signalapp/SecureValueRecovery2
signalapp/SecureValueRecovery2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77dbb1159c
SecureValueRecovery2/docker/Dockerfile

180 lines
6.0 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1
# To build use:
# docker build -t oebuild .
FROM amd64/debian:buster@sha256:108052254277ea53cd807d2782ed3cbe4b9242256af5c7519c6e5692ae2b5d97 AS base
LABEL description="linux build environment for sgx."
COPY docker/apt.conf docker/sources.list /etc/apt/
RUN while true; do apt update && break; done && \
while true; do apt install -y \
gpg \
gnupg2 \
wget \
software-properties-common \
&& break; done
COPY docker/sgx.sources.list docker/ms.sources.list /etc/apt/sources.list.d/
# ms and intel repos keep old packages around,
# however if they remove some of these in the future
# binary packages can be retrieved from github releases
RUN wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
wget -qO - https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
while true; do apt update && break; done && \
while true; do apt install -y \
libsgx-ae-id-enclave=1.21.100.3-focal1 \
libsgx-ae-pce=2.24.100.3-focal1 \
libsgx-ae-qe3=1.21.100.3-focal1 \
libsgx-dcap-ql=1.21.100.3-focal1 \
libsgx-dcap-ql-dev=1.21.100.3-focal1 \
libsgx-enclave-common=2.24.100.3-focal1 \
libsgx-headers=2.24.100.3-focal1 \
libsgx-pce-logic=1.21.100.3-focal1 \
libsgx-qe3-logic=1.21.100.3-focal1 \
libsgx-urts=2.24.100.3-focal1 \
open-enclave=0.19.4 \
&& break; done
FROM --platform=linux/amd64 public.ecr.aws/amazonlinux/amazonlinux@sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9 AS nsmbuild
ENV HOST_MACHINE=x86_64
ENV RUST_VERSION=1.58.1
ENV RUSTUP_HOME=/usr/local/rustup \
CARGO_HOME=/usr/local/cargo \
PATH=/usr/local/cargo/bin:$PATH
RUN yum install -y gcc
RUN set -eux; \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs/ | sh -s -- --default-toolchain ${RUST_VERSION} -y ; \
chmod -R a+w $RUSTUP_HOME $CARGO_HOME; \
rustup --version; \
cargo --version; \
rustc --version
COPY docker/aws-nitro-enclaves-nsm-api /build
COPY docker/aws-nitro.Cargo.lock /build/Cargo.lock
WORKDIR /build
RUN set -eux; \
(cd nsm-lib && cargo build --release --locked)
RUN ar mD target/release/libnsm.a $(ar t target/release/libnsm.a | env -u LANG LC_ALL=C sort)
FROM base AS builder
RUN mkdir /src && \
while true; do apt update && break; done && \
while true; do apt install -y \
clang-11 \
libssl-dev \
gdb \
libtool \
bison \
automake \
flex \
libcurl4 \
pkg-config \
make \
unzip \
git \
gcc \
libgtest-dev \
cmake \
valgrind \
&& break; done
ARG PROTOBUF_PLATFORM=linux-x86_64
ARG PROTOBUF_VERSION=21.8
ARG PROTOBUF_BASE=protoc-${PROTOBUF_VERSION}-${PROTOBUF_PLATFORM}
ADD --checksum=sha256:f90d0dd59065fef94374745627336d622702b67f0319f96cee894d41a974d47a https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOBUF_VERSION}/${PROTOBUF_BASE}.zip ./
RUN mkdir -p ${PROTOBUF_BASE} \
&& cd ${PROTOBUF_BASE} \
&& unzip -o ../${PROTOBUF_BASE}.zip \
&& cd .. \
&& mv ${PROTOBUF_BASE} /opt/protobuf
ARG GOLANG_PLATFORM=linux-amd64
ARG GOLANG_VERSION=1.21.3
ARG GOLANG_TAR_GZ=go${GOLANG_VERSION}.${GOLANG_PLATFORM}.tar.gz
ADD --checksum=sha256:1241381b2843fae5a9707eec1f8fb2ef94d827990582c7c7c32f5bdfbfd420c8 https://go.dev/dl/${GOLANG_TAR_GZ} ./
RUN tar xzf ${GOLANG_TAR_GZ} \
&& mv go /opt/
ENV PATH="/opt/openenclave/bin:/opt/go/bin:/opt/protobuf/bin:${PATH}"
ENV GOROOT="/opt/go"
ENV GOBIN="/opt/go/bin"
ENV PKG_CONFIG_PATH="/opt/openenclave/share/pkgconfig"
ARG PROTOC_GEN_GO_GITREV=6875c3d7242d1a3db910ce8a504f124cb840c23a
RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@${PROTOC_GEN_GO_GITREV}
RUN echo "export PS1='buildenv: \w$ '" >> /etc/bash.bashrc
# Set this after `go install` so we don't use the same cache as root.
ENV GOPATH="/src/.gopath"
ENV GOCACHE="/src/.gocache"
WORKDIR /src
COPY --from=nsmbuild /build/target/release/libnsm.a /opt/nsm/libnsm.a
COPY --from=nsmbuild /build/target/release/nsm.h /opt/nsm/nsm.h
CMD ["/bin/bash"]
FROM base AS sgxrun
RUN apt-get update && apt-get install -y \
libsgx-dcap-default-qpl=1.21.100.3-focal1 \
libsgx-dcap-default-qpl-dev=1.21.100.3-focal1 \
libcurl4
COPY host/main /bin/svr2
COPY enclave/releases/sgx /enclaves
COPY host/cmd/control/control /bin/svr2control
ENTRYPOINT ["/bin/svr2"]
FROM --platform=linux/amd64 public.ecr.aws/amazonlinux/amazonlinux@sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9 AS nsmrun
ADD enclave/build/enclave.nsm /bin/svr2
ENTRYPOINT ["/bin/svr2", "--sock_type=af_vsock"]
FROM alpine@sha256:ff6bdca1701f3a8a67e328815ff2346b0e4067d32ec36b7992c1fdc001dc8517 AS sevrun
COPY enclave/build/enclave.sev /bin/svr2
EXPOSE 27427
ENTRYPOINT ["/bin/svr2", "--sock_type=af_inet"]
FROM --platform=linux/amd64 public.ecr.aws/amazonlinux/amazonlinux@sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9 AS nsmeif
RUN yum install -y \
aws-nitro-enclaves-cli.x86_64 \
aws-nitro-enclaves-cli-devel.x86_64 \
perl \
docker \
jq
ENV DOCKER_IMAGE svr2_nsmrun:latest
ENV OUTPUT_FILE /tmp/svr2.eif
ENV CHOWN_TO 0:0
COPY docker/build_eif.sh build_eif.sh
ENTRYPOINT ./build_eif.sh
FROM --platform=linux/amd64 public.ecr.aws/amazonlinux/amazonlinux@sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9 AS nsmhost
RUN yum install -y \
aws-nitro-enclaves-cli.x86_64 \
jq
ADD --checksum=sha256:cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8 https://www.openssl.org/source/openssl-1.1.1w.tar.gz /tmp/
RUN set -x && \
cd /tmp && \
yum install -y perl tar && \
tar xvzf openssl-1.1.1w.tar.gz && \
cd openssl-1.1.1w && \
./config && \
make -j16 >/dev/null && \
make install -j16 >/dev/null && \
echo /usr/local/lib64 | tee /etc/ld.so.conf.d/openssl.conf && \
ldconfig && \
yum remove -y perl tar && \
rm -rf /tmp/openssl*
COPY docker/nitro_start.sh nitro_start.sh
RUN mkdir /releases
COPY enclave/releases/nitro/* /releases
COPY host/main /bin/svr2
ENTRYPOINT ["./nitro_start.sh"]
Reference in New Issue View Git Blame Copy Permalink