37 lines
1.1 KiB
Bash
Executable File
37 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
SCRIPT=$0
|
|
EXEC=$1
|
|
|
|
occlum-cargo build --release --example sealing --features="sealing"
|
|
strip target/x86_64-unknown-linux-musl/release/examples/sealing
|
|
|
|
cat > sealing.yaml <<EOF
|
|
includes:
|
|
- base.yaml
|
|
targets:
|
|
- target: /bin
|
|
copy:
|
|
- files:
|
|
- ../target/x86_64-unknown-linux-musl/release/examples/sealing
|
|
- target: /lib
|
|
copy:
|
|
- files:
|
|
- /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so.0.1.0
|
|
- /opt/occlum/toolchains/utils_lib/musl/libocclum_utils.so.0.1.0
|
|
EOF
|
|
|
|
rm -rf sealing_instance && mkdir sealing_instance && cd sealing_instance
|
|
occlum init && rm -rf image
|
|
cp ../Occlum.json ./
|
|
copy_bom -f ../sealing.yaml --root image --include-dir /opt/occlum/etc/template
|
|
# TODO: "--enable-edmm Y" must be only for platforms that support SGX2
|
|
# TODO: make sure the bundle needs SGX2 to run since SGX1 is vulnerable to https://x.com/PratyushRT/status/1828183761055330373
|
|
occlum build --sign-key ../examples/signing_key.pem
|
|
occlum package sealing.tar.gz
|
|
|
|
if [ "$EXEC" == "--run" ]; then
|
|
occlum run /bin/sealing
|
|
fi
|