general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add similation and debug mode occlum package check and support

Browse Source 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
This commit is contained in:
Zheng, Qi 2021-08-05 10:10:32 +08:00 committed by Zongmin.Gu
parent 7c170807bc
commit 05d4c7d7db
4 changed files with 54 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/rune_test.yml vendored
View File

@ -67,7 +67,7 @@ jobs:
run: docker exec $rune_test bash -c "occlum-gcc -o hello_world hello_world.c; run: docker exec $rune_test bash -c "occlum-gcc -o hello_world hello_world.c;
occlum new occlum_instance && cd occlum_instance; occlum new occlum_instance && cd occlum_instance;
cp ../hello_world image/bin/ && occlum build; cp ../hello_world image/bin/ && occlum build;
occlum package occlum_instance.tar.gz; occlum package --debug occlum_instance.tar.gz;
docker build . -t occlum-app -f /root/Dockerfile-occlum" docker build . -t occlum-app -f /root/Dockerfile-occlum"
- name: Run Occlum image - name: Run Occlum image

8
demos/deployment/Dockerfile_template.centos8.2
View File

@ -25,8 +25,10 @@ ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# packager stage: # packager stage:
# Users can build their own applications and put to occlum instance. And then use "occlum package" # Users can build their own applications and put to occlum instance.
# to get a minimum subset of files to run in deployment environment. # And then use "occlum package" to get a minimum subset of files to run in deployment environment.
# In this demo, the occlum instance is built in debug mode.
# So "--debug" flag is required for the "occlum package".
FROM base as packager FROM base as packager
RUN yum install -y fuse-libs libtool make gdb git && \ RUN yum install -y fuse-libs libtool make gdb git && \
cd /root && \ cd /root && \
@ -41,7 +43,7 @@ RUN yum install -y fuse-libs libtool make gdb git && \
cd /root/demos/hello_c && \ cd /root/demos/hello_c && \
make && cp hello_world /root/occlum-instance/image/bin && \ make && cp hello_world /root/occlum-instance/image/bin && \
cd /root/occlum-instance && occlum build && \ cd /root/occlum-instance && occlum build && \
occlum package occlum package --debug
# deployer stage: # deployer stage:

8
demos/deployment/Dockerfile_template.ubuntu18.04
View File

@ -18,8 +18,10 @@ ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# packager stage: # packager stage:
# Users can build their own applications and put to occlum instance. And then use "occlum package" # Users can build their own applications and put to occlum instance.
# to get a minimum subset of files to run in deployment environment. # And then use "occlum package" to get a minimum subset of files to run in deployment environment.
# In this demo, the occlum instance is built in debug mode.
# So "--debug" flag is required for the "occlum package".
FROM base as packager FROM base as packager
WORKDIR /root WORKDIR /root
RUN apt-get update && \ RUN apt-get update && \
@ -35,7 +37,7 @@ RUN apt-get update && \
cd /root/demos/hello_c && \ cd /root/demos/hello_c && \
make && cp hello_world /root/occlum-instance/image/bin && \ make && cp hello_world /root/occlum-instance/image/bin && \
cd /root/occlum-instance && occlum build && \ cd /root/occlum-instance && occlum build && \
occlum package occlum package --debug
# deployer stage: # deployer stage:

66
tools/occlum
View File

@ -69,6 +69,8 @@ Usage:
All runtime dependencies required by the Occlum instance---except Intel SGX driver, All runtime dependencies required by the Occlum instance---except Intel SGX driver,
enable_rdfsbase kernel module, and Intel SGX PSW---are included in the package. enable_rdfsbase kernel module, and Intel SGX PSW---are included in the package.
If package_name is not specified, the directory name of Occlum instance will be used. If package_name is not specified, the directory name of Occlum instance will be used.
In default only HW release mode package is supported. Debug or simulation mode package
could be supported by adding "--debug" flag.
occlum gdb <program_name> <program_args> occlum gdb <program_name> <program_args>
Debug the program running inside an SGX enclave with GDB. Debug the program running inside an SGX enclave with GDB.
@ -390,38 +392,56 @@ cmd_stop() {
cmd_package() { cmd_package() {
check_has_built check_has_built
SGX_MODE=$(cat $instance_dir/.sgx_mode) debug="false"
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then instance_base_name=$(basename $instance_dir)
echo '"occlum package" command should only be used for an Occlum instance of SGX hardware mode, not the simulation mode.' package_name="$instance_base_name.tar.gz"
echo 'Please run "occlum build --sgx-mode HW" and then use "occlum package"' while [ -n "$1" ]; do
case "$1" in
--debug) debug="true" ; shift ;;
*) package_name=$1 ; shift ;;
esac
done
if [[ "$package_name" != *.tar.gz ]]; then
package_name="$package_name.tar.gz"
fi
if [[ "`get_enclave_debuggable_flag`" == "true" && "$debug" != "true" ]]; then
echo 'Warning: current Occlum instance is configured as "debuggable".'
echo '(If it is not expected, you can modify the Occlum.json "metadata" - "debuggable" field to "false" and build again. And then use "occlum package")'
echo 'Or, use "occlum package --debug" to support debug mode package'
exit 1 exit 1
fi fi
instance_base_name=$(basename $instance_dir) SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -z "$@" ]]; then if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" && "$debug" != "true" ]]; then
package_name="$instance_base_name.tar.gz" echo '"occlum package" command should only be used for an Occlum instance of SGX hardware mode, not the simulation mode.'
else echo 'Please run "occlum build --sgx-mode HW" and then use "occlum package"'
if [[ "$@" == *.tar.gz ]];then echo 'Or, use "occlum package --debug" to support similation mode package'
package_name="$@" exit 1
else
package_name="$@.tar.gz"
fi
fi fi
rm -f $package_name rm -f $package_name
cd .. && tar -cvzf $instance_dir/$package_name $instance_base_name/Occlum.json $instance_base_name/build/bin \ pkg_files="\
$instance_base_name/build/lib/libocclum-libos.signed.so $instance_base_name/build/lib/libocclum-pal.so* \ $instance_base_name/Occlum.json \
$instance_base_name/build/mount $instance_base_name/build/Occlum.json.protected \ $instance_base_name/build/bin \
$instance_base_name/build/initfs $instance_base_name/build/.Occlum_sys.json.protected \ $instance_base_name/build/lib/libocclum-libos.signed.so \
$instance_base_name/initfs $instance_base_name/run \ $instance_base_name/build/lib/libocclum-pal.so* \
$instance_base_name/.__occlum_status $instance_base_name/.sgx_mode $instance_base_name/build/mount $instance_base_name/build/Occlum.json.protected \
$instance_base_name/build/initfs $instance_base_name/build/.Occlum_sys.json.protected \
if [ "`get_enclave_debuggable_flag`" == "true" ]; then $instance_base_name/initfs $instance_base_name/run \
echo 'Warning: current Occlum instance is configured as "debuggable".' $instance_base_name/.__occlum_status $instance_base_name/.sgx_mode \
echo '(If it is not expected, you can modify the Occlum.json "metadata" - "debuggable" field to "false" and build again. And then use "occlum package")' "
if [[ "$debug" == "true" && "$SGX_MODE" != "HW" ]]; then
sim_files="\
$instance_base_name/build/lib/libocclum-libos_sim.so* \
$instance_base_name/build/lib/libocclum-pal_sim.so* \
"
fi fi
cd .. && tar -cvzf $instance_dir/$package_name $pkg_files $sim_files
echo "The package $package_name is generated successfully" echo "The package $package_name is generated successfully"
} }