4 years ago · 56125c4ccf
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -36,7 +36,7 @@ RUN git clone https://git-crysp.uwaterloo.ca/miti/verifier.git && \
 
				 	cd verifier/ && git checkout recreating_state_for_teeter && \
			
 
				 	export SGX_SDK_TRTS_MODIFIED=/root/source/linux-sgx-trts-modified/build/linux && make && \
			
 
				 	cp verifier /root/graphene/LibOS/shim/test/native && \
			
 
				-	git checkout master && \
			
 
				+	git checkout master && git log && \
			
 
				 	cp verifier.manifest.template /root/graphene/LibOS/shim/test/native 
			
 
				 
			
 
				 #Build the verifier
			
@@ -51,40 +51,45 @@ RUN git clone --recursive https://github.com/CopernicaMarketingSoftware/PHP-CPP.
 
				 	cd PHP-CPP/ && git checkout tags/v2.1.4 &&  make all && \
			
 
				 	cp libphpcpp.so.* /usr/lib/ && make install
			
 
				 
			
 
				+#Dependencies for Apache
			
 
				+RUN apt update && apt install -y build-essential flex libapr1-dev libaprutil1-dev libpcre2-dev apache2-utils libssl-dev
			
 
				 RUN git clone https://git-crysp.uwaterloo.ca/miti/Apache_PHP_extension.git && \
			
 
				-	cd Apache_PHP_extension && git checkout recreating_state_for_teeter  && \
			
 
				+	cd Apache_PHP_extension && git checkout recreating_state_for_teeter && \
			
 
				 	make
			
 
				 
			
 
				 WORKDIR /root/graphene/LibOS/shim/test/apps/apache
			
 
				 #Modifying the Makefile to generate the php module.
			
 
				 RUN sed -i s/'LISTEN_HOST ?= 127.0.0.1'/'LISTEN_HOST ?= 0.0.0.0'/g Makefile
			
 
				-RUN sed -i s/'testdata ssldata'/'$(INSTALL_DIR)/modules/libphp7.so  #testdata ssldata'/g Makefile 
			
 
				+RUN sed -i 's:testdata ssldata:ssldata $(INSTALL_DIR)/modules/libphp7.so:' Makefile 
			
 
				 RUN sed -i s/"'-'"/"'-' | tr '+' 'p'"/g Makefile #Fix for stdc++ to be named as a key sgx.trusted_files.stdcpp in the autogenerated manifest. 
			
 
				-RUN printf '\nPHP_DIR = php-7.0.7 \n$(PHP_DIR): $(PHP_DIR).tar.gz\n\ttar -xmzf $<\n' >> Makefile 
			
 
				-RUN printf '\n$(INSTALL_DIR)/modules/libphp7.so: $(PHP_DIR) $(INSTALL_DIR)/bin/apxs\n' >> Makefile
			
 
				-RUN printf '\tcd $< && ./configure --prefix=$(abspath $(INSTALL_DIR)) --with-apxs2=$(abspath $(INSTALL_DIR)/bin/apxs) \ \n' >> Makefile
			
 
				-RUN printf '\t--disable-cgi --disable-cli --disable-soap\n\tcd $< && $(MAKE) \n\tcd $< && $(MAKE) install\n' >> Makefile
			
 
				-RUN printf '\nbuild-apache-with-php: $(INSTALL_DIR)/bin/httpd $(INSTALL_DIR)/modules/libphp7.so\n' >> Makefile 
			
 
				+#Copy the PHP 7 archive (PHPCPP requires at least version 7) 
			
 
				 RUN cp /root/source/Apache_PHP_extension/*.tar.gz ./
			
 
				-#Don't make the manifest yet - make the apache/php build first and then the manifest.
			
 
				+#Copy targets for generating the php module library from the archive to the makefile.
			
 
				+RUN cat /root/source/Apache_PHP_extension/apacheMakefile >> Makefile 
			
 
				+#Install dependencies for Apache
			
 
				+RUN apt update && apt install -y build-essential flex libapr1-dev libaprutil1-dev libpcre2-dev apache2-utils libssl-dev
			
 
				+#Make the apache/php build first 
			
 
				+#In the new graphene version, runtime tokens are also generated along with the manifests, and these tokens require the AESMD service. 
			
 
				+#We start the aesmd service at runtime and generate all targets by running 'make SGX=1' on this folder at runtime. 
			
 
				 RUN make SGX=1 build-apache-with-php
			
 
				 
			
 
				 #Add the updated httpd.manifest.template #Todo update manifest. 
			
 
				 RUN cp /root/source/Apache_PHP_extension/httpd.manifest.template ./
			
 
				-#Add the extension to the obj/modules folder. 
			
 
				+#Add the extension to the modules folder. 
			
 
				 RUN cp /root/source/Apache_PHP_extension/localattestation_decryption.so install/modules/
			
 
				 #Add the PHP .ini file from the PHP folder to the location accessed by the PHP setup at runtime
			
 
				 RUN cp ./php-7.0.7/php.ini-development install/lib/php.ini
			
 
				-#Add the extension directory and the extension name to the php.ini 
			
 
				+#Add the extension path and the extension name to the php.ini 
			
 
				 RUN echo "extension_dir=/root/graphene/LibOS/shim/test/apps/apache/install/modules" >> install/lib/php.ini && \ 
			
 
				 	echo "extension=localattestation_decryption.so" >> install/lib/php.ini
			
 
				 #Add all php source code files to the right place. 
			
 
				 RUN cp /root/source/Apache_PHP_extension/*.php install/htdocs
			
 
				 #Fix the configuration file for Apache
			
 
				-RUN printf '\nAcceptFilter http none\n<IfModule mime_module>\n    AddType application/x-httpd-php .php\n</IfModule>\n' > install/conf/httpd.conf
			
 
				-RUN make SGX=1 
			
 
				+RUN printf '\nAcceptFilter http none\n<IfModule mime_module>\n    AddType application/x-httpd-php .php\n</IfModule>\n' >> install/conf/httpd.conf 
			
 
				 
			
 
				-WORKDIR /root 
			
 
				+WORKDIR /root
			
 
				 COPY deploy_enclaves.sh ./
			
 
				 RUN chmod 755 ./deploy_enclaves.sh
			
 
				+COPY find_docker_ip.sh ./
			
 
				+RUN chmod 755 ./find_docker_ip.sh
			
 
				 
			
--- a/docker/deploy_enclaves.sh
+++ b/docker/deploy_enclaves.sh
@@ -7,5 +7,5 @@ cd ~/graphene && make SGX=1 sgx-tokens
 
				 cd ~/source/Decryptor && tmux new-session -d -s dec './app; bash';
			
 
				 cd ~/graphene/LibOS/shim/test/native && tmux new-session -d -s ver './pal_loader SGX verifier; bash'
			
 
				 sleep 20; #Should have better logic here to check if the previous command exited successfully (server should only be started after the verifier finishes, or else it will try to do LA with the decryptor and crash' 
			
 
				-cd ~/graphene/LibOS/shim/test/apps/apache && tmux new-session -d -s php "make SGX_RUN=1; sudo make start-graphene-server; bash" 
			
 
				+cd ~/graphene/LibOS/shim/test/apps/apache && tmux new-session -d -s php "SGX=1 make start-graphene-server; bash" 
			
 
				 
			
--- a/docker/find_docker_ip.sh
+++ b/docker/find_docker_ip.sh
@@ -0,0 +1,4 @@
 
				+#!/bin/bash 
			
 
				+
			
 
				+ip addr | grep "inet" | grep -v "127.0.0.1" |  cut -d'/' -f 1  | tr -d [:alpha:]
			
 
				+#List all IP addr info | filter out lines with addresses | grab the host part of an IPv4 address (part before '/') | remove all alphabet chars on that line - "inet" etc
			
--- a/graphene-docker/Dockerfile
+++ b/graphene-docker/Dockerfile
@@ -1,19 +1,17 @@
 
				 FROM sgx
			
 
				 RUN apt update
			
 
				-RUN apt install -y gawk python-pip
			
 
				-RUN pip install protobuf
			
 
				-RUN pip install pycrypto
			
 
				-RUN sudo apt install -y libprotobuf-c-dev protobuf-c-compiler bison python3-pip
			
 
				+RUN apt install -y gawk libprotobuf-c-dev protobuf-c-compiler bison python3-pip
			
 
				+RUN pip3 install protobuf
			
 
				 
			
 
				 WORKDIR /root
			
 
				 RUN git clone https://github.com/oscarlab/graphene
			
 
				 WORKDIR graphene
			
 
				 RUN git submodule init
			
 
				 RUN git submodule update
			
 
				-RUN cd Pal/src/host/Linux-SGX/sgx-driver && git checkout 30d4b940
			
 
				-COPY isgx_version.h Pal/src/host/Linux-SGX/sgx-driver/
			
 
				-RUN mkdir Pal/src/host/Linux-SGX/sgx-driver/linux-sgx-driver
			
 
				-COPY sgx_user.h Pal/src/host/Linux-SGX/sgx-driver/linux-sgx-driver/
			
 
				 RUN openssl genrsa -3 -out Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072
			
 
				-#RUN make SGX=1
			
 
				-#WORKDIR /root
			
 
				+WORKDIR Pal/src/host/Linux-SGX/sgx-driver
			
 
				+RUN mkdir linux-sgx-driver
			
 
				+COPY sgx_user.h ./linux-sgx-driver/
			
 
				+WORKDIR /root/graphene
			
 
				+RUN make SGX=1 ISGX_DRIVER_PATH=/root/graphene/Pal/src/host/Linux-SGX/sgx-driver/linux-sgx-driver
			
 
				+WORKDIR /root