|
@@ -89,17 +89,8 @@ def read_manifest(filename):
|
|
|
def exec_sig_manifest(args, manifest):
|
|
|
if 'exec' not in args or args.get('depend'):
|
|
|
if 'loader.exec' in manifest:
|
|
|
- exec_url = manifest['loader.exec']
|
|
|
- if not exec_url.startswith('file:'):
|
|
|
- print("executable must be a local file", file=sys.stderr)
|
|
|
- return 1
|
|
|
-
|
|
|
- exec_path = exec_url[5:] # strip preceding 'file:'
|
|
|
- if os.path.isabs(exec_path):
|
|
|
- args['exec'] = exec_path
|
|
|
- else:
|
|
|
- args['exec'] = os.path.join(
|
|
|
- os.path.dirname(args['manifest']), exec_path)
|
|
|
+ args['exec'] = resolve_manifest_uri(args['manifest'],
|
|
|
+ manifest['loader.exec'])
|
|
|
|
|
|
if 'sgx.sigfile' in manifest:
|
|
|
args['sigfile'] = resolve_uri(manifest['sgx.sigfile'],
|
|
@@ -113,6 +104,14 @@ def exec_sig_manifest(args, manifest):
|
|
|
args['sigfile'] = sigfile + '.sig'
|
|
|
manifest['sgx.sigfile'] = 'file:' + os.path.basename(args['sigfile'])
|
|
|
|
|
|
+ if args.get('libpal', None) is None:
|
|
|
+ if 'sgx.enclave_pal_file' in manifest:
|
|
|
+ args['libpal'] = resolve_manifest_uri(args['manifest'],
|
|
|
+ manifest['sgx.enclave_pal_file'])
|
|
|
+ else:
|
|
|
+ print("Either --libpal or sgx.enclave_pal_file must be given", file=sys.stderr)
|
|
|
+ return 1
|
|
|
+
|
|
|
return 0
|
|
|
|
|
|
|
|
@@ -211,7 +210,7 @@ def get_enclave_attributes(manifest):
|
|
|
def resolve_uri(uri, check_exist=True):
|
|
|
orig_uri = uri
|
|
|
if uri.startswith('file:'):
|
|
|
- target = os.path.normpath(uri[5:])
|
|
|
+ target = os.path.normpath(uri[len('file:'):])
|
|
|
else:
|
|
|
target = os.path.normpath(uri)
|
|
|
if check_exist and not os.path.exists(target):
|
|
@@ -219,6 +218,14 @@ def resolve_uri(uri, check_exist=True):
|
|
|
'Cannot resolve ' + orig_uri + ' or the file does not exist.')
|
|
|
return target
|
|
|
|
|
|
+# Resolve an URI relative to manifest file to its absolute path
|
|
|
+def resolve_manifest_uri(manifest_path, uri):
|
|
|
+ if not uri.startswith('file:'):
|
|
|
+ raise Exception('URI ' + uri + ' is not a local file')
|
|
|
+ path = uri[len('file:'):]
|
|
|
+ if os.path.isabs(path):
|
|
|
+ return path
|
|
|
+ return os.path.join(os.path.dirname(manifest_path), path)
|
|
|
|
|
|
def get_checksum(filename):
|
|
|
digest = hashlib.sha256()
|
|
@@ -736,7 +743,9 @@ def generate_sigstruct(attr, args, mrenclave):
|
|
|
# Main Program
|
|
|
|
|
|
argparser = argparse.ArgumentParser(
|
|
|
- epilog='With sign mode(without -depend), libpal and key are also required')
|
|
|
+ epilog='With sign mode(without -depend), libpal and key are also required. '
|
|
|
+ 'exec and libpal may be given through manifest options '
|
|
|
+ 'loader.exec and sgx.enclave_pal_file.')
|
|
|
argparser.add_argument('--output', '-output', metavar='OUTPUT',
|
|
|
type=str, required=True,
|
|
|
help='Output .manifest.sgx file '
|
|
@@ -774,9 +783,9 @@ def parse_args(args):
|
|
|
if args.depend:
|
|
|
args_dict['depend'] = True
|
|
|
else:
|
|
|
- # libpal and key are required
|
|
|
- if args.libpal is None or args.key is None:
|
|
|
- argparser.error("libpal and key are also required to sign")
|
|
|
+ # key is required and not found in manifest
|
|
|
+ if args.key is None:
|
|
|
+ argparser.error("a key is required to sign")
|
|
|
return None
|
|
|
|
|
|
return args_dict
|
|
@@ -902,6 +911,7 @@ def make_depend(args):
|
|
|
for filename in get_trusted_children(manifest, check_exist=False,
|
|
|
do_checksum=False).values():
|
|
|
dependencies.add(filename[1])
|
|
|
+ dependencies.add(args['libpal'])
|
|
|
|
|
|
with open(output, 'w') as file:
|
|
|
manifest_sgx = output
|