mirror of
https://github.com/corda/corda.git
synced 2025-01-15 17:30:02 +00:00
sgx: prepare for building in docker image on prod
This commit is contained in:
parent
291049f66e
commit
6320990877
@ -1,5 +1,6 @@
|
||||
FROM ubuntu:xenial
|
||||
|
||||
RUN apt-get update -y
|
||||
RUN apt-get install -y make gcc autoconf cmake g++ openjdk-8-jdk libtool ocaml python2.7
|
||||
RUN apt-get install -y make gcc autoconf cmake g++ openjdk-8-jdk libtool ocaml python2.7
|
||||
RUN apt-get install -y mercurial wget
|
||||
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
|
||||
|
@ -1,7 +1,7 @@
|
||||
cmake_minimum_required(VERSION 3.5)
|
||||
project(sgx_common)
|
||||
|
||||
set(SGX_USE_HARDWARE FALSE CACHE STRING "")
|
||||
set(SGX_USE_HARDWARE TRUE CACHE STRING "")
|
||||
set(SGX_SDK ${CMAKE_CURRENT_SOURCE_DIR}/../../linux-sgx CACHE STRING "")
|
||||
set(SGX_LIBRARY_PATH ${SGX_SDK}/build/linux CACHE STRING "")
|
||||
set(SGX_SDK_INCLUDE ${SGX_SDK}/common/inc CACHE STRING "")
|
||||
@ -10,6 +10,9 @@ set(DEPENDENCIES_ROOT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../../dependencies/root)
|
||||
set(PROGUARD_JAR_PATH ${DEPENDENCIES_ROOT_DIR}/usr/share/java/proguard.jar CACHE STRING "")
|
||||
set(DEPENDENCIES_LIBRARY_PATH ${DEPENDENCIES_ROOT_DIR}/usr/lib/x86_64-linux-gnu CACHE STRING "")
|
||||
|
||||
# C++11
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
|
||||
|
||||
add_executable(edger8r IMPORTED)
|
||||
set_target_properties(edger8r PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/sgx_edger8r)
|
||||
|
||||
|
@ -26,6 +26,9 @@ set(AVIAN_PATH ${PROJECT_SOURCE_DIR}/../../avian)
|
||||
set(ENCLAVE_JAR_PATH ${PROJECT_SOURCE_DIR}/../../../verify-enclave/build/libs/corda-enclavelet.jar)
|
||||
set(AVIAN_PROCESS "-debug-openjdk-src")
|
||||
|
||||
# C++11
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
|
||||
|
||||
if(NOT JAVA_HOME})
|
||||
set(JAVA_HOME $ENV{JAVA_HOME} CACHE STRING "")
|
||||
endif()
|
||||
|
@ -16,4 +16,4 @@ set_target_properties(urtslib PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/l
|
||||
|
||||
add_library(untrusted_corda_sgx SHARED jni_sgx_api.cpp ${VERIFY_ENCLAVE_JNI_INCLUDE_DIR}/jni_sgx_api.h $<TARGET_OBJECTS:common>)
|
||||
target_link_libraries(untrusted_corda_sgx urtslib)
|
||||
add_dependencies(untrusted_corda_sgx enclave)
|
||||
add_dependencies(untrusted_corda_sgx enclave common)
|
||||
|
@ -126,10 +126,17 @@ add_custom_target(signed-openssl DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_S
|
||||
|
||||
|
||||
# HSM ENCLAVE
|
||||
add_custom_command(
|
||||
OUTPUT ${HSM_SGX_TOOL}
|
||||
COMMAND ./gradlew sgx-jvm/hsm-tool:jar
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../..
|
||||
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../hsm-tool/src
|
||||
)
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME_HSM} ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE_HSM}
|
||||
COMMAND java -jar ${HSM_SGX_TOOL} --mode=Sign --source=${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} --pubkey=${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME_HSM} --signature=${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE_HSM} --profile=\${PROFILE}
|
||||
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN}
|
||||
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} ${HSM_SGX_TOOL}
|
||||
)
|
||||
|
||||
add_custom_command(
|
||||
|
17
sgx-jvm/noop-enclave/build_in_image.sh
Normal file
17
sgx-jvm/noop-enclave/build_in_image.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
if [ $# -le 1 ]; then
|
||||
echo "Usage: build_in_image.sh <DOCKER_IMAGE> <MAKEFILE OPTIONS>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
IMAGE=$1
|
||||
shift
|
||||
ARGUMENTS=$@
|
||||
|
||||
DOCKER_BUILD_DIR=/tmp/corda-sgx-build
|
||||
|
||||
GID=$(id -g $USER)
|
||||
|
||||
exec docker run -v $PWD/../..:$DOCKER_BUILD_DIR -v $PWD/../docker-.gradle:/root/.gradle --user=$UID:$GID -it $IMAGE make -C $DOCKER_BUILD_DIR/sgx-jvm/noop-enclave $ARGUMENTS
|
6
sgx-jvm/with_ld_library_path.sh
Normal file
6
sgx-jvm/with_ld_library_path.sh
Normal file
@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
||||
|
||||
exec env LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu $@
|
Loading…
Reference in New Issue
Block a user