forked from aws/aws-nitro-enclaves-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
330 lines (286 loc) · 12.7 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
# Copyright 2019-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
##############################
# #
# Variables for build #
# #
##############################
.DEFAULT_GOAL := nitro-cli
ARCH_x86_64 = x86_64
ARCH_aarch64 = aarch64
TOOLCHAIN_PREFIX = unknown-linux-musl
HOST_MACHINE = $(shell uname -m)
CARGO = cargo
CC = gcc
INSTALL = install
MKDIR = mkdir
RM = rm
DOCKER = docker
GIT = git
TAR = tar
MV = mv
CP = cp
AWS = aws
SHA1 = sha1sum
ifeq ($(HOST_MACHINE),$(ARCH_x86_64))
TOOLCHAIN_ARCH_TARGET = $(ARCH_x86_64)
else ifeq ($(HOST_MACHINE),$(ARCH_aarch64))
TOOLCHAIN_ARCH_TARGET = $(ARCH_aarch64)
CC = musl-gcc # Required for openssl-sys cross-build
else
TOOLCHAIN_ARCH_TARGET =
endif
ifeq ($(TOOLCHAIN_ARCH_TARGET),)
$(error Unsupported architecture: ${HOST_MACHINE})
endif
CARGO_TARGET = $(TOOLCHAIN_ARCH_TARGET)-$(TOOLCHAIN_PREFIX)
SRC_PATH = .
BASE_PATH ?= $(SRC_PATH)
OBJ_PATH ?= $(BASE_PATH)/build
NITRO_CLI_TOOLS_DIR ?= $(BASE_PATH)/tools
NITRO_CLI_INSTALL_DIR ?= $(OBJ_PATH)/install
BIN_DIR ?= /usr/bin
UNIT_DIR ?= /usr/lib/systemd/system
CONF_DIR ?= /etc
DATA_DIR ?= /usr/share
ENV_SETUP_DIR ?= $(CONF_DIR)/profile.d
CONTAINER_TAG = "nitro_cli:1.0"
# Flags common to C
C_FLAGS := -Wall -Wextra -Werror -O2
##############################
# #
# Makefile rules #
# #
##############################
# Target for generating a tarball with all the dependencies
# needed by the nitro-cli, this is then uploaded to s3, and
# used when building the package for Amazon linux.
# Use account: 283220266793
.PHONY: update-crates-dependencies
update-crates-dependencies:
$(CARGO) vendor ./crates-dependencies 2>&1 | tee cargo_vendor.log
$(MV) cargo_vendor.log crates-dependencies/
$(GIT) log --oneline -n1 > crates-dependencies/git_revision
$(CP) Cargo.lock crates-dependencies/
$(TAR) -czf nitro-cli-dependencies.tar.gz crates-dependencies/
$(SHA1) nitro-cli-dependencies.tar.gz > sources
TAR_SHA=$$(sha1sum nitro-cli-dependencies.tar.gz | cut -f1 -d' ') && \
$(AWS) s3 cp nitro-cli-dependencies.tar.gz \
s3://crates-dependencies/StrongholdCLI/$${TAR_SHA}/nitro-cli-dependencies.tar.gz
echo "All dependencies have been uploaded to S3, now commit sources file"
.PHONY: crates-dependencies
crates-dependencies:
ccgit sources --blob_acct=283220266793 --blob_bucket=crates-dependencies
.PHONY: aws-nitro-enclaves-cli.tar.gz
aws-nitro-enclaves-cli.tar.gz:
$(GIT) archive --format=tar -o SPECS/aws-nitro-enclaves-cli.tar.gz HEAD
.PHONY: sources
sources: aws-nitro-enclaves-cli.tar.gz crates-dependencies
.PHONY: all
all: build-setup init nitro-cli vsock-proxy
.PHONY: driver-deps
driver-deps:
((cat /etc/os-release | grep -qni "Ubuntu" \
&& sudo apt-get install -y linux-headers-$$(uname -r)) || \
(cat /etc/os-release | grep -qni "Amazon Linux\|CentOS\|RedHat" \
&& sudo yum install -y kernel-headers-$$(uname -r) \
&& sudo yum install -y kernel-devel-$$(uname -r)) || \
echo "Warning: kernel-header were not installed") \
&& echo "Successfully installed the driver deps"
# In order to avoid executing the same rule everytime,
# the build rules are prefixed by dot and are generating
# a file with the same name via the touch command. This
# change is required in order to capture the timestamp
# of the rule.
.build-container: tools/Dockerfile1804.${HOST_MACHINE}
docker image build -t $(CONTAINER_TAG) -f tools/Dockerfile1804.${HOST_MACHINE} tools/
touch $@
build-container: .build-container
$(OBJ_PATH):
$(MKDIR) -p $(OBJ_PATH)
# Build the $(OBJ_PATH) directory only if it does not exist.
build-setup: | $(OBJ_PATH);
nitro_enclaves: drivers/virt/nitro_enclaves/ne_misc_dev.c drivers/virt/nitro_enclaves/ne_pci_dev.c driver-deps
PREV_DIR=$$PWD && cd drivers/virt/nitro_enclaves/ && make && cd $$PREV_DIR
.PHONY: nitro_enclaves-clean
nitro_enclaves-clean:
PREV_DIR=$$PWD && cd drivers/virt/nitro_enclaves/ && make clean && cd $$PREV_DIR
.PHONY: driver-clean
driver-clean: nitro_enclaves-clean
.PHONY: init
init: init.c build-setup
$(CC) $(C_FLAGS) -o $(OBJ_PATH)/init $< -static -static-libgcc -flto
strip --strip-all $(OBJ_PATH)/init
# See .build-container rule for explanation.
.build-nitro-cli: $(shell find $(BASE_PATH)/src -name "*.rs")
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
$(CONTAINER_TAG) bin/bash -c \
'source /root/.cargo/env && \
OPENSSL_STATIC=yes OPENSSL_DIR=/musl_openssl/ CC=${CC} cargo build \
--release \
--manifest-path=/nitro_src/Cargo.toml \
--target=${CARGO_TARGET} \
--target-dir=/nitro_build/nitro_cli && \
chmod -R 777 nitro_build '
ln -sf ../${CARGO_TARGET}/release/nitro-cli \
${OBJ_PATH}/nitro_cli/release/nitro-cli
touch $@
nitro-cli: build-setup build-container .build-nitro-cli
.PHONY: nitro-cli-native
nitro-cli-native:
cargo build \
--release \
--manifest-path=${BASE_PATH}/Cargo.toml \
--target-dir=${OBJ_PATH}/nitro_cli
# See .build-container rule for explanation.
.build-command-executer: $(shell find $(BASE_PATH)/samples/command_executer/src -name "*.rs")
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
$(CONTAINER_TAG) bin/bash -c \
'source /root/.cargo/env && \
OPENSSL_STATIC=yes OPENSSL_DIR=/musl_openssl/ CC=${CC} cargo build \
--release \
--manifest-path=/nitro_src/samples/command_executer/Cargo.toml \
--target=${CARGO_TARGET} \
--target-dir=/nitro_build/command-executer && \
chmod -R 777 nitro_build '
ln -sf ../${CARGO_TARGET}/release/command-executer \
${OBJ_PATH}/command-executer/release/command-executer
touch $@
.build-command-executer-eif: .build-nitro-cli .build-command-executer \
$(BASE_PATH)/samples/command_executer/resources/blobs/${HOST_MACHINE}/* \
$(BASE_PATH)/samples/command_executer/resources/Dockerfile.alpine
$(MKDIR) -p $(OBJ_PATH)/command-executer/command_executer_docker_dir
$(CP) \
$(OBJ_PATH)/command-executer/${CARGO_TARGET}/release/command-executer \
$(OBJ_PATH)/command-executer/command_executer_docker_dir
$(CP) \
$(BASE_PATH)/samples/command_executer/resources/Dockerfile.alpine \
$(OBJ_PATH)/command-executer/command_executer_docker_dir/Dockerfile
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
-v /var/run/docker.sock:/var/run/docker.sock \
$(CONTAINER_TAG) bin/bash -c \
'NITRO_CLI_BLOBS=/nitro_src/samples/command_executer/resources/blobs/${HOST_MACHINE} \
/nitro_build/nitro_cli/${CARGO_TARGET}/release/nitro-cli \
build-enclave \
--docker-uri command_executer:eif \
--docker-dir /nitro_build/command-executer/command_executer_docker_dir \
--output-file /nitro_build/command-executer/command_executer.eif'
touch $@
command-executer: build-setup build-container .build-command-executer-eif
# See .build-container rule for explanation.
.build-nitro-tests: $(BASE_PATH)/tests
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
$(CONTAINER_TAG) bin/bash -c \
'source /root/.cargo/env && set -o pipefail && \
OPENSSL_STATIC=yes OPENSSL_DIR=/musl_openssl/ CC=${CC} cargo test \
--release \
--no-run \
--all \
--manifest-path=/nitro_src/Cargo.toml \
--target=${CARGO_TARGET} \
--target-dir=/nitro_build/nitro_cli \
--message-format json \
| tee /nitro_build/nitro-tests-build.log | \
jq -r "select(.profile.test == true) | .filenames[], .package_id" | \
paste -d " " - - | cut -d " " -f 1,2 \
> /nitro_build/test_executables.txt && \
chmod -R 777 nitro_build '
touch $@
nitro-tests: build-setup build-container .build-nitro-tests
nitro-format: build-setup build-container
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
$(CONTAINER_TAG) bin/bash -c \
'source /root/.cargo/env && \
cargo fmt --manifest-path=/nitro_src/Cargo.toml -q --all -- --check '
nitro-clippy: build-setup build-container
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
$(CONTAINER_TAG) bin/bash -c \
'source /root/.cargo/env && \
cargo clippy --manifest-path=/nitro_src/Cargo.toml --all'
nitro-audit: build-setup build-container
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
$(CONTAINER_TAG) bin/bash -c \
'source /root/.cargo/env && \
cargo audit -f /nitro_src/Cargo.lock'
# See .build-container rule for explanation.
.build-vsock-proxy: $(shell find $(BASE_PATH)/vsock_proxy/src -name "*.rs")
$(DOCKER) run \
-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
$(CONTAINER_TAG) bin/bash -c \
'source /root/.cargo/env && \
CC=${CC} cargo build \
--release \
--target-dir=/nitro_build/vsock_proxy \
--target=${CARGO_TARGET} \
--manifest-path=/nitro_src/vsock_proxy/Cargo.toml && \
chmod -R 777 nitro_build '
ln -sf ../${CARGO_TARGET}/release/vsock-proxy \
${OBJ_PATH}/vsock_proxy/release/vsock-proxy
touch $@
vsock-proxy: build-setup build-container .build-vsock-proxy
.PHONY: vsock-proxy-native
vsock-proxy-native:
cargo build \
--release \
--manifest-path=${BASE_PATH}/vsock_proxy/Cargo.toml \
--target-dir=${OBJ_PATH}/vsock_proxy
.PHONY: install-command-executer
install-command-executer:
$(INSTALL) -D -m 0755 $(OBJ_PATH)/command-executer/release/command-executer ${NITRO_CLI_INSTALL_DIR}/${BIN_DIR}/command-executer
# Target for installing only the binaries available to the end-user
.PHONY: install-tools
install-tools:
$(INSTALL) -D -m 0755 $(OBJ_PATH)/nitro_cli/release/nitro-cli ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/nitro-cli
$(INSTALL) -D -m 0755 $(OBJ_PATH)/vsock_proxy/release/vsock-proxy ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/vsock-proxy
$(INSTALL) -D -m 0644 vsock_proxy/service/nitro-enclaves-vsock-proxy.service ${NITRO_CLI_INSTALL_DIR}${UNIT_DIR}/nitro-enclaves-vsock-proxy.service
$(INSTALL) -D -m 0644 vsock_proxy/configs/vsock-proxy.yaml ${NITRO_CLI_INSTALL_DIR}${CONF_DIR}/nitro_enclaves/vsock-proxy.yaml
$(INSTALL) -D -m 0755 bootstrap/nitro-enclaves-allocator ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/nitro-enclaves-allocator
$(INSTALL) -D -m 0664 bootstrap/allocator.yaml ${NITRO_CLI_INSTALL_DIR}${CONF_DIR}/nitro_enclaves/allocator.yaml
$(INSTALL) -D -m 0644 bootstrap/nitro-enclaves-allocator.service ${NITRO_CLI_INSTALL_DIR}${UNIT_DIR}/nitro-enclaves-allocator.service
$(MKDIR) -p ${NITRO_CLI_INSTALL_DIR}${DATA_DIR}/nitro_enclaves/blobs
$(CP) -r blobs/${HOST_MACHINE}/* ${NITRO_CLI_INSTALL_DIR}${DATA_DIR}/nitro_enclaves/blobs/
$(MKDIR) -p ${NITRO_CLI_INSTALL_DIR}${DATA_DIR}/nitro_enclaves/examples
$(CP) -r examples/${HOST_MACHINE}/* ${NITRO_CLI_INSTALL_DIR}${DATA_DIR}/nitro_enclaves/examples/
.PHONY: install
install: install-tools nitro_enclaves
$(MKDIR) -p ${NITRO_CLI_INSTALL_DIR}/lib/modules/$(uname -r)/extra/nitro_enclaves
$(INSTALL) -D -m 0755 drivers/virt/nitro_enclaves/nitro_enclaves.ko \
${NITRO_CLI_INSTALL_DIR}/lib/modules/$(uname -r)/extra/nitro_enclaves/nitro_enclaves.ko
$(INSTALL) -D -m 0644 bootstrap/env.sh ${NITRO_CLI_INSTALL_DIR}${ENV_SETUP_DIR}/nitro-cli-env.sh
$(INSTALL) -D -m 0755 bootstrap/nitro-cli-config ${NITRO_CLI_INSTALL_DIR}${ENV_SETUP_DIR}/nitro-cli-config
sed -i "2 a NITRO_CLI_INSTALL_DIR=$$(readlink -f ${NITRO_CLI_INSTALL_DIR})" \
${NITRO_CLI_INSTALL_DIR}${ENV_SETUP_DIR}/nitro-cli-env.sh
echo "Installation finished"
echo "Please run \"source ${NITRO_CLI_INSTALL_DIR}${ENV_SETUP_DIR}/nitro-cli-env.sh\" to setup the environment or add it your local shell configuration"
.PHONY: uninstall
uninstall:
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/nitro-cli
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/vsock-proxy
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/nitro-enclaves-allocator
$(RM) -rf ${NITRO_CLI_INSTALL_DIR}${DATA_DIR}/nitro_enclaves
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${UNIT_DIR}/nitro-enclaves-vsock-proxy.service
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${CONF_DIR}/nitro_enclaves/vsock-proxy.yaml
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${UNIT_DIR}/nitro-enclaves-allocator.service
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${CONF_DIR}/nitro_enclaves/allocator.yaml
$(RM) -rf ${NITRO_CLI_INSTALL_DIR}/lib/modules/$(uname -r)/extra/nitro_enclaves
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${ENV_SETUP_DIR}/nitro-cli-env.sh
$(RM) -f ${NITRO_CLI_INSTALL_DIR}${ENV_SETUP_DIR}/nitro-cli-config
.PHONY: clean
clean:
$(DOCKER) rmi command_executer:eif 2> /dev/null || true
$(RM) -rf $(OBJ_PATH)
$(RM) -f .build*