Release 2021.4.2 (#3)

* initial commit for 2021.4.2 release

* Fixes to doc & scripts

Dockerfile-build-ovsa

@@ -14,108 +14,42 @@
 # limitations under the License.
 #
 
-FROM openvino/model_server-build as base_build
+ARG BASE_IMAGE=openvino/model_server-build
+FROM $BASE_IMAGE as base_build
 
 LABEL version="1.0.0"
 
-ARG DL_DIR=/tmp
-ARG build_type=dbg
-
-#TPM Tool Specific installs
-RUN yum install -y \
-        autoconf-archive \
-        bison \
-        dbus-devel \
-        flex \
-        glib2-devel \
-        glibc-static \
-        json-c-devel \
-        libiconv \
-        libstdc++-devel  \
-        libgcrypt-devel \
-        openssl-devel \
-        strip \
-        uriparser-devel && \
-        yum clean all
-
-SHELL [ "/usr/bin/scl", "enable", "devtoolset-8" ]
-ENV CC=/opt/rh/devtoolset-8/root/bin/gcc
-ENV CXX=/opt/rh/devtoolset-8/root/bin/g++
-
-#DOXYGEN
-WORKDIR /doxygen
-RUN git clone https://github.com/doxygen/doxygen.git  && \
-    cd doxygen  && \
-    git checkout Release_1_8_7 && \
-    ./configure && \
-    make && \
-    make install
-
-#TPM2 TSS Build
-WORKDIR /tpm2-tss-build
-
-RUN wget https://github.com/tpm2-software/tpm2-tss/releases/download/3.0.3/tpm2-tss-3.0.3.tar.gz && \
-    tar -xvzf tpm2-tss-3.0.3.tar.gz && \
-    cd tpm2-tss-3.0.3 && \
-    ./configure  --with-udevrulesdir=/etc/udev/rules.d/ --prefix=/usr && \
-    make -j8 && \
-    make install
-
-ENV PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig
-WORKDIR /tpm2-abrmd
-RUN wget https://github.com/tpm2-software/tpm2-abrmd/releases/download/2.4.0/tpm2-abrmd-2.4.0.tar.gz && \
-    tar -xvzf tpm2-abrmd-2.4.0.tar.gz && \
-    pushd tpm2-abrmd-2.4.0 && \
-    ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --prefix=/usr && \
-    make -j8 && \
-    make install
-
-WORKDIR /tpm2-tools-build
-RUN wget https://github.com/tpm2-software/tpm2-tools/releases/download/5.0/tpm2-tools-5.0.tar.gz && \
-        tar -xzf tpm2-tools-5.0.tar.gz && \
-        cd tpm2-tools-5.0 && \
-        ./configure --prefix=/usr && \
-        make -j8 && \
-        make install
-
+SHELL ["/bin/bash", "-c"]
+RUN apt update && apt install -y \
+        libglib2.0-dev \
+        libjson-c-dev && \
+        apt clean
 
+# Setting OVMS path to reference the interface header
 ENV OVMS_DIR=/ovms/src
 
+ARG use_sgx=0
+
+# Copy OVSA src 
 WORKDIR /ovsa
 COPY  Ovsa_runtime/ /ovsa/Ovsa_runtime/
 COPY  Ovsa_tool/ /ovsa/Ovsa_tool
-#RUN cd /ovsa/Ovsa_tool && make clean all
-#RUN cd /ovsa/Ovsa_runtime && make clean all
-RUN cd /ovsa/Ovsa_runtime/src/ovms && make clean all
-RUN cp /ovsa/Ovsa_runtime/src/ovms/libovsaruntime.so /ovsa/Ovsa_runtime/lib/
 
-# Copy packages
 RUN mkdir -vp /ovsa-runtime/lib
 RUN mkdir -vp /ovsa-runtime/usr
-RUN mkdir -vp /ovsa-runtime/usr/bin
-RUN mkdir -vp /ovsa-runtime/usr/etc
-RUN mkdir -vp /ovsa-runtime/usr/include
-RUN mkdir -vp /ovsa-runtime/usr/lib
-RUN mkdir -vp /ovsa-runtime/usr/sbin
-RUN mkdir -vp /ovsa-runtime/usr/share
-RUN mkdir -vp /ovsa-runtime/usr/var
-RUN mkdir -vp /ovsa-runtime/tpm2-abrmd
+RUN mkdir -vp /ovsa-runtime/etc
+
+# Build OVSA Runtime
+RUN if [ "$use_sgx" == "1" ]; then \
+        export GRAMINE_DIR=/ovsa/Ovsa_runtime/src/gramine && \
+        cd /ovsa/Ovsa_runtime/src/ovms && \
+        SGX=1 make clean all; \
+    else \
+        cd /ovsa/Ovsa_runtime/src/ovms && \
+        make clean all; \
+    fi
+RUN cp /ovsa/Ovsa_runtime/src/ovms/libovsaruntime.so /ovsa/Ovsa_runtime/lib/
 RUN cp -rv /ovsa/Ovsa_runtime/lib/* /ovsa-runtime/lib/
-RUN cp -rv /usr/bin/tpm2* /ovsa-runtime/usr/bin
-RUN cp -rv /usr/bin/tss2* /ovsa-runtime/usr/bin
-RUN cp -rv /usr/etc/sysusers.d /ovsa-runtime/usr/etc
-RUN cp -rv /usr/etc/tmpfiles.d /ovsa-runtime/usr/etc
-RUN cp -rv /usr/etc/tpm2-tss /ovsa-runtime/usr/etc
-RUN cp -rv /usr/include/tss2 /ovsa-runtime/usr/include
-RUN cp -rv /usr/lib/libtss2* /ovsa-runtime/usr/lib
-RUN cp -rv /usr/lib/pkgconfig /ovsa-runtime/usr/lib
-RUN cp -rv /usr/lib/systemd /ovsa-runtime/usr/lib
-RUN cp -rv /usr/sbin/tpm2-abrmd /ovsa-runtime/usr/sbin
-RUN cp -rv /usr/share/dbus-1 /ovsa-runtime/usr/share
-RUN cp -rv /usr/share/man /ovsa-runtime/usr/share
-RUN cp -rv /usr/share/bash-completion /ovsa-runtime/usr/share
-RUN cp -rv /usr/var /ovsa-runtime/usr/var
-RUN cp -rv /etc/dbus-1/system.d/tpm2-abrmd.conf /ovsa-runtime/tpm2-abrmd/
 
 WORKDIR /
 RUN tar cvzf ovsa-runtime.tar.gz /ovsa-runtime

Dockerfile-build-tpm

@@ -0,0 +1,91 @@
+#
+# Copyright (c) 2020-2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+ARG BASE_IMAGE=openvino/model_server-build
+FROM $BASE_IMAGE as base_build
+
+LABEL version="1.0.0"
+
+SHELL ["/bin/bash", "-c"]
+RUN apt update && apt install -y \
+        libglib2.0-dev \
+        libjson-c-dev && \
+        apt clean
+
+#TPM2 TSS Build
+WORKDIR /tpm2-tss-build
+
+RUN wget https://github.com/tpm2-software/tpm2-tss/releases/download/3.0.3/tpm2-tss-3.0.3.tar.gz && \
+    tar -xvzf tpm2-tss-3.0.3.tar.gz && \
+    cd tpm2-tss-3.0.3 && \
+    ./configure  --with-udevrulesdir=/etc/udev/rules.d/ --prefix=/usr && \
+    make -j8 && \
+    make install
+
+ENV PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig
+WORKDIR /tpm2-abrmd
+RUN wget https://github.com/tpm2-software/tpm2-abrmd/releases/download/2.4.0/tpm2-abrmd-2.4.0.tar.gz && \
+    tar -xvzf tpm2-abrmd-2.4.0.tar.gz && \
+    pushd tpm2-abrmd-2.4.0 && \
+    ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --prefix=/usr && \
+    make -j8 && \
+    make install
+
+WORKDIR /tpm2-tools-build
+RUN wget https://github.com/tpm2-software/tpm2-tools/releases/download/5.0/tpm2-tools-5.0.tar.gz && \
+        tar -xzf tpm2-tools-5.0.tar.gz && \
+        cd tpm2-tools-5.0 && \
+        ./configure --prefix=/usr && \
+        make -j8 && \
+        make install
+
+# Copy packages
+RUN mkdir -vp /ovsa-runtime/usr/bin
+RUN cp -rv /usr/bin/tpm2* /ovsa-runtime/usr/bin
+RUN cp -rv /usr/bin/tss2* /ovsa-runtime/usr/bin
+
+RUN mkdir -vp /ovsa-runtime/usr/etc
+RUN cp -rv /usr/etc/sysusers.d /ovsa-runtime/usr/etc
+RUN cp -rv /usr/etc/tmpfiles.d /ovsa-runtime/usr/etc
+RUN cp -rv /usr/etc/tpm2-tss /ovsa-runtime/usr/etc
+
+RUN mkdir -vp /ovsa-runtime/usr/include
+RUN cp -rv /usr/include/tss2 /ovsa-runtime/usr/include
+
+RUN mkdir -vp /ovsa-runtime/usr/lib
+RUN cp -rv /usr/lib/libtss2* /ovsa-runtime/usr/lib
+RUN cp -rv /usr/lib/pkgconfig /ovsa-runtime/usr/lib
+RUN cp -rv /usr/lib/systemd /ovsa-runtime/usr/lib
+
+RUN mkdir -vp /ovsa-runtime/usr/sbin
+RUN cp -rv /usr/sbin/tpm2-abrmd /ovsa-runtime/usr/sbin
+
+RUN mkdir -vp /ovsa-runtime/usr/share
+RUN cp -rv /usr/share/dbus-1 /ovsa-runtime/usr/share
+RUN cp -rv /usr/share/man /ovsa-runtime/usr/share
+
+#RUN mkdir -vp /ovsa-runtime/tpm2-abrmd
+#RUN cp -rv /etc/dbus-1/system.d/tpm2-abrmd.conf /ovsa-runtime/tpm2-abrmd/
+
+RUN mkdir -vp /ovsa-runtime/etc/dbus-1/system.d/
+RUN cp -rv /etc/dbus-1/system.d/tpm2-abrmd.conf /ovsa-runtime/etc/dbus-1/system.d
+
+RUN mkdir -vp /ovsa-runtime/usr/local/bin
+COPY Scripts/guest/OVSA_tpm2_init.sh /ovsa-runtime/usr/local/bin
+
+
+WORKDIR /
+

Dockerfile-pkg-ovsa-nginx

@@ -23,24 +23,19 @@ ARG build_type=dbg
 
 USER root
 
-RUN yum install -y \
-        sudo && \
-        yum clean all
-
+RUN apt update && apt install -y \
+        sudo \
+        dbus \
+        libglib2.0-0 \
+        curl && \
+        apt clean
 
 WORKDIR /
 RUN mkdir -vp /ovsa-runtime/lib
 
 COPY /release_files/ovsa-runtime/lib /ovsa-runtime/lib
-COPY /release_files/ovsa-runtime/usr/bin /usr/bin
-COPY /release_files/ovsa-runtime/usr/etc /usr/etc
-COPY /release_files/ovsa-runtime/usr/include /usr/include
-COPY /release_files/ovsa-runtime/usr/lib /usr/lib
-COPY /release_files/ovsa-runtime/usr/sbin /usr/sbin
-COPY /release_files/ovsa-runtime/usr/share /usr/share
-COPY /release_files/ovsa-runtime/usr/var /usr
-COPY /release_files/ovsa-runtime/tpm2-abrmd/tpm2-abrmd.conf /etc/dbus-1/system.d/tpm2-abrmd.conf
-COPY Scripts/guest/OVSA_tpm2_init.sh /usr/local/bin/OVSA_tpm2_init.sh
+COPY /release_files/ovsa-runtime/usr /usr
+COPY /release_files/ovsa-runtime/etc /etc
 
 ENV LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib/:/ovsa-runtime/lib/
 
@@ -61,7 +56,7 @@ RUN chmod +x /usr/local/bin/OVSA_tpm2_init.sh
 
 USER ovsa
 ENV LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib/:/ovsa-runtime/lib/
+
 USER root
 
 ENTRYPOINT ["/usr/bin/dumb-init", "--", "./usr/local/bin/OVSA_tpm2_init.sh"]
-#ENTRYPOINT []

Dockerfile-pkg-ovsa-nginx-sgx

@@ -0,0 +1,59 @@
+#
+# Copyright (c) 2020-2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+FROM openvino/model_server:latest-nginx-mtls as base_build
+
+LABEL version="1.0.0"
+
+ARG DL_DIR=/tmp
+ARG build_type=dbg
+
+USER root
+
+RUN apt update && apt install -y \
+        sudo \
+        dbus \
+        libglib2.0-0 \
+        curl && \
+        apt clean
+
+WORKDIR /
+RUN mkdir -vp /ovsa-runtime/lib
+
+# Copy OVSA Runtime Library
+COPY /release_files/ovsa-runtime/lib /ovsa-runtime/lib
+ENV LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:ovms/lib:/usr/lib/:/ovsa-runtime/lib/:/usr/lib/x86_64-linux-gnu
+
+# Copy ovms_wrapper
+COPY /Example/runtime/ovsa_sgx_ovms_wrapper /ovms_wrapper
+
+# Copy nginx configurations
+RUN cp /model_server.conf.template /etc/nginx/conf.d/model_server.conf 
+
+RUN sed -i 's/worker_processes auto/worker_processes 4/g' /etc/nginx/nginx.conf
+#RUN sed -i 's/80/8888/g' /etc/nginx/nginx.conf
+
+# Create OVSA user
+RUN useradd -ms /bin/bash ovsa
+RUN chown -R ovsa:ovsa /ovsa-runtime
+
+USER ovsa
+ENV LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib/:/ovsa-runtime/lib/:/usr/lib/x86_64-linux-gnu
+
+USER root
+
+ENTRYPOINT ["/bin/bash"]
+CMD ["/ovms_wrapper"]

Example/client/face_detection.py

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019-2020 Intel Corporation
+# Copyright (c) 2020-2021 Intel Corporation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.