From 9b0dc55875a5b2669117c3b9b2dbd2f8e004ad26 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 16:11:22 +0100 Subject: [PATCH 01/52] #478 remove extra deps from release container --- DockerfileBase | 3 +++ scripts/build_deps.py | 10 +++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/DockerfileBase b/DockerfileBase index b84bc51b..2e184fed 100644 --- a/DockerfileBase +++ b/DockerfileBase @@ -25,6 +25,9 @@ WORKDIR /opt/intel RUN cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . RUN ./sgx_linux_x64_psw*.bin --no-start-aesm +# Cleanup +RUN rm -rf /linux-sgx + COPY . /usr/src/sdk RUN ls /usr/src/sdk/autoconf.bash WORKDIR /usr/src/sdk diff --git a/scripts/build_deps.py b/scripts/build_deps.py index eaf379c6..870018af 100755 --- a/scripts/build_deps.py +++ b/scripts/build_deps.py @@ -43,9 +43,9 @@ TGMP_BUILD_DIR = topDir + "/tgmp-build" SDK_DIR = topDir + "/sgx-sdk-build" -JSON_LIBS_DIR = topDir + "/jsonrpc" +JSON_LIBS_DIR = topDir + "/jsonrpc" -BLS_DIR = topDir + "/libBLS" +BLS_DIR = topDir + "/libBLS" BLS_BUILD_DIR = BLS_DIR + "/build" print("Cleaning") @@ -112,5 +112,9 @@ os.chdir(topDir) assert subprocess.call(["cp", "third_party/gmp/sgx_tgmp.h.fixed", TGMP_BUILD_DIR + "/include/sgx_tgmp.h"]) == 0 +print("Cleanup") +os.chdir(BLS_DIR + "/deps") +assert subprocess.call(["bash", "-c", "find . -maxdepth 1 -type d ! -name '.' ! -name 'deps_inst' -exec rm -rf {} +"]) == 0 + os.chdir(topDir) -print("Build successfull.") +print("Build successfull.") \ No newline at end of file From a3d615241f9a6ff28855c25856399a88efdcb8e7 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 16:15:33 +0100 Subject: [PATCH 02/52] #478 update build deps --- scripts/build_deps.py | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/scripts/build_deps.py b/scripts/build_deps.py index 870018af..d5ba0d2f 100755 --- a/scripts/build_deps.py +++ b/scripts/build_deps.py @@ -26,10 +26,17 @@ import os import subprocess +# Get number of CPU cores for parallel builds +try: + num_cores = str(os.cpu_count()) +except: + num_cores = "1" # fallback to 1 core + os.chdir("..") topDir = os.getcwd() print("Starting build") print("Top directory is:" + topDir) +print("Using {} cores for parallel builds".format(num_cores)) makeExecutable = subprocess.check_output(["which", "make"]) SCRIPTS_DIR = topDir + "/scripts" GMP_DIR = topDir + "/sgx-gmp" @@ -66,25 +73,25 @@ print("Build LibBLS"); os.chdir(BLS_DIR + "/deps") -assert subprocess.call(["bash", "-c", "./build.sh"]) == 0 +assert subprocess.call(["bash", "-c", "./build.sh CMAKE_BUILD_TYPE=Release"]) == 0 os.chdir(BLS_DIR) -assert subprocess.call(["bash", "-c", "cmake -H. -Bbuild -DBUILD_TESTS=OFF"]) == 0 +assert subprocess.call(["bash", "-c", "cmake -H. -Bbuild -DBUILD_TESTS=OFF -DCMAKE_BUILD_TYPE=RelWithDebInfo"]) == 0 os.chdir(BLS_DIR + "/build") -assert subprocess.call(["bash", "-c", "make"]) == 0 +assert subprocess.call(["bash", "-c", "make -j" + num_cores]) == 0 print("Build ZMQ"); os.chdir(ZMQ_DIR) assert subprocess.call(["bash", "-c", "mkdir -p build"]) == 0 os.chdir(ZMQ_BUILD_DIR) -assert subprocess.call(["bash", "-c", "cmake -DDZMQ_EXPERIMENTAL=1 -DCMAKE_BUILD_TYPE=Release .. && cmake --build ."]) == 0 +assert subprocess.call(["bash", "-c", "cmake -DDZMQ_EXPERIMENTAL=1 -DCMAKE_BUILD_TYPE=Release .. && cmake --build . -j " + num_cores]) == 0 print("Build LevelDB"); os.chdir(LEVELDB_DIR) assert subprocess.call(["bash", "-c", "mkdir -p build"]) == 0 os.chdir(LEVELDB_BUILD_DIR) -assert subprocess.call(["bash", "-c", "cmake -DCMAKE_BUILD_TYPE=Release .. && cmake --build ."]) == 0 +assert subprocess.call(["bash", "-c", "cmake -DCMAKE_BUILD_TYPE=Release .. && cmake --build . -j " + num_cores]) == 0 print("Build JSON"); @@ -101,12 +108,12 @@ os.chdir(GMP_DIR) assert subprocess.call(["bash", "-c", "./configure --prefix=" + TGMP_BUILD_DIR + " --disable-shared --enable-static --with-pic --enable-sgx --with-sgxsdk=" + SDK_DIR + "/sgxsdk"]) == 0 -assert subprocess.call(["make", "install"]) == 0 +assert subprocess.call(["make", "-j" + num_cores, "install"]) == 0 assert subprocess.call(["make", "clean"]) == 0 assert subprocess.call(["bash", "-c", "./configure --prefix=" + GMP_BUILD_DIR + " --disable-shared --enable-static --with-pic --with-sgxsdk=" + SDK_DIR + "/sgxsdk"]) == 0 -assert subprocess.call(["make", "install"]) == 0 +assert subprocess.call(["make", "-j" + num_cores, "install"]) == 0 assert subprocess.call(["make", "clean"]) == 0 os.chdir(topDir) From 0494455bc7f56e8895cbe63dd3e1205441922df4 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 16:23:22 +0100 Subject: [PATCH 03/52] #478 update build deps --- scripts/build_deps.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build_deps.py b/scripts/build_deps.py index d5ba0d2f..413dc184 100755 --- a/scripts/build_deps.py +++ b/scripts/build_deps.py @@ -73,7 +73,7 @@ print("Build LibBLS"); os.chdir(BLS_DIR + "/deps") -assert subprocess.call(["bash", "-c", "./build.sh CMAKE_BUILD_TYPE=Release"]) == 0 +assert subprocess.call(["bash", "-c", "export CMAKE_BUILD_TYPE=Release && ./build.sh"]) == 0 os.chdir(BLS_DIR) assert subprocess.call(["bash", "-c", "cmake -H. -Bbuild -DBUILD_TESTS=OFF -DCMAKE_BUILD_TYPE=RelWithDebInfo"]) == 0 os.chdir(BLS_DIR + "/build") From a8821105ab29dc064f3ff8d6aee57a7deb589cb9 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 16:46:20 +0100 Subject: [PATCH 04/52] #478 cleanup deps script --- jsonrpc/build.sh | 96 ++++-------------------------------------------- 1 file changed, 8 insertions(+), 88 deletions(-) diff --git a/jsonrpc/build.sh b/jsonrpc/build.sh index 6f808f05..ace6e2db 100755 --- a/jsonrpc/build.sh +++ b/jsonrpc/build.sh @@ -1,95 +1,15 @@ #!/bin/bash -export UNIX_SYSTEM_NAME=`uname -s` -export NUMBER_OF_CPU_CORES=1 -if [ "$UNIX_SYSTEM_NAME" = "Linux" ]; -then - export NUMBER_OF_CPU_CORES=`grep -c ^processor /proc/cpuinfo` - export READLINK=readlink - export SO_EXT=so -fi -if [ "$UNIX_SYSTEM_NAME" = "Darwin" ]; -then - #export NUMBER_OF_CPU_CORES=`system_profiler | awk '/Number Of CPUs/{print $4}{next;}'` - export NUMBER_OF_CPU_CORES=`sysctl -n hw.ncpu` - # required -> brew install coreutils - export READLINK=/usr/local/bin/greadlink - export SO_EXT=dylib -fi +export UNIX_SYSTEM_NAME=$(uname -s) +export NUMBER_OF_CPU_CORES=$(grep -c ^processor /proc/cpuinfo) +export READLINK=readlink +export SO_EXT=so INSTALL_ROOT_RELATIVE="../libBLS/deps/deps_inst/x86_or_x64/" -INSTALL_ROOT=`$READLINK -f $INSTALL_ROOT_RELATIVE` +INSTALL_ROOT=$($READLINK -f $INSTALL_ROOT_RELATIVE) -TOP_CMAKE_BUILD_TYPE="Release" -if [ "$DEBUG" = "1" ]; -then - DEBUG=1 - TOP_CMAKE_BUILD_TYPE="Debug" - DEBUG_D="d" - CONF_DEBUG_OPTIONS="--enable-debug" -else - DEBUG=0 - DEBUG_D="" - CONF_DEBUG_OPTIONS="" -fi - -export OPENSSL_SRC_RELATIVE="../libBLS/deps/openssl" -export OPENSSL_SRC=`$READLINK -f $OPENSSL_SRC_RELATIVE` - -git clone https://github.com/madler/zlib.git -cd zlib -./configure --static --prefix=$INSTALL_ROOT -make -make install -cd .. - -git clone https://github.com/jonathanmarvens/argtable2.git -cd argtable2 -mkdir -p build -cd build -cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE .. -make -make install -cd ../.. - -tar -xzf ./pre_downloaded/jsoncpp.tar.gz -cd jsoncpp -mkdir -p build -cd build -cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE \ - -DBUILD_SHARED_LIBS=NO \ - -DBUILD_STATIC_LIBS=YES \ - .. -make -make install -cd ../.. - -git clone https://github.com/curl/curl.git -cd curl -git checkout curl-8_2_1 -mkdir -p build -cd build -cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCURL_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE .. -echo " " >> lib/curl_config.h -echo "#define HAVE_POSIX_STRERROR_R 1" >> lib/curl_config.h -echo " " >> lib/curl_config.h -### Set HAVE_POSIX_STRERROR_R to 1 in build/lib/curl_config.h -make -make install -cd ../.. - -git clone https://github.com/scottjg/libmicrohttpd.git -cd libmicrohttpd -MHD_HTTPS_OPT="" -if [ "$WITH_GCRYPT" = "yes" ]; -then - MHD_HTTPS_OPT="--enable-https" -fi -./bootstrap -./configure --enable-static --disable-shared --with-pic --prefix=$INSTALL_ROOT $MHD_HTTPS_OPT -make -make install -cd .. +TOP_CMAKE_BUILD_TYPE="RelWithDebInfo" +DEBUG_D="" git clone https://github.com/skalenetwork/libjson-rpc-cpp.git --recursive cd libjson-rpc-cpp @@ -115,7 +35,7 @@ cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_T -DCOMPILE_STUBGEN=YES \ -DCOMPILE_EXAMPLES=NO \ -DWITH_COVERAGE=NO \ - -DARGTABLE_INCLUDE_DIR=../../argtable2/src \ + -DARGTABLE_INCLUDE_DIR=../libBLS/deps/argtable2/src \ -DARGTABLE_LIBRARY=$INSTALL_ROOT/lib/libargtable2${DEBUG_D}.a \ -DCURL_INCLUDE_DIR=$INSTALL_ROOT/include \ -DJSONCPP_INCLUDE_DIR=$INSTALL_ROOT/include \ From 82086828afea48098d918cbe9342bce110480323 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 16:48:37 +0100 Subject: [PATCH 05/52] #478 cleanup deps script --- jsonrpc/build.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/jsonrpc/build.sh b/jsonrpc/build.sh index ace6e2db..2d9aa225 100755 --- a/jsonrpc/build.sh +++ b/jsonrpc/build.sh @@ -3,7 +3,6 @@ export UNIX_SYSTEM_NAME=$(uname -s) export NUMBER_OF_CPU_CORES=$(grep -c ^processor /proc/cpuinfo) export READLINK=readlink -export SO_EXT=so INSTALL_ROOT_RELATIVE="../libBLS/deps/deps_inst/x86_or_x64/" INSTALL_ROOT=$($READLINK -f $INSTALL_ROOT_RELATIVE) @@ -40,6 +39,6 @@ cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_T -DCURL_INCLUDE_DIR=$INSTALL_ROOT/include \ -DJSONCPP_INCLUDE_DIR=$INSTALL_ROOT/include \ .. -make -make install +make -j $NUMBER_OF_CPU_CORES +make -j $NUMBER_OF_CPU_CORES install cd ../.. From d6ae01db3c1eb7980eefbcac036ba70852b48c23 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 16:54:18 +0100 Subject: [PATCH 06/52] #478 free more space after build --- Dockerfile | 1 + DockerfileIntelSubmission | 1 + DockerfileRelease | 1 + DockerfileSimulation | 1 + 4 files changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index c0eb92a3..c2d2cc97 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,4 +17,5 @@ COPY docker/start.sh ./ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so +RUN find /usr/src/sdk -name "*.o" -type f -delete ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 45eafddb..d28ca9fe 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -20,4 +20,5 @@ COPY docker/start.sh ./ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so +RUN find /usr/src/sdk -name "*.o" -type f -delete ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileRelease b/DockerfileRelease index 6cc452ca..4fde8787 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -22,4 +22,5 @@ COPY docker/start.sh ./ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so +RUN find /usr/src/sdk -name "*.o" -type f -delete ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileSimulation b/DockerfileSimulation index e80ddc14..808bfc32 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -18,5 +18,6 @@ RUN ./autoconf.bash && \ COPY docker/start.sh ./ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ +RUN find /usr/src/sdk -name "*.o" -type f -delete ENTRYPOINT ["/usr/src/sdk/start.sh"] From f01c0b5064c6ab058ad430c56fab6479013f0bd6 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 20:39:15 +0100 Subject: [PATCH 07/52] #478 update deps script --- scripts/build_deps.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/build_deps.py b/scripts/build_deps.py index 413dc184..a3b98f05 100755 --- a/scripts/build_deps.py +++ b/scripts/build_deps.py @@ -122,6 +122,7 @@ print("Cleanup") os.chdir(BLS_DIR + "/deps") assert subprocess.call(["bash", "-c", "find . -maxdepth 1 -type d ! -name '.' ! -name 'deps_inst' -exec rm -rf {} +"]) == 0 +assert subprocess.call(["bash", "-c", "find . -maxdepth 1 -type f \\( -name '*.tar.gz' -o -name '*.tar.bz2' -o -name '*.tar.xz' -o -name '*.zip' -o -name '*.tgz' -o -name '*.tbz2' \\) -delete"]) == 0 os.chdir(topDir) print("Build successfull.") \ No newline at end of file From 5c82fd6cd773eaa4c9a9a1fa936505b0a8980a07 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 22:12:57 +0100 Subject: [PATCH 08/52] #478 optimize container build --- Dockerfile | 37 ++++++++++----- DockerfileBase | 96 ++++++++++++++++++++++++--------------- DockerfileIntelSubmission | 44 ++++++++++++------ DockerfileRelease | 50 +++++++++++++------- DockerfileSimulation | 37 +++++++++------ scripts/build_deps.py | 2 +- 6 files changed, 173 insertions(+), 93 deletions(-) diff --git a/Dockerfile b/Dockerfile index c2d2cc97..72b43d80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,19 +3,32 @@ FROM skalenetwork/sgxwallet_base:latest COPY . /usr/src/sdk WORKDIR /usr/src/sdk -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy +# Install dependencies and Python packages in one layer +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + secure-delete \ + python3-pip \ + && pip3 install --upgrade --no-cache-dir pip \ + && pip3 install --no-cache-dir requests torpy \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* -RUN touch /var/hwmode -RUN ./autoconf.bash -RUN ./configure -RUN bash -c "make -j$(nproc)" -RUN ccache -sz -RUN mkdir -p /usr/src/sdk/sgx_data +# Build application +RUN touch /var/hwmode \ + && ./autoconf.bash \ + && ./configure \ + && make -j$(nproc) \ + && ccache -sz \ + && mkdir -p /usr/src/sdk/sgx_data + +# Copy runtime scripts COPY docker/start.sh ./ COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ -RUN rm /opt/intel/sgxsdk/lib64/*_sim.so -RUN find /usr/src/sdk -name "*.o" -type f -delete + +# Cleanup to reduce image size +RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ + && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ + && find /usr/src/sdk -name "*.o" -type f -delete \ + && ccache -C + ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileBase b/DockerfileBase index 2e184fed..7d8724c2 100644 --- a/DockerfileBase +++ b/DockerfileBase @@ -1,56 +1,78 @@ FROM ubuntu:22.04 +# Install packages and setup environment in optimized layers COPY scripts/install_packages.sh /install_packages.sh RUN chmod +x /install_packages.sh && /install_packages.sh -RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \ - dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Install libssl1.1 dependency +RUN wget --progress=dot:mega http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx - -RUN cd linux-sgx && make preparation - -WORKDIR /linux-sgx -COPY . . - -RUN make sdk_install_pkg_no_mitigation - -WORKDIR /opt/intel -RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' - -WORKDIR /linux-sgx -RUN make psw_install_pkg +# Clone and build Intel SGX SDK/PSW +RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx \ + && cd linux-sgx \ + && make preparation \ + && make sdk_install_pkg_no_mitigation \ + && make psw_install_pkg +# Install SGX SDK and PSW WORKDIR /opt/intel -RUN cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . -RUN ./sgx_linux_x64_psw*.bin --no-start-aesm +RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' \ + && cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . \ + && ./sgx_linux_x64_psw*.bin --no-start-aesm \ + && rm -f sgx_linux_x64_psw*.bin -# Cleanup +# Cleanup Intel SGX source RUN rm -rf /linux-sgx COPY . /usr/src/sdk -RUN ls /usr/src/sdk/autoconf.bash WORKDIR /usr/src/sdk -RUN apt update && \ - apt install -yq apt-utils && \ - apt install -yq --no-install-recommends vim telnet ca-certificates perl \ - alien uuid-dev libxml2-dev ccache \ - yasm libprocps-dev texinfo \ - graphviz doxygen libgnutls28-dev libgcrypt20-dev && \ - ln -s /usr/bin/ccache /usr/local/bin/clang && \ - ln -s /usr/bin/ccache /usr/local/bin/clang++ && \ - ln -s /usr/bin/ccache /usr/local/bin/gcc && \ - ln -s /usr/bin/ccache /usr/local/bin/g++ && \ - ln -s /usr/bin/ccache /usr/local/bin/cc && \ - ln -s /usr/bin/ccache /usr/local/bin/c++ +# Install additional packages and setup ccache in one layer +RUN apt-get update \ + && apt-get install -yq --no-install-recommends \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev \ + && ln -s /usr/bin/ccache /usr/local/bin/clang \ + && ln -s /usr/bin/ccache /usr/local/bin/clang++ \ + && ln -s /usr/bin/ccache /usr/local/bin/gcc \ + && ln -s /usr/bin/ccache /usr/local/bin/g++ \ + && ln -s /usr/bin/ccache /usr/local/bin/cc \ + && ln -s /usr/bin/ccache /usr/local/bin/c++ \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* +# Build dependencies WORKDIR /usr/src/sdk/scripts RUN ./build_deps.py -RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz -WORKDIR dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b -RUN cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && make install -WORKDIR /usr/src/sdk/scripts -RUN rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + +# Install Intel DAL Host Interface and cleanup +RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz \ + && cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b \ + && cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit \ + && make install -j$(nproc) \ + && cd .. \ + && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + WORKDIR /usr/src/sdk RUN ./autoconf.bash + +# Final cleanup to reduce base image size +RUN find /usr/src/sdk -name "*.o" -type f -delete \ + && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ + && ccache -C diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index d28ca9fe..9b7d614a 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -2,23 +2,39 @@ FROM skalenetwork/sgxwallet_base:latest COPY . /usr/src/sdk WORKDIR /usr/src/sdk + +# Configure for release build RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy +# Install dependencies and Python packages in one layer +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + secure-delete \ + python3-pip \ + && pip3 install --upgrade --no-cache-dir pip \ + && pip3 install --no-cache-dir requests torpy \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Generate signing key, build and configure application +RUN cd scripts \ + && ./generate_signing_key.bash \ + && cd .. \ + && touch /var/hwmode \ + && ./autoconf.bash \ + && ./configure --with-sgx-build=prerelease \ + && make -j$(nproc) \ + && ccache -sz \ + && mkdir -p /usr/src/sdk/sgx_data -#Test signing key generation -RUN cd scripts && ./generate_signing_key.bash -RUN touch /var/hwmode -RUN ./autoconf.bash -RUN ./configure --with-sgx-build=prerelease -RUN bash -c "make -j$(nproc)" -RUN ccache -sz -RUN mkdir -p /usr/src/sdk/sgx_data +# Copy runtime scripts COPY docker/start.sh ./ COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ -RUN rm /opt/intel/sgxsdk/lib64/*_sim.so -RUN find /usr/src/sdk -name "*.o" -type f -delete + +# Cleanup to reduce image size +RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ + && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ + && find /usr/src/sdk -name "*.o" -type f -delete \ + && ccache -C + ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileRelease b/DockerfileRelease index 4fde8787..d376bd59 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -2,25 +2,43 @@ FROM skalenetwork/sgxwallet_base:latest COPY . /usr/src/sdk WORKDIR /usr/src/sdk + +# Configure for release build RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy +# Install dependencies and Python packages in one layer +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + secure-delete \ + python3-pip \ + && pip3 install --upgrade --no-cache-dir pip \ + && pip3 install --no-cache-dir requests torpy \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Build application with release configuration +RUN touch /var/hwmode \ + && ./autoconf.bash \ + && ./configure --with-sgx-build=release \ + && cd secure_enclave \ + && make secure_enclave.so -j$(nproc) \ + && cd ../scripts \ + && ./sign_enclave.bash \ + && cd .. \ + && rm /usr/src/sdk/secure_enclave/secure_enclave*.so \ + && cp signed_enclaves/secure_enclave_signed0.so secure_enclave/secure_enclave.signed.so \ + && make -j$(nproc) \ + && ccache -sz \ + && mkdir -p /usr/src/sdk/sgx_data -RUN touch /var/hwmode -RUN ./autoconf.bash -RUN ./configure --with-sgx-build=release -RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" -RUN cd scripts && ./sign_enclave.bash -RUN rm /usr/src/sdk/secure_enclave/secure_enclave*.so -RUN cp signed_enclaves/secure_enclave_signed0.so secure_enclave/secure_enclave.signed.so -RUN bash -c "make -j$(nproc)" -RUN ccache -sz -RUN mkdir -p /usr/src/sdk/sgx_data +# Copy runtime scripts COPY docker/start.sh ./ COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ -RUN rm /opt/intel/sgxsdk/lib64/*_sim.so -RUN find /usr/src/sdk -name "*.o" -type f -delete + +# Cleanup to reduce image size +RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ + && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ + && find /usr/src/sdk -name "*.o" -type f -delete \ + && ccache -C + ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileSimulation b/DockerfileSimulation index 808bfc32..d9943476 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -1,23 +1,34 @@ FROM skalenetwork/sgxwallet_base:latest -RUN apt update && apt install -y curl secure-delete python3-pip -RUN pip3 install --upgrade pip -RUN pip3 install requests torpy - -RUN ccache -sz +# Install dependencies and Python packages in one layer +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + secure-delete \ + python3-pip \ + && pip3 install --upgrade --no-cache-dir pip \ + && pip3 install --no-cache-dir requests torpy \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && ccache -sz COPY . /usr/src/sdk WORKDIR /usr/src/sdk -RUN cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml -RUN ./autoconf.bash && \ - ./configure --enable-sgx-simulation && \ - bash -c "make" && \ - ccache -sz && \ - mkdir -p /usr/src/sdk/sgx_data +# Configure and build application +RUN cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml \ + && ./autoconf.bash \ + && ./configure --enable-sgx-simulation \ + && make -j$(nproc) \ + && ccache -sz \ + && mkdir -p /usr/src/sdk/sgx_data + +# Copy runtime scripts COPY docker/start.sh ./ COPY docker/check_firewall.py ./ -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ -RUN find /usr/src/sdk -name "*.o" -type f -delete + +# Cleanup to reduce image size +RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ + && find /usr/src/sdk -name "*.o" -type f -delete \ + && ccache -C ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/scripts/build_deps.py b/scripts/build_deps.py index a3b98f05..62aaa683 100755 --- a/scripts/build_deps.py +++ b/scripts/build_deps.py @@ -125,4 +125,4 @@ assert subprocess.call(["bash", "-c", "find . -maxdepth 1 -type f \\( -name '*.tar.gz' -o -name '*.tar.bz2' -o -name '*.tar.xz' -o -name '*.zip' -o -name '*.tgz' -o -name '*.tbz2' \\) -delete"]) == 0 os.chdir(topDir) -print("Build successfull.") \ No newline at end of file +print("Build successful.") \ No newline at end of file From 09481157efe5181e97cdd5a167e844c14088863b Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 22:46:17 +0100 Subject: [PATCH 09/52] #478 optimize build --- DockerfileBase | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/DockerfileBase b/DockerfileBase index 7d8724c2..7ad9fce2 100644 --- a/DockerfileBase +++ b/DockerfileBase @@ -13,13 +13,18 @@ RUN wget --progress=dot:mega http://archive.ubuntu.com/ubuntu/pool/main/o/openss RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx \ && cd linux-sgx \ && make preparation \ - && make sdk_install_pkg_no_mitigation \ - && make psw_install_pkg + && make sdk_install_pkg_no_mitigation -# Install SGX SDK and PSW +# Install SGX SDK first (required before PSW build) WORKDIR /opt/intel -RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' \ - && cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . \ +RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + +# Build and install PSW +WORKDIR /linux-sgx +RUN make psw_install_pkg + +WORKDIR /opt/intel +RUN cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . \ && ./sgx_linux_x64_psw*.bin --no-start-aesm \ && rm -f sgx_linux_x64_psw*.bin From 5f00cd54a24105ab15c1018025e1e6e70bca2220 Mon Sep 17 00:00:00 2001 From: Oleh Date: Mon, 29 Sep 2025 23:32:39 +0100 Subject: [PATCH 10/52] #478 fix base build --- DockerfileBase | 1 - 1 file changed, 1 deletion(-) diff --git a/DockerfileBase b/DockerfileBase index 7ad9fce2..c27d7c8f 100644 --- a/DockerfileBase +++ b/DockerfileBase @@ -79,5 +79,4 @@ RUN ./autoconf.bash # Final cleanup to reduce base image size RUN find /usr/src/sdk -name "*.o" -type f -delete \ - && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ && ccache -C From c109b5f764ad9b9ae31f96ad710499090fa34134 Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 00:03:54 +0100 Subject: [PATCH 11/52] #478 free more space --- Dockerfile | 1 + DockerfileIntelSubmission | 1 + DockerfileRelease | 1 + DockerfileSimulation | 1 + 4 files changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 72b43d80..a50ff1ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,7 @@ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ && find /usr/src/sdk -name "*.o" -type f -delete \ + && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ && ccache -C ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 9b7d614a..3e21aadd 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -35,6 +35,7 @@ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ && find /usr/src/sdk -name "*.o" -type f -delete \ + && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ && ccache -C ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileRelease b/DockerfileRelease index d376bd59..00500d2b 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -39,6 +39,7 @@ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ && find /usr/src/sdk -name "*.o" -type f -delete \ + && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ && ccache -C ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileSimulation b/DockerfileSimulation index d9943476..cffffe5f 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -29,6 +29,7 @@ COPY docker/check_firewall.py ./ # Cleanup to reduce image size RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ && find /usr/src/sdk -name "*.o" -type f -delete \ + && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ && ccache -C ENTRYPOINT ["/usr/src/sdk/start.sh"] From 0f5b423016db017c09f5006183dc6618b2cfc61f Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 16:28:29 +0100 Subject: [PATCH 12/52] #478 update build process --- .github/workflows/dockerimage.yml | 86 +++++++++++++++++ .../workflows/dockerimageintelsubmission.yml | 89 ++++++++++++++++++ .github/workflows/dockerimagerelease.yml | 94 +++++++++++++++++++ .github/workflows/dockerimagesim.yml | 87 ++++++++++++++++- Dockerfile | 39 ++++---- DockerfileIntelSubmission | 45 ++++----- DockerfileRelease | 49 ++++------ DockerfileSimulation | 38 ++++---- 8 files changed, 426 insertions(+), 101 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 1dcecf92..a1b3d522 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -17,8 +17,94 @@ jobs: - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation + make sdk_install_pkg_no_mitigation + cd /opt/intel + sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $(pwd)/../*/linux-sgx + make psw_install_pkg + cd /opt/intel + sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $(pwd)/../* + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + cd scripts + sudo ./build_deps.py + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + + - name: Configure and build SGX wallet + run: | + source /opt/intel/sgxsdk/environment + ./autoconf.bash + ./configure + make -j$(nproc) + mkdir -p sgx_data + - name: build and deploy test image run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA} + - name: Calculate and cache VERSION if: | github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/beta' || diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index c39f8a6c..002fc1cc 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -16,6 +16,95 @@ jobs: - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation + make sdk_install_pkg_no_mitigation + cd /opt/intel + sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $(pwd)/../*/linux-sgx + make psw_install_pkg + cd /opt/intel + sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $(pwd)/../* + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + cd scripts + sudo ./build_deps.py + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + + - name: Configure and build SGX wallet for Intel submission + run: | + source /opt/intel/sgxsdk/environment + cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml + cd scripts + ./generate_signing_key.bash + cd .. + ./autoconf.bash + ./configure --with-sgx-build=prerelease + make -j$(nproc) + mkdir -p sgx_data + - name: build and deploy test image run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} - name: Calculate and cache VERSION diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index ef2e6963..f777199b 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -19,6 +19,83 @@ jobs: - uses: actions/checkout@v2 - name: Submodule update run: git submodule update --init --recursive + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation + make sdk_install_pkg_no_mitigation + cd /opt/intel + sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $(pwd)/../*/linux-sgx + make psw_install_pkg + cd /opt/intel + sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $(pwd)/../* + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + cd scripts + sudo ./build_deps.py + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + - name: Create dir for signing enclave run: mkdir signed_enclaves - name: Write secret to file @@ -26,6 +103,23 @@ jobs: shell: bash - name: Generate public key run: openssl rsa -in signed_enclaves/skale_sgx_private_key0.pem -pubout -out signed_enclaves/skale_sgx_public_key0.pem + + - name: Configure and build SGX wallet for release + run: | + source /opt/intel/sgxsdk/environment + cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml + ./autoconf.bash + ./configure --with-sgx-build=release + cd secure_enclave + make secure_enclave.so -j$(nproc) + cd ../scripts + ./sign_enclave.bash + cd .. + rm /usr/src/sdk/secure_enclave/secure_enclave*.so + cp signed_enclaves/secure_enclave_signed0.so secure_enclave/secure_enclave.signed.so + make -j$(nproc) + mkdir -p sgx_data + - name: Calculate and cache VERSION run : | export BRANCH=${GITHUB_REF##*/} diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index c52592b9..964d0012 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -18,6 +18,92 @@ jobs: - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + + # Host build steps (moved from DockerfileBase) + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install -yq --no-install-recommends \ + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev + + - name: Install libssl1.1 dependency + run: | + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + + - name: Install Intel SGX SDK and PSW + run: | + git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx + cd linux-sgx + make preparation + make sdk_install_pkg_no_mitigation + cd /opt/intel + sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $(pwd)/../*/linux-sgx + make psw_install_pkg + cd /opt/intel + sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo ./sgx_linux_x64_psw*.bin --no-start-aesm + sudo rm -f sgx_linux_x64_psw*.bin + cd $(pwd)/../* + rm -rf linux-sgx + + - name: Setup ccache + run: | + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang + sudo ln -sf /usr/bin/ccache /usr/local/bin/clang++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/gcc + sudo ln -sf /usr/bin/ccache /usr/local/bin/g++ + sudo ln -sf /usr/bin/ccache /usr/local/bin/cc + sudo ln -sf /usr/bin/ccache /usr/local/bin/c++ + + - name: Build dependencies + run: | + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh + cd scripts + sudo ./build_deps.py + + - name: Install Intel DAL Host Interface + run: | + cd scripts + wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz + cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit + make install -j$(nproc) + cd .. + rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b + + - name: Configure and build SGX wallet for simulation + run: | + source /opt/intel/sgxsdk/environment + cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml + ./autoconf.bash + ./configure --enable-sgx-simulation + make -j$(nproc) + mkdir -p sgx_data + - name: Build and publish container for testing run: python3 scripts/docker_build.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA} - name: test @@ -60,7 +146,6 @@ jobs: echo "Branch $BRANCH" echo "Using cached version $VERSION" export RELEASE=true - echo "::set-env name=RELEASE::$RELEASE" bash ./scripts/build_image.sh DockerfileSimulation sgxwallet_sim bash ./scripts/publish_image.sh sgxwallet_sim diff --git a/Dockerfile b/Dockerfile index a50ff1ab..48aa4f68 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,6 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk - -# Install dependencies and Python packages in one layer +# Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ secure-delete \ @@ -13,23 +10,23 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Build application -RUN touch /var/hwmode \ - && ./autoconf.bash \ - && ./configure \ - && make -j$(nproc) \ - && ccache -sz \ - && mkdir -p /usr/src/sdk/sgx_data +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py -# Copy runtime scripts -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ +# Create required directories +RUN mkdir -p /usr/src/sdk/sgx_data + +WORKDIR /usr/src/sdk -# Cleanup to reduce image size -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ - && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ - && find /usr/src/sdk -name "*.o" -type f -delete \ - && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ - && ccache -C +# Mark as hardware mode +RUN touch /var/hwmode ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 3e21aadd..48aa4f68 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -1,12 +1,6 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk - -# Configure for release build -RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml - -# Install dependencies and Python packages in one layer +# Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ secure-delete \ @@ -16,26 +10,23 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Generate signing key, build and configure application -RUN cd scripts \ - && ./generate_signing_key.bash \ - && cd .. \ - && touch /var/hwmode \ - && ./autoconf.bash \ - && ./configure --with-sgx-build=prerelease \ - && make -j$(nproc) \ - && ccache -sz \ - && mkdir -p /usr/src/sdk/sgx_data +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -# Copy runtime scripts -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + +# Create required directories +RUN mkdir -p /usr/src/sdk/sgx_data + +WORKDIR /usr/src/sdk -# Cleanup to reduce image size -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ - && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ - && find /usr/src/sdk -name "*.o" -type f -delete \ - && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ - && ccache -C +# Mark as hardware mode +RUN touch /var/hwmode ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileRelease b/DockerfileRelease index 00500d2b..48aa4f68 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -1,12 +1,6 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk - -# Configure for release build -RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml - -# Install dependencies and Python packages in one layer +# Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ secure-delete \ @@ -16,30 +10,23 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Build application with release configuration -RUN touch /var/hwmode \ - && ./autoconf.bash \ - && ./configure --with-sgx-build=release \ - && cd secure_enclave \ - && make secure_enclave.so -j$(nproc) \ - && cd ../scripts \ - && ./sign_enclave.bash \ - && cd .. \ - && rm /usr/src/sdk/secure_enclave/secure_enclave*.so \ - && cp signed_enclaves/secure_enclave_signed0.so secure_enclave/secure_enclave.signed.so \ - && make -j$(nproc) \ - && ccache -sz \ - && mkdir -p /usr/src/sdk/sgx_data +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -# Copy runtime scripts -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + +# Create required directories +RUN mkdir -p /usr/src/sdk/sgx_data + +WORKDIR /usr/src/sdk -# Cleanup to reduce image size -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ - && rm -f /opt/intel/sgxsdk/lib64/*_sim.so \ - && find /usr/src/sdk -name "*.o" -type f -delete \ - && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ - && ccache -C +# Mark as hardware mode +RUN touch /var/hwmode ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileSimulation b/DockerfileSimulation index cffffe5f..ece00e25 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -1,6 +1,6 @@ -FROM skalenetwork/sgxwallet_base:latest +FROM ubuntu:22.04 -# Install dependencies and Python packages in one layer +# Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ secure-delete \ @@ -8,28 +8,24 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && pip3 install --upgrade --no-cache-dir pip \ && pip3 install --no-cache-dir requests torpy \ && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && ccache -sz + && rm -rf /var/lib/apt/lists/* -COPY . /usr/src/sdk -WORKDIR /usr/src/sdk +# Install libssl1.1 dependency +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ + && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb + +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py -# Configure and build application -RUN cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml \ - && ./autoconf.bash \ - && ./configure --enable-sgx-simulation \ - && make -j$(nproc) \ - && ccache -sz \ - && mkdir -p /usr/src/sdk/sgx_data +# Create required directories +RUN mkdir -p /usr/src/sdk/sgx_data -# Copy runtime scripts -COPY docker/start.sh ./ -COPY docker/check_firewall.py ./ +WORKDIR /usr/src/sdk -# Cleanup to reduce image size -RUN rm -rf /usr/src/sdk/sgx-sdk-build/ \ - && find /usr/src/sdk -name "*.o" -type f -delete \ - && find /usr/src/sdk -type f \( -name "*.a" -o -name "*.la" \) -delete \ - && ccache -C +# Note: No /var/hwmode file for simulation mode ENTRYPOINT ["/usr/src/sdk/start.sh"] From 4a95047d1aae1fa1e58ac57eb68c527d8ccf363c Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 16:32:48 +0100 Subject: [PATCH 13/52] #478 update build process --- .github/workflows/dockerimage.yml | 1 - .github/workflows/dockerimageintelsubmission.yml | 1 - .github/workflows/dockerimagerelease.yml | 1 - .github/workflows/dockerimagesim.yml | 1 - 4 files changed, 4 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index a1b3d522..5cf0812a 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -21,7 +21,6 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | - sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 002fc1cc..c2764a93 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -20,7 +20,6 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | - sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index f777199b..7d19ba8b 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -23,7 +23,6 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | - sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 964d0012..8af320d9 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -22,7 +22,6 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | - sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ From d688f3fb5b461d7120120cee90a84ac726e5e0c8 Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 17:06:01 +0100 Subject: [PATCH 14/52] #478 update build process --- .github/workflows/dockerimage.yml | 5 +++-- .github/workflows/dockerimageintelsubmission.yml | 5 +++-- .github/workflows/dockerimagerelease.yml | 5 +++-- .github/workflows/dockerimagesim.yml | 5 +++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 5cf0812a..1aaf50a9 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -21,6 +21,7 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | + sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ @@ -43,6 +44,8 @@ jobs: doxygen \ libgnutls28-dev \ libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh - name: Install libssl1.1 dependency run: | @@ -78,8 +81,6 @@ jobs: - name: Build dependencies run: | - chmod +x scripts/install_packages.sh - sudo ./scripts/install_packages.sh cd scripts sudo ./build_deps.py diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index c2764a93..a528963f 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -20,6 +20,7 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | + sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ @@ -42,6 +43,8 @@ jobs: doxygen \ libgnutls28-dev \ libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh - name: Install libssl1.1 dependency run: | @@ -77,8 +80,6 @@ jobs: - name: Build dependencies run: | - chmod +x scripts/install_packages.sh - sudo ./scripts/install_packages.sh cd scripts sudo ./build_deps.py diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 7d19ba8b..527f5aac 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -23,6 +23,7 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | + sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ @@ -45,6 +46,8 @@ jobs: doxygen \ libgnutls28-dev \ libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh - name: Install libssl1.1 dependency run: | @@ -80,8 +83,6 @@ jobs: - name: Build dependencies run: | - chmod +x scripts/install_packages.sh - sudo ./scripts/install_packages.sh cd scripts sudo ./build_deps.py diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 8af320d9..0c940711 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -22,6 +22,7 @@ jobs: # Host build steps (moved from DockerfileBase) - name: Install host dependencies run: | + sudo apt-get update sudo apt-get install -yq --no-install-recommends \ wget \ curl \ @@ -44,6 +45,8 @@ jobs: doxygen \ libgnutls28-dev \ libgcrypt20-dev + chmod +x scripts/install_packages.sh + sudo ./scripts/install_packages.sh - name: Install libssl1.1 dependency run: | @@ -79,8 +82,6 @@ jobs: - name: Build dependencies run: | - chmod +x scripts/install_packages.sh - sudo ./scripts/install_packages.sh cd scripts sudo ./build_deps.py From b2841178b3be957f1c247ee1879bca4e23d5799a Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 17:31:46 +0100 Subject: [PATCH 15/52] #478 update build process --- .github/workflows/dockerimage.yml | 7 ++++--- .github/workflows/dockerimageintelsubmission.yml | 7 ++++--- .github/workflows/dockerimagerelease.yml | 7 ++++--- .github/workflows/dockerimagesim.yml | 7 ++++--- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 1aaf50a9..cd6fc15a 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -57,12 +57,13 @@ jobs: run: | git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx cd linux-sgx - make preparation - make sdk_install_pkg_no_mitigation + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + sudo mkdir -p /opt/intel cd /opt/intel sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' cd $(pwd)/../*/linux-sgx - make psw_install_pkg + make psw_install_pkg -j$(nproc) cd /opt/intel sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index a528963f..3c1530a0 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -56,12 +56,13 @@ jobs: run: | git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx cd linux-sgx - make preparation - make sdk_install_pkg_no_mitigation + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + sudo mkdir -p /opt/intel cd /opt/intel sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' cd $(pwd)/../*/linux-sgx - make psw_install_pkg + make psw_install_pkg -j$(nproc) cd /opt/intel sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 527f5aac..9b6905fa 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -59,12 +59,13 @@ jobs: run: | git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx cd linux-sgx - make preparation - make sdk_install_pkg_no_mitigation + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + sudo mkdir -p /opt/intel cd /opt/intel sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' cd $(pwd)/../*/linux-sgx - make psw_install_pkg + make psw_install_pkg -j$(nproc) cd /opt/intel sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 0c940711..87d6a610 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -58,12 +58,13 @@ jobs: run: | git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx cd linux-sgx - make preparation - make sdk_install_pkg_no_mitigation + make preparation -j$(nproc) + make sdk_install_pkg_no_mitigation -j$(nproc) + sudo mkdir -p /opt/intel cd /opt/intel sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' cd $(pwd)/../*/linux-sgx - make psw_install_pkg + make psw_install_pkg -j$(nproc) cd /opt/intel sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm From 3f1a5fda34f5e0f1ac12c5d8b32e7f2d2b6a68d2 Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 17:33:00 +0100 Subject: [PATCH 16/52] #478 update build process --- .github/workflows/dockerimage.yml | 4 ++++ .github/workflows/dockerimageintelsubmission.yml | 4 ++++ .github/workflows/dockerimagerelease.yml | 4 ++++ .github/workflows/dockerimagesim.yml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index cd6fc15a..5704777e 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -10,6 +10,10 @@ jobs: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Login to docker diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 3c1530a0..d0573661 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -9,6 +9,10 @@ jobs: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Login to docker diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 9b6905fa..bec5bf23 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -12,6 +12,10 @@ jobs: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} SECRET_KEY: ${{ secrets.V2 }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Login to docker diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 87d6a610..0da7b835 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -9,6 +9,10 @@ jobs: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Check that /dev/urandom exists From 34e817f7db77d29bedeb882875d107bd02c2c551 Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 18:30:45 +0100 Subject: [PATCH 17/52] #478 update build process --- .github/workflows/dockerimage.yml | 11 ++++++----- .github/workflows/dockerimageintelsubmission.yml | 11 ++++++----- .github/workflows/dockerimagerelease.yml | 11 ++++++----- .github/workflows/dockerimagesim.yml | 9 +++++---- 4 files changed, 23 insertions(+), 19 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 5704777e..1db06a43 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -63,18 +63,19 @@ jobs: cd linux-sgx make preparation -j$(nproc) make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' - cd $(pwd)/../*/linux-sgx + sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel - sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm sudo rm -f sgx_linux_x64_psw*.bin - cd $(pwd)/../* + cd $WORK_DIR/.. rm -rf linux-sgx - + - name: Setup ccache run: | sudo ln -sf /usr/bin/ccache /usr/local/bin/clang diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index d0573661..41211adb 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -62,18 +62,19 @@ jobs: cd linux-sgx make preparation -j$(nproc) make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' - cd $(pwd)/../*/linux-sgx + sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel - sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm sudo rm -f sgx_linux_x64_psw*.bin - cd $(pwd)/../* + cd $WORK_DIR/.. rm -rf linux-sgx - + - name: Setup ccache run: | sudo ln -sf /usr/bin/ccache /usr/local/bin/clang diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index bec5bf23..e1b7eed7 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -65,18 +65,19 @@ jobs: cd linux-sgx make preparation -j$(nproc) make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' - cd $(pwd)/../*/linux-sgx + sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel - sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm sudo rm -f sgx_linux_x64_psw*.bin - cd $(pwd)/../* + cd $WORK_DIR/.. rm -rf linux-sgx - + - name: Setup ccache run: | sudo ln -sf /usr/bin/ccache /usr/local/bin/clang diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 0da7b835..722490be 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -64,16 +64,17 @@ jobs: cd linux-sgx make preparation -j$(nproc) make sdk_install_pkg_no_mitigation -j$(nproc) + WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' - cd $(pwd)/../*/linux-sgx + sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel - sudo cp $(pwd)/../*/linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . + sudo cp $WORK_DIR/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm sudo rm -f sgx_linux_x64_psw*.bin - cd $(pwd)/../* + cd $WORK_DIR/.. rm -rf linux-sgx - name: Setup ccache From fa0a2c5aa671da0e53c22ea1920b797ed54df797 Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 18:33:50 +0100 Subject: [PATCH 18/52] #478 update build process --- .github/workflows/dockerimagesim.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 722490be..f8a66f84 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -10,9 +10,9 @@ jobs: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@0.9.1 - with: - access_token: ${{ github.token }} + uses: styfle/cancel-workflow-action@0.9.1 + with: + access_token: ${{ github.token }} - name: Fail, if older Github Actions machine. Click "Re-run jobs" run: cat /proc/cpuinfo | grep avx512 - name: Check that /dev/urandom exists From 6fc70ba4aab657422603e8321db0d7efaddc06b1 Mon Sep 17 00:00:00 2001 From: Oleh Date: Tue, 30 Sep 2025 18:57:39 +0100 Subject: [PATCH 19/52] #478 update build process --- .github/workflows/dockerimage.yml | 2 +- .github/workflows/dockerimageintelsubmission.yml | 2 +- .github/workflows/dockerimagerelease.yml | 2 +- .github/workflows/dockerimagesim.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 1db06a43..071935d6 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -66,7 +66,7 @@ jobs: WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 41211adb..81e88589 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -65,7 +65,7 @@ jobs: WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index e1b7eed7..6a10be34 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -68,7 +68,7 @@ jobs: WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index f8a66f84..0215a191 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -67,7 +67,7 @@ jobs: WORK_DIR=$(pwd) sudo mkdir -p /opt/intel cd /opt/intel - sudo sh -c 'echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + sudo sh -c "echo yes | $WORK_DIR/linux/installer/bin/sgx_linux_x64_sdk_*.bin" cd $WORK_DIR make psw_install_pkg -j$(nproc) cd /opt/intel From f529550a0774164c1527b12dcb47bcd8bce784db Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 09:56:59 +0100 Subject: [PATCH 20/52] #478 update build process --- .github/workflows/dockerimage.yml | 4 ++++ .github/workflows/dockerimageintelsubmission.yml | 4 ++++ .github/workflows/dockerimagerelease.yml | 4 ++++ .github/workflows/dockerimagesim.yml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 071935d6..872d6112 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -21,6 +21,10 @@ jobs: - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true # Host build steps (moved from DockerfileBase) - name: Install host dependencies diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 81e88589..858a89f6 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -20,6 +20,10 @@ jobs: - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true # Host build steps (moved from DockerfileBase) - name: Install host dependencies diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 6a10be34..3f64b751 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -23,6 +23,10 @@ jobs: - uses: actions/checkout@v2 - name: Submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true # Host build steps (moved from DockerfileBase) - name: Install host dependencies diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 0215a191..ebde1952 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -22,6 +22,10 @@ jobs: - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: Cleanup Intel SGX (initial) + run: | + sudo /opt/intel/sgxpsw/uninstall.sh || true + sudo /opt/intel/sgxsdk/uninstall.sh || true # Host build steps (moved from DockerfileBase) - name: Install host dependencies From dff60802743e4d6e047603dd07ad31f4bb050907 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 10:18:40 +0100 Subject: [PATCH 21/52] #478 fix deps build --- jsonrpc/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonrpc/build.sh b/jsonrpc/build.sh index 2d9aa225..d22cfdde 100755 --- a/jsonrpc/build.sh +++ b/jsonrpc/build.sh @@ -12,7 +12,7 @@ DEBUG_D="" git clone https://github.com/skalenetwork/libjson-rpc-cpp.git --recursive cd libjson-rpc-cpp -git checkout b547a27e8802bfba3564d8075efa36a475f4d9e8 +git checkout 0bc250af13385c782634635e3d376e1ed6d2c35d git pull rm -rf build || true mkdir -p build From 81fef19afae9f7a5f34714e57e0c4c139697a015 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 10:35:58 +0100 Subject: [PATCH 22/52] #478 fix deps build --- jsonrpc/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonrpc/build.sh b/jsonrpc/build.sh index d22cfdde..68d18041 100755 --- a/jsonrpc/build.sh +++ b/jsonrpc/build.sh @@ -12,7 +12,7 @@ DEBUG_D="" git clone https://github.com/skalenetwork/libjson-rpc-cpp.git --recursive cd libjson-rpc-cpp -git checkout 0bc250af13385c782634635e3d376e1ed6d2c35d +git checkout 245a2b73276cdd99a3f5b262a5aad1c86ef227a5 git pull rm -rf build || true mkdir -p build From 29eb07c185df9ffe11a29d42035037effe09ede8 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 11:06:53 +0100 Subject: [PATCH 23/52] #478 fix deps build --- jsonrpc/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonrpc/build.sh b/jsonrpc/build.sh index 68d18041..7ecdd5df 100755 --- a/jsonrpc/build.sh +++ b/jsonrpc/build.sh @@ -34,7 +34,7 @@ cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_T -DCOMPILE_STUBGEN=YES \ -DCOMPILE_EXAMPLES=NO \ -DWITH_COVERAGE=NO \ - -DARGTABLE_INCLUDE_DIR=../libBLS/deps/argtable2/src \ + -DARGTABLE_INCLUDE_DIR=../../../libBLS/deps/argtable2/src \ -DARGTABLE_LIBRARY=$INSTALL_ROOT/lib/libargtable2${DEBUG_D}.a \ -DCURL_INCLUDE_DIR=$INSTALL_ROOT/include \ -DJSONCPP_INCLUDE_DIR=$INSTALL_ROOT/include \ From a7776e25010dccdd72dd328b4a3b5e4609d1056c Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 11:25:21 +0100 Subject: [PATCH 24/52] #478 fix job setup --- .github/workflows/dockerimage.yml | 4 ++++ .github/workflows/dockerimageintelsubmission.yml | 4 ++++ .github/workflows/dockerimagerelease.yml | 4 ++++ .github/workflows/dockerimagesim.yml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 872d6112..5b957089 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -94,6 +94,10 @@ jobs: cd scripts sudo ./build_deps.py + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + - name: Install Intel DAL Host Interface run: | cd scripts diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 858a89f6..c00f278e 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -93,6 +93,10 @@ jobs: cd scripts sudo ./build_deps.py + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + - name: Install Intel DAL Host Interface run: | cd scripts diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 3f64b751..58d6eb0d 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -96,6 +96,10 @@ jobs: cd scripts sudo ./build_deps.py + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + - name: Install Intel DAL Host Interface run: | cd scripts diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index ebde1952..7c7c6136 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -95,6 +95,10 @@ jobs: cd scripts sudo ./build_deps.py + - name: Create Intel DAL directory + run: | + sudo mkdir -p /var/lib/intel/dal + - name: Install Intel DAL Host Interface run: | cd scripts From 460164d72c81dba210abfd6d28812d656020a377 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 12:16:32 +0100 Subject: [PATCH 25/52] #478 fix job setup --- .github/workflows/dockerimage.yml | 2 ++ .github/workflows/dockerimageintelsubmission.yml | 2 ++ .github/workflows/dockerimagerelease.yml | 2 ++ .github/workflows/dockerimagesim.yml | 2 ++ 4 files changed, 8 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 5b957089..f4f321cd 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -97,6 +97,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal + sudo chown -R $USER:$USER /var/lib/intel/dal + sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index c00f278e..252804ef 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -96,6 +96,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal + sudo chown -R $USER:$USER /var/lib/intel/dal + sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 58d6eb0d..fdcd2e86 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -99,6 +99,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal + sudo chown -R $USER:$USER /var/lib/intel/dal + sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 7c7c6136..7c9dcce7 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -98,6 +98,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal + sudo chown -R $USER:$USER /var/lib/intel/dal + sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | From d727ddefc3240af24ee54bfd18ced3db352954ba Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 14:07:51 +0100 Subject: [PATCH 26/52] #478 fix job setup --- .github/workflows/dockerimage.yml | 6 +++--- .github/workflows/dockerimageintelsubmission.yml | 6 +++--- .github/workflows/dockerimagerelease.yml | 6 +++--- .github/workflows/dockerimagesim.yml | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index f4f321cd..21e7095a 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -97,8 +97,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal - sudo chown -R $USER:$USER /var/lib/intel/dal - sudo chmod -R 755 /var/lib/intel/dal + # sudo chown -R $USER:$USER /var/lib/intel/dal + # sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | @@ -106,7 +106,7 @@ jobs: wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit - make install -j$(nproc) + sudo make install -j$(nproc) cd .. rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 252804ef..07b7b573 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -96,8 +96,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal - sudo chown -R $USER:$USER /var/lib/intel/dal - sudo chmod -R 755 /var/lib/intel/dal + # sudo chown -R $USER:$USER /var/lib/intel/dal + # sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | @@ -105,7 +105,7 @@ jobs: wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit - make install -j$(nproc) + sudo make install -j$(nproc) cd .. rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index fdcd2e86..ee759878 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -99,8 +99,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal - sudo chown -R $USER:$USER /var/lib/intel/dal - sudo chmod -R 755 /var/lib/intel/dal + # sudo chown -R $USER:$USER /var/lib/intel/dal + # sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | @@ -108,7 +108,7 @@ jobs: wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit - make install -j$(nproc) + sudo make install -j$(nproc) cd .. rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 7c9dcce7..828b6df7 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -98,8 +98,8 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal - sudo chown -R $USER:$USER /var/lib/intel/dal - sudo chmod -R 755 /var/lib/intel/dal + # sudo chown -R $USER:$USER /var/lib/intel/dal + # sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | @@ -107,7 +107,7 @@ jobs: wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit - make install -j$(nproc) + sudo make install -j$(nproc) cd .. rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b From 873a07c8b981a2a3e8880c18d17b07f79ed77559 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 14:30:33 +0100 Subject: [PATCH 27/52] #478 fix job setup --- Dockerfile | 45 +++++++++++++++++++++++++++++---------- DockerfileIntelSubmission | 45 +++++++++++++++++++++++++++++---------- DockerfileRelease | 45 +++++++++++++++++++++++++++++---------- DockerfileSimulation | 45 +++++++++++++++++++++++++++++---------- 4 files changed, 136 insertions(+), 44 deletions(-) diff --git a/Dockerfile b/Dockerfile index 48aa4f68..4b3757af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,49 @@ FROM ubuntu:22.04 +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - curl \ + wget curl \ secure-delete \ python3-pip \ - && pip3 install --upgrade --no-cache-dir pip \ - && pip3 install --no-cache-dir requests torpy \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + chmod +x scripts/install_packages.sh && \ + ./scripts/install_packages.sh && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* # Install libssl1.1 dependency RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py - # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 48aa4f68..4b3757af 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -1,26 +1,49 @@ FROM ubuntu:22.04 +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - curl \ + wget curl \ secure-delete \ python3-pip \ - && pip3 install --upgrade --no-cache-dir pip \ - && pip3 install --no-cache-dir requests torpy \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + chmod +x scripts/install_packages.sh && \ + ./scripts/install_packages.sh && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* # Install libssl1.1 dependency RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py - # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileRelease b/DockerfileRelease index 48aa4f68..4b3757af 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -1,26 +1,49 @@ FROM ubuntu:22.04 +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - curl \ + wget curl \ secure-delete \ python3-pip \ - && pip3 install --upgrade --no-cache-dir pip \ - && pip3 install --no-cache-dir requests torpy \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + chmod +x scripts/install_packages.sh && \ + ./scripts/install_packages.sh && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* # Install libssl1.1 dependency RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py - # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileSimulation b/DockerfileSimulation index ece00e25..ca0f616c 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -1,26 +1,49 @@ FROM ubuntu:22.04 +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - curl \ + wget curl \ secure-delete \ python3-pip \ - && pip3 install --upgrade --no-cache-dir pip \ - && pip3 install --no-cache-dir requests torpy \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + wget \ + curl \ + git \ + build-essential \ + cmake \ + apt-utils \ + vim \ + telnet \ + ca-certificates \ + perl \ + alien \ + uuid-dev \ + libxml2-dev \ + ccache \ + yasm \ + libprocps-dev \ + texinfo \ + graphviz \ + doxygen \ + libgnutls28-dev \ + libgcrypt20-dev && \ + chmod +x scripts/install_packages.sh && \ + ./scripts/install_packages.sh && \ + pip3 install --upgrade --no-cache-dir pip && \ + pip3 install --no-cache-dir requests torpy && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* # Install libssl1.1 dependency RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py - # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data From 00a5e779a1b34ff5c0102a68136121517d81e42d Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 14:59:09 +0100 Subject: [PATCH 28/52] #478 fix job setup --- Dockerfile | 4 ++-- DockerfileIntelSubmission | 4 ++-- DockerfileRelease | 4 ++-- DockerfileSimulation | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4b3757af..541556a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,8 +32,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x scripts/install_packages.sh && \ - ./scripts/install_packages.sh && \ + chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ + ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 4b3757af..541556a6 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -32,8 +32,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x scripts/install_packages.sh && \ - ./scripts/install_packages.sh && \ + chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ + ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ diff --git a/DockerfileRelease b/DockerfileRelease index 4b3757af..541556a6 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -32,8 +32,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x scripts/install_packages.sh && \ - ./scripts/install_packages.sh && \ + chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ + ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ diff --git a/DockerfileSimulation b/DockerfileSimulation index ca0f616c..e62088ae 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -32,8 +32,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x scripts/install_packages.sh && \ - ./scripts/install_packages.sh && \ + chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ + ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ From 9e22359d07efd8bbd4666c194cf38bf22f5dc686 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 15:27:21 +0100 Subject: [PATCH 29/52] #478 fix job setup --- Dockerfile | 16 +++++++++------- DockerfileIntelSubmission | 16 +++++++++------- DockerfileRelease | 16 +++++++++------- DockerfileSimulation | 16 +++++++++------- 4 files changed, 36 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 541556a6..91669290 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,8 @@ FROM ubuntu:22.04 -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ @@ -32,8 +30,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ - ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ @@ -44,6 +40,12 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 541556a6..91669290 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -1,10 +1,8 @@ FROM ubuntu:22.04 -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ @@ -32,8 +30,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ - ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ @@ -44,6 +40,12 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileRelease b/DockerfileRelease index 541556a6..91669290 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -1,10 +1,8 @@ FROM ubuntu:22.04 -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ @@ -32,8 +30,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ - ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ @@ -44,6 +40,12 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileSimulation b/DockerfileSimulation index e62088ae..7a5bc056 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -1,10 +1,8 @@ FROM ubuntu:22.04 -# Copy pre-built SGX wallet binary and runtime files -COPY sgxwallet /usr/src/sdk/sgxwallet -COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so -COPY docker/start.sh /usr/src/sdk/start.sh -COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +# Install packages and setup environment in optimized layers +COPY scripts/install_packages.sh /install_packages.sh +RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ @@ -32,8 +30,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ doxygen \ libgnutls28-dev \ libgcrypt20-dev && \ - chmod +x /usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ - ./usr/src/sdk/sgxwallet/scripts/install_packages.sh && \ pip3 install --upgrade --no-cache-dir pip && \ pip3 install --no-cache-dir requests torpy && \ apt-get clean && \ @@ -44,6 +40,12 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Copy pre-built SGX wallet binary and runtime files +COPY sgxwallet /usr/src/sdk/sgxwallet +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY docker/start.sh /usr/src/sdk/start.sh +COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py + # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data From ea95de7a0e59df4289a60134c49cf0cb1cb160ea Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 18:07:46 +0100 Subject: [PATCH 30/52] #478 fix job setup --- .github/workflows/dockerimage.yml | 6 +++++ .../workflows/dockerimageintelsubmission.yml | 6 +++++ .github/workflows/dockerimagerelease.yml | 6 +++++ .github/workflows/dockerimagesim.yml | 5 ++++ Dockerfile | 21 ++++++++++++++--- DockerfileIntelSubmission | 22 ++++++++++++++---- DockerfileRelease | 23 +++++++++++++++---- DockerfileSimulation | 21 +++++++++++++---- 8 files changed, 92 insertions(+), 18 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 21e7095a..6f672585 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -118,6 +118,12 @@ jobs: make -j$(nproc) mkdir -p sgx_data + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + cp -r /opt/intel/sgxsdk build/opt/intel/ + cp -r /opt/intel/sgxpsw build/opt/intel/ + - name: build and deploy test image run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA} diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 07b7b573..e40f59c7 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -121,6 +121,12 @@ jobs: make -j$(nproc) mkdir -p sgx_data + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + cp -r /opt/intel/sgxsdk build/opt/intel/ + cp -r /opt/intel/sgxpsw build/opt/intel/ + - name: build and deploy test image run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} - name: Calculate and cache VERSION diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index ee759878..06793369 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -136,6 +136,12 @@ jobs: make -j$(nproc) mkdir -p sgx_data + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + cp -r /opt/intel/sgxsdk build/opt/intel/ + cp -r /opt/intel/sgxpsw build/opt/intel/ + - name: Calculate and cache VERSION run : | export BRANCH=${GITHUB_REF##*/} diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 828b6df7..5f240cb7 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -120,6 +120,11 @@ jobs: make -j$(nproc) mkdir -p sgx_data + - name: Prepare build directory for Docker + run: | + mkdir -p build/opt/intel + cp -r /opt/intel/sgxsdk build/opt/intel/ + - name: Build and publish container for testing run: python3 scripts/docker_build.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA} - name: test diff --git a/Dockerfile b/Dockerfile index 91669290..43d30c2c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,10 @@ RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - wget curl \ - secure-delete \ - python3-pip \ wget \ curl \ + secure-delete \ + python3-pip \ git \ build-essential \ cmake \ @@ -40,11 +39,27 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ + mkdir -p /usr/src/sdk/sgx_data + # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY testw.py /usr/src/sdk/testw.py + +# Copy Intel SGX runtime components +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/testw.py && \ + chmod +x /usr/src/sdk/check_firewall.py # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 91669290..418e6dbf 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -6,11 +6,10 @@ RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - wget curl \ - secure-delete \ - python3-pip \ wget \ curl \ + secure-delete \ + python3-pip \ git \ build-essential \ cmake \ @@ -40,14 +39,27 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ + mkdir -p /usr/src/sdk/sgx_data + # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY testw.py /usr/src/sdk/testw.py -# Create required directories -RUN mkdir -p /usr/src/sdk/sgx_data +# Copy Intel SGX runtime components +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/testw.py && \ + chmod +x /usr/src/sdk/check_firewall.py WORKDIR /usr/src/sdk diff --git a/DockerfileRelease b/DockerfileRelease index 91669290..d8dbe4cb 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -5,12 +5,12 @@ COPY scripts/install_packages.sh /install_packages.sh RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies +RUN # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - wget curl \ - secure-delete \ - python3-pip \ wget \ curl \ + secure-delete \ + python3-pip \ git \ build-essential \ cmake \ @@ -40,14 +40,27 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ + mkdir -p /usr/src/sdk/sgx_data + # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY testw.py /usr/src/sdk/testw.py -# Create required directories -RUN mkdir -p /usr/src/sdk/sgx_data +# Copy Intel SGX runtime components +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/testw.py && \ + chmod +x /usr/src/sdk/check_firewall.py WORKDIR /usr/src/sdk diff --git a/DockerfileSimulation b/DockerfileSimulation index 7a5bc056..24503546 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -6,11 +6,10 @@ RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - wget curl \ - secure-delete \ - python3-pip \ wget \ curl \ + secure-delete \ + python3-pip \ git \ build-essential \ cmake \ @@ -40,14 +39,26 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1 && dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb \ && rm -f libssl1.1_1.1.1f-1ubuntu2_amd64.deb +# Create required directories +RUN mkdir -p /opt/intel/sgxsdk && \ + mkdir -p /opt/intel/sgxpsw && \ + mkdir -p /var/lib/intel/dal && \ + mkdir -p /usr/src/sdk/sgx_data + # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py +COPY testw.py /usr/src/sdk/testw.py -# Create required directories -RUN mkdir -p /usr/src/sdk/sgx_data +# Copy Intel SGX runtime components (simulation mode - minimal) +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk + +# Make scripts executable +RUN chmod +x /usr/src/sdk/start.sh && \ + chmod +x /usr/src/sdk/testw.py && \ + chmod +x /usr/src/sdk/check_firewall.py WORKDIR /usr/src/sdk From 9f4fab334811cc4a0e324c56f2ad62f01af7c7e5 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 21:16:46 +0100 Subject: [PATCH 31/52] #478 fix job setup --- Dockerfile | 1 + DockerfileIntelSubmission | 1 + DockerfileRelease | 1 + DockerfileSimulation | 1 + 4 files changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 43d30c2c..11e7af03 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,6 +47,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet +COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 418e6dbf..91d5d42b 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -47,6 +47,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet +COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py diff --git a/DockerfileRelease b/DockerfileRelease index d8dbe4cb..423203d9 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -48,6 +48,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet +COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py diff --git a/DockerfileSimulation b/DockerfileSimulation index 24503546..b2d83922 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -47,6 +47,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet +COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py From 5056aba9c04aca52183f62dfb1c8650c118ad314 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 21:55:30 +0100 Subject: [PATCH 32/52] #478 fix job setup --- Dockerfile | 1 + DockerfileIntelSubmission | 1 + DockerfileRelease | 1 + DockerfileSimulation | 1 + 4 files changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 11e7af03..522d01c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,6 +49,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ COPY sgxwallet /usr/src/sdk/sgxwallet COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 91d5d42b..26bbb032 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -49,6 +49,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ COPY sgxwallet /usr/src/sdk/sgxwallet COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py diff --git a/DockerfileRelease b/DockerfileRelease index 423203d9..4f6c463a 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -50,6 +50,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ COPY sgxwallet /usr/src/sdk/sgxwallet COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py diff --git a/DockerfileSimulation b/DockerfileSimulation index b2d83922..f4cd21e4 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -49,6 +49,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ COPY sgxwallet /usr/src/sdk/sgxwallet COPY testw /usr/src/sdk/testw COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so +COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py From 8f5eaa145a56355cd4bc7f70b9eea12f2876fc41 Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 23:01:11 +0100 Subject: [PATCH 33/52] #478 fix job setup --- Dockerfile | 1 + DockerfileIntelSubmission | 1 + DockerfileRelease | 1 + DockerfileSimulation | 1 + 4 files changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 522d01c1..fa1b5464 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,6 +53,7 @@ COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed. COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py +COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 26bbb032..af6beaa6 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -53,6 +53,7 @@ COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed. COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py +COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk diff --git a/DockerfileRelease b/DockerfileRelease index 4f6c463a..38bfb656 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -54,6 +54,7 @@ COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed. COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py +COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk diff --git a/DockerfileSimulation b/DockerfileSimulation index f4cd21e4..866836ae 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -53,6 +53,7 @@ COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed. COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py +COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components (simulation mode - minimal) COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk From c396304b0a4986b5d61fc9761ec1ee5f18f0c6de Mon Sep 17 00:00:00 2001 From: Oleh Date: Wed, 1 Oct 2025 23:28:57 +0100 Subject: [PATCH 34/52] #478 fix job setup --- DockerfileSimulation | 1 + 1 file changed, 1 insertion(+) diff --git a/DockerfileSimulation b/DockerfileSimulation index 866836ae..3b5b9c7a 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -54,6 +54,7 @@ COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY testw.py /usr/src/sdk/testw.py COPY cert /usr/src/sdk/cert +COPY insecure-samples /usr/src/sdk/insecure-samples # Copy Intel SGX runtime components (simulation mode - minimal) COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk From 516b4f91a4cbc62d43fef407a59118152481125e Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 10:18:00 +0100 Subject: [PATCH 35/52] #478 fix job setup --- Dockerfile | 3 +-- DockerfileIntelSubmission | 3 +-- DockerfileRelease | 3 +-- DockerfileSimulation | 1 + 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index fa1b5464..31403611 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,12 +47,11 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet -COPY testw /usr/src/sdk/testw +COPY sgx_util /usr/src/sdk/sgx_util COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py -COPY testw.py /usr/src/sdk/testw.py COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index af6beaa6..11417a9a 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -47,12 +47,11 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet -COPY testw /usr/src/sdk/testw +COPY sgx_util /usr/src/sdk/sgx_util COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py -COPY testw.py /usr/src/sdk/testw.py COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components diff --git a/DockerfileRelease b/DockerfileRelease index 38bfb656..2cc89a0f 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -48,12 +48,11 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet -COPY testw /usr/src/sdk/testw +COPY sgx_util /usr/src/sdk/sgx_util COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py -COPY testw.py /usr/src/sdk/testw.py COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components diff --git a/DockerfileSimulation b/DockerfileSimulation index 3b5b9c7a..6ba313b8 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -48,6 +48,7 @@ RUN mkdir -p /opt/intel/sgxsdk && \ # Copy pre-built SGX wallet binary and runtime files COPY sgxwallet /usr/src/sdk/sgxwallet COPY testw /usr/src/sdk/testw +COPY sgx_util /usr/src/sdk/sgx_util COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave/secure_enclave.signed.so COPY secure_enclave/secure_enclave.signed.so /usr/src/sdk/secure_enclave.signed.so COPY docker/start.sh /usr/src/sdk/start.sh From 880dc2aaa25e821cbd1f4e52c298dc5229acc2e9 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 10:21:34 +0100 Subject: [PATCH 36/52] #478 fix job setup --- .github/workflows/dockerimage.yml | 4 +--- .github/workflows/dockerimageintelsubmission.yml | 2 -- .github/workflows/dockerimagerelease.yml | 4 +--- .github/workflows/dockerimagesim.yml | 2 -- 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 6f672585..307804c3 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -92,13 +92,11 @@ jobs: - name: Build dependencies run: | cd scripts - sudo ./build_deps.py + ./build_deps.py - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal - # sudo chown -R $USER:$USER /var/lib/intel/dal - # sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index e40f59c7..8c4eb4ea 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -96,8 +96,6 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal - # sudo chown -R $USER:$USER /var/lib/intel/dal - # sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 06793369..d4a536c0 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -98,9 +98,7 @@ jobs: - name: Create Intel DAL directory run: | - sudo mkdir -p /var/lib/intel/dal - # sudo chown -R $USER:$USER /var/lib/intel/dal - # sudo chmod -R 755 /var/lib/intel/dal + sudo mkdir -p /var/lib/intel/dal\ - name: Install Intel DAL Host Interface run: | diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 5f240cb7..46625746 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -98,8 +98,6 @@ jobs: - name: Create Intel DAL directory run: | sudo mkdir -p /var/lib/intel/dal - # sudo chown -R $USER:$USER /var/lib/intel/dal - # sudo chmod -R 755 /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | From b9ea999bf2f64dfcd64767868ae558d21a2c60f2 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 10:29:38 +0100 Subject: [PATCH 37/52] #478 fix job setup --- .github/workflows/dockerimageintelsubmission.yml | 2 +- .github/workflows/dockerimagesim.yml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 8c4eb4ea..eca9da32 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -124,7 +124,7 @@ jobs: mkdir -p build/opt/intel cp -r /opt/intel/sgxsdk build/opt/intel/ cp -r /opt/intel/sgxpsw build/opt/intel/ - + - name: build and deploy test image run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} - name: Calculate and cache VERSION diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 46625746..cdc8bffd 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -123,6 +123,11 @@ jobs: mkdir -p build/opt/intel cp -r /opt/intel/sgxsdk build/opt/intel/ + - name: Cleanup existing Docker containers and images + run: | + docker stop sgxwallet || true + docker rm sgxwallet || true + - name: Build and publish container for testing run: python3 scripts/docker_build.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA} - name: test From 80619542205799c5d27049d6e3090b07e756f984 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 11:01:25 +0100 Subject: [PATCH 38/52] #478 fix job setup --- .github/workflows/dockerimageintelsubmission.yml | 2 +- .github/workflows/dockerimagerelease.yml | 2 +- .github/workflows/dockerimagesim.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index eca9da32..d6d13617 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -91,7 +91,7 @@ jobs: - name: Build dependencies run: | cd scripts - sudo ./build_deps.py + ./build_deps.py - name: Create Intel DAL directory run: | diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index d4a536c0..ac2c0786 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -94,7 +94,7 @@ jobs: - name: Build dependencies run: | cd scripts - sudo ./build_deps.py + ./build_deps.py - name: Create Intel DAL directory run: | diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index cdc8bffd..c8001a4e 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -93,7 +93,7 @@ jobs: - name: Build dependencies run: | cd scripts - sudo ./build_deps.py + ./build_deps.py - name: Create Intel DAL directory run: | From 30778bc0102e8c5eb4882c7cf9e7e94546f109cb Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 11:26:10 +0100 Subject: [PATCH 39/52] #478 fix container setup --- Dockerfile | 1 - DockerfileIntelSubmission | 1 - DockerfileRelease | 1 - 3 files changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 31403611..c8afc9c4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,7 +60,6 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ - chmod +x /usr/src/sdk/testw.py && \ chmod +x /usr/src/sdk/check_firewall.py # Create required directories diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 11417a9a..9600a256 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -60,7 +60,6 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ - chmod +x /usr/src/sdk/testw.py && \ chmod +x /usr/src/sdk/check_firewall.py WORKDIR /usr/src/sdk diff --git a/DockerfileRelease b/DockerfileRelease index 2cc89a0f..2d516979 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -61,7 +61,6 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ - chmod +x /usr/src/sdk/testw.py && \ chmod +x /usr/src/sdk/check_firewall.py WORKDIR /usr/src/sdk From eb6ceaebf075f5c8609edc2a12a34e0ec8e649be Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 14:43:10 +0100 Subject: [PATCH 40/52] #478 fix container setup --- .github/workflows/dockerimage.yml | 6 ++++++ .github/workflows/dockerimageintelsubmission.yml | 6 ++++++ .github/workflows/dockerimagerelease.yml | 6 ++++++ .github/workflows/dockerimagesim.yml | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 307804c3..31f1358d 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -18,6 +18,12 @@ jobs: run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index d6d13617..2fcc2365 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -17,6 +17,12 @@ jobs: run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index ac2c0786..b7dc5d8b 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -20,6 +20,12 @@ jobs: run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: Submodule update run: git submodule update --init --recursive diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index c8001a4e..413ab596 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -19,6 +19,12 @@ jobs: run: ls /dev/urandom - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - name: Clean workspace + run: | + cd $GITHUB_WORKSPACE/.. + rm -rf sgxwallet || true + mkdir -p sgxwallet + cd sgxwallet - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive From 122a605d76644142a3782698fb9ea3c5994452a2 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 16:17:45 +0100 Subject: [PATCH 41/52] #478 cleanup --- .github/workflows/dockerimagerelease.yml | 4 ++-- DockerfileRelease | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index b7dc5d8b..8a830a6b 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -104,7 +104,7 @@ jobs: - name: Create Intel DAL directory run: | - sudo mkdir -p /var/lib/intel/dal\ + sudo mkdir -p /var/lib/intel/dal - name: Install Intel DAL Host Interface run: | @@ -135,7 +135,7 @@ jobs: cd ../scripts ./sign_enclave.bash cd .. - rm /usr/src/sdk/secure_enclave/secure_enclave*.so + rm secure_enclave/secure_enclave*.so cp signed_enclaves/secure_enclave_signed0.so secure_enclave/secure_enclave.signed.so make -j$(nproc) mkdir -p sgx_data diff --git a/DockerfileRelease b/DockerfileRelease index 2d516979..9600a256 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -5,7 +5,6 @@ COPY scripts/install_packages.sh /install_packages.sh RUN chmod +x /install_packages.sh && /install_packages.sh # Install minimal runtime dependencies -RUN # Install minimal runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ wget \ curl \ From 572d3d5042675033bf26c1e85df3233602a85082 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 20:09:36 +0100 Subject: [PATCH 42/52] #478 fix jhi bin --- .github/workflows/dockerimage.yml | 7 +++++++ .github/workflows/dockerimageintelsubmission.yml | 7 +++++++ .github/workflows/dockerimagerelease.yml | 7 +++++++ Dockerfile | 8 +++++++- DockerfileIntelSubmission | 8 +++++++- DockerfileRelease | 9 ++++++++- 6 files changed, 43 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 31f1358d..5984095a 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -125,8 +125,15 @@ jobs: - name: Prepare build directory for Docker run: | mkdir -p build/opt/intel + mkdir -p build/usr/local/bin + mkdir -p build/usr/local/lib + mkdir -p build/usr/local/include cp -r /opt/intel/sgxsdk build/opt/intel/ cp -r /opt/intel/sgxpsw build/opt/intel/ + # Copy Intel DAL Host Interface binaries + cp /usr/local/bin/jhid build/usr/local/bin/ || true + cp /usr/local/lib/libjhi* build/usr/local/lib/ || true + cp /usr/local/include/jhi* build/usr/local/include/ || true - name: build and deploy test image run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA} diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 2fcc2365..36f86263 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -128,8 +128,15 @@ jobs: - name: Prepare build directory for Docker run: | mkdir -p build/opt/intel + mkdir -p build/usr/local/bin + mkdir -p build/usr/local/lib + mkdir -p build/usr/local/include cp -r /opt/intel/sgxsdk build/opt/intel/ cp -r /opt/intel/sgxpsw build/opt/intel/ + # Copy Intel DAL Host Interface binaries + cp /usr/local/bin/jhid build/usr/local/bin/ || true + cp /usr/local/lib/libjhi* build/usr/local/lib/ || true + cp /usr/local/include/jhi* build/usr/local/include/ || true - name: build and deploy test image run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 8a830a6b..1411b89f 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -143,8 +143,15 @@ jobs: - name: Prepare build directory for Docker run: | mkdir -p build/opt/intel + mkdir -p build/usr/local/bin + mkdir -p build/usr/local/lib + mkdir -p build/usr/local/include cp -r /opt/intel/sgxsdk build/opt/intel/ cp -r /opt/intel/sgxpsw build/opt/intel/ + # Copy Intel DAL Host Interface binaries + cp /usr/local/bin/jhid build/usr/local/bin/ || true + cp /usr/local/lib/libjhi* build/usr/local/lib/ || true + cp /usr/local/include/jhi* build/usr/local/include/ || true - name: Calculate and cache VERSION run : | diff --git a/Dockerfile b/Dockerfile index c8afc9c4..519042db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -58,9 +58,15 @@ COPY cert /usr/src/sdk/cert COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +# Copy Intel DAL Host Interface binaries (includes jhid) +COPY build/usr/local/bin/jhid /usr/local/bin/jhid +COPY build/usr/local/lib/libjhi* /usr/local/lib/ +COPY build/usr/local/include/jhi* /usr/local/include/ + # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ - chmod +x /usr/src/sdk/check_firewall.py + chmod +x /usr/src/sdk/check_firewall.py && \ + chmod +x /usr/local/bin/jhid # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 9600a256..726b268e 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -58,9 +58,15 @@ COPY cert /usr/src/sdk/cert COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +# Copy Intel DAL Host Interface binaries (includes jhid) +COPY build/usr/local/bin/jhid /usr/local/bin/jhid +COPY build/usr/local/lib/libjhi* /usr/local/lib/ +COPY build/usr/local/include/jhi* /usr/local/include/ + # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ - chmod +x /usr/src/sdk/check_firewall.py + chmod +x /usr/src/sdk/check_firewall.py && \ + chmod +x /usr/local/bin/jhid WORKDIR /usr/src/sdk diff --git a/DockerfileRelease b/DockerfileRelease index 9600a256..4dc708f9 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -58,9 +58,16 @@ COPY cert /usr/src/sdk/cert COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +# Copy Intel DAL Host Interface binaries (includes jhid) +COPY build/usr/local/bin/jhid /usr/local/bin/jhid +COPY build/usr/local/lib/libjhi* /usr/local/lib/ +COPY build/usr/local/include/jhi* /usr/local/include/ + # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ - chmod +x /usr/src/sdk/check_firewall.py + chmod +x /usr/src/sdk/testw.py && \ + chmod +x /usr/src/sdk/check_firewall.py && \ + chmod +x /usr/local/bin/jhid WORKDIR /usr/src/sdk From 109b0d7408a68ec1facbfcbf69974d340609cc41 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 20:38:54 +0100 Subject: [PATCH 43/52] #478 fix jhi bin --- .github/workflows/dockerimage.yml | 11 +++++------ .github/workflows/dockerimageintelsubmission.yml | 11 +++++------ .github/workflows/dockerimagerelease.yml | 11 +++++------ Dockerfile | 8 ++++---- DockerfileIntelSubmission | 8 ++++---- DockerfileRelease | 8 ++++---- 6 files changed, 27 insertions(+), 30 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 5984095a..78ce9d87 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -125,15 +125,14 @@ jobs: - name: Prepare build directory for Docker run: | mkdir -p build/opt/intel - mkdir -p build/usr/local/bin - mkdir -p build/usr/local/lib - mkdir -p build/usr/local/include + mkdir -p build/usr/sbin + mkdir -p build/usr/lib cp -r /opt/intel/sgxsdk build/opt/intel/ cp -r /opt/intel/sgxpsw build/opt/intel/ # Copy Intel DAL Host Interface binaries - cp /usr/local/bin/jhid build/usr/local/bin/ || true - cp /usr/local/lib/libjhi* build/usr/local/lib/ || true - cp /usr/local/include/jhi* build/usr/local/include/ || true + cp /usr/sbin/jhid build/usr/sbin/ || true + cp /usr/lib/libjhi.so build/usr/lib/ || true + cp /usr/lib/libteemanagement.so build/usr/lib/ || true - name: build and deploy test image run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA} diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 36f86263..e54275c4 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -128,15 +128,14 @@ jobs: - name: Prepare build directory for Docker run: | mkdir -p build/opt/intel - mkdir -p build/usr/local/bin - mkdir -p build/usr/local/lib - mkdir -p build/usr/local/include + mkdir -p build/usr/sbin + mkdir -p build/usr/lib cp -r /opt/intel/sgxsdk build/opt/intel/ cp -r /opt/intel/sgxpsw build/opt/intel/ # Copy Intel DAL Host Interface binaries - cp /usr/local/bin/jhid build/usr/local/bin/ || true - cp /usr/local/lib/libjhi* build/usr/local/lib/ || true - cp /usr/local/include/jhi* build/usr/local/include/ || true + cp /usr/sbin/jhid build/usr/sbin/ || true + cp /usr/lib/libjhi.so build/usr/lib/ || true + cp /usr/lib/libteemanagement.so build/usr/lib/ || true - name: build and deploy test image run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 1411b89f..79fe8239 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -143,15 +143,14 @@ jobs: - name: Prepare build directory for Docker run: | mkdir -p build/opt/intel - mkdir -p build/usr/local/bin - mkdir -p build/usr/local/lib - mkdir -p build/usr/local/include + mkdir -p build/usr/sbin + mkdir -p build/usr/lib cp -r /opt/intel/sgxsdk build/opt/intel/ cp -r /opt/intel/sgxpsw build/opt/intel/ # Copy Intel DAL Host Interface binaries - cp /usr/local/bin/jhid build/usr/local/bin/ || true - cp /usr/local/lib/libjhi* build/usr/local/lib/ || true - cp /usr/local/include/jhi* build/usr/local/include/ || true + cp /usr/sbin/jhid build/usr/sbin/ || true + cp /usr/lib/libjhi.so build/usr/lib/ || true + cp /usr/lib/libteemanagement.so build/usr/lib/ || true - name: Calculate and cache VERSION run : | diff --git a/Dockerfile b/Dockerfile index 519042db..d7c6784f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,14 +59,14 @@ COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Copy Intel DAL Host Interface binaries (includes jhid) -COPY build/usr/local/bin/jhid /usr/local/bin/jhid -COPY build/usr/local/lib/libjhi* /usr/local/lib/ -COPY build/usr/local/include/jhi* /usr/local/include/ +COPY build/usr/sbin/jhid /usr/sbin/jhid +COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so +COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ chmod +x /usr/src/sdk/check_firewall.py && \ - chmod +x /usr/local/bin/jhid + chmod +x /usr/sbin/jhid # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 726b268e..5745efc8 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -59,14 +59,14 @@ COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Copy Intel DAL Host Interface binaries (includes jhid) -COPY build/usr/local/bin/jhid /usr/local/bin/jhid -COPY build/usr/local/lib/libjhi* /usr/local/lib/ -COPY build/usr/local/include/jhi* /usr/local/include/ +COPY build/usr/sbin/jhid /usr/sbin/jhid +COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so +COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ chmod +x /usr/src/sdk/check_firewall.py && \ - chmod +x /usr/local/bin/jhid + chmod +x /usr/sbin/jhid WORKDIR /usr/src/sdk diff --git a/DockerfileRelease b/DockerfileRelease index 4dc708f9..6a923f82 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -59,15 +59,15 @@ COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Copy Intel DAL Host Interface binaries (includes jhid) -COPY build/usr/local/bin/jhid /usr/local/bin/jhid -COPY build/usr/local/lib/libjhi* /usr/local/lib/ -COPY build/usr/local/include/jhi* /usr/local/include/ +COPY build/usr/sbin/jhid /usr/sbin/jhid +COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so +COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ chmod +x /usr/src/sdk/testw.py && \ chmod +x /usr/src/sdk/check_firewall.py && \ - chmod +x /usr/local/bin/jhid + chmod +x /usr/sbin/jhid WORKDIR /usr/src/sdk From fea2a60035f43e39a8bc3b4003ecde3c191ca3d2 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 21:48:34 +0100 Subject: [PATCH 44/52] #478 fix sgx libraries --- Dockerfile | 6 +++++- DockerfileIntelSubmission | 6 +++++- DockerfileRelease | 6 +++++- DockerfileSimulation | 8 +++++++- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index d7c6784f..4ecb408c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -58,6 +58,9 @@ COPY cert /usr/src/sdk/cert COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +# Copy SGX SDK directory structure +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk + # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so @@ -66,7 +69,8 @@ COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ chmod +x /usr/src/sdk/check_firewall.py && \ - chmod +x /usr/sbin/jhid + chmod +x /usr/sbin/jhid && \ + ldconfig # Create required directories RUN mkdir -p /usr/src/sdk/sgx_data diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 5745efc8..f78000e9 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -58,6 +58,9 @@ COPY cert /usr/src/sdk/cert COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +# Copy SGX SDK directory structure +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk + # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so @@ -66,7 +69,8 @@ COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ chmod +x /usr/src/sdk/check_firewall.py && \ - chmod +x /usr/sbin/jhid + chmod +x /usr/sbin/jhid && \ + ldconfig WORKDIR /usr/src/sdk diff --git a/DockerfileRelease b/DockerfileRelease index 6a923f82..c73d03f6 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -58,6 +58,9 @@ COPY cert /usr/src/sdk/cert COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +# Copy SGX SDK directory structure +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk + # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so @@ -67,7 +70,8 @@ COPY build/usr/lib/libteemanagement.so /usr/lib/libteemanagement.so RUN chmod +x /usr/src/sdk/start.sh && \ chmod +x /usr/src/sdk/testw.py && \ chmod +x /usr/src/sdk/check_firewall.py && \ - chmod +x /usr/sbin/jhid + chmod +x /usr/sbin/jhid && \ + ldconfig WORKDIR /usr/src/sdk diff --git a/DockerfileSimulation b/DockerfileSimulation index 6ba313b8..0569f3c0 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -60,10 +60,16 @@ COPY insecure-samples /usr/src/sdk/insecure-samples # Copy Intel SGX runtime components (simulation mode - minimal) COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +# Copy SGX SDK directory structure +COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk + +# Copy Intel DAL Host Interface binaries (includes jhid) + # Make scripts executable RUN chmod +x /usr/src/sdk/start.sh && \ chmod +x /usr/src/sdk/testw.py && \ - chmod +x /usr/src/sdk/check_firewall.py + chmod +x /usr/src/sdk/check_firewall.py && \ + ldconfig WORKDIR /usr/src/sdk From 0dec8a4c7424c762d2e5ae777eeef98c3de396b2 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 22:27:53 +0100 Subject: [PATCH 45/52] #478 fix sgx libraries --- Dockerfile | 4 ++++ DockerfileIntelSubmission | 4 ++++ DockerfileRelease | 4 ++++ DockerfileSimulation | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/Dockerfile b/Dockerfile index 4ecb408c..c5498b53 100644 --- a/Dockerfile +++ b/Dockerfile @@ -61,6 +61,10 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Copy SGX SDK directory structure COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +# Create symbolic links for SGX libraries in system library paths +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service.so + # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index f78000e9..7571af5f 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -61,6 +61,10 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Copy SGX SDK directory structure COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +# Create symbolic links for SGX libraries in system library paths +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service.so + # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so diff --git a/DockerfileRelease b/DockerfileRelease index c73d03f6..00b24053 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -61,6 +61,10 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw # Copy SGX SDK directory structure COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +# Create symbolic links for SGX libraries in system library paths +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service.so + # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid COPY build/usr/lib/libjhi.so /usr/lib/libjhi.so diff --git a/DockerfileSimulation b/DockerfileSimulation index 0569f3c0..bb046f2f 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -63,6 +63,10 @@ COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk # Copy SGX SDK directory structure COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +# Create symbolic links for SGX libraries in system library paths +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/x86_64-linux-gnu/libsgx_urts_sim.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service_sim.so + # Copy Intel DAL Host Interface binaries (includes jhid) # Make scripts executable From 6c7682ffe8f238d2dcdd7cd692152f4327bebf4f Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 22:55:19 +0100 Subject: [PATCH 46/52] #478 fix sgx libraries --- Dockerfile | 2 ++ DockerfileIntelSubmission | 2 ++ DockerfileRelease | 2 ++ 3 files changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index c5498b53..976a140f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,6 +54,8 @@ COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY cert /usr/src/sdk/cert +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + # Copy Intel SGX runtime components COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 7571af5f..aa10ba36 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -54,6 +54,8 @@ COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY cert /usr/src/sdk/cert +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + # Copy Intel SGX runtime components COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw diff --git a/DockerfileRelease b/DockerfileRelease index 00b24053..1f4fd1fa 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -54,6 +54,8 @@ COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY cert /usr/src/sdk/cert +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so + # Copy Intel SGX runtime components COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw From 2c0f3ef2b693cc24f93eb300796b540e2085e089 Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 23:08:10 +0100 Subject: [PATCH 47/52] #478 fix sgx libraries --- Dockerfile | 5 +---- DockerfileIntelSubmission | 3 +-- DockerfileRelease | 3 +-- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 976a140f..318bccf8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,14 +54,11 @@ COPY docker/start.sh /usr/src/sdk/start.sh COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY cert /usr/src/sdk/cert -RUN rm /opt/intel/sgxsdk/lib64/*_sim.so - # Copy Intel SGX runtime components COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw -# Copy SGX SDK directory structure -COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && \ diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index aa10ba36..e54750e6 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -60,8 +60,7 @@ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw -# Copy SGX SDK directory structure -COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && diff --git a/DockerfileRelease b/DockerfileRelease index 1f4fd1fa..d2a22abd 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -60,8 +60,7 @@ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw -# Copy SGX SDK directory structure -COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && From e2da606a19804c6b1e3b8f0d9b19a6c232a1380d Mon Sep 17 00:00:00 2001 From: Oleh Date: Thu, 2 Oct 2025 23:54:06 +0100 Subject: [PATCH 48/52] #478 fix sgx libraries --- Dockerfile | 4 ++-- DockerfileIntelSubmission | 4 ++-- DockerfileRelease | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 318bccf8..3cf1d0e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -61,8 +61,8 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths -RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && \ - ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service.so +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index e54750e6..ae44be79 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -63,8 +63,8 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths -RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && - ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service.so +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid diff --git a/DockerfileRelease b/DockerfileRelease index d2a22abd..7ea83dc4 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -63,8 +63,8 @@ COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths -RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/x86_64-linux-gnu/libsgx_urts.so && - ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service.so +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid From 70e430dfa890ec1d3348f4e1d40be408b3242cd4 Mon Sep 17 00:00:00 2001 From: Oleh Date: Fri, 3 Oct 2025 00:34:02 +0100 Subject: [PATCH 49/52] #478 fix sgx libraries --- Dockerfile | 1 + DockerfileIntelSubmission | 1 + DockerfileRelease | 1 + DockerfileSimulation | 5 +++-- 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3cf1d0e7..21c19a0c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,6 +62,7 @@ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so # Copy Intel DAL Host Interface binaries (includes jhid) diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index ae44be79..cb1784a0 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -64,6 +64,7 @@ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so # Copy Intel DAL Host Interface binaries (includes jhid) diff --git a/DockerfileRelease b/DockerfileRelease index 7ea83dc4..5fc2ca88 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -64,6 +64,7 @@ RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Create symbolic links for SGX libraries in system library paths RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so # Copy Intel DAL Host Interface binaries (includes jhid) diff --git a/DockerfileSimulation b/DockerfileSimulation index bb046f2f..fc5d48e1 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -64,8 +64,9 @@ COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk # Create symbolic links for SGX libraries in system library paths -RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/x86_64-linux-gnu/libsgx_urts_sim.so && \ - ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service_sim.so +RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/libsgx_urts_sim.so && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so.2 /usr/lib/libsgx_urts_sim.so.2 && \ + ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/libsgx_uae_service_sim.so # Copy Intel DAL Host Interface binaries (includes jhid) From e2f8877020fd1041e565145d00bbf56abd546c8b Mon Sep 17 00:00:00 2001 From: Oleh Date: Fri, 3 Oct 2025 13:25:14 +0100 Subject: [PATCH 50/52] #478 fix sgx libraries --- .github/workflows/dockerimage.yml | 3 +-- .github/workflows/dockerimageintelsubmission.yml | 3 +-- .github/workflows/dockerimagerelease.yml | 3 +-- .github/workflows/dockerimagesim.yml | 2 +- Dockerfile | 11 +++++------ DockerfileIntelSubmission | 3 +-- DockerfileRelease | 3 +-- DockerfileSimulation | 4 ++-- 8 files changed, 13 insertions(+), 19 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 78ce9d87..227f7d3e 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -127,8 +127,7 @@ jobs: mkdir -p build/opt/intel mkdir -p build/usr/sbin mkdir -p build/usr/lib - cp -r /opt/intel/sgxsdk build/opt/intel/ - cp -r /opt/intel/sgxpsw build/opt/intel/ + cp -r /opt/intel build/opt/intel/ # Copy Intel DAL Host Interface binaries cp /usr/sbin/jhid build/usr/sbin/ || true cp /usr/lib/libjhi.so build/usr/lib/ || true diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index e54275c4..16df9bd8 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -130,8 +130,7 @@ jobs: mkdir -p build/opt/intel mkdir -p build/usr/sbin mkdir -p build/usr/lib - cp -r /opt/intel/sgxsdk build/opt/intel/ - cp -r /opt/intel/sgxpsw build/opt/intel/ + cp -r /opt/intel build/opt/intel/ # Copy Intel DAL Host Interface binaries cp /usr/sbin/jhid build/usr/sbin/ || true cp /usr/lib/libjhi.so build/usr/lib/ || true diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 79fe8239..83afc435 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -145,8 +145,7 @@ jobs: mkdir -p build/opt/intel mkdir -p build/usr/sbin mkdir -p build/usr/lib - cp -r /opt/intel/sgxsdk build/opt/intel/ - cp -r /opt/intel/sgxpsw build/opt/intel/ + cp -r /opt/intel build/opt/intel/ # Copy Intel DAL Host Interface binaries cp /usr/sbin/jhid build/usr/sbin/ || true cp /usr/lib/libjhi.so build/usr/lib/ || true diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 413ab596..005aff2a 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -127,7 +127,7 @@ jobs: - name: Prepare build directory for Docker run: | mkdir -p build/opt/intel - cp -r /opt/intel/sgxsdk build/opt/intel/ + cp -r /opt/intel build/opt/intel/ - name: Cleanup existing Docker containers and images run: | diff --git a/Dockerfile b/Dockerfile index 21c19a0c..1c9bbb17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,15 +55,14 @@ COPY docker/check_firewall.py /usr/src/sdk/check_firewall.py COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components -COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk -COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +COPY build/opt/intel /opt/intel RUN rm /opt/intel/sgxsdk/lib64/*_sim.so -# Create symbolic links for SGX libraries in system library paths -RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ - ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ - ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so +# # Create symbolic links for SGX libraries in system library paths +# RUN ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so /usr/lib/libsgx_urts.so && \ +# ln -sf /opt/intel/sgxsdk/lib64/libsgx_urts.so.2 /usr/lib/libsgx_urts.so.2 && \ +# ln -sf /opt/intel/sgxsdk/lib64/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so # Copy Intel DAL Host Interface binaries (includes jhid) COPY build/usr/sbin/jhid /usr/sbin/jhid diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index cb1784a0..eb0f5cd7 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -57,8 +57,7 @@ COPY cert /usr/src/sdk/cert RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Copy Intel SGX runtime components -COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk -COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +COPY build/opt/intel /opt/intel RUN rm /opt/intel/sgxsdk/lib64/*_sim.so diff --git a/DockerfileRelease b/DockerfileRelease index 5fc2ca88..af1698f5 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -57,8 +57,7 @@ COPY cert /usr/src/sdk/cert RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # Copy Intel SGX runtime components -COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk -COPY build/opt/intel/sgxpsw /opt/intel/sgxpsw +COPY build/opt/intel /opt/intel RUN rm /opt/intel/sgxsdk/lib64/*_sim.so diff --git a/DockerfileSimulation b/DockerfileSimulation index fc5d48e1..ec888be7 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -57,8 +57,8 @@ COPY testw.py /usr/src/sdk/testw.py COPY cert /usr/src/sdk/cert COPY insecure-samples /usr/src/sdk/insecure-samples -# Copy Intel SGX runtime components (simulation mode - minimal) -COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk +# Copy Intel SGX runtime components +COPY build/opt/intel /opt/intel # Copy SGX SDK directory structure COPY build/opt/intel/sgxsdk /opt/intel/sgxsdk From 5505b4c52793e94464ae00b9ec1c80e6554e1cb9 Mon Sep 17 00:00:00 2001 From: Oleh Date: Fri, 3 Oct 2025 13:44:30 +0100 Subject: [PATCH 51/52] #478 fix sgx libraries --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 1c9bbb17..fa06637a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,6 +57,8 @@ COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components COPY build/opt/intel /opt/intel +RUN ll -a /opt/intel + RUN rm /opt/intel/sgxsdk/lib64/*_sim.so # # Create symbolic links for SGX libraries in system library paths From dd74c2097e97702e064aa3e9a864a9686783f282 Mon Sep 17 00:00:00 2001 From: Oleh Date: Fri, 3 Oct 2025 14:00:40 +0100 Subject: [PATCH 52/52] #478 fix sgx libraries --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fa06637a..c3b88c56 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,7 +57,7 @@ COPY cert /usr/src/sdk/cert # Copy Intel SGX runtime components COPY build/opt/intel /opt/intel -RUN ll -a /opt/intel +RUN ls -al /opt/intel RUN rm /opt/intel/sgxsdk/lib64/*_sim.so