diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 1dcecf92..227f7d3e 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -10,15 +10,132 @@ jobs: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) + sudo mkdir -p /opt/intel + cd /opt/intel + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" + cd $WORK_DIR + make psw_install_pkg -j$(nproc) + cd /opt/intel + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $WORK_DIR/.. + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + cd scripts + ./build_deps.py + + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + sudo make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + + - name: Configure and build SGX wallet + run: | + source /opt/intel/sgxsdk/environment + ./autoconf.bash + ./configure + make -j$(nproc) + mkdir -p sgx_data + + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + mkdir -p build/usr/sbin + mkdir -p build/usr/lib + cp -r /opt/intel build/opt/intel/ + # Copy Intel DAL Host Interface binaries + cp /usr/sbin/jhid build/usr/sbin/ || true + cp /usr/lib/libjhi.so build/usr/lib/ || true + cp /usr/lib/libteemanagement.so build/usr/lib/ || true + - name: build and deploy test image run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA} + - name: Calculate and cache VERSION if: | github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/beta' || diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index c39f8a6c..16df9bd8 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -9,13 +9,133 @@ jobs: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) + sudo mkdir -p /opt/intel + cd /opt/intel + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" + cd $WORK_DIR + make psw_install_pkg -j$(nproc) + cd /opt/intel + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $WORK_DIR/.. + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + cd scripts + ./build_deps.py + + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + sudo make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + + - name: Configure and build SGX wallet for Intel submission + run: | + source /opt/intel/sgxsdk/environment + cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml + cd scripts + ./generate_signing_key.bash + cd .. + ./autoconf.bash + ./configure --with-sgx-build=prerelease + make -j$(nproc) + mkdir -p sgx_data + + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + mkdir -p build/usr/sbin + mkdir -p build/usr/lib + cp -r /opt/intel build/opt/intel/ + # Copy Intel DAL Host Interface binaries + cp /usr/sbin/jhid build/usr/sbin/ || true + cp /usr/lib/libjhi.so build/usr/lib/ || true + cp /usr/lib/libteemanagement.so build/usr/lib/ || true + - name: build and deploy test image run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} - name: Calculate and cache VERSION diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index ef2e6963..83afc435 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -12,13 +12,110 @@ jobs: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} SECRET_KEY: ${{ secrets.V2 }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: Submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) + sudo mkdir -p /opt/intel + cd /opt/intel + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" + cd $WORK_DIR + make psw_install_pkg -j$(nproc) + cd /opt/intel + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $WORK_DIR/.. + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + cd scripts + ./build_deps.py + + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + sudo make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + - name: Create dir for signing enclave run: mkdir signed_enclaves - name: Write secret to file @@ -26,6 +123,34 @@ jobs: shell: bash - name: Generate public key run: openssl rsa -in signed_enclaves/skale_sgx_private_key0.pem -pubout -out signed_enclaves/skale_sgx_public_key0.pem + + - name: Configure and build SGX wallet for release + run: | + source /opt/intel/sgxsdk/environment + cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml + ./autoconf.bash + ./configure --with-sgx-build=release + cd secure_enclave + make secure_enclave.so -j$(nproc) + cd ../scripts + ./sign_enclave.bash + cd .. + rm secure_enclave/secure_enclave*.so + cp signed_enclaves/secure_enclave_signed0.so secure_enclave/secure_enclave.signed.so + make -j$(nproc) + mkdir -p sgx_data + + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + mkdir -p build/usr/sbin + mkdir -p build/usr/lib + cp -r /opt/intel build/opt/intel/ + # Copy Intel DAL Host Interface binaries + cp /usr/sbin/jhid build/usr/sbin/ || true + cp /usr/lib/libjhi.so build/usr/lib/ || true + cp /usr/lib/libteemanagement.so build/usr/lib/ || true + - name: Calculate and cache VERSION run : | export BRANCH=${GITHUB_REF##*/} diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index c52592b9..005aff2a 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -9,15 +9,131 @@ jobs: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Check that /dev/urandom exists run: ls /dev/urandom - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) + sudo mkdir -p /opt/intel + cd /opt/intel + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" + cd $WORK_DIR + make psw_install_pkg -j$(nproc) + cd /opt/intel + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $WORK_DIR/.. + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + cd scripts + ./build_deps.py + + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + sudo make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + + - name: Configure and build SGX wallet for simulation + run: | + source /opt/intel/sgxsdk/environment + cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml + ./autoconf.bash + ./configure --enable-sgx-simulation + make -j$(nproc) + mkdir -p sgx_data + + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + cp -r /opt/intel build/opt/intel/ + + - name: Cleanup existing Docker containers and images + run: | + docker stop sgxwallet || true + docker rm sgxwallet || true + - name: Build and publish container for testing run: python3 scripts/docker_build.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA} - name: test @@ -60,7 +176,6 @@ jobs: echo "Branch $BRANCH" echo "Using cached version $VERSION" export RELEASE=true - echo "::set-env name=RELEASE::$RELEASE" bash ./scripts/build_image.sh DockerfileSimulation sgxwallet_sim bash ./scripts/publish_image.sh sgxwallet_sim diff --git a/Dockerfile b/Dockerfile index c0eb92a3..c3b88c56 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,88 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy +# Install minimal runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + wget \ + curl \ + secure-delete \ + python3-pip \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ + mkdir -p /usr/src/sdk/sgx_data + +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY sgx_util /usr/src/sdk/sgx_util +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY cert /usr/src/sdk/cert + +# Copy Intel SGX runtime components +COPY build/opt/intel /opt/intel + +RUN ls -al /opt/intel -RUN touch /var/hwmode -RUN ./autoconf.bash -RUN ./configure -RUN bash -c "make -j$(nproc)" -RUN ccache -sz -RUN mkdir -p /usr/src/sdk/sgx_data -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + +# # Create symbolic links for SGX libraries in system library paths +# RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ +# ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ +# ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so + +# Copy Intel DAL Host Interface binaries (includes jhid) +COPY build/usr/sbin/jhid /usr/sbin/jhid +COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so +COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/check_firewall.py && \ + chmod +x /usr/sbin/jhid && \ + ldconfig + +# Create required directories +RUN mkdir -p /usr/src/sdk/sgx_data + +WORKDIR /usr/src/sdk + +# Mark as hardware mode +RUN touch /var/hwmode + ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileBase b/DockerfileBase index b84bc51b..c27d7c8f 100644 --- a/DockerfileBase +++ b/DockerfileBase @@ -1,53 +1,82 @@ FROM ubuntu:22.04 +# Install packages and setup environment in optimized layers COPY scripts/install_packages.sh /install_packages.sh RUN chmod +x /install_packages.sh && /install_packages.sh -RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \ - dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Install libssl1.1 dependency +RUN wget --progress=dot:mega http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx - -RUN cd linux-sgx && make preparation - -WORKDIR /linux-sgx -COPY . . - -RUN make sdk_install_pkg_no_mitigation +# Clone and build Intel SGX SDK/PSW +RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx \ + && cd linux-sgx \ + && make preparation \ + && make sdk_install_pkg_no_mitigation +# Install SGX SDK first (required before PSW build) WORKDIR /opt/intel RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' +# Build and install PSW WORKDIR /linux-sgx RUN make psw_install_pkg WORKDIR /opt/intel -RUN cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . -RUN ./sgx_linux_x64_psw*.bin --no-start-aesm +RUN cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . \ + && ./sgx_linux_x64_psw*.bin --no-start-aesm \ + && rm -f sgx_linux_x64_psw*.bin + +# Cleanup Intel SGX source +RUN rm -rf /linux-sgx COPY . /usr/src/sdk -RUN ls /usr/src/sdk/autoconf.bash WORKDIR /usr/src/sdk -RUN apt update && \ - apt install -yq apt-utils && \ - apt install -yq --no-install-recommends vim telnet ca-certificates perl \ - alien uuid-dev libxml2-dev ccache \ - yasm libprocps-dev texinfo \ - graphviz doxygen libgnutls28-dev libgcrypt20-dev && \ - ln -s /usr/bin/ccache /usr/local/bin/clang && \ - ln -s /usr/bin/ccache /usr/local/bin/clang++ && \ - ln -s /usr/bin/ccache /usr/local/bin/gcc && \ - ln -s /usr/bin/ccache /usr/local/bin/g++ && \ - ln -s /usr/bin/ccache /usr/local/bin/cc && \ - ln -s /usr/bin/ccache /usr/local/bin/c++ +# Install additional packages and setup ccache in one layer +RUN apt-get update \ + && apt-get install -yq --no-install-recommends \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev \ + && ln -s /usr/bin/ccache /usr/local/bin/clang \ + && ln -s /usr/bin/ccache /usr/local/bin/clang++ \ + && ln -s /usr/bin/ccache /usr/local/bin/gcc \ + && ln -s /usr/bin/ccache /usr/local/bin/g++ \ + && ln -s /usr/bin/ccache /usr/local/bin/cc \ + && ln -s /usr/bin/ccache /usr/local/bin/c++ \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* +# Build dependencies WORKDIR /usr/src/sdk/scripts RUN ./build_deps.py -RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz -WORKDIR dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b -RUN cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && make install -WORKDIR /usr/src/sdk/scripts -RUN rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + +# Install Intel DAL Host Interface and cleanup +RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz \ + && cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b \ + && cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit \ + && make install -j$(nproc) \ + && cd .. \ + && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + WORKDIR /usr/src/sdk RUN ./autoconf.bash + +# Final cleanup to reduce base image size +RUN find /usr/src/sdk -name "*.o" -type f -delete \ + && ccache -C diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 45eafddb..eb0f5cd7 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -1,23 +1,85 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk -RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy +# Install minimal runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + wget \ + curl \ + secure-delete \ + python3-pip \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ + mkdir -p /usr/src/sdk/sgx_data + +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY sgx_util /usr/src/sdk/sgx_util +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY cert /usr/src/sdk/cert + +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + +# Copy Intel SGX runtime components +COPY build/opt/intel /opt/intel -#Test signing key generation -RUN cd scripts && ./generate_signing_key.bash -RUN touch /var/hwmode -RUN ./autoconf.bash -RUN ./configure --with-sgx-build=prerelease -RUN bash -c "make -j$(nproc)" -RUN ccache -sz -RUN mkdir -p /usr/src/sdk/sgx_data -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + +# Create symbolic links for SGX libraries in system library paths +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so + +# Copy Intel DAL Host Interface binaries (includes jhid) +COPY build/usr/sbin/jhid /usr/sbin/jhid +COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so +COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/check_firewall.py && \ + chmod +x /usr/sbin/jhid && \ + ldconfig + +WORKDIR /usr/src/sdk + +# Mark as hardware mode +RUN touch /var/hwmode + ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileRelease b/DockerfileRelease index 6cc452ca..af1698f5 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -1,25 +1,86 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk -RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy +# Install minimal runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + wget \ + curl \ + secure-delete \ + python3-pip \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ + mkdir -p /usr/src/sdk/sgx_data + +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY sgx_util /usr/src/sdk/sgx_util +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY cert /usr/src/sdk/cert + +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + +# Copy Intel SGX runtime components +COPY build/opt/intel /opt/intel -RUN touch /var/hwmode -RUN ./autoconf.bash -RUN ./configure --with-sgx-build=release -RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" -RUN cd scripts && ./sign_enclave.bash -RUN rm /usr/src/sdk/secure_enclave/secure_enclave*.so -RUN cp signed_enclaves/secure_enclave_signed0.so secure_enclave/secure_enclave.signed.so -RUN bash -c "make -j$(nproc)" -RUN ccache -sz -RUN mkdir -p /usr/src/sdk/sgx_data -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + +# Create symbolic links for SGX libraries in system library paths +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so + +# Copy Intel DAL Host Interface binaries (includes jhid) +COPY build/usr/sbin/jhid /usr/sbin/jhid +COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so +COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/testw.py && \ + chmod +x /usr/src/sdk/check_firewall.py && \ + chmod +x /usr/sbin/jhid && \ + ldconfig + +WORKDIR /usr/src/sdk + +# Mark as hardware mode +RUN touch /var/hwmode + ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileSimulation b/DockerfileSimulation index e80ddc14..ec888be7 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -1,22 +1,83 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh -RUN ccache -sz +# Install minimal runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + wget \ + curl \ + secure-delete \ + python3-pip \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk -RUN cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml -RUN ./autoconf.bash && \ - ./configure --enable-sgx-simulation && \ - bash -c "make" && \ - ccache -sz && \ +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ mkdir -p /usr/src/sdk/sgx_data -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY testw /usr/src/sdk/testw +COPY sgx_util /usr/src/sdk/sgx_util +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY testw.py /usr/src/sdk/testw.py +COPY cert /usr/src/sdk/cert +COPY insecure-samples /usr/src/sdk/insecure-samples + +# Copy Intel SGX runtime components +COPY build/opt/intel /opt/intel + +# Copy SGX SDK directory structure +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk + +# Create symbolic links for SGX libraries in system library paths +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/libsgx_urts_sim.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so.2 /usr/lib/libsgx_urts_sim.so.2 && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/libsgx_uae_service_sim.so + +# Copy Intel DAL Host Interface binaries (includes jhid) + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/testw.py && \ + chmod +x /usr/src/sdk/check_firewall.py && \ + ldconfig + +WORKDIR /usr/src/sdk + +# Note: No /var/hwmode file for simulation mode ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/jsonrpc/build.sh b/jsonrpc/build.sh index 6f808f05..7ecdd5df 100755 --- a/jsonrpc/build.sh +++ b/jsonrpc/build.sh @@ -1,99 +1,18 @@ #!/bin/bash -export UNIX_SYSTEM_NAME=`uname -s` -export NUMBER_OF_CPU_CORES=1 -if [ "$UNIX_SYSTEM_NAME" = "Linux" ]; -then - export NUMBER_OF_CPU_CORES=`grep -c ^processor /proc/cpuinfo` - export READLINK=readlink - export SO_EXT=so -fi -if [ "$UNIX_SYSTEM_NAME" = "Darwin" ]; -then - #export NUMBER_OF_CPU_CORES=`system_profiler | awk '/Number Of CPUs/{print $4}{next;}'` - export NUMBER_OF_CPU_CORES=`sysctl -n hw.ncpu` - # required -> brew install coreutils - export READLINK=/usr/local/bin/greadlink - export SO_EXT=dylib -fi +export UNIX_SYSTEM_NAME=$(uname -s) +export NUMBER_OF_CPU_CORES=$(grep -c ^processor /proc/cpuinfo) +export READLINK=readlink INSTALL_ROOT_RELATIVE="../libBLS/deps/deps_inst/x86_or_x64/" -INSTALL_ROOT=`$READLINK -f $INSTALL_ROOT_RELATIVE` +INSTALL_ROOT=$($READLINK -f $INSTALL_ROOT_RELATIVE) -TOP_CMAKE_BUILD_TYPE="Release" -if [ "$DEBUG" = "1" ]; -then - DEBUG=1 - TOP_CMAKE_BUILD_TYPE="Debug" - DEBUG_D="d" - CONF_DEBUG_OPTIONS="--enable-debug" -else - DEBUG=0 - DEBUG_D="" - CONF_DEBUG_OPTIONS="" -fi - -export OPENSSL_SRC_RELATIVE="../libBLS/deps/openssl" -export OPENSSL_SRC=`$READLINK -f $OPENSSL_SRC_RELATIVE` - -git clone https://github.com/madler/zlib.git -cd zlib -./configure --static --prefix=$INSTALL_ROOT -make -make install -cd .. - -git clone https://github.com/jonathanmarvens/argtable2.git -cd argtable2 -mkdir -p build -cd build -cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE .. -make -make install -cd ../.. - -tar -xzf ./pre_downloaded/jsoncpp.tar.gz -cd jsoncpp -mkdir -p build -cd build -cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE \ - -DBUILD_SHARED_LIBS=NO \ - -DBUILD_STATIC_LIBS=YES \ - .. -make -make install -cd ../.. - -git clone https://github.com/curl/curl.git -cd curl -git checkout curl-8_2_1 -mkdir -p build -cd build -cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCURL_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE .. -echo " " >> lib/curl_config.h -echo "#define HAVE_POSIX_STRERROR_R 1" >> lib/curl_config.h -echo " " >> lib/curl_config.h -### Set HAVE_POSIX_STRERROR_R to 1 in build/lib/curl_config.h -make -make install -cd ../.. - -git clone https://github.com/scottjg/libmicrohttpd.git -cd libmicrohttpd -MHD_HTTPS_OPT="" -if [ "$WITH_GCRYPT" = "yes" ]; -then - MHD_HTTPS_OPT="--enable-https" -fi -./bootstrap -./configure --enable-static --disable-shared --with-pic --prefix=$INSTALL_ROOT $MHD_HTTPS_OPT -make -make install -cd .. +TOP_CMAKE_BUILD_TYPE="RelWithDebInfo" +DEBUG_D="" git clone https://github.com/skalenetwork/libjson-rpc-cpp.git --recursive cd libjson-rpc-cpp -git checkout b547a27e8802bfba3564d8075efa36a475f4d9e8 +git checkout 245a2b73276cdd99a3f5b262a5aad1c86ef227a5 git pull rm -rf build || true mkdir -p build @@ -115,11 +34,11 @@ cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_T -DCOMPILE_STUBGEN=YES \ -DCOMPILE_EXAMPLES=NO \ -DWITH_COVERAGE=NO \ - -DARGTABLE_INCLUDE_DIR=../../argtable2/src \ + -DARGTABLE_INCLUDE_DIR=../../../libBLS/deps/argtable2/src \ -DARGTABLE_LIBRARY=$INSTALL_ROOT/lib/libargtable2${DEBUG_D}.a \ -DCURL_INCLUDE_DIR=$INSTALL_ROOT/include \ -DJSONCPP_INCLUDE_DIR=$INSTALL_ROOT/include \ .. -make -make install +make -j $NUMBER_OF_CPU_CORES +make -j $NUMBER_OF_CPU_CORES install cd ../.. diff --git a/scripts/build_deps.py b/scripts/build_deps.py index eaf379c6..62aaa683 100755 --- a/scripts/build_deps.py +++ b/scripts/build_deps.py @@ -26,10 +26,17 @@ import os import subprocess +# Get number of CPU cores for parallel builds +try: + num_cores = str(os.cpu_count()) +except: + num_cores = "1" # fallback to 1 core + os.chdir("..") topDir = os.getcwd() print("Starting build") print("Top directory is:" + topDir) +print("Using {} cores for parallel builds".format(num_cores)) makeExecutable = subprocess.check_output(["which", "make"]) SCRIPTS_DIR = topDir + "/scripts" GMP_DIR = topDir + "/sgx-gmp" @@ -43,9 +50,9 @@ TGMP_BUILD_DIR = topDir + "/tgmp-build" SDK_DIR = topDir + "/sgx-sdk-build" -JSON_LIBS_DIR = topDir + "/jsonrpc" +JSON_LIBS_DIR = topDir + "/jsonrpc" -BLS_DIR = topDir + "/libBLS" +BLS_DIR = topDir + "/libBLS" BLS_BUILD_DIR = BLS_DIR + "/build" print("Cleaning") @@ -66,25 +73,25 @@ print("Build LibBLS"); os.chdir(BLS_DIR + "/deps") -assert subprocess.call(["bash", "-c", "./build.sh"]) == 0 +assert subprocess.call(["bash", "-c", "export CMAKE_BUILD_TYPE=Release && ./build.sh"]) == 0 os.chdir(BLS_DIR) -assert subprocess.call(["bash", "-c", "cmake -H. -Bbuild -DBUILD_TESTS=OFF"]) == 0 +assert subprocess.call(["bash", "-c", "cmake -H. -Bbuild -DBUILD_TESTS=OFF -DCMAKE_BUILD_TYPE=RelWithDebInfo"]) == 0 os.chdir(BLS_DIR + "/build") -assert subprocess.call(["bash", "-c", "make"]) == 0 +assert subprocess.call(["bash", "-c", "make -j" + num_cores]) == 0 print("Build ZMQ"); os.chdir(ZMQ_DIR) assert subprocess.call(["bash", "-c", "mkdir -p build"]) == 0 os.chdir(ZMQ_BUILD_DIR) -assert subprocess.call(["bash", "-c", "cmake -DDZMQ_EXPERIMENTAL=1 -DCMAKE_BUILD_TYPE=Release .. && cmake --build ."]) == 0 +assert subprocess.call(["bash", "-c", "cmake -DDZMQ_EXPERIMENTAL=1 -DCMAKE_BUILD_TYPE=Release .. && cmake --build . -j " + num_cores]) == 0 print("Build LevelDB"); os.chdir(LEVELDB_DIR) assert subprocess.call(["bash", "-c", "mkdir -p build"]) == 0 os.chdir(LEVELDB_BUILD_DIR) -assert subprocess.call(["bash", "-c", "cmake -DCMAKE_BUILD_TYPE=Release .. && cmake --build ."]) == 0 +assert subprocess.call(["bash", "-c", "cmake -DCMAKE_BUILD_TYPE=Release .. && cmake --build . -j " + num_cores]) == 0 print("Build JSON"); @@ -101,16 +108,21 @@ os.chdir(GMP_DIR) assert subprocess.call(["bash", "-c", "./configure --prefix=" + TGMP_BUILD_DIR + " --disable-shared --enable-static --with-pic --enable-sgx --with-sgxsdk=" + SDK_DIR + "/sgxsdk"]) == 0 -assert subprocess.call(["make", "install"]) == 0 +assert subprocess.call(["make", "-j" + num_cores, "install"]) == 0 assert subprocess.call(["make", "clean"]) == 0 assert subprocess.call(["bash", "-c", "./configure --prefix=" + GMP_BUILD_DIR + " --disable-shared --enable-static --with-pic --with-sgxsdk=" + SDK_DIR + "/sgxsdk"]) == 0 -assert subprocess.call(["make", "install"]) == 0 +assert subprocess.call(["make", "-j" + num_cores, "install"]) == 0 assert subprocess.call(["make", "clean"]) == 0 os.chdir(topDir) assert subprocess.call(["cp", "third_party/gmp/sgx_tgmp.h.fixed", TGMP_BUILD_DIR + "/include/sgx_tgmp.h"]) == 0 +print("Cleanup") +os.chdir(BLS_DIR + "/deps") +assert subprocess.call(["bash", "-c", "find . -maxdepth 1 -type d ! -name '.' ! -name 'deps_inst' -exec rm -rf {} +"]) == 0 +assert subprocess.call(["bash", "-c", "find . -maxdepth 1 -type f \\( -name '*.tar.gz' -o -name '*.tar.bz2' -o -name '*.tar.xz' -o -name '*.zip' -o -name '*.tgz' -o -name '*.tbz2' \\) -delete"]) == 0 + os.chdir(topDir) -print("Build successfull.") +print("Build successful.") \ No newline at end of file