FROM ubuntu:22.04 AS sgx
RUN apt update && apt install -y build-essential ocaml ocamlbuild \
    automake autoconf libtool wget python-is-python3 libssl-dev \
    git cmake perl unzip debhelper libcurl4-openssl-dev \
    protobuf-compiler reprepro
WORKDIR /root
RUN git clone https://github.com/intel/linux-sgx
WORKDIR /root/linux-sgx
RUN git checkout sgx_2.22
RUN make preparation
RUN make sdk_install_pkg
RUN cd linux/installer/bin/ && echo -e "no\n/opt/intel" | ./sgx_linux_x64_sdk_2.22*
RUN make psw_install_pkg
RUN cd linux/installer/bin/ && ./sgx_linux_x64_psw_2.22* --no-start-aesm
WORKDIR /root
RUN git clone https://github.com/intel/intel-sgx-ssl
WORKDIR /root/intel-sgx-ssl
RUN git checkout 5304f692
WORKDIR /root/intel-sgx-ssl/openssl_source
RUN wget https://www.openssl.org/source/openssl-3.0.12.tar.gz
WORKDIR /root/intel-sgx-ssl/Linux
RUN make
RUN make install
WORKDIR /root
RUN addgroup sgx
RUN addgroup sgx_prv
RUN adduser aesmd sgx
RUN adduser aesmd sgx_prv
COPY docker/start-aesmd /usr/local/sbin
RUN chown aesmd.aesmd /var/run/aesmd
RUN chmod 755 /usr/local/sbin/start-aesmd
ENTRYPOINT ["/usr/local/sbin/start-aesmd"]

# Remove the SGX SDK sources from the image
FROM sgx AS sgx_no_source
WORKDIR /root
RUN rm -rf linux-sgx intel-sgx-ssl

FROM scratch
# Copy the sgx_no_source filesystem; this loses the history, but the
# history contained the multi-GB SGX SDK sources that we have since
# removed, so that's actually what we want.
COPY --from=sgx_no_source / /
RUN apt update && apt install -y libboost-dev libboost-thread-dev \
    numactl python3-numpy python3-yaml cpuid
WORKDIR /root
COPY . teems
WORKDIR /root/teems
RUN make -j`nproc` App/teems Enclave/enclave.so Client/clients