Merge pull request #443 from skalenetwork/develop

new beta

.github/workflows/dockerimage.yml

@@ -4,7 +4,7 @@ on:
   push:
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     env:
       ACTIONS_ALLOW_UNSECURE_COMMANDS: true
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -14,7 +14,7 @@ jobs:
         run: cat /proc/cpuinfo | grep avx512
       - name: Login to docker
         run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: submodule update
         run: git submodule update --init --recursive
       - name: build and deploy test image

.github/workflows/dockerimagebase.yml

@@ -6,7 +6,7 @@ on:
       - build_base*
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     env:
       ACTIONS_ALLOW_UNSECURE_COMMMANDS: true
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -16,7 +16,7 @@ jobs:
       run: cat /proc/cpuinfo | grep avx512
     - name: Login to docker
       run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - name: submodule update
       run: git submodule update --init --recursive
     - name: Build the Docker image

.github/workflows/dockerimageintelsubmission.yml

@@ -4,7 +4,7 @@ on:
   push:
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     env:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -13,9 +13,11 @@ jobs:
         run: cat /proc/cpuinfo | grep avx512
       - name: Login to docker
         run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: submodule update
         run: git submodule update --init --recursive
+      - name: build and deploy test image
+        run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA}
       - name: build and deploy docker image
         if: |    
           contains(github.ref, 'develop') || contains(github.ref, 'beta') ||

.github/workflows/dockerimagerelease.yml

@@ -6,7 +6,7 @@ on:
       - stable
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     env:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -16,7 +16,7 @@ jobs:
         run: cat /proc/cpuinfo | grep avx512
       - name: Login to docker
         run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: Submodule update
         run: git submodule update --init --recursive
       - name: Create dir for signing enclave

.github/workflows/dockerimagesim.yml

@@ -4,7 +4,7 @@ on:
   push:
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -15,13 +15,15 @@ jobs:
       run: ls /dev/urandom
     - name: Login to docker
       run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - name: submodule update
       run: git submodule update --init --recursive
     - name: Build and publish container for testing
       run: python3 scripts/docker_build.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA}
     - name: test
       run: python3 scripts/docker_test.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA}
+    - name: cleanup
+      run: sudo rm -rf sgx_data
     - name: build and deploy docker image
       if: |
             contains(github.ref, 'develop') || contains(github.ref, 'beta') ||

Dockerfile

@@ -7,9 +7,6 @@ RUN apt update && apt install -y curl secure-delete python3-pip
 RUN pip3 install --upgrade pip
 RUN pip3 install requests torpy
 
-
-
-
 RUN touch /var/hwmode
 RUN ./autoconf.bash
 RUN ./configure
@@ -19,5 +16,5 @@ RUN mkdir -p /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
 COPY docker/check_firewall.py ./
 RUN rm -rf /usr/src/sdk/sgx-sdk-build/
-RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
+RUN rm /opt/intel/sgxsdk/lib64/*_sim.so
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

DockerfileBase

@@ -1,35 +1,37 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 RUN apt-get update && apt-get install software-properties-common -y && \
     add-apt-repository ppa:ubuntu-toolchain-r/test && \
     apt-get update && apt-get install -y \
-    autoconf \
-    automake \
     build-essential \
-    cmake \
-    curl \
-    debhelper \
-    git \
-    libcurl4-openssl-dev \
-    libprotobuf-dev \
-    libssl-dev \
-    libtool \
-    lsb-release \
     ocaml \
     ocamlbuild \
-    protobuf-compiler \
-    python-is-python3 \
+    automake \
+    autoconf \
+    libtool \
     wget \
-    libcurl4 \
-    make \
-    unzip \
+    python-is-python3 \
+    libssl-dev \
+    git \
+    cmake \
     perl \
-    pkgconf
+    libcurl4-openssl-dev \
+    protobuf-compiler \
+    libprotobuf-dev \
+    debhelper \
+    reprepro \
+    unzip \
+    pkgconf \
+    libboost-dev \
+    libboost-system-dev \
+    libboost-thread-dev \
+    lsb-release \
+    libsystemd0
 
-# RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \
-#     dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
+RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \
+    dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
 
-RUN git clone -b sgx_2.19 --depth 1 https://github.com/intel/linux-sgx
+RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx
 
 RUN cd linux-sgx && make preparation
 
@@ -54,26 +56,23 @@ WORKDIR /usr/src/sdk
 
 RUN apt update && \
     apt install -yq apt-utils && \
-    apt install -yq --no-install-recommends vim telnet git ca-certificates perl \
-        reprepro libboost-all-dev alien uuid-dev libxml2-dev ccache \
-        yasm flex bison libprocps-dev ccache texinfo \
-        graphviz doxygen libgnutls28-dev libgcrypt20-dev \
-        libboost-dev libboost-system-dev libboost-thread-dev lsb-release libsystemd0 && \
-        # glibc-tools
+    apt install -yq --no-install-recommends vim telnet ca-certificates perl \
+        alien uuid-dev libxml2-dev ccache \
+        yasm libprocps-dev texinfo \
+        graphviz doxygen libgnutls28-dev libgcrypt20-dev && \
     ln -s /usr/bin/ccache /usr/local/bin/clang && \
     ln -s /usr/bin/ccache /usr/local/bin/clang++ && \
     ln -s /usr/bin/ccache /usr/local/bin/gcc && \
     ln -s /usr/bin/ccache /usr/local/bin/g++ && \
     ln -s /usr/bin/ccache /usr/local/bin/cc && \
     ln -s /usr/bin/ccache /usr/local/bin/c++
 
-RUN    cd scripts && ./build_deps.py && \
-       wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
-       cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
-       cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
-       make install && \
-       cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
-       cd /usr/src/sdk && \
-       ./autoconf.bash && \
-       ./configure && \
-       bash -c "make -j$(nproc)"
+WORKDIR /usr/src/sdk/scripts
+RUN ./build_deps.py
+RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz
+WORKDIR dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
+RUN cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && make install
+WORKDIR /usr/src/sdk/scripts
+RUN rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
+WORKDIR /usr/src/sdk
+RUN ./autoconf.bash

DockerfileIntelSubmission

@@ -12,11 +12,12 @@ RUN pip3 install requests torpy
 RUN cd scripts && ./generate_signing_key.bash
 RUN touch /var/hwmode
 RUN ./autoconf.bash
-RUN ./configure --with-sgx-build=release
+RUN ./configure --with-sgx-build=prerelease
 RUN bash -c "make -j$(nproc)"
 RUN ccache -sz
 RUN mkdir -p /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
+COPY docker/check_firewall.py ./
 RUN rm -rf /usr/src/sdk/sgx-sdk-build/
-RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
+RUN rm /opt/intel/sgxsdk/lib64/*_sim.so
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

DockerfileRelease

@@ -8,13 +8,13 @@ RUN apt update && apt install -y curl secure-delete python3-pip
 RUN pip3 install --upgrade pip
 RUN pip3 install requests torpy
 
-
 RUN touch /var/hwmode
 RUN ./autoconf.bash
 RUN ./configure --with-sgx-build=release
+RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)"
+RUN cd scripts && ./sign_enclave.bash
 RUN bash -c "make -j$(nproc)"
 RUN ccache -sz
-RUN cd scripts && ./sign_enclave.bash
 RUN mkdir -p /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
 COPY docker/check_firewall.py ./

DockerfileSimulation

@@ -1,11 +1,9 @@
 FROM skalenetwork/sgxwallet_base:latest
 
-
 RUN apt update && apt install -y curl secure-delete python3-pip
 RUN pip3 install --upgrade pip
 RUN pip3 install requests torpy
 
-
 RUN ccache -sz
 
 COPY . /usr/src/sdk

Makefile.am

@@ -45,8 +45,8 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
 #AM_CPPFLAGS += -g -Og
 
 
-AM_CFLAGS = -DUSER_SPACE -O2 -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
-AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
+AM_CFLAGS = -DUSER_SPACE -O2 -rdynamic -Wl,--no-as-needed -DSGXWALLET_VERSION="$(WALLET_VERSION)"
+AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -DSGXWALLET_VERSION="$(WALLET_VERSION)"
 
 
 AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls \

README.md

@@ -16,14 +16,13 @@ leave the enclave unencrypted.
 The server provides an initial registration service to issue client certificates to the clients.
 The administrator manually approves each registration.
 
-**sgxwallet** has been tested on **Ubuntu Linux 18.04**.
+**sgxwallet** has been tested on **Ubuntu Linux 20.04**.
 
 ## An important note about production readiness
 
 The sgxwallet server is still in active development and therefore should be regarded as _alpha software_. The development is still subject to security hardening, further testing, and breaking changes.  **This server has not yet been reviewed or audited for security.**  Please see [SECURITY.md](SECURITY.md) for reporting policies.
 
-![Build, test and push sgxwallet container](https://github.com/skalenetwork/sgxwallet/workflows/Build,%20test%20and%20push%20sgxwallet%20container/badge.svg)
-![Build, test and push sim mode container](https://github.com/skalenetwork/sgxwallet/workflows/Build,%20test%20and%20push%20sim%20mode%20container/badge.svg)
+![](https://github.com/skalenetwork/sgxwallet/workflows/Build,%20test%20and%20push%20sim%20mode%20container/badge.svg)
 
 ## Running sgxwallet
 

docs/building.md

@@ -23,13 +23,13 @@ Below is a sequence of commands that builds SDK and installs it into /opt/intel
 
 
 ```bash
-git clone -b sgx_2.13 --depth 1 https://github.com/intel/linux-sgx
+git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx
 cd linux-sgx
 make preparation
 sudo make sdk_install_pkg_no_mitigation
+sudo make psw_install_pkg
 cd /opt/intel
 sudo sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin'
-sudo make psw_install_pkg
 sudo cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin .
 sudo ./sgx_linux_x64_psw*.bin --no-start-aesm
 ```

docs/enabling-sgx.md

@@ -26,7 +26,7 @@ This repo includes the **_sgx_enable_** utility. To enable SGX run:
 sudo ./sgx_enable
 ```
 
-Note: if you are not using Ubuntu 18.04 (Not recommended!), you may need
+Note: if you are not using Ubuntu 20.04 (Not recommended!), you may need
 to rebuild the sgx-software-enable utility before use by typing:
 
 ```bash
@@ -39,19 +39,19 @@ make
 Install make and gcc if you do not have it:
 
 ```bash
-apt-get install  build-essential
+apt-get install build-essential
 ```
 
 Run the following command:
 
 ```bash
-cd scripts; sudo ./sgx_linux_x64_driver_2.11.0_0373e2e.bin; cd ..
+cd scripts; sudo ./sgx_linux_x64_driver_2.11.b6f5b4a.bin; cd ..
 ```
 
 Alternatively, other driver versions may be downloaded from Intel.
-Please note that version `2.11.0_0373e2e` is what is currently supported.
+Please note that version `2.11.b6f5b4a` is what is currently supported.
 
-Reboot you machine after driver install.  Do `ls /dev/isgx` to check that `isgx` device is properly installed.
+Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed.
 If you do not see the `isgx` device, you need to troubleshoot your driver installation.
 
 If driver installation fails, you can also try installing driver from the 
@@ -65,7 +65,7 @@ And then follow instructions in README.md
 
 ## Troubleshooting Installation
 
--   If the message  `intel_sgx: SGX is not enabled` appears in `/var/log/syslog`
+-   If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog`
     Intel SGX needs to be enabled in BIOS.
 
 -   If you are running in Intel SGX hardware mode, make sure you have device

jsonrpc/build.sh

@@ -66,9 +66,10 @@ cd ../..
 
 git clone https://github.com/curl/curl.git
 cd curl
+git checkout curl-8_2_1
 mkdir -p build
 cd build
-cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCMAKE_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE ..
+cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCURL_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE ..
 echo " " >> lib/curl_config.h
 echo "#define HAVE_POSIX_STRERROR_R 1" >> lib/curl_config.h
 echo " " >> lib/curl_config.h
@@ -116,6 +117,7 @@ cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_T
 	-DWITH_COVERAGE=NO \
 	-DARGTABLE_INCLUDE_DIR=../../argtable2/src \
 	-DARGTABLE_LIBRARY=$INSTALL_ROOT/lib/libargtable2${DEBUG_D}.a \
+	-DCURL_INCLUDE_DIR=$INSTALL_ROOT/include \
 	-DJSONCPP_INCLUDE_DIR=$INSTALL_ROOT/include \
 	..
 make

scripts/build_deps.py

@@ -23,9 +23,9 @@
 #    @date 2018
 #
 
-import sys
 import os
 import subprocess
+
 os.chdir("..")
 topDir = os.getcwd()
 print("Starting build")
@@ -94,7 +94,7 @@
 print("Install Linux SDK");
 
 os.chdir(SCRIPTS_DIR)
-assert subprocess.call(["bash", "-c", "./sgx_linux_x64_sdk_2.19.100.3.bin --prefix=" + topDir + "/sgx-sdk-build"]) == 0
+assert subprocess.call(["bash", "-c", "./sgx_linux_x64_sdk_2.25.100.3.bin --prefix=" + topDir + "/sgx-sdk-build"]) == 0
 
 print("Make GMP");