From 663a1993d07c1228d05e22177f779824aeed5750 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Tue, 26 Nov 2024 19:03:41 +0000 Subject: [PATCH 01/10] #438 fix release builds --- Dockerfile | 2 +- DockerfileIntelSubmission | 4 ++-- DockerfileRelease | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 620fc485..c0eb92a3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN pip3 install requests torpy RUN touch /var/hwmode RUN ./autoconf.bash -RUN ./configure --enable-sgx +RUN ./configure RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 33c73051..3c20b91d 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -12,11 +12,11 @@ RUN pip3 install requests torpy RUN cd scripts && ./generate_signing_key.bash RUN touch /var/hwmode RUN ./autoconf.bash -RUN ./configure --with-sgx-build=release +RUN ./configure --with-sgx-build=prerelease RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ -RUN rm /opt/intel/sgxsdk/lib64/*_sim.so +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileRelease b/DockerfileRelease index 4b498435..51552692 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -11,6 +11,7 @@ RUN pip3 install requests torpy RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure --with-sgx-build=release +RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" && cd .. RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN cd scripts && ./sign_enclave.bash From bb7da60d91ef222145de1140cb87f0ae69568f1b Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Tue, 26 Nov 2024 19:10:52 +0000 Subject: [PATCH 02/10] #438 update signing procedure --- DockerfileRelease | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DockerfileRelease b/DockerfileRelease index 51552692..5ad52395 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -11,10 +11,10 @@ RUN pip3 install requests torpy RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure --with-sgx-build=release -RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" && cd .. +RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" +RUN cd scripts && ./sign_enclave.bash RUN bash -c "make -j$(nproc)" RUN ccache -sz -RUN cd scripts && ./sign_enclave.bash RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ COPY docker/check_firewall.py ./ From cca6be04a6a77cd69eba8ebb9653adc7a2ccc63c Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Tue, 26 Nov 2024 19:16:48 +0000 Subject: [PATCH 03/10] #438 update job --- .github/workflows/dockerimageintelsubmission.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 02714339..ea3114fd 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -16,6 +16,8 @@ jobs: - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: build and deploy test image + run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} - name: build and deploy docker image if: | contains(github.ref, 'develop') || contains(github.ref, 'beta') || From 589187062f063ba5a5227a427fb2fe408bd65ba8 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Wed, 27 Nov 2024 11:59:32 +0000 Subject: [PATCH 04/10] #438 update image --- DockerfileIntelSubmission | 1 + 1 file changed, 1 insertion(+) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 3c20b91d..45eafddb 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -17,6 +17,7 @@ RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ +COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so ENTRYPOINT ["/usr/src/sdk/start.sh"] From ee73ec046203ac4143772772d421bca65daef093 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Wed, 27 Nov 2024 17:33:37 +0000 Subject: [PATCH 05/10] #438 update job --- DockerfileIntelSubmission | 1 + 1 file changed, 1 insertion(+) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 45eafddb..c41bf2ab 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -14,6 +14,7 @@ RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure --with-sgx-build=prerelease RUN bash -c "make -j$(nproc)" +COPY -f secure_enclave/secure_enclave.so secure_enclave.signed.so RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ From 57326a32a4af7fc100d81c1635f0b613070a80c5 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Wed, 27 Nov 2024 17:41:43 +0000 Subject: [PATCH 06/10] #438 update job --- DockerfileIntelSubmission | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index c41bf2ab..d0a44dc0 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -14,7 +14,7 @@ RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure --with-sgx-build=prerelease RUN bash -c "make -j$(nproc)" -COPY -f secure_enclave/secure_enclave.so secure_enclave.signed.so +RUN cp -f secure_enclave/secure_enclave.so secure_enclave.signed.so RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ From 660cb1bcb5e88438e2ec28c41a7ac8af790bd450 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Wed, 27 Nov 2024 17:55:06 +0000 Subject: [PATCH 07/10] #438 update iamge --- DockerfileIntelSubmission | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index d0a44dc0..c4697c74 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -12,9 +12,8 @@ RUN pip3 install requests torpy RUN cd scripts && ./generate_signing_key.bash RUN touch /var/hwmode RUN ./autoconf.bash -RUN ./configure --with-sgx-build=prerelease +RUN ./configure --with-sgx-build=release RUN bash -c "make -j$(nproc)" -RUN cp -f secure_enclave/secure_enclave.so secure_enclave.signed.so RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ From 5da1feb980b52ff1ac1f8e6137debe09da7120ca Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Wed, 27 Nov 2024 18:27:55 +0000 Subject: [PATCH 08/10] #438 update image --- DockerfileIntelSubmission | 1 + 1 file changed, 1 insertion(+) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index c4697c74..b2920900 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -13,6 +13,7 @@ RUN cd scripts && ./generate_signing_key.bash RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure --with-sgx-build=release +RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data From 40dc30a2c723434929a0e9486c5a3b687d34d805 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Wed, 27 Nov 2024 18:46:37 +0000 Subject: [PATCH 09/10] #438 update image --- DockerfileIntelSubmission | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index b2920900..1875e422 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -13,7 +13,7 @@ RUN cd scripts && ./generate_signing_key.bash RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure --with-sgx-build=release -RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" +RUN cd secure_enclave && bash -c "make secure_enclave.signed.so -j$(nproc)" RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data From d9e1d8c608bc46864aa2e9c43feb52d7b454084a Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Thu, 28 Nov 2024 12:34:15 +0000 Subject: [PATCH 10/10] #438 update image --- DockerfileIntelSubmission | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 1875e422..45eafddb 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -12,8 +12,7 @@ RUN pip3 install requests torpy RUN cd scripts && ./generate_signing_key.bash RUN touch /var/hwmode RUN ./autoconf.bash -RUN ./configure --with-sgx-build=release -RUN cd secure_enclave && bash -c "make secure_enclave.signed.so -j$(nproc)" +RUN ./configure --with-sgx-build=prerelease RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data