miti
/
mitigator


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
							FROM graphene
ENV SGX_SDK=/opt/intel/sgxsdk/

RUN mkdir source
WORKDIR source
## Setting up prereqs for decryptor - Intel SGX SSL 
# Just curling the tar.gz file and then running the build script didn't work as the extracted folder had a different name (dependent on the foldername which was compressed) --- I didnt want to make a new fork of the sgxssl script for that.
RUN git clone https://github.com/openssl/openssl.git OpenSSL_1.1.1d && \ 
	cd OpenSSL_1.1.1d && git checkout tags/OpenSSL_1_1_1d && \ 
	cd ../ && tar -cf OpenSSL_1.1.1d.tar.gz OpenSSL_1.1.1d/

#Setting up SGXSSL with the version of OpenSSL that we downloaded in the previous step.
RUN git clone https://github.com/intel/intel-sgx-ssl.git && \ 
	cd intel-sgx-ssl && git checkout tags/lin_2.5_1.1.1d && \ 
	cp ../OpenSSL_1.1.1d.tar.gz ./openssl_source/  && \ 
	cd Linux &&  make && make install

#Temp - TODO: Make the git repo public and remove these commands and retest.  
#COPY gitcrysp-docker-deploy-key.id_rsa /root/.ssh/id_rsa
#COPY gitcrysp-docker-deploy-key.id_rsa.pub /root/.ssh/id_rsa.pub
#RUN ssh-keyscan git-crysp.uwaterloo.ca > /root/.ssh/known_hosts

#Setting up protobuf definitions for exchanging LA and post-LA messages between enclaves.
RUN git clone gogs@git-crysp.uwaterloo.ca:miti/dhmsgs_proto_defs.git && \ 
	cd dhmsgs_proto_defs/ && protoc --cpp_out=./ ./*.proto

#Setting up the decryptor enclave itself. 
RUN git clone gogs@git-crysp.uwaterloo.ca:miti/Decryptor.git && \ 
	cd Decryptor/ && make 

#Setting up common files used in the verifier, PHP extension for LA/post-LA message processing. 
RUN git clone gogs@git-crysp.uwaterloo.ca:miti/commonVerifierPHPfiles.git

#Setting up a patched version of the linux-sgx repo's SDK for running LA on graphene.
RUN git clone gogs@git-crysp.uwaterloo.ca:miti/linux-sgx-trts-modified.git && \
	cd linux-sgx-trts-modified && git checkout local_attestation_for_graphene && \ 
	bash ./download_prebuilt.sh && make USE_OPT_LIBS=0

#Setting up the verifier. 
RUN git clone gogs@git-crysp.uwaterloo.ca:miti/verifier.git && \ 
	cd verifier/ && git checkout recreating_state_for_teeter && \ 
	export SGX_SDK_TRTS_MODIFIED=/root/source/linux-sgx-trts-modified/build/linux && make && \ 
	cp verifier /root/graphene/LibOS/shim/test/native && \
	git checkout master && \ 
	cp verifier.manifest.template /root/graphene/LibOS/shim/test/native && \
	cp grapheneMakefile /root/graphene/LibOS/shim/test/native/Makefile 

#Verifier manifest file, makefile changes - comment out JDK/python related content
WORKDIR /root/graphene/LibOS/shim/test/native
RUN make SGX=1 #&& make SGX_RUN=1 

RUN apt update && apt install -y php7.0-dev tmux

WORKDIR /root/source
RUN git clone --recursive https://github.com/CopernicaMarketingSoftware/PHP-CPP.git && \
	cd PHP-CPP/ && git checkout tags/v2.1.4 &&  make all && \
	cp libphpcpp.so.* /usr/lib/ && make install 

RUN git clone gogs@git-crysp.uwaterloo.ca:miti/Apache_PHP_extension.git && \
	cd Apache_PHP_extension && \
	make 

#WORKDIR /root/graphene/LibOS/shim/test/apps/apache
#RUN make SGX=1 && make SGX_RUN=1