Inicio Explorar Axuda
Iniciar sesión
miti
/
linux-sgx-trts-modified
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: a4bfecb965
Ramas Etiquetas
linux-sgx-tr...
/
linux
/
installer
/
common
/
psw
/
install.sh

install.sh 4.7 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 
  1. #!/usr/bin/env bash
    2. 

  2. #
    3. 

  3. # Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
    4. 

  4. #
    5. 

  5. # Redistribution and use in source and binary forms, with or without
    6. 

  6. # modification, are permitted provided that the following conditions
    7. 

  7. # are met:
    8. 

  8. #
    9. 

  9. #   * Redistributions of source code must retain the above copyright
    10. 

  10. #     notice, this list of conditions and the following disclaimer.
    11. 

  11. #   * Redistributions in binary form must reproduce the above copyright
    12. 

  12. #     notice, this list of conditions and the following disclaimer in
    13. 

  13. #     the documentation and/or other materials provided with the
    14. 

  14. #     distribution.
    15. 

  15. #   * Neither the name of Intel Corporation nor the names of its
    16. 

  16. #     contributors may be used to endorse or promote products derived
    17. 

  17. #     from this software without specific prior written permission.
    18. 

  18. #
    19. 

  19. # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    20. 

  20. # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    21. 

  21. # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    22. 

  22. # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    23. 

  23. # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    24. 

  24. # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    25. 

  25. # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    26. 

  26. # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    27. 

  27. # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    28. 

  28. # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    29. 

  29. # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    30. 

  30. #
    31. 

  31. #
    32. 

  32. 

  33. 

  34. set -e 
    35. 

  35. 

  36. SCRIPT_DIR=$(dirname "$0")
    37. 

  37. source ${SCRIPT_DIR}/installConfig
    38. 

  38. 

  39. PSW_DST_PATH=${SGX_PACKAGES_PATH}/${PSW_PKG_NAME}
    40. 

  40. AESM_PATH=$PSW_DST_PATH/aesm
    41. 

  41. 

  42. # Install the AESM service
    43. 

  43. 

  44. cut -d: -f1 /etc/passwd | grep -q -w aesmd || \
    45. 

  45.     /usr/sbin/useradd -r -c "User for aesmd" \
    46. 

  46.     -d /var/opt/aesmd -s /sbin/nologin aesmd
    47. 

  47. 

  48. mkdir -p /var/opt/aesmd
    49. 

  49. cp -rf $AESM_PATH/data /var/opt/aesmd/
    50. 

  50. rm -rf $AESM_PATH/data
    51. 

  51. cp -rf $AESM_PATH/conf/aesmd.conf /etc/aesmd.conf
    52. 

  52. rm -rf $AESM_PATH/conf
    53. 

  53. chmod  0644 /etc/aesmd.conf
    54. 

  54. chown -R aesmd /var/opt/aesmd
    55. 

  55. chmod 0750 /var/opt/aesmd
    56. 

  56. 

  57. # By default the AESM's communication socket will be created in
    58. 

  58. # /var/run/aesmd.  Putting the socket in the aesmd sub-directory
    59. 

  59. # as opposed to directly in /var/run allows the user to create a
    60. 

  60. # mount a volume at /var/run/aesmd and thus expose the socket to
    61. 

  61. # a different filesystem or namespace, e.g. a Docker container.
    62. 

  62. mkdir -p /var/run/aesmd
    63. 

  63. chown -R aesmd /var/run/aesmd
    64. 

  64. chmod 0755 /var/run/aesmd
    65. 

  65. 

  66. if [ -d /run/systemd/system ]; then
    67. 

  67.     AESMD_NAME=aesmd.service
    68. 

  68.     AESMD_TEMP=$AESM_PATH/$AESMD_NAME
    69. 

  69.     if [ -d /lib/systemd/system ]; then
    70. 

  70.         AESMD_DEST=/lib/systemd/system/$AESMD_NAME
    71. 

  71.     else
    72. 

  72.         AESMD_DEST=/usr/lib/systemd/system/$AESMD_NAME
    73. 

  73.     fi
    74. 

  74.     echo -n "Installing $AESMD_NAME service ..."
    75. 

  75.     sed -e "s:@aesm_folder@:$AESM_PATH:" \
    76. 

  76.         $AESMD_TEMP > $AESMD_DEST
    77. 

  77.     chmod 0644 $AESMD_DEST
    78. 

  78.     rm -f $AESMD_TEMP
    79. 

  79.     rm -f $AESM_PATH/aesmd.conf
    80. 

  80.     DISABLE_AESMD="systemctl disable aesmd"
    81. 

  81.     systemctl enable aesmd
    82. 

  82.     retval=$?
    83. 

  83. elif [ -d /etc/init/ ]; then
    84. 

  84.     AESMD_NAME=aesmd.conf
    85. 

  85.     AESMD_TEMP=$AESM_PATH/$AESMD_NAME
    86. 

  86.     AESMD_DEST=/etc/init/$AESMD_NAME
    87. 

  87.     echo -n "Installing $AESMD_NAME service ..."
    88. 

  88.     sed -e "s:@aesm_folder@:$AESM_PATH:" \
    89. 

  89.         $AESMD_TEMP > $AESMD_DEST
    90. 

  90.     chmod 0644 $AESMD_DEST
    91. 

  91.     rm -f $AESMD_TEMP
    92. 

  92.     rm -f $AESM_PATH/aesmd.service
    93. 

  93.     /sbin/initctl reload-configuration
    94. 

  94.     retval=$?
    95. 

  95. else
    96. 

  96.     echo " failed."
    97. 

  97.     echo "Unsupported platform - neither systemctl nor initctl is found."
    98. 

  98.     exit 5
    99. 

  99. fi
    100. 

  100. 

  101. if test $retval -ne 0; then
    102. 

  102.     echo "$rcmngr failed to install $AESMD_NAME."
    103. 

  103.     exit 6
    104. 

  104. fi
    105. 

  105. 

  106. echo " done."
    107. 

  107. 

  108. 

  109. cat > $PSW_DST_PATH/uninstall.sh <<EOF
    110. 

  110. #!/usr/bin/env bash
    111. 

  111. 

  112. if test \$(id -u) -ne 0; then
    113. 

  113.     echo "Root privilege is required."
    114. 

  114.     exit 1
    115. 

  115. fi
    116. 

  116. 

  117. # Killing AESM service
    118. 

  118. /usr/sbin/service aesmd stop
    119. 

  119. $DISABLE_AESMD
    120. 

  120. # Removing AESM configuration files
    121. 

  121. rm -f $AESMD_DEST
    122. 

  122. rm -f /etc/aesmd.conf
    123. 

  123. 

  124. # Removing AESM internal folders
    125. 

  125. rm -fr /var/opt/aesmd
    126. 

  126. rm -fr /var/run/aesmd
    127. 

  127. 

  128. # Removing runtime libraries
    129. 

  129. rm -f /usr/lib/libsgx_uae_service.so
    130. 

  130. rm -f /usr/lib/libsgx_urts.so
    131. 

  131. rm -f /usr/lib/i386-linux-gnu/libsgx_uae_service.so
    132. 

  132. rm -f /usr/lib/i386-linux-gnu/libsgx_urts.so
    133. 

  133. 

  134. # Removing AESM folder
    135. 

  135. rm -fr $PSW_DST_PATH
    136. 

  136. 

  137. # Removing AESM user and group
    138. 

  138. /usr/sbin/userdel aesmd
    139. 

  139. 

  140. echo "SGX PSW uninstalled."
    141. 

  141. EOF
    142. 

  142. 

  143. chmod +x $PSW_DST_PATH/uninstall.sh
    144. 

  144. 

  145. $AESM_PATH/cse_provision_tool || true
    146. 

  146. rm $AESM_PATH/cse_provision_tool
    147. 

  147. 

  148. # Start the aesmd service
    149. 

  149. if [ -d /run/systemd/system ]; then
    150. 

  150.     systemctl start aesmd
    151. 

  151. elif [ -d /etc/init/ ]; then
    152. 

  152.     /sbin/initctl start aesmd
    153. 

  153. fi
    154. 

  154. 

  155. echo -e "\nuninstall.sh script generated in $PSW_DST_PATH\n"
    156. 

  156. 

  157. echo -e "Installation is successful!"
    158. 

  158. 

  159. rm -fr $PSW_DST_PATH/scripts
    160. 

  160. 

  161. exit 0
    162. 

  162.