Home Explore Help
Sign In
miti
/
mitigator
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Code for building decryptor, verifier, PHP extension in docker.

Miti Mazmudar 4 years ago
parent
6e538efee0
commit
fd7341a04d
2 changed files with 56 additions and 1 deletions
Split View Show Diff Stats
  1. 50 0
      docker/Dockerfile
  2. 6 1
      run-mitigator

+ 50 - 0
docker/Dockerfile
View File 

@@ -1 +1,51 @@
 
 FROM graphene
 
+ENV SGX_SDK=/opt/intel/sgxsdk/
 
+RUN apt install -y nano gdb #tmux #TODO Move tmux to run script and nano to sgx-docker script. 
+RUN mkdir source
 
+WORKDIR source
 
+## Setting up prereqs for decryptor - Intel SGX SSL 
+# Just curling the tar.gz file and then running the build script didn't work as the extracted folder had a different name (dependent on the foldername which was compressed) --- I didnt want to make a new fork of the sgxssl script for that.
 
+RUN git clone https://github.com/openssl/openssl.git OpenSSL_1.1.1d && \ 
+	cd OpenSSL_1.1.1d && git checkout tags/OpenSSL_1_1_1d && \ 
+	cd ../ && tar -cf OpenSSL_1.1.1d.tar.gz OpenSSL_1.1.1d/
 
+
 
+#Setting up SGXSSL with the version of OpenSSL that we downloaded in the previous step.
 
+RUN git clone https://github.com/intel/intel-sgx-ssl.git && \ 
+	cd intel-sgx-ssl && git checkout tags/lin_2.5_1.1.1d && \ 
+	cp ../OpenSSL_1.1.1d.tar.gz ./openssl_source/  && \ 
+	cd Linux &&  make && make install
 
+
 
+#Temp - TODO: Make the git repo public and remove these commands and retest.  
+COPY gitcrysp-docker-deploy-key.id_rsa /root/.ssh/id_rsa
 
+COPY gitcrysp-docker-deploy-key.id_rsa.pub /root/.ssh/id_rsa.pub
 
+RUN ssh-keyscan git-crysp.uwaterloo.ca > /root/.ssh/known_hosts
 
+
 
+#Setting up protobuf definitions for exchanging LA and post-LA messages between enclaves.
 
+RUN git clone gogs@git-crysp.uwaterloo.ca:miti/dhmsgs_proto_defs.git && \ 
+	cd dhmsgs_proto_defs/ && protoc --cpp_out=./ ./*.proto
 
+
 
+#Setting up the decryptor enclave itself. 
+RUN git clone gogs@git-crysp.uwaterloo.ca:miti/Decryptor.git && \ 
+	cd Decryptor/ && make 
+
 
+#Setting up common files used in the verifier, PHP extension for LA/post-LA message processing. 
+RUN git clone gogs@git-crysp.uwaterloo.ca:miti/commonVerifierPHPfiles.git
 
+
 
+#Setting up the verifier. 
+RUN git clone gogs@git-crysp.uwaterloo.ca:miti/verifier.git && \ 
+	cd verifier/ && make && cp verifier /root/graphene/LibOS/shim/test/native
 
+
 
+#Verifier manifest file, makefile changes - comment out JDK/python related content
 
+#WORKDIR /root/graphene/LibOS/shim/test/native
 
+#RUN make SGX=1 && make SGX_RUN=1 
+
 
+RUN apt install -y php7.0-dev
 
+
 
+RUN git clone --recursive https://github.com/CopernicaMarketingSoftware/PHP-CPP.git && \
 
+	cd PHP-CPP/ && git checkout tags/v2.1.4 &&  make all && \
 
+	cp libphpcpp.so.* /usr/lib/ && make install 
+
 
+RUN git clone gogs@git-crysp.uwaterloo.ca:miti/Apache_PHP_extension.git && \
 
+	cd Apache_PHP_extension && \
 
+	make 
+

+ 6 - 1
run-mitigator
View File 

@@ -1,3 +1,8 @@
 
 #!/bin/bash
 
+docker container stop mitigator_base_setup && docker container rm mitigator_base_setup
 
+CONTAINER=$(docker container ls -a | grep "mitigator_base_setup") 
+if [[ -z $CONTAINER ]]; then 
+	docker run --device /dev/isgx --device /dev/gsgx --name mitigator_base_setup -dt mitigator bash -c "start-aesmd && exec bash"
 
+fi
 
 
-docker run --device /dev/isgx --device /dev/gsgx -it mitigator bash -c "start-aesmd && exec bash"
 
+docker exec -it  mitigator_base_setup bash