-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy pathMakefile
132 lines (107 loc) · 4.08 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
THIS_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine)
INSTALL_DIR ?= $(THIS_DIR)install
NGINX_SRC ?= $(THIS_DIR)nginx-1.22.0
NGINX_SHA256 ?= b33d569a6f11a01433a57ce17e83935e953ad4dc77cdd4d40f896c88ac26eb53
NGINX_URL ?= http://nginx.org/download
LISTEN_HOST ?= 127.0.0.1
LISTEN_PORT ?= 8002
LISTEN_SSL_PORT ?= 8444
SGX_SIGNER_KEY ?= enclave-key.pem
SGX ?= 1
ifeq ($(DEBUG),1)
GRAMINE_LOG_LEVEL = debug
else
GRAMINE_LOG_LEVEL = error
endif
.PHONY: all
all: $(INSTALL_DIR)/sbin/nginx nginx.manifest config testdata ssldata
ifeq ($(SGX),1)
all: nginx.manifest.sgx nginx.sig
endif
# Note that Gramine doesn't support eventfd() and PR_SET_DUMPABLE, so we manually
# overwrite these macros in the autogenerated configuration header of Nginx.
$(INSTALL_DIR)/sbin/nginx: $(NGINX_SRC)/configure
cd $(NGINX_SRC) && ./configure --prefix=$(abspath $(INSTALL_DIR)) \
--without-http_rewrite_module --with-http_ssl_module
sed -e "s|#define NGX_HAVE_EVENTFD[[:space:]]\+1|#define NGX_HAVE_EVENTFD 0|g" \
-e "s|#define NGX_HAVE_SYS_EVENTFD_H[[:space:]]\+1|#define NGX_HAVE_SYS_EVENTFD_H 0|g" \
-e "s|#define NGX_HAVE_PR_SET_DUMPABLE[[:space:]]\+1|#define NGX_HAVE_PR_SET_DUMPABLE 0|g" \
-i $(NGINX_SRC)/objs/ngx_auto_config.h
$(MAKE) -C $(NGINX_SRC)
$(MAKE) -C $(NGINX_SRC) install
$(NGINX_SRC)/configure: $(NGINX_SRC).tar.gz
tar --touch -xzf $<
$(NGINX_SRC).tar.gz:
wget -O $@ $(NGINX_URL)/$(NGINX_SRC).tar.gz
echo "$(NGINX_SHA256) $@" | sha256sum -c --status
nginx.manifest: nginx.manifest.template $(INSTALL_DIR)/sbin/nginx \
$(INSTALL_DIR)/conf/nginx-gramine.conf \
$(TEST_DATA) \
$(INSTALL_DIR)/conf/server.crt \
premain-libos
gramine-manifest \
-Dlog_level=$(GRAMINE_LOG_LEVEL) \
-Darch_libdir=$(ARCH_LIBDIR) \
-Dinstall_dir=$(INSTALL_DIR) \
-Dinstall_dir_abspath=$(abspath $(INSTALL_DIR)) \
$< >$@
premain-libos:
wget https://github.com/edgelesssys/marblerun/releases/latest/download/premain-libos
chmod u+x premain-libos
# Make on Ubuntu <= 20.04 doesn't support "Rules with Grouped Targets" (`&:`),
# see the helloworld example for details on this workaround.
nginx.manifest.sgx nginx.sig: sgx_sign
@:
.INTERMEDIATE: sgx_sign
sgx_sign: nginx.manifest
gramine-sgx-sign \
--manifest $< \
--key $(SGX_SIGNER_KEY) \
--output $<.sgx
# Nginx configuration and test data
.PHONY: config
config: $(INSTALL_DIR)/conf/nginx-gramine.conf
$(INSTALL_DIR)/conf/nginx-gramine.conf: nginx-gramine.conf.template $(INSTALL_DIR)/sbin/nginx
sed -e 's|$$(LISTEN_PORT)|'"$(LISTEN_PORT)"'|g' \
-e 's|$$(LISTEN_SSL_PORT)|'"$(LISTEN_SSL_PORT)"'|g' \
-e 's|$$(LISTEN_HOST)|'"$(LISTEN_HOST)"'|g' \
$< > $@
# HTTP docs: Generating random HTML files in $(INSTALL_DIR)/html/random
RANDOM_DIR = $(INSTALL_DIR)/html/random
RANDOM_FILES = \
$(foreach n,1 2 3 4 5 6 7 8 9 10,2K.$n.html) \
$(foreach n,1 2 3 4 5,10K.$n.html) \
$(foreach n,1 2 3 4 5,100K.$n.html) \
$(foreach n,1 2 3,1M.$n.html) \
$(foreach n,1 2 3,10M.$n.html) \
$(foreach n,1 2 3,100.$n.html)
TEST_DATA = $(addprefix $(RANDOM_DIR)/,$(RANDOM_FILES))
# We need to first build and install nginx, otherwise nginx' makefiles think that they already
# filled $(INSTALL_DIR)/html and skip copying installation files.
$(RANDOM_DIR)/%.html: $(INSTALL_DIR)/sbin/nginx
mkdir -p $(RANDOM_DIR)
dd if=/dev/urandom of=$@ count=1 bs=$(basename $(basename $(notdir $@))) status=none
.PHONY: testdata
testdata: $(TEST_DATA)
# SSL data: key and x.509 self-signed certificate (to test SSL/TLS)
$(INSTALL_DIR)/conf/server.crt: $(INSTALL_DIR)/sbin/nginx
# MARBLERUN: removed because certificate is provisioned by the Coordinator
.PHONY: ssldata
ssldata: $(INSTALL_DIR)/conf/server.crt
.PHONY: start-native-server
start-native-server: all
$(INSTALL_DIR)/sbin/nginx -c conf/nginx-gramine.conf
ifeq ($(SGX),)
GRAMINE = gramine-direct
else
GRAMINE = gramine-sgx
endif
.PHONY: clean
clean:
$(RM) *.manifest *.manifest.sgx *.token *.sig OUTPUT result-* tmp
$(RM) -r uuid secrets/
.PHONY: distclean
distclean: clean
$(RM) -r $(NGINX_SRC).tar.gz $(NGINX_SRC) $(INSTALL_DIR)
$(RM) ssl/server.* ssl/ca.*