gsce 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. #!/usr/bin/env python2
  2. import sys,os
  3. import subprocess
  4. import re
  5. def gen_dockerfile( image_name, app_name, bin_name, proj_dir) :
  6. if not os.path.exists(proj_dir + "/Tools/build") :
  7. os.makedirs(proj_dir + "/Tools/build")
  8. df =open(proj_dir + "/Tools/build/Dockerfile" + '.' + app_name, 'w')
  9. df.write('# This file is auto-generated, any edits will be overwritten\n')
  10. df.write('\n')
  11. # Choose the base image from the user input
  12. df.write('FROM '+ image_name + '\n')
  13. df.write('\n')
  14. # SWITCH to ROOT
  15. df.write('# SWITCH to root \n')
  16. df.write('USER root \n')
  17. df.write('\n')
  18. # DOWNLOAD dependencies
  19. df.write('# Download dependencies\n')
  20. df.write('RUN apt-get update && \ \n')
  21. df.write(' apt-get install -y openssl libjemalloc-dev python python-pip python-dev \n')
  22. df.write('RUN pip install protobuf && \ \n')
  23. df.write(' pip install pycrypto\n')
  24. df.write('# Temporal fixes for Dependencies Issue #1: libcrypto.so.1.0.0 and libssl.so.1.0.0 have different locations \n')
  25. df.write('RUN ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 && \ \n')
  26. df.write(' ln -s /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 /lib/x86_64-linux-gnu/libssl.so.1.0.0 \n')
  27. # SETUP Directory Structure
  28. print "cwd: "+ proj_dir
  29. df.write('# Setup Directory Structure \n')
  30. # df.write('RUN mkdir -p ' + proj_dir + '\n')
  31. df.write('RUN mkdir -p ' + proj_dir + '/LibOS/shim/test/apps/' + app_name + '\n')
  32. df.write('RUN mkdir -p ' + proj_dir + '/Pal/src/host/Linux-SGX/signer \n')
  33. df.write('RUN mkdir -p ' + proj_dir + '/Runtime \n')
  34. df.write('RUN mkdir /gbin \n')
  35. # COPY system files
  36. df.write('# Copy system files \n')
  37. df.write('COPY Runtime/* ' + proj_dir + '/Runtime/ \n')
  38. df.write('COPY Pal/src/Makefile.Host ' + proj_dir + '/Pal/src/Makefile.Host \n')
  39. df.write('COPY Pal/src/host/Linux-SGX/signer/* ' + proj_dir + '/Pal/src/host/Linux-SGX/signer/ \n')
  40. # COPY tools for building app instance
  41. df.write('# Copy tools for building app instance\n')
  42. df.write('COPY Tools/build/tools/* /gbin/ \n')
  43. df.write('COPY Tools/gen_manifest /gbin/ \n')
  44. # Generating manifest file for target app
  45. df.write('# Generating manifest for target app \n')
  46. df.write('RUN /gbin/gen_manifest ' + app_name + ' ' + bin_name + ' ' + proj_dir + '\n')
  47. # Sign Enclave
  48. df.write('# Signing Enclave \n')
  49. df.write('RUN cd ' + proj_dir + '/LibOS/shim/test/apps/' + app_name + ' && \ \n'
  50. ' '+ proj_dir + '/Pal/src/host/Linux-SGX/signer/pal-sgx-sign -libpal ' + proj_dir +
  51. '/Pal/src/host/Linux-SGX/../../../../Runtime/libpal-Linux-SGX.so -key ' + proj_dir +
  52. '/Pal/src/host/Linux-SGX/signer/enclave-key.pem -output ' + app_name + '.manifest.sgx ' +
  53. '-manifest ' + app_name + '.manifest \n')
  54. # Remove signing key
  55. df.write('# Removing key after signing \n')
  56. # TODO
  57. # Overwrite Entry Point
  58. df.write('ENTRYPOINT ["/bin/bash", "/gbin/app_exec"] \n')
  59. df.close()
  60. def make_exec(path) :
  61. mode = os.stat(path).st_mode
  62. mode |= (mode & 0o444) >> 2 # copy R bits to X
  63. os.chmod(path, mode)
  64. def gen_app_executor(app_name, bin_cmd, proj_dir) :
  65. if not os.path.exists(proj_dir + "/Tools/build/tools") :
  66. os.makedirs(proj_dir + "/Tools/build/tools")
  67. e_path = proj_dir + "/Tools/build/tools/app_exec"
  68. print "e_path: " + e_path
  69. ef = open(e_path, "w")
  70. make_exec(e_path)
  71. ef.write('#!/bin/bash \n \n')
  72. ef.write('cd ' + proj_dir + '/LibOS/shim/test/apps/' + app_name +'\n')
  73. ef.write('# Generate EINITOKEN \n')
  74. ef.write(proj_dir + '/Pal/src/host/Linux-SGX/signer/pal-sgx-get-token -output '
  75. + app_name + '.token -sig ' + app_name + '.sig \n')
  76. ef.write('# Run the application \n')
  77. ef.write('SGX=1 ./' + app_name + '.manifest.sgx ' + bin_cmd + '\n')
  78. ef.close()
  79. if __name__ == "__main__":
  80. if len(sys.argv) < 3:
  81. print "Usage: gsce run [Image name] "
  82. exit()
  83. image_name = sys.argv[-1]
  84. image_match = re.match(r'([^:]*)(:*)(.*)', image_name)
  85. if image_match :
  86. app_name = image_match.group(1)
  87. print "app_name: " + app_name
  88. inspect_cmd = "sudo docker inspect --format '{{.Config.Cmd}}' " + image_name
  89. res = subprocess.check_output(inspect_cmd, shell=True).strip()
  90. print res
  91. match = re.match(r'\[([^\s]*)\s*(.*)\]', res)
  92. bin_name = match.group(1)
  93. if match.group(2) :
  94. bin_cmd = match.group(2)
  95. else :
  96. bin_cmd = ""
  97. print "bin_name: " + bin_name + " bin_cmd: " + bin_cmd
  98. # Store the rest arguments as docker run arguments
  99. docker_str = " " + " ".join(sys.argv[2:-1])
  100. # print image_cmd
  101. proj_dir = os.path.abspath(os.getcwd() + "/../")
  102. # STEP 1: Generating Dockerfile
  103. gen_dockerfile(image_name, app_name, bin_name, proj_dir)
  104. # STEP 2: Generating entry point execute script
  105. gen_app_executor(app_name, bin_cmd, proj_dir)
  106. # STEP 3: Building new docker image with generated Dockerfile
  107. os.chdir('..')
  108. os.system("sudo docker build -f Tools/build/Dockerfile." + app_name + " -t gsc_" + app_name + " .\n")
  109. # STEP 4: Run GSC with the target app
  110. os.system("sudo docker run -i -t" + docker_str +" --device=/dev/gsgx --device=/dev/isgx -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket gsc_"+app_name+"\n")