56 lines
1.6 KiB
Docker
56 lines
1.6 KiB
Docker
FROM gramineproject/gramine:v1.5
|
|
|
|
RUN apt-get update && apt-get install -y jq build-essential protobuf-compiler libprotobuf-dev git
|
|
|
|
RUN mkdir /root/.ssh/ \
|
|
&& touch /root/.ssh/known_hosts \
|
|
&& ssh-keyscan github.com >> /root/.ssh/known_hosts
|
|
|
|
WORKDIR /workdir
|
|
|
|
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
|
|
ENV PATH="/root/.cargo/bin:${PATH}"
|
|
RUN rustup toolchain install 1.72.0
|
|
#ENV RUST_BACKTRACE=1
|
|
|
|
RUN gramine-sgx-gen-private-key
|
|
|
|
# This should be associated with an acive IAS SPID in order for
|
|
# gramine tools like gramine-sgx-ias-request and gramine-sgx-ias-verify
|
|
ARG RA_TYPE=epid
|
|
ENV RA_TYPE=$RA_TYPE
|
|
ARG RA_CLIENT_SPID=51CAF5A48B450D624AEFE3286D314894
|
|
ENV RA_CLIENT_SPID=$RA_CLIENT_SPID
|
|
ARG RA_CLIENT_LINKABLE=1
|
|
ENV RA_CLIENT_LINKABLE=$RA_CLIENT_LINKABLE
|
|
|
|
ARG DEBUG=0
|
|
ENV DEBUG=$DEBUG
|
|
ARG SGX=1
|
|
ENV SGX=$SGX
|
|
|
|
# Copy the quartz directory and build
|
|
COPY . ./quartz
|
|
WORKDIR /workdir/quartz
|
|
RUN mkdir -p .cargo/
|
|
RUN echo "net.git-fetch-with-cli = true" > .cargo/config.toml
|
|
RUN --mount=type=secret,id=ssh_id,target=/root/.ssh/id_ed25519 cargo build --release
|
|
|
|
WORKDIR /workdir
|
|
COPY quartz.manifest.template ./
|
|
|
|
# Make and sign the gramine manifest
|
|
RUN gramine-manifest \
|
|
-Dlog_level="error" \
|
|
-Dhome=${HOME} \
|
|
-Darch_libdir="/lib/$(gcc -dumpmachine)" \
|
|
-Dra_type="$RA_TYPE" \
|
|
-Dra_client_spid="$RA_CLIENT_SPID" \
|
|
-Dra_client_linkable="$RA_CLIENT_LINKABLE" \
|
|
-Dquartz_dir="$(pwd)/quartz" \
|
|
quartz.manifest.template quartz.manifest
|
|
|
|
RUN gramine-sgx-sign --manifest quartz.manifest --output quartz.manifest.sgx
|
|
|
|
CMD [ "gramine-sgx-sigstruct-view quartz.sig" ]
|