key and instead use "_sgx_mrenclave"/"_sgx_mrsigner".
fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"

sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.enclave_size = "64G"
# Do not change the number of maximum threads
sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '963' }}
#sgx.insecure__rpc_thread_num = 16
#sgx.enable_stats = true
sgx.preheat_enclave = true
#sgx.profile.mode = "ocall_inner"
#sgx.profile.with_stack = 1
#sgx.cpu_features.avx512 = "required"

sgx.trusted_files = [
  "file:{{ gramine.libos }}",
  "file:{{ gramine.runtimedir() }}/",
  "file:{{ arch_libdir }}/",
  "file:{{ entrypoint }}",
  "file:/bin/",
  "file:/usr/bin/",
  "file:/usr/{{ arch_libdir }}/",
  "file:/usr/lib/",
  "file:duckdb/benchmark_duckdb.py",
  "file:duckdb/benchmark_duckdb_single_query.py",
  "file:duckdb/enclave_query.py",
  "file:duckdb-parquet/benchmark_duckdb.py",
  "file:duckdb-parquet-encrypted/benchmark_duckdb.py",
  "file:clickhouse/benchmark_clickhouse.py",
  "file:clickhouse-encrypted/benchmark_clickhouse.py",
  "file:duckdb/profile_duckdb.py",
  "file:/home/sdp/.local/lib/python3.11/site-packages/",
  #"file:/usr/bin/clickhouse-client",
  "file:/usr/local/lib/python3.11/dist-packages/",
  #"file:/usr/local/lib/python3.11/dist-packages/duckdb/",
  "file:/usr/lib/python3/dist-packages/",
  "file:/usr/lib/python3.11/",
  "file:/home/sdp/.local/lib/python3.11/site-packages/duckdb/",
  "file:/usr/lib/python3/dist-packages/duckdb/",
]

sgx.allowed_files = [
  "file:duckdb/log.txt",
  "file:duckdb/my-db.duckdb",
  "file:duckdb/queries.sql",
  "file:duckdb/my-db.duckdb.tmp/",
  "file:duckdb-parquet/my-db.duckdb.wal",
  "file:/tmp/testfile",
  "file:duckdb-parquet/log.txt",
  "file:duckdb-parquet/queries.sql",
  "file:duckdb/my-db.duckdb.wal",
  "file:duckdb/explain.txt",
  "file:duckdb/explain_query.sql",
  "file:duckdb-parquet/my-db.duckdb",
  "file:duckdb-parquet/hits.parquet",
  "file:duckdb-parquet-encrypted/my-db.duckdb",
  "file:duckdb-parquet-encrypted/my-db.duckdb.wal",
  "file:duckdb-parquet-encrypted/log.txt",
  "file:duckdb-parquet-encrypted/queries.sql",
  "file:duckdb-parquet-encrypted/hits.parquet",
  "file:duckdb-parquet-encrypted/hits_encrypted.parquet",
  "file:/usr/share/zoneinfo/",
  "file:/usr/share/dpkg/cputable",
  "file:/usr/lib/python3/dist-packages/__pycache__/",
  "file:/usr/lib/python3.11/__pycache__/",
]