mirror of
https://github.com/corda/corda.git
synced 2025-01-15 01:10:33 +00:00
sgx: prod scripts
This commit is contained in:
parent
21087cbe91
commit
11cdae32d6
@ -7,7 +7,7 @@ SHELL=/bin/bash
|
|||||||
JDK_IMAGE=$(PWD)/jdk8u/build/linux-x86_64-normal-server-release/images/j2re-image
|
JDK_IMAGE=$(PWD)/jdk8u/build/linux-x86_64-normal-server-release/images/j2re-image
|
||||||
|
|
||||||
.PHONY: all
|
.PHONY: all
|
||||||
all: jvm-enclave/standalone/build/standalone_sgx_verify
|
all: jvm-enclave/standalone/build/standalone_sgx_verify linux-sgx-driver/isgx.ko
|
||||||
|
|
||||||
# The final binary
|
# The final binary
|
||||||
jvm-enclave/standalone/build/standalone_sgx_verify: avian linux-sgx/build/linux/aesm_service
|
jvm-enclave/standalone/build/standalone_sgx_verify: avian linux-sgx/build/linux/aesm_service
|
||||||
@ -34,6 +34,9 @@ $(JDK_IMAGE): jdk8u
|
|||||||
linux-sgx/external/ippcp_internal/inc:
|
linux-sgx/external/ippcp_internal/inc:
|
||||||
cd linux-sgx && $(SHELL) ./download_prebuilt.sh
|
cd linux-sgx && $(SHELL) ./download_prebuilt.sh
|
||||||
|
|
||||||
|
linux-sgx-driver/isgx.ko:
|
||||||
|
$(MAKE) -C linux-sgx-driver
|
||||||
|
|
||||||
build:
|
build:
|
||||||
mkdir -p $@
|
mkdir -p $@
|
||||||
|
|
||||||
@ -41,6 +44,7 @@ build:
|
|||||||
clean:
|
clean:
|
||||||
$(MAKE) -C jvm-enclave clean
|
$(MAKE) -C jvm-enclave clean
|
||||||
$(MAKE) -C linux-sgx clean
|
$(MAKE) -C linux-sgx clean
|
||||||
|
$(MAKE) -C linux-sgx-driver clean
|
||||||
[ ! -d jdk8u ] || $(MAKE) -C jdk8u clean
|
[ ! -d jdk8u ] || $(MAKE) -C jdk8u clean
|
||||||
$(MAKE) -C avian clean
|
$(MAKE) -C avian clean
|
||||||
|
|
||||||
|
@ -1,17 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
if [ $# -le 1 ]; then
|
|
||||||
echo "Usage: build_in_image.sh <DOCKER_IMAGE> <MAKEFILE OPTIONS>"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
IMAGE=$1
|
|
||||||
shift
|
|
||||||
ARGUMENTS=$@
|
|
||||||
|
|
||||||
DOCKER_BUILD_DIR=/tmp/corda-sgx-build
|
|
||||||
|
|
||||||
GID=$(id -g $USER)
|
|
||||||
|
|
||||||
exec docker run -v $PWD/../..:$DOCKER_BUILD_DIR -v $PWD/../docker-.gradle:/root/.gradle --user=$UID:$GID -it $IMAGE make -C $DOCKER_BUILD_DIR/sgx-jvm/noop-enclave $ARGUMENTS
|
|
@ -140,5 +140,6 @@ int main(int argc, char **argv) {
|
|||||||
if (false == check_sgx_return_value(noop(enclave_id))) {
|
if (false == check_sgx_return_value(noop(enclave_id))) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
puts("Enclave ran successfully!");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
26
sgx-jvm/run_in_image.sh
Normal file
26
sgx-jvm/run_in_image.sh
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
if [ $# -le 1 ]; then
|
||||||
|
echo "Usage: run_in_image.sh <DOCKER_IMAGE> <COMMAND>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
||||||
|
|
||||||
|
IMAGE=$1
|
||||||
|
shift
|
||||||
|
ARGUMENTS=$@
|
||||||
|
|
||||||
|
DOCKER_BUILD_DIR=/tmp/corda-sgx-build
|
||||||
|
|
||||||
|
GID=$(id -g $USER)
|
||||||
|
|
||||||
|
exec docker run \
|
||||||
|
-v $SCRIPT_DIR/..:$DOCKER_BUILD_DIR \
|
||||||
|
-v /usr/src:/usr/src \
|
||||||
|
-v /lib/modules:/lib/modules \
|
||||||
|
--user=$UID:$GID \
|
||||||
|
--workdir=$DOCKER_BUILD_DIR \
|
||||||
|
-it $IMAGE \
|
||||||
|
$ARGUMENTS
|
29
sgx-jvm/with_aesmd.sh
Normal file
29
sgx-jvm/with_aesmd.sh
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
||||||
|
|
||||||
|
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
|
||||||
|
AESM_DIR=$SCRIPT_DIR/build/aesm/$TIMESTAMP
|
||||||
|
|
||||||
|
mkdir -p $AESM_DIR
|
||||||
|
|
||||||
|
SERVICE_FILES="aesm_service le_prod_css.bin libsgx_le.signed.so libsgx_pce.signed.so libsgx_pve.signed.so libsgx_qe.signed.so"
|
||||||
|
|
||||||
|
sed -e "s:@aesm_folder@:$AESM_DIR:" $SCRIPT_DIR/linux-sgx/build/linux/aesmd.service | sed -e '/InaccessibleDirectories=/d' | sed -e "s!^\\[Service\\]![Service]\nEnvironment=LD_LIBRARY_PATH=$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu!" > $AESM_DIR/aesmd.service
|
||||||
|
|
||||||
|
for FILE in $SERVICE_FILES
|
||||||
|
do
|
||||||
|
ln -s $SCRIPT_DIR/linux-sgx/build/linux/$FILE $AESM_DIR/$FILE
|
||||||
|
done
|
||||||
|
|
||||||
|
sudo systemctl --runtime link $AESM_DIR/aesmd.service
|
||||||
|
|
||||||
|
function finish {
|
||||||
|
sudo systemctl stop aesmd
|
||||||
|
sudo systemctl --runtime disable aesmd
|
||||||
|
}
|
||||||
|
trap finish EXIT
|
||||||
|
|
||||||
|
sudo systemctl start aesmd
|
||||||
|
$@
|
24
sgx-jvm/with_hsm_simulator.sh
Normal file
24
sgx-jvm/with_hsm_simulator.sh
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
if [ $# -le 1 ]; then
|
||||||
|
echo "Usage: with_hsm_simulator.sh <UTIMACO_HSM_DIR> <COMMAND>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
||||||
|
UTIMACO_HSM_DIR=$1
|
||||||
|
shift
|
||||||
|
|
||||||
|
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
|
||||||
|
SIMULATOR_RUN_DIR=$SCRIPT_DIR/build/hsm_simulator/$TIMESTAMP
|
||||||
|
|
||||||
|
mkdir -p $SIMULATOR_RUN_DIR
|
||||||
|
|
||||||
|
script -q -c $UTIMACO_HSM_DIR/SDK/Linux/bin/cs_sim.sh -f $SIMULATOR_RUN_DIR/stdout > /dev/null &
|
||||||
|
|
||||||
|
function finish {
|
||||||
|
kill -- -$$
|
||||||
|
}
|
||||||
|
trap finish EXIT
|
||||||
|
$@
|
9
sgx-jvm/with_isgx.sh
Normal file
9
sgx-jvm/with_isgx.sh
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
function finish {
|
||||||
|
sudo modprobe -r isgx
|
||||||
|
}
|
||||||
|
trap finish EXIT
|
||||||
|
sudo modprobe isgx
|
||||||
|
$@
|
@ -3,4 +3,4 @@ set -euo pipefail
|
|||||||
|
|
||||||
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
||||||
|
|
||||||
exec env LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu $@
|
env LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu $@
|
||||||
|
Loading…
Reference in New Issue
Block a user