general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use toolchains from the git clone source instead of from the local path

Browse Source 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
This commit is contained in:
Zheng, Qi 2021-09-22 14:25:52 +08:00 committed by Zongmin.Gu
parent a8cd5eadba
commit 2795b8672f
7 changed files with 108 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/build_and_push_aliyunlinux_image.yml vendored
View File

@ -18,13 +18,6 @@ jobs:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v2
# Because "Build and push" step `context` field can't be subdir,
# we need to copy files needed by dockerfile to root dir of the project
- name: Copy context for docker build
run: |
cp -r tools/toolchains .
cp -r tools/docker .
- name: Get Occlum release version - name: Get Occlum release version
run: echo "RELEASE_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; run: echo "RELEASE_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;

7
.github/workflows/build_and_push_docker_image.yml vendored
View File

@ -23,13 +23,6 @@ jobs:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v2
# Because "Build and push" step `context` field can't be subdir,
# we need to copy files needed by dockerfile to root dir of the project
- name: Copy context for docker build
run: |
cp -r tools/toolchains .
cp -r tools/docker .
- name: Get Occlum release version - name: Get Occlum release version
run: echo "RELEASE_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; run: echo "RELEASE_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;

48
tools/docker/Dockerfile.aliyunlinux3
View File

@ -120,32 +120,27 @@ RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
cp ./cpuid-20200211/cpuid /usr/bin/ && \ cp ./cpuid-20200211/cpuid /usr/bin/ && \
rm -rf /tmp/cpuid-20200211* rm -rf /tmp/cpuid-20200211*
# Download the Occlum source
ARG OCCLUM_BRANCH
WORKDIR /root
RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
# Install Occlum toolchain # Install Occlum toolchain
COPY toolchains/musl-gcc /tmp/musl-gcc
WORKDIR /tmp WORKDIR /tmp
RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH" ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# Install glibc # Install glibc
COPY toolchains/glibc /tmp/glibc
WORKDIR /tmp WORKDIR /tmp
RUN cd glibc && ./build.sh && rm -rf /tmp/glibc RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
# Install Occlum Golang toolchain # Install Occlum Golang toolchain
COPY toolchains/golang /tmp/golang
WORKDIR /tmp WORKDIR /tmp
RUN yum install -y go && cd golang && ./build.sh && rm -rf /tmp/golang RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/usr/local/occlum/golang/bin:$PATH" ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
COPY toolchains/java /tmp/java
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
# Install Rust # Install Rust
ENV PATH="/root/.cargo/bin:$PATH" ENV PATH="/root/.cargo/bin:$PATH"
@ -156,18 +151,24 @@ RUN curl https://sh.rustup.rs -sSf | \
cargo -V cargo -V
# Install Occlum Rust toolchain # Install Occlum Rust toolchain
COPY toolchains/rust /tmp/rust
WORKDIR /tmp WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH" ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ARG OCCLUM_BRANCH # Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/intel/sgxpsw/aesm:/usr/lib64/:/usr/local/lib:/opt/intel/sgxsdk/sdk_libs:/usr/lib:$LD_LIBRARY_PATH" ENV LD_LIBRARY_PATH="/opt/intel/sgxpsw/aesm:/usr/lib64/:/usr/local/lib:/opt/intel/sgxsdk/sdk_libs:/usr/lib:$LD_LIBRARY_PATH"
# Install the latest version of Occlum # Build and install Occlum
WORKDIR /root/occlum WORKDIR /root
RUN rm -rf occlum && \ RUN cd occlum && \
git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
cd occlum && \
source /opt/intel/sgxsdk/environment && \ source /opt/intel/sgxsdk/environment && \
make submodule && \ make submodule && \
OCCLUM_RELEASE_BUILD=1 make install && \ OCCLUM_RELEASE_BUILD=1 make install && \
@ -179,7 +180,6 @@ RUN rm -rf occlum && \
# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM # To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
# as a "real" service since the pid 1 is not systemd in Docker. So we start # as a "real" service since the pid 1 is not systemd in Docker. So we start
# up AESM service when an user login with an interative shell. # up AESM service when an user login with an interative shell.
COPY docker/start_aesm.sh /opt/occlum/ RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
RUN mkdir -p /var/run/aesmd && echo 'sudo /opt/occlum/start_aesm.sh' >> /root/.bashrc
WORKDIR /root WORKDIR /root

75
tools/docker/Dockerfile.centos8.2
View File

@ -68,40 +68,6 @@ RUN curl https://sh.rustup.rs -sSf | \
rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \ rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
cargo -V cargo -V
# Install Occlum toolchain
COPY toolchains/musl-gcc /tmp/musl-gcc
WORKDIR /tmp
RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# Install glibc
COPY toolchains/glibc /tmp/glibc
WORKDIR /tmp
RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
# Install Occlum Golang toolchain
COPY toolchains/golang /tmp/golang
WORKDIR /tmp
RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
# Install Occlum Rust toolchain
COPY toolchains/rust /tmp/rust
WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
COPY toolchains/java /tmp/java
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
# Install SGX PSW # Install SGX PSW
WORKDIR /tmp WORKDIR /tmp
RUN echo "ca_directory=/etc/ssl/certs" >> /etc/wgetrc && \ RUN echo "ca_directory=/etc/ssl/certs" >> /etc/wgetrc && \
@ -145,12 +111,46 @@ RUN git clone -b sgx_2.13.3_for_occlum https://github.com/occlum/linux-sgx && \
echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \ echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
rm -rf /tmp/linux-sgx rm -rf /tmp/linux-sgx
# Install the latest version of Occlum # Download the Occlum source
ARG OCCLUM_BRANCH ARG OCCLUM_BRANCH
WORKDIR /root WORKDIR /root
RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \ RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
cd occlum && \ cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
source /root/.bashrc && \ cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
# Install Occlum toolchain
WORKDIR /tmp
RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# Install glibc
WORKDIR /tmp
RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
# Install Occlum Golang toolchain
WORKDIR /tmp
RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
# Install Occlum Rust toolchain
WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
# Build and install Occlum
WORKDIR /root
RUN cd occlum && \
source /opt/intel/sgxsdk/environment && \
make submodule && \ make submodule && \
OCCLUM_RELEASE_BUILD=1 make && \ OCCLUM_RELEASE_BUILD=1 make && \
make install && \ make install && \
@ -162,7 +162,6 @@ RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM # To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
# as a "real" service since the pid 1 is not systemd in Docker. So we start # as a "real" service since the pid 1 is not systemd in Docker. So we start
# up AESM service when an user login with an interative shell. # up AESM service when an user login with an interative shell.
COPY docker/start_aesm.sh /opt/occlum/
RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
WORKDIR /root WORKDIR /root

72
tools/docker/Dockerfile.ubuntu18.04
View File

@ -83,40 +83,6 @@ RUN curl https://sh.rustup.rs -sSf | \
rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \ rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
cargo -V cargo -V
# Install Occlum toolchain
COPY toolchains/musl-gcc /tmp/musl-gcc
WORKDIR /tmp
RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# Install glibc
COPY toolchains/glibc /tmp/glibc
WORKDIR /tmp
RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
# Install Occlum Golang toolchain
COPY toolchains/golang /tmp/golang
WORKDIR /tmp
RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
# Install Occlum Rust toolchain
COPY toolchains/rust /tmp/rust
WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
COPY toolchains/java /tmp/java
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
# Install SGX PSW # Install SGX PSW
ARG PSW_VERSION=2.13.103.1 ARG PSW_VERSION=2.13.103.1
ARG DCAP_VERSION=1.10.103.1 ARG DCAP_VERSION=1.10.103.1
@ -162,11 +128,44 @@ RUN git clone -b sgx_2.13.3_for_occlum https://github.com/occlum/linux-sgx && \
echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \ echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
rm -rf /tmp/linux-sgx rm -rf /tmp/linux-sgx
# Install the latest version of Occlum # Download the Occlum source
ARG OCCLUM_BRANCH ARG OCCLUM_BRANCH
WORKDIR /root WORKDIR /root
RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \ RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
cd occlum && \ cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
# Install Occlum toolchain
WORKDIR /tmp
RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# Install glibc
WORKDIR /tmp
RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
# Install Occlum Golang toolchain
WORKDIR /tmp
RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
# Install Occlum Rust toolchain
WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
WORKDIR /root
RUN cd occlum && \
source /opt/intel/sgxsdk/environment && \ source /opt/intel/sgxsdk/environment && \
make submodule && \ make submodule && \
OCCLUM_RELEASE_BUILD=1 make && \ OCCLUM_RELEASE_BUILD=1 make && \
@ -179,7 +178,6 @@ RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM # To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
# as a "real" service since the pid 1 is not systemd in Docker. So we start # as a "real" service since the pid 1 is not systemd in Docker. So we start
# up AESM service when an user login with an interative shell. # up AESM service when an user login with an interative shell.
COPY docker/start_aesm.sh /opt/occlum/
RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
WORKDIR /root WORKDIR /root

10
tools/docker/README.md
View File

@ -4,19 +4,21 @@ This folder contains scripts and Dockerfiles for users to build the Docker image
for Occlum. An Occlum Docker image sets up the development environment for for Occlum. An Occlum Docker image sets up the development environment for
Occlum and also gets Occlum preinstalled. Occlum and also gets Occlum preinstalled.
Currently, three Linux OS distributions are supported: Ubuntu 18.04, CentOS 7.5 and CentOS 8.1. Currently, three Linux OS distributions are supported: Ubuntu 18.04, CentOS 8.2 and aliyunlinux3.
## How to Build ## How to Build
To build an Occlum Docker image, run the following command To build an Occlum Docker image, run the following command
``` ```
./build_image.sh <OCCLUM_LABEL> <OS_NAME> ./build_image.sh <OCCLUM_LABEL> <OS_NAME> <OCCLUM_BRANCH>
``` ```
where `<OCCLUM_LABEL>` is an arbitrary string chosen by the user to where `<OCCLUM_LABEL>` is an arbitrary string chosen by the user to
describe the version of Occlum preinstalled in the Docker image describe the version of Occlum preinstalled in the Docker image
(e.g., "latest", "0.15.0", and "prerelease") and `<OS_NAME>` is the (e.g., "latest", "0.24.0", and "prerelease") and `<OS_NAME>` is the
name of the OS distribution that the Docker image is based on. name of the OS distribution that the Docker image is based on.
Currently, `<OS_NAME>` must be one of the following values: Currently, `<OS_NAME>` must be one of the following values:
`ubuntu18.04` and `centos8.2`. `ubuntu18.04`, `centos8.2` and `aliyunlinux3`.
`<OCCLUM_BRANCH>` indicates which the docker image is built on, e.g "0.24.0".
It is optional, if not provided, "master" branch will be used.
The resulting Docker image will have `occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>` as its label. The resulting Docker image will have `occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>` as its label.

8
tools/docker/build_image.sh
View File

@ -12,7 +12,7 @@ build_image
Build an Occlum Docker image for a specific OS Build an Occlum Docker image for a specific OS
USAGE: USAGE:
build_image.sh <OCCLUM_LABEL> <OS_NAME> build_image.sh <OCCLUM_LABEL> <OS_NAME> <OCCLUM_BRANCH>
<OCCLUM_LABEL>: <OCCLUM_LABEL>:
An arbitrary string chosen by the user to describe the version of Occlum preinstalled in the Docker image, e.g., "latest", "0.12.0", "prerelease", and etc. An arbitrary string chosen by the user to describe the version of Occlum preinstalled in the Docker image, e.g., "latest", "0.12.0", "prerelease", and etc.
@ -23,6 +23,10 @@ USAGE:
centos8.2 Use CentOS 8.2 as the base image centos8.2 Use CentOS 8.2 as the base image
aliyunlinux3 Use AliyunLinux 3 as the base image aliyunlinux3 Use AliyunLinux 3 as the base image
<OCCLUM_BRANCH>:
The Occlum branch which the docker image is built on, e.g "0.24.0".
It is optional, if not provided, "master" branch will be used.
The resulting Docker image will have "occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>" as its label. The resulting Docker image will have "occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>" as its label.
EOF EOF
exit 1 exit 1
@ -34,9 +38,9 @@ if [[ ( "$#" < 2 ) ]] ; then
report_error report_error
fi fi
occlum_branch=master
occlum_label=$1 occlum_label=$1
os_name=$2 os_name=$2
occlum_branch=${3:-master}
function check_item_in_list() { function check_item_in_list() {
item=$1 item=$1