Small improvements to the dockerization

docker/Dockerfile

@@ -29,10 +29,19 @@ RUN chown aesmd.aesmd /var/run/aesmd
 RUN chmod 755 /usr/local/sbin/start-aesmd
 ENTRYPOINT ["/usr/local/sbin/start-aesmd"]
 
-FROM sgx
+# Remove the SGX SDK sources from the image
+FROM sgx AS sgx_no_source
 WORKDIR /root
+RUN rm -rf linux-sgx intel-sgx-ssl
+
+FROM scratch
+# Copy the sgx_no_source filesystem; this loses the history, but the
+# history contained the multi-GB SGX SDK sources that we have since
+# removed, so that's actually what we want.
+COPY --from=sgx_no_source / /
 RUN apt update && apt install -y libboost-dev libboost-thread-dev \
     numactl python3-numpy python3-yaml
+WORKDIR /root
 COPY . teems
 WORKDIR /root/teems
 RUN make -j`nproc` App/teems Enclave/enclave.so Client/clients

docker/start-aesmd

@@ -1,6 +1,13 @@
 #!/bin/bash
 
+# This is the entrypoint script for the docker image.  It runs inside
+# the docker, and starts aesmd, which is needed by SGX.
+
 chgrp sgx /dev/sgx_enclave
 chgrp sgx_prv /dev/sgx_provision
 su -s /bin/bash aesmd -c "LD_LIBRARY_PATH=/opt/intel/sgxpsw/aesm /opt/intel/sgxpsw/aesm/aesm_service" 2>/dev/null
-exec /bin/bash -c $*
+if [ "$*" = "" ]; then
+    exec bash
+else
+    exec /bin/bash -c "$*"
+fi

docker/start-docker

@@ -5,4 +5,4 @@
 
 docker run -d --cap-add SYS_NICE --rm --device /dev/sgx_enclave \
     --device /dev/sgx_provision --name ${TEEMS_DOCKER_PREFIX}teems \
-    -t ${TEEMS_DOCKER_PREFIX}teems bash
+    -h ${TEEMS_DOCKER_PREFIX}teems -t ${TEEMS_DOCKER_PREFIX}teems bash