general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[dockerfile] Add occlum runtime image dockerfile based on ubuntu22.04

Browse Source
This commit is contained in:
Qi Zheng 2024-03-20 11:49:58 +08:00 committed by volcano
parent 0910ac18e2
commit 295361df0b
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
tools/docker/Dockerfile.ubuntu22.04-rt Normal file
View File

@ -0,0 +1,57 @@
ARG OCCLUM_DEV_IMG=occlum/occlum:0.30.1-test-ubuntu22.04
FROM $OCCLUM_DEV_IMG as base
# Download the Occlum source
ARG OCCLUM_BRANCH=0.30.1-dev
WORKDIR /root
RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum
# Build Occlum debian packages
WORKDIR /root/occlum/tools/installer/deb
RUN make && make musl-gcc && GLIBC_VERSION=2.35 make glibc
FROM ubuntu:22.04
LABEL maintainer="Qi Zheng <huaiqing.zq@antgroup.com>"
# Install SGX DCAP and PSW
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
ARG PSW_VERSION=2.20.100.4
ARG DCAP_VERSION=1.17.100.4
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gnupg wget ca-certificates jq && \
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
apt update && apt install -y --no-install-recommends \
libsgx-launch=$PSW_VERSION-jammy1 \
libsgx-epid=$PSW_VERSION-jammy1 \
libsgx-quote-ex=$PSW_VERSION-jammy1 \
libsgx-urts=$PSW_VERSION-jammy1 \
libsgx-enclave-common=$PSW_VERSION-jammy1 \
libsgx-uae-service=$PSW_VERSION-jammy1 \
libsgx-ae-pce=$PSW_VERSION-jammy1 \
libsgx-ae-qe3=$DCAP_VERSION-jammy1 \
libsgx-ae-id-enclave=$DCAP_VERSION-jammy1 \
libsgx-ae-qve=$DCAP_VERSION-jammy1 \
libsgx-dcap-ql=$DCAP_VERSION-jammy1 \
libsgx-pce-logic=$DCAP_VERSION-jammy1 \
libsgx-qe3-logic=$DCAP_VERSION-jammy1 \
libsgx-dcap-default-qpl=$DCAP_VERSION-jammy1 \
libsgx-dcap-quote-verify=$DCAP_VERSION-jammy1 \
&& \
apt clean && \
rm -rf /var/lib/apt/lists/*
# Only runtime deb package is required for occlum run
COPY --from=base /tmp/deb_build/occlum-runtime_*.deb /tmp
RUN cd /tmp && dpkg -i *.deb && rm -rf *.deb
COPY docker-entrypoint.sh /usr/local/bin/
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# This PCCS value could be updated by env passed from user by below entrypoint
ENV PCCS_URL="https://localhost:8081/sgx/certification/v3/"
ENV USE_SECURE_CERT=true
ENTRYPOINT ["docker-entrypoint.sh"]
WORKDIR /root
CMD ["bash"]