nologies/cycles-quartz
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Avoid using Dockerfile

Browse source
This commit is contained in:
hu55a1n1 2024-02-26 13:39:30 -08:00
parent 74ee45c5dc
commit 6e7a4013a2
2 changed files with 15 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
enclaves/quartz/Dockerfile
View file

@ -1,55 +0,0 @@
FROM gramineproject/gramine:v1.5
RUN apt-get update && apt-get install -y jq build-essential protobuf-compiler libprotobuf-dev git
RUN mkdir /root/.ssh/ \
&& touch /root/.ssh/known_hosts \
&& ssh-keyscan github.com >> /root/.ssh/known_hosts
WORKDIR /workdir
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
RUN rustup toolchain install 1.72.0
#ENV RUST_BACKTRACE=1
RUN gramine-sgx-gen-private-key
# This should be associated with an acive IAS SPID in order for
# gramine tools like gramine-sgx-ias-request and gramine-sgx-ias-verify
ARG RA_TYPE=epid
ENV RA_TYPE=$RA_TYPE
ARG RA_CLIENT_SPID=51CAF5A48B450D624AEFE3286D314894
ENV RA_CLIENT_SPID=$RA_CLIENT_SPID
ARG RA_CLIENT_LINKABLE=1
ENV RA_CLIENT_LINKABLE=$RA_CLIENT_LINKABLE
ARG DEBUG=0
ENV DEBUG=$DEBUG
ARG SGX=1
ENV SGX=$SGX
# Copy the quartz directory and build
COPY . ./quartz
WORKDIR /workdir/quartz
RUN mkdir -p .cargo/
RUN echo "net.git-fetch-with-cli = true" > .cargo/config.toml
RUN --mount=type=secret,id=ssh_id,target=/root/.ssh/id_ed25519 cargo build --release
WORKDIR /workdir
COPY quartz.manifest.template ./
# Make and sign the gramine manifest
RUN gramine-manifest \
-Dlog_level="error" \
-Dhome=${HOME} \
-Darch_libdir="/lib/$(gcc -dumpmachine)" \
-Dra_type="$RA_TYPE" \
-Dra_client_spid="$RA_CLIENT_SPID" \
-Dra_client_linkable="$RA_CLIENT_LINKABLE" \
-Dquartz_dir="$(pwd)/quartz" \
quartz.manifest.template quartz.manifest
RUN gramine-sgx-sign --manifest quartz.manifest --output quartz.manifest.sgx
CMD [ "gramine-sgx-sigstruct-view quartz.sig" ]

24
enclaves/quartz/README.md
View file

@ -3,15 +3,21 @@
### Enclave usage ### Enclave usage
```bash ```bash
# docker build . --tag quartz gramine-sgx-gen-private-key
DOCKER_BUILDKIT=1 docker build --tag quartz --secret id=ssh_id,src=/home/hu55a1n1/.ssh/id_ed25519 .
docker run -it \ CARGO_TARGET_DIR=./target cargo build --release
--device /dev/sgx_enclave \
--device /dev/sgx_provision \ gramine-manifest \
-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \ -Dlog_level="error" \
-v ./data:/workdir/data \ -Dhome=${HOME} \
quartz bash -Darch_libdir="/lib/$(gcc -dumpmachine)" \
is-sgx-available -Dra_type="epid" \
-Dra_client_spid="51CAF5A48B450D624AEFE3286D314894" \
-Dra_client_linkable=1 \
-Dquartz_dir="$(pwd)/quartz" \
quartz.manifest.template quartz.manifest
gramine-sgx-sign --manifest quartz.manifest --output quartz.manifest.sgx
gramine-sgx ./quartz gramine-sgx ./quartz
``` ```