From c2e751d893838be507f80c5012655e6a0104a1c7 Mon Sep 17 00:00:00 2001
From: Jakub Doka <jakub.doka2@gmail.com>
Date: Mon, 2 Dec 2024 01:42:06 +0000
Subject: [PATCH] lightweight docker container and docker volumes

Reviewed-on: https://gitea.detee.cloud/SGX/hacker-challenge-sgx/pulls/3
Co-authored-by: Jakub Doka <jakub.doka2@gmail.com>
Co-committed-by: Jakub Doka <jakub.doka2@gmail.com>
---
 README.md                   |  6 ++++++
 docker/challenge.Dockerfile | 18 +++++++++++++++++-
 scripts/build-container.sh  | 20 ++++++++++++++++++++
 scripts/package.sh          |  3 ++-
 scripts/testnet.sh          | 25 +++----------------------
 src/main.rs                 |  2 +-
 6 files changed, 49 insertions(+), 25 deletions(-)
 create mode 100755 scripts/build-container.sh

diff --git a/README.md b/README.md
index 10dc658..d3aa52a 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,12 @@ curl localhost:your-port
 
 The node homepage source is also [here](./src/HOMEPAGE.md).
 
+## Production build
+
+```bash
+./scripts/build-container.sh
+```
+
 ## Contributing to the challenge
 
 Don't forget to run `cargo clippy` and `cargo fmt` before submitting a PR.
diff --git a/docker/challenge.Dockerfile b/docker/challenge.Dockerfile
index 01c55c9..e53a821 100644
--- a/docker/challenge.Dockerfile
+++ b/docker/challenge.Dockerfile
@@ -1,6 +1,22 @@
-FROM occlum/occlum:latest-ubuntu20.04
+FROM occlum/occlum:latest-ubuntu20.04 AS build
+
+WORKDIR /
+RUN mkdir sgx_libs &&\
+        cp /usr/lib/x86_64-linux-gnu/libsgx_* sgx_libs/ &&\
+        cp /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1 sgx_libs/libdcap_quoteprov.so
+
+FROM ubuntu:20.04
+
+RUN apt update -y && apt install -y jq curl
+
 COPY challenge.sh /challenge.sh
 COPY challenge.tar.gz /challenge.tar.gz
 COPY challenge.qcnl.conf /etc/sgx_default_qcnl.conf
+
+COPY --from=build /opt/occlum/build/bin/occlum-run /opt/occlum/build/bin/occlum-run
+COPY --from=build /opt/occlum/build/bin/occlum /usr/bin/occlum
+COPY --from=build /sgx_libs /sgx_libs
+RUN cp /sgx_libs/* /usr/lib/x86_64-linux-gnu/
+
 WORKDIR /
 ENTRYPOINT ["/challenge.sh"]
diff --git a/scripts/build-container.sh b/scripts/build-container.sh
new file mode 100755
index 0000000..fc6d61b
--- /dev/null
+++ b/scripts/build-container.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+echo "Building the hacker-challenge docker image"
+
+if ! command -v docker 2>&1 >/dev/null
+then
+    echo "docker not found, please install docker"
+    exit 1
+fi
+
+if [ ! -e challenge_instance/challenge.tar.gz ]; then
+  echo "Please build the challenge first, see README.md"
+  exit 1
+fi
+
+cd docker
+cp ../challenge_instance/challenge.tar.gz challenge.tar.gz
+docker build -f challenge.Dockerfile -t hacker-challenge:latest .
+cd ..
+
+echo "Container named 'hacker-challenge' built"
diff --git a/scripts/package.sh b/scripts/package.sh
index ab547d3..6572417 100755
--- a/scripts/package.sh
+++ b/scripts/package.sh
@@ -12,10 +12,11 @@ if [ "$prerequisites" == "--prep" ]; then
     rustup install stable-x86_64-unknown-linux-gnu
     rustup default stable
     rustup target add x86_64-unknown-linux-musl
+    echo "net.git-fetch-with-cli = true" >> /root/.cargo/config.toml
+
     mkdir -p /root/.ssh
 
     echo
-    #echo "docker cp ~/.ssh/config packager:/root/.ssh/config"
     echo "docker cp deploy_ed25519 packager:/root/.ssh/id_ed25519"
     echo
     echo "Run above commands in another terminal"
diff --git a/scripts/testnet.sh b/scripts/testnet.sh
index d86ee32..6acef15 100755
--- a/scripts/testnet.sh
+++ b/scripts/testnet.sh
@@ -31,27 +31,7 @@ function build_mint_sol_tool() {
     cd ..
 }
 
-function build_challenge_image() {
-    echo "Building the hacker-challenge docker image"
-
-    if ! command -v docker 2>&1 >/dev/null
-    then
-        echo "docker not found, please install docker"
-        exit 1
-    fi
-
-    if [ ! -e challenge_instance/challenge.tar.gz ]; then
-      echo "Please build the challenge first, see README.md"
-      exit 1
-    fi
-
-    cd docker
-    cp ../challenge_instance/challenge.tar.gz challenge.tar.gz
-    docker build -f challenge.Dockerfile -t hacker-challenge:latest .
-    cd ..
-}
-
-build_challenge_image
+source "${script_dir}/build-container.sh"
 build_mint_sol_tool
 
 # Cleanup old containers and run the network root
@@ -80,6 +60,7 @@ for p in {31311..31320}; do
     docker run --device /dev/sgx/enclave \
                --device /dev/sgx/provision \
                --env INIT_NODES="172.17.0.2 172.17.0.3 172.17.0.4" \
+               -v "/tmp/hacker-challenge${p}:/challenge/main" \
                --name "hacker-challenge${p}" -p "${p}:31372" \
                -d hacker-challenge:latest
 done
@@ -88,4 +69,4 @@ sleep 5 # Wait for the cluster to start
 echo "Running the test mint"
 for p in {31311..31320}; do
     curl -X POST "127.0.0.1:${p}/mint"  --json '{"wallet": "EZT16iP1SQVUFf1AJN6oiE5BZPnyBUqaKDkZ4oZRsvhR"}'
-done
\ No newline at end of file
+done
diff --git a/src/main.rs b/src/main.rs
index 9eab7d6..b62b091 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -20,7 +20,7 @@ use tokio::{
 };
 
 const INIT_NODES: &str = "/host/detee_challenge_nodes";
-const DISK_PERSISTENCE: &str = "TRY_TO_HACK_THIS";
+const DISK_PERSISTENCE: &str = "/host/main/TRY_TO_HACK_THIS";
 const MAINTAINED_CONNECTIONS: usize = 3;
 
 pub async fn localhost_cron(ds: Arc<Store>, tx: Sender<NodeUpdate>) {