corda/sgx-jvm/containers/core/Dockerfile

FROM ubuntu:xenial-20171114

# General information

LABEL version="1.0"
LABEL description="SGX build and test container"
LABEL maintainer="tommy.lillehagen@r3.com"

# Configure package management software

ENV LANG C.UTF-8
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update -qqy
RUN apt-get install -qqy software-properties-common apt-utils
RUN apt-get update -qqy

# Install dependencies (lock versions)

RUN apt-get install -qqy \
    autoconf=2.69-9 \
    ccache=3.2.4-1 \
    cmake=3.5.1-1ubuntu3 \
    cpio=2.11+dfsg-5ubuntu1 \
    exuberant-ctags=1:5.9~svn20110310-11 \
    g++=4:5.3.1-1ubuntu1 \
    gcc=4:5.3.1-1ubuntu1 \
    gdb=7.11.1-0ubuntu1~16.5 \
    gdbserver=7.11.1-0ubuntu1~16.5 \
    git=1:2.7.4-0ubuntu1.3 \
    libcurl3=7.47.0-1ubuntu2.5 \
    libcurl4-openssl-dev=7.47.0-1ubuntu2.5 \
    libprotobuf-dev=2.6.1-1.3 \
    libssl-dev=1.0.2g-1ubuntu4.10 \
    libtool=2.4.6-0.1 \
    libunwind8=1.1-4.1 \
    make=4.1-6 \
    ocaml=4.02.3-5ubuntu2 \
    openjdk-8-jdk=8u151-b12-0ubuntu0.16.04.2 \
    openssl=1.0.2g-1ubuntu4.10 \
    patch=2.7.5-1 \
    protobuf-compiler=2.6.1-1.3 \
    python2.7=2.7.12-1ubuntu0~16.04.2 \
    unzip=6.0-20ubuntu1 \
    wget=1.17.1-1ubuntu1.3 \
    zip=3.0-11 \
    zlib1g-dev=1:1.2.8.dfsg-2ubuntu4.1

# Set Python 2.7 as the default version

RUN ln -fs \
    /usr/bin/python2.7 \
    /usr/bin/python

# Link libcrypto properly

RUN ln -fs \
    /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 \
    /usr/lib/x86_64-linux-gnu/libcrypto.so

# Location for the UNIX socket belonging to the Intel AESM service

RUN mkdir -p /var/run/aesmd/

# Update ProGuard to version 6 beta

ADD dependencies/proguard6.0beta1.tar.gz /usr/share/

# Expose ports for remote GDB and Java debugging, and test servers

EXPOSE 2000 5005 8080 8084 9080

# Environment

ENV SHELL               /bin/bash
ENV CODE                /code
ENV HOME                /home
ENV USER_HOME           ${HOME}
ENV GRADLE_USER_HOME    ${HOME}/.gradle
ENV SGX_SDK             /sgx

# Volumes and work directory

VOLUME ${CODE}
VOLUME ${HOME}
VOLUME ${SGX_SDK}
RUN mkdir -p ${CODE}
RUN mkdir -p ${HOME}
RUN mkdir -p ${SGX_SDK}
WORKDIR ${CODE}

#  Set up Java and SGX environment

ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
ENV _JAVA_OPTIONS=-Duser.home=${HOME}

ENV SGX_BIN ${SGX_SDK}/sgxsdk/bin:${SGX_SDK}/sgxsdk/bin/x64
ENV PATH ${PATH}:${JAVA_HOME}/jre/bin:${JAVA_HOME}/bin:${SGX_BIN}

ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:${CODE}/sgx-jvm/linux-sgx/build/linux
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00			`FROM ubuntu:xenial-20171114`

			`# General information`

			`LABEL version="1.0"`
			`LABEL description="SGX build and test container"`
			`LABEL maintainer="tommy.lillehagen@r3.com"`

			`# Configure package management software`

			`ENV LANG C.UTF-8`
			`ENV DEBIAN_FRONTEND noninteractive`
			`RUN apt-get update -qqy`
			`RUN apt-get install -qqy software-properties-common apt-utils`
			`RUN apt-get update -qqy`

			`# Install dependencies (lock versions)`

			`RUN apt-get install -qqy \`
			`autoconf=2.69-9 \`
			`ccache=3.2.4-1 \`
			`cmake=3.5.1-1ubuntu3 \`
			`cpio=2.11+dfsg-5ubuntu1 \`
			`exuberant-ctags=1:5.9~svn20110310-11 \`
			`g++=4:5.3.1-1ubuntu1 \`
			`gcc=4:5.3.1-1ubuntu1 \`
			`gdb=7.11.1-0ubuntu1~16.5 \`
			`gdbserver=7.11.1-0ubuntu1~16.5 \`
			`git=1:2.7.4-0ubuntu1.3 \`
			`libcurl3=7.47.0-1ubuntu2.5 \`
			`libcurl4-openssl-dev=7.47.0-1ubuntu2.5 \`
ENT-1012 - Make SGX builds IntelliJ-friendly (#208) * ENT-1012 - Use non-privileged user * ENT-1012 - Build and run containerised tests from IntelliJ * ENT-1012 - Remove trusty source in container * ENT-1012 - Make debug target toggleable * ENT-1012 - Inform when ready to attach debugger * ENT-1012 - Update reference to user home folder 2017-12-19 10:19:35 +00:00			`libprotobuf-dev=2.6.1-1.3 \`
ENT-1012 Update version tag for libssl-dev/openssl (#202) 1.0.2g-1ubuntu4.9 no longer exists, so update to 1.0.2g-1ubuntu4.10 2017-12-15 16:12:11 +00:00			`libssl-dev=1.0.2g-1ubuntu4.10 \`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00			`libtool=2.4.6-0.1 \`
			`libunwind8=1.1-4.1 \`
			`make=4.1-6 \`
			`ocaml=4.02.3-5ubuntu2 \`
			`openjdk-8-jdk=8u151-b12-0ubuntu0.16.04.2 \`
ENT-1012 Update version tag for libssl-dev/openssl (#202) 1.0.2g-1ubuntu4.9 no longer exists, so update to 1.0.2g-1ubuntu4.10 2017-12-15 16:12:11 +00:00			`openssl=1.0.2g-1ubuntu4.10 \`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00			`patch=2.7.5-1 \`
ENT-1012 - Make SGX builds IntelliJ-friendly (#208) * ENT-1012 - Use non-privileged user * ENT-1012 - Build and run containerised tests from IntelliJ * ENT-1012 - Remove trusty source in container * ENT-1012 - Make debug target toggleable * ENT-1012 - Inform when ready to attach debugger * ENT-1012 - Update reference to user home folder 2017-12-19 10:19:35 +00:00			`protobuf-compiler=2.6.1-1.3 \`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00			`python2.7=2.7.12-1ubuntu0~16.04.2 \`
			`unzip=6.0-20ubuntu1 \`
			`wget=1.17.1-1ubuntu1.3 \`
			`zip=3.0-11 \`
			`zlib1g-dev=1:1.2.8.dfsg-2ubuntu4.1`

ENT-1012 - Make SGX builds IntelliJ-friendly (#208) * ENT-1012 - Use non-privileged user * ENT-1012 - Build and run containerised tests from IntelliJ * ENT-1012 - Remove trusty source in container * ENT-1012 - Make debug target toggleable * ENT-1012 - Inform when ready to attach debugger * ENT-1012 - Update reference to user home folder 2017-12-19 10:19:35 +00:00			`# Set Python 2.7 as the default version`

			`RUN ln -fs \`
			`/usr/bin/python2.7 \`
			`/usr/bin/python`

			`# Link libcrypto properly`

			`RUN ln -fs \`
			`/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 \`
			`/usr/lib/x86_64-linux-gnu/libcrypto.so`

			`# Location for the UNIX socket belonging to the Intel AESM service`

			`RUN mkdir -p /var/run/aesmd/`

			`# Update ProGuard to version 6 beta`

			`ADD dependencies/proguard6.0beta1.tar.gz /usr/share/`

			`# Expose ports for remote GDB and Java debugging, and test servers`

Remote Attestation Phase 2 (#235) * Initial host server skeleton. * Create IASProxy project, and skeleton for attestation host. * Fix up tests * Extend attestation host skeleton, and make test ports configurable. * Enhance MockIAS to make pseManifestStatus optional. * Make IASProxy endpoints asynchronous. * Add sub-modules for challenger and for common code. * Create integration test for host's provisioning endpoint. * Flesh out attestation challenger WAR. * Package refactoring, to be more Java9 friendly. * Refactor more messages into attestation-common. * Remove our private key from the repository. * Declare an empty PSE Manifest to be invalid. * Fix basic integration test issues for challenger and host. * Integrate keystore scripts into the build properly. * Name keystore targets explicitly for Gradle. * Allow HTTP conversation between Challenger, Host and ISV using session ID. * Add MockHost for challenger's integration tests. * Reconcile HTTP port numbers between Phase1 and Phase2 components. * Remove elements that can be inherited from root project. * Add placeholder README. * Add convenient extension functions to ObjectMapper. * Extend integration test coverage for challenger/host/isv. * Catch IOException from HttpClient for challenger. * Integrate host sub-module with remote-attestation project. * Begin integrating host/enclave code from Phase I. * Rename challenger's HTTP endpoint. * Generate keystore for challenger "on the fly". * Add native JNI code for accessing the SGX enclave. * Point Gradle to the correct enclave object. * Fixes for generating a Quote for this enclave. * Return the IAS report to the challenger for verification. * Begin populating the challenger's AttestationResponse message. * Enable the challenger to pass encrypted secrets into the enclave. * Align challenger, host and isv ports. * Refactor challenger as a fat-jar application. * AttestationResponse is not shared, so refactor into challenger. * Move HttpClientContext objects into HttpClient blocks. * Remove unused Message2 and Message3 objects. * Add realistic dummy value for reportID from IAS. * Small tidy-up on attestation host. * First set of review comments. * Add missing exception message. * Update location of environment file. * Use empty mock revocation lists by default. * Improve logging and add "happy path" test for provisioning secrets. * Update Gradle files so that we can run attestation-host from IntelliJ. * The platformInfo field from IAS can be null, so allow this. Also protect other JNI pointer parameters from NPE. * Allow Gradle to build hardware enclave. 2017-12-22 14:42:42 +00:00			`EXPOSE 2000 5005 8080 8084 9080`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00
			`# Environment`

ENT-1012 - Make SGX builds IntelliJ-friendly (#208) * ENT-1012 - Use non-privileged user * ENT-1012 - Build and run containerised tests from IntelliJ * ENT-1012 - Remove trusty source in container * ENT-1012 - Make debug target toggleable * ENT-1012 - Inform when ready to attach debugger * ENT-1012 - Update reference to user home folder 2017-12-19 10:19:35 +00:00			`ENV SHELL /bin/bash`
			`ENV CODE /code`
			`ENV HOME /home`
			`ENV USER_HOME ${HOME}`
			`ENV GRADLE_USER_HOME ${HOME}/.gradle`
			`ENV SGX_SDK /sgx`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00
			`# Volumes and work directory`

			`VOLUME ${CODE}`
ENT-1012 - Make SGX builds IntelliJ-friendly (#208) * ENT-1012 - Use non-privileged user * ENT-1012 - Build and run containerised tests from IntelliJ * ENT-1012 - Remove trusty source in container * ENT-1012 - Make debug target toggleable * ENT-1012 - Inform when ready to attach debugger * ENT-1012 - Update reference to user home folder 2017-12-19 10:19:35 +00:00			`VOLUME ${HOME}`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00			`VOLUME ${SGX_SDK}`
			`RUN mkdir -p ${CODE}`
ENT-1012 - Make SGX builds IntelliJ-friendly (#208) * ENT-1012 - Use non-privileged user * ENT-1012 - Build and run containerised tests from IntelliJ * ENT-1012 - Remove trusty source in container * ENT-1012 - Make debug target toggleable * ENT-1012 - Inform when ready to attach debugger * ENT-1012 - Update reference to user home folder 2017-12-19 10:19:35 +00:00			`RUN mkdir -p ${HOME}`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00			`RUN mkdir -p ${SGX_SDK}`
			`WORKDIR ${CODE}`

			`# Set up Java and SGX environment`

			`ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64`
ENT-1012 - Make SGX builds IntelliJ-friendly (#208) * ENT-1012 - Use non-privileged user * ENT-1012 - Build and run containerised tests from IntelliJ * ENT-1012 - Remove trusty source in container * ENT-1012 - Make debug target toggleable * ENT-1012 - Inform when ready to attach debugger * ENT-1012 - Update reference to user home folder 2017-12-19 10:19:35 +00:00			`ENV _JAVA_OPTIONS=-Duser.home=${HOME}`
ENT-1012 - Add build container and sx utility (#171) * ENT-1012 - Add build container and sx utility * ENT-1012 - Add readme file for the sx utility * ENT-1012 - Check that Docker is installed * ENT-1256 - Add ProGuard 6 Beta dependency * ENT-1012 - Phony targets in container build 2017-12-15 13:12:16 +00:00
			`ENV SGX_BIN ${SGX_SDK}/sgxsdk/bin:${SGX_SDK}/sgxsdk/bin/x64`
			`ENV PATH ${PATH}:${JAVA_HOME}/jre/bin:${JAVA_HOME}/bin:${SGX_BIN}`

			`ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:${CODE}/sgx-jvm/linux-sgx/build/linux`