From 632099087776fb709882ef510661f21e799836b3 Mon Sep 17 00:00:00 2001 From: Andras Slemmer Date: Tue, 4 Jul 2017 11:31:43 +0100 Subject: [PATCH] sgx: prepare for building in docker image on prod --- sgx-jvm/dependencies/docker-minimal/Dockerfile | 3 ++- sgx-jvm/jvm-enclave/common/CMakeLists.txt | 5 ++++- sgx-jvm/jvm-enclave/enclave/CMakeLists.txt | 3 +++ sgx-jvm/jvm-enclave/jni/CMakeLists.txt | 2 +- sgx-jvm/noop-enclave/CMakeLists.txt | 9 ++++++++- sgx-jvm/noop-enclave/build_in_image.sh | 17 +++++++++++++++++ sgx-jvm/with_ld_library_path.sh | 6 ++++++ 7 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 sgx-jvm/noop-enclave/build_in_image.sh create mode 100644 sgx-jvm/with_ld_library_path.sh diff --git a/sgx-jvm/dependencies/docker-minimal/Dockerfile b/sgx-jvm/dependencies/docker-minimal/Dockerfile index 40ce857739..27de27d65d 100644 --- a/sgx-jvm/dependencies/docker-minimal/Dockerfile +++ b/sgx-jvm/dependencies/docker-minimal/Dockerfile @@ -1,5 +1,6 @@ FROM ubuntu:xenial RUN apt-get update -y -RUN apt-get install -y make gcc autoconf cmake g++ openjdk-8-jdk libtool ocaml python2.7 +RUN apt-get install -y make gcc autoconf cmake g++ openjdk-8-jdk libtool ocaml python2.7 +RUN apt-get install -y mercurial wget ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64 diff --git a/sgx-jvm/jvm-enclave/common/CMakeLists.txt b/sgx-jvm/jvm-enclave/common/CMakeLists.txt index 42f0f8a791..cae897b3b6 100644 --- a/sgx-jvm/jvm-enclave/common/CMakeLists.txt +++ b/sgx-jvm/jvm-enclave/common/CMakeLists.txt @@ -1,7 +1,7 @@ cmake_minimum_required(VERSION 3.5) project(sgx_common) -set(SGX_USE_HARDWARE FALSE CACHE STRING "") +set(SGX_USE_HARDWARE TRUE CACHE STRING "") set(SGX_SDK ${CMAKE_CURRENT_SOURCE_DIR}/../../linux-sgx CACHE STRING "") set(SGX_LIBRARY_PATH ${SGX_SDK}/build/linux CACHE STRING "") set(SGX_SDK_INCLUDE ${SGX_SDK}/common/inc CACHE STRING "") @@ -10,6 +10,9 @@ set(DEPENDENCIES_ROOT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../../dependencies/root) set(PROGUARD_JAR_PATH ${DEPENDENCIES_ROOT_DIR}/usr/share/java/proguard.jar CACHE STRING "") set(DEPENDENCIES_LIBRARY_PATH ${DEPENDENCIES_ROOT_DIR}/usr/lib/x86_64-linux-gnu CACHE STRING "") +# C++11 +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") + add_executable(edger8r IMPORTED) set_target_properties(edger8r PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/sgx_edger8r) diff --git a/sgx-jvm/jvm-enclave/enclave/CMakeLists.txt b/sgx-jvm/jvm-enclave/enclave/CMakeLists.txt index 1c2f1745e2..a5b506d1ed 100644 --- a/sgx-jvm/jvm-enclave/enclave/CMakeLists.txt +++ b/sgx-jvm/jvm-enclave/enclave/CMakeLists.txt @@ -26,6 +26,9 @@ set(AVIAN_PATH ${PROJECT_SOURCE_DIR}/../../avian) set(ENCLAVE_JAR_PATH ${PROJECT_SOURCE_DIR}/../../../verify-enclave/build/libs/corda-enclavelet.jar) set(AVIAN_PROCESS "-debug-openjdk-src") +# C++11 +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") + if(NOT JAVA_HOME}) set(JAVA_HOME $ENV{JAVA_HOME} CACHE STRING "") endif() diff --git a/sgx-jvm/jvm-enclave/jni/CMakeLists.txt b/sgx-jvm/jvm-enclave/jni/CMakeLists.txt index 7af40ab0c1..a58daf648a 100644 --- a/sgx-jvm/jvm-enclave/jni/CMakeLists.txt +++ b/sgx-jvm/jvm-enclave/jni/CMakeLists.txt @@ -16,4 +16,4 @@ set_target_properties(urtslib PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/l add_library(untrusted_corda_sgx SHARED jni_sgx_api.cpp ${VERIFY_ENCLAVE_JNI_INCLUDE_DIR}/jni_sgx_api.h $) target_link_libraries(untrusted_corda_sgx urtslib) -add_dependencies(untrusted_corda_sgx enclave) +add_dependencies(untrusted_corda_sgx enclave common) diff --git a/sgx-jvm/noop-enclave/CMakeLists.txt b/sgx-jvm/noop-enclave/CMakeLists.txt index 68f8747d21..55294febc2 100644 --- a/sgx-jvm/noop-enclave/CMakeLists.txt +++ b/sgx-jvm/noop-enclave/CMakeLists.txt @@ -126,10 +126,17 @@ add_custom_target(signed-openssl DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_S # HSM ENCLAVE +add_custom_command( + OUTPUT ${HSM_SGX_TOOL} + COMMAND ./gradlew sgx-jvm/hsm-tool:jar + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../.. + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../hsm-tool/src +) + add_custom_command( OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME_HSM} ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE_HSM} COMMAND java -jar ${HSM_SGX_TOOL} --mode=Sign --source=${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} --pubkey=${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME_HSM} --signature=${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE_HSM} --profile=\${PROFILE} - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} ${HSM_SGX_TOOL} ) add_custom_command( diff --git a/sgx-jvm/noop-enclave/build_in_image.sh b/sgx-jvm/noop-enclave/build_in_image.sh new file mode 100644 index 0000000000..814824be58 --- /dev/null +++ b/sgx-jvm/noop-enclave/build_in_image.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -euo pipefail + +if [ $# -le 1 ]; then + echo "Usage: build_in_image.sh " + exit 1 +fi + +IMAGE=$1 +shift +ARGUMENTS=$@ + +DOCKER_BUILD_DIR=/tmp/corda-sgx-build + +GID=$(id -g $USER) + +exec docker run -v $PWD/../..:$DOCKER_BUILD_DIR -v $PWD/../docker-.gradle:/root/.gradle --user=$UID:$GID -it $IMAGE make -C $DOCKER_BUILD_DIR/sgx-jvm/noop-enclave $ARGUMENTS diff --git a/sgx-jvm/with_ld_library_path.sh b/sgx-jvm/with_ld_library_path.sh new file mode 100644 index 0000000000..6ad573fcc5 --- /dev/null +++ b/sgx-jvm/with_ld_library_path.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -euo pipefail + +SCRIPT_DIR=$(dirname "$(readlink -f "$0")") + +exec env LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu $@