hacker-challenge/scripts/package.sh

#!/bin/bash

set -e

script_dir=$(dirname "$0")
cd "$script_dir/.."
prerequisites=$1

if [ "$prerequisites" == "--prep" ]; then
    echo "Preparing the packager environment"
    apt update && apt install -y openssh-client
    rustup install stable-x86_64-unknown-linux-gnu
    rustup default stable
    rustup target add x86_64-unknown-linux-musl

    mkdir -p /root/.ssh

    echo
    echo "docker cp deploy_ed25519 packager:/root/.ssh/id_ed25519"
    echo
    echo "Run above commands in another terminal"
    while true; do
        echo -n "." && sleep 1
        if [ -e ~/.ssh/id_ed25519 ]; then
          echo && break
        fi
    done

    chown -R root:root /root/.ssh
    chmod 600 /root/.ssh/id_ed25519
    ssh-keyscan -H gitea.detee.cloud > ~/.ssh/known_hosts

    echo "Building the occlum fork"
    [ -d occlum ] || git clone git@gitea.detee.cloud:SGX/occlum.git
    (cd occlum && make submodule)
    (cd occlum/tools/toolchains/utils_lib && ./build.sh)
fi


echo "Building the hacker-challenge signed bundle"
occlum-cargo build --release
strip target/x86_64-unknown-linux-musl/release/hacker-challenge

cat > challenge.yaml <<EOF
includes:
  - base.yaml
targets:
  - target: /bin
    copy:
      - files:
        - ../target/x86_64-unknown-linux-musl/release/hacker-challenge
  - target: /lib
    copy:
      - files:
        - /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so.0.1.0
        - /opt/occlum/toolchains/utils_lib/musl/libocclum_utils.so.0.1.0
EOF

rm -rf challenge_instance && mkdir challenge_instance && cd challenge_instance
occlum init && rm -rf image
cp ../scripts/Occlum.json ./
copy_bom -f ../challenge.yaml --root image --include-dir /opt/occlum/etc/template
# TODO: "--enable-edmm Y" must be only for platforms that support SGX2
# TODO: make sure the bundle needs SGX2 to run since SGX1 is vulnerable to https://x.com/PratyushRT/status/1828183761055330373
occlum build --sign-key ../scripts/signing_key.pem
occlum package challenge.tar.gz