general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add C++ support in the Occlum Docker image

Browse Source
This commit is contained in:
Tate Tian 2019-06-01 11:18:52 +08:00 committed by GitHub
parent 5aaf6de989
commit 06924c0e47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 127 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -1,7 +1,7 @@
# Occlum # Occlum
[![All Contributors](https://img.shields.io/badge/all_contributors-7-orange.svg?style=flat-square)](CONTRIBUTORS.md) [![All Contributors](https://img.shields.io/badge/all_contributors-7-orange.svg?style=flat-square)](CONTRIBUTORS.md)
Occlum is a *memory-safe*, *multi-process* library OS (LibOS) for [Intel SGX](https://software.intel.com/en-us/sgx). As a LibOS, it enables *unmodified* applications to run on SGX, thus protecting the confidentiality and integrity of user workloads transparently. Occlum is a *memory-safe*, *multi-process* library OS (LibOS) for [Intel SGX](https://software.intel.com/en-us/sgx). As a LibOS, it enables *legacy** applications to run on SGX with *little or even no modifications* of source code, thus protecting the confidentiality and integrity of user workloads transparently.
Compared to existing LibOSes for SGX, Occlum has the following salient features: Compared to existing LibOSes for SGX, Occlum has the following salient features:
@ -52,7 +52,7 @@ git clone https://github.com/occlum/libos
docker run -it \ docker run -it \
--mount type=bind,source=/your/path/to/libos,target=/root/occlum/libos \ --mount type=bind,source=/your/path/to/libos,target=/root/occlum/libos \
--device /dev/isgx \ --device /dev/isgx \
occlum occlum/occlum:latest
``` ```
Step 5-8 are to be done on the guest OS running inside the container: Step 5-8 are to be done on the guest OS running inside the container:

28
tools/docker/Dockerfile
View File

@ -57,28 +57,8 @@ RUN curl https://sh.rustup.rs -sSf | \
echo 'source /root/.cargo/env' >> /root/.bashrc && \ echo 'source /root/.cargo/env' >> /root/.bashrc && \
rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git
# Install Occlum LLVM # Install Occlum toolchain
WORKDIR /root/occlum/llvm
RUN git clone -b for_occlum https://github.com/occlum/llvm . && \
cd /root/occlum/llvm/tools && \
git clone https://github.com/llvm-mirror/clang && \
cd clang && \
git checkout 0513b409d5e && \
cd /root/occlum/llvm/tools && \
git clone -b for_occlum https://github.com/occlum/lld && \
mkdir /root/occlum/llvm-build && cd /root/occlum/llvm-build && \
cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=True -DLLVM_TARGETS_TO_BUILD="X86" -DCMAKE_INSTALL_PREFIX=/usr/local/occlum/ ../llvm/ && \
make && \
make install && \
rm -rf /root/occlum/llvm && rm -rf /root/occlum/llvm-build
ENV PATH="/usr/local/occlum/bin:$PATH"
# Install Occlum musl libc
WORKDIR /root/occlum/musl
RUN git clone -b for_occlum https://github.com/occlum/musl . && \
CC=clang ./configure --prefix=/usr/local/occlum --enable-wrapper=clang && \
make && \
make install && \
rm -rf /root/occlum/musl
WORKDIR /root/occlum/ WORKDIR /root/occlum/
COPY build_toolchain.sh /root/occlum/
RUN ./build_toolchain.sh
ENV PATH="/usr/local/occlum/bin:$PATH"

121
tools/docker/build_toolchain.sh Executable file
View File

@ -0,0 +1,121 @@
#!/bin/sh
BUILD_DIR=/root/occlum/toolchain
INSTALL_DIR=/usr/local/occlum
# Exit if any command fails
set -e
# Clean previous build and installation if any
rm -rf ${BUILD_DIR}
rm -rf ${INSTALL_DIR}
# Create the build directory
mkdir -p ${BUILD_DIR}
cd ${BUILD_DIR}
# Download all source code
git clone -b for_occlum https://github.com/occlum/llvm
git clone -b for_occlum https://github.com/occlum/musl
git clone -b for_occlum https://github.com/occlum/lld
git clone -b release_70 https://github.com/llvm-mirror/clang
git clone -b release_70 https://github.com/llvm-mirror/libcxx
git clone -b release_70 https://github.com/llvm-mirror/libcxxabi
git clone -b release_70 https://github.com/llvm-mirror/libunwind
git clone -b release_70 https://github.com/llvm-mirror/compiler-rt
# Build LLVM
mkdir llvm-build
cd llvm-build
cmake -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
-DLLVM_ENABLE_PROJECTS="clang;lld" \
-DLLVM_TARGETS_TO_BUILD="X86" \
../llvm
# Compile LLVM in a single thread (parallel compilation would consume too much memory)
make install
cd ..
# Make LLVM binaries visible
export PATH=${INSTALL_DIR}/bin:${PATH}
# Build musl libc
cd musl
CC=clang ./configure --prefix=${INSTALL_DIR} --enable-wrapper=clang
make install -j
cd ..
# Link Linux headers
ln -s /usr/include/linux ${INSTALL_DIR}/include/linux
ln -s /usr/include/asm ${INSTALL_DIR}/include/asm
ln -s /usr/include/asm-generic ${INSTALL_DIR}/include/asm-generic
# Build libunwind
mkdir libunwind-build
cd libunwind-build
cmake -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_COMPILER=musl-clang \
-DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_CXX_COMPILER=musl-clang \
-DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
-DLIBUNWIND_ENABLE_SHARED=OFF \
-DLLVM_ENABLE_LIBCXX=ON \
../libunwind
make install -j
cd ..
# Build libcxx (the intermediate version)
mkdir libcxx-prebuild
cd libcxx-prebuild
cmake -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_COMPILER=musl-clang \
-DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_CXX_COMPILER=musl-clang \
-DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
-DLIBCXX_ENABLE_SHARED=OFF \
-DLIBCXX_HAS_MUSL_LIBC=ON \
../libcxx
make install -j
cd ..
# Build libcxxabi with libcxx
mkdir libcxxabi-build
cd libcxxabi-build
cmake -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_COMPILER=musl-clang \
-DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_CXX_COMPILER=musl-clang \
-DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
-DLIBCXXABI_ENABLE_PIC=ON \
-DLIBCXXABI_ENABLE_SHARED=OFF \
-DLIBCXXABI_ENABLE_STATIC_UNWINDER=OFF \
-DLIBCXXABI_LIBCXX_PATH=${INSTALL_DIR} \
-DLIBCXXABI_USE_LLVM_UNWINDER=ON \
-DLLVM_ENABLE_LIBCXX=ON \
../libcxxabi
make install -j
cd ..
# Build libcxx (the final version) again, but this time with the libcxxabi above
mkdir libcxx-build
cd libcxx-build
cmake -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_COMPILER=musl-clang \
-DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_CXX_COMPILER=musl-clang \
-DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
-DLIBCXX_ENABLE_SHARED=OFF \
-DLIBCXX_HAS_MUSL_LIBC=ON \
-DLIBCXX_CXX_ABI=libcxxabi \
-DLIBCXX_CXX_ABI_INCLUDE_PATHS=../libcxxabi/include \
-DLIBCXX_CXX_ABI_LIBRARY_PATH=${INSTALL_DIR}/lib \
-DLIBCXXABI_USE_LLVM_UNWINDER=ON \
../libcxx
make install -j
cd ..
# Remove all source code and build files
rm -rf ${BUILD_DIR}