sgx: prepare for building in docker image on prod

sgx-jvm/dependencies/docker-minimal/Dockerfile

@@ -2,4 +2,5 @@ FROM ubuntu:xenial
 
 RUN apt-get update -y
 RUN apt-get install -y make gcc autoconf cmake g++ openjdk-8-jdk libtool ocaml python2.7
+RUN apt-get install -y mercurial wget
 ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64

sgx-jvm/jvm-enclave/common/CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.5)
 project(sgx_common)
 
-set(SGX_USE_HARDWARE FALSE CACHE STRING "")
+set(SGX_USE_HARDWARE TRUE CACHE STRING "")
 set(SGX_SDK ${CMAKE_CURRENT_SOURCE_DIR}/../../linux-sgx CACHE STRING "")
 set(SGX_LIBRARY_PATH ${SGX_SDK}/build/linux CACHE STRING "")
 set(SGX_SDK_INCLUDE ${SGX_SDK}/common/inc CACHE STRING "")
@@ -10,6 +10,9 @@ set(DEPENDENCIES_ROOT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../../dependencies/root)
 set(PROGUARD_JAR_PATH ${DEPENDENCIES_ROOT_DIR}/usr/share/java/proguard.jar CACHE STRING "")
 set(DEPENDENCIES_LIBRARY_PATH ${DEPENDENCIES_ROOT_DIR}/usr/lib/x86_64-linux-gnu CACHE STRING "")
 
+# C++11
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+
 add_executable(edger8r IMPORTED)
 set_target_properties(edger8r PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/sgx_edger8r)
 

sgx-jvm/jvm-enclave/enclave/CMakeLists.txt

@@ -26,6 +26,9 @@ set(AVIAN_PATH ${PROJECT_SOURCE_DIR}/../../avian)
 set(ENCLAVE_JAR_PATH ${PROJECT_SOURCE_DIR}/../../../verify-enclave/build/libs/corda-enclavelet.jar)
 set(AVIAN_PROCESS "-debug-openjdk-src")
 
+# C++11
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+
 if(NOT JAVA_HOME})
     set(JAVA_HOME $ENV{JAVA_HOME} CACHE STRING "")
 endif()

sgx-jvm/jvm-enclave/jni/CMakeLists.txt

@@ -16,4 +16,4 @@ set_target_properties(urtslib PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/l
 
 add_library(untrusted_corda_sgx SHARED jni_sgx_api.cpp ${VERIFY_ENCLAVE_JNI_INCLUDE_DIR}/jni_sgx_api.h $<TARGET_OBJECTS:common>)
 target_link_libraries(untrusted_corda_sgx urtslib)
-add_dependencies(untrusted_corda_sgx enclave)
+add_dependencies(untrusted_corda_sgx enclave common)

sgx-jvm/noop-enclave/CMakeLists.txt

@@ -126,10 +126,17 @@ add_custom_target(signed-openssl DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_S
 
 
 # HSM ENCLAVE
+add_custom_command(
+    OUTPUT ${HSM_SGX_TOOL}
+    COMMAND ./gradlew sgx-jvm/hsm-tool:jar
+    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../..
+    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../hsm-tool/src
+)
+
 add_custom_command(
     OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME_HSM} ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE_HSM}
     COMMAND java -jar ${HSM_SGX_TOOL} --mode=Sign --source=${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} --pubkey=${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME_HSM} --signature=${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE_HSM} --profile=\${PROFILE}
-    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN}
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} ${HSM_SGX_TOOL}
 )
 
 add_custom_command(

sgx-jvm/noop-enclave/build_in_image.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -euo pipefail
+
+if [ $# -le 1 ]; then
+    echo "Usage: build_in_image.sh <DOCKER_IMAGE> <MAKEFILE OPTIONS>"
+    exit 1
+fi
+
+IMAGE=$1
+shift
+ARGUMENTS=$@
+
+DOCKER_BUILD_DIR=/tmp/corda-sgx-build
+
+GID=$(id -g $USER)
+
+exec docker run -v $PWD/../..:$DOCKER_BUILD_DIR -v $PWD/../docker-.gradle:/root/.gradle --user=$UID:$GID -it $IMAGE make -C $DOCKER_BUILD_DIR/sgx-jvm/noop-enclave $ARGUMENTS

sgx-jvm/with_ld_library_path.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
+
+exec env LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu $@