From 33e840143a6e1fc4b2fb45dd64c766f1c27c0b40 Mon Sep 17 00:00:00 2001 From: He Sun Date: Fri, 14 Aug 2020 22:49:11 +0800 Subject: [PATCH] Add Dockerfile based on CentOS 8.1 --- tools/docker/Dockerfile.centos8.1 | 117 ++++++++++++++++++++++++++++++ tools/docker/README.md | 6 +- tools/docker/build_image.sh | 3 +- 3 files changed, 122 insertions(+), 4 deletions(-) create mode 100644 tools/docker/Dockerfile.centos8.1 diff --git a/tools/docker/Dockerfile.centos8.1 b/tools/docker/Dockerfile.centos8.1 new file mode 100644 index 00000000..e5c2980f --- /dev/null +++ b/tools/docker/Dockerfile.centos8.1 @@ -0,0 +1,117 @@ +FROM alpine:3.11 AS alpine +LABEL maintainer="Qing Li " +RUN apk update && \ + apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community + +FROM centos:8.1.1911 + +LABEL maintainer="He Sun " + +RUN yum install epel-release -y && \ + dnf clean all && rm -r /var/cache/dnf && \ + dnf group install 'Development Tools' -y && \ + dnf --enablerepo=PowerTools install -y \ + astyle \ + boost-devel \ + cmake \ + createrepo \ + curl-devel \ + expect \ + fuse-devel \ + fuse-libs \ + gmp-devel \ + golang \ + jq \ + libcurl-devel \ + libmpc-devel \ + libxml2-devel \ + mod_ssl \ + mpfr-devel \ + ocaml \ + ocaml-ocamlbuild \ + openssl \ + openssl-devel \ + perl \ + protobuf-devel \ + python2 \ + python3 \ + sudo \ + wget \ + uuid-devel \ + vim \ + yum-utils &&\ + alternatives --set python /usr/bin/python2 + +# Install cpuid tool for tests +WORKDIR /tmp +RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \ + tar -xf ./cpuid-20200211.x86_64.tar.gz && \ + cp ./cpuid-20200211/cpuid /usr/bin/ && \ + rm -rf /tmp/cpuid-20200211* + +# Install SGX SDK +WORKDIR /tmp +RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \ + cd linux-sgx && \ + ./download_prebuilt.sh && \ + ./compile_and_install.sh no_mitigation && \ + echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \ + rm -rf /tmp/linux-sgx + +# Install Rust +ENV PATH="/root/.cargo/bin:$PATH" +ENV OCCLUM_RUST_VERSION=nightly-2020-04-07 +RUN curl https://sh.rustup.rs -sSf | \ + sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \ + rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \ + cargo -V + +# Install Occlum toolchain +COPY toolchains/gcc /tmp/gcc +WORKDIR /tmp +RUN cd gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/gcc +ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH" + +# Install Occlum Golang toolchain +COPY toolchains/golang /tmp/golang +WORKDIR /tmp +RUN cd golang && ./build.sh && rm -rf /tmp/golang +ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH" + +# Install Occlum Rust toolchain +COPY toolchains/rust /tmp/rust +WORKDIR /tmp +RUN cd rust && ./build.sh && rm -rf /tmp/rust +ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH" +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/intel/sgxsdk/sdk_libs" + +# Install Occlum Java toolchain (JDK 11) +ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk +COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH +RUN rm $JDK11_PATH/lib/security/cacerts +COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts +COPY toolchains/java /tmp/java +WORKDIR /tmp +RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java +ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH" + +# Install the latest version of Occlum +WORKDIR /root +RUN git clone https://github.com/occlum/occlum && \ + cd occlum && \ + source /root/.bashrc && \ + make submodule && \ + OCCLUM_RELEASE_BUILD=1 make && \ + make install && \ + cp -r demos /root/demos && \ + rm -rf /root/occlum + +# Start AESM service automatically +# +# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM +# as a "real" service since the pid 1 is not systemd in Docker. So we start +# up AESM service when an user login with an interative shell. +COPY docker/start_aesm.sh /opt/occlum/ +RUN echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc + +WORKDIR /root diff --git a/tools/docker/README.md b/tools/docker/README.md index 5c478793..eb25639d 100644 --- a/tools/docker/README.md +++ b/tools/docker/README.md @@ -4,7 +4,7 @@ This folder contains scripts and Dockerfiles for users to build the Docker image for Occlum. An Occlum Docker image sets up the development environment for Occlum and also gets Occlum preinstalled. -Currently, Two Linux OS distributions are supported: Ubuntu 18.04 and CentOS 7.5. +Currently, three Linux OS distributions are supported: Ubuntu 18.04, CentOS 7.5 and CentOS 8.1. ## How to Build @@ -14,9 +14,9 @@ To build an Occlum Docker image, run the following command ``` where `` is an arbitrary string chosen by the user to describe the version of Occlum preinstalled in the Docker image -(e.g., "latest", "0.12.0", and "prerelease") and `` is the +(e.g., "latest", "0.15.0", and "prerelease") and `` is the name of the OS distribution that the Docker image is based on. Currently, `` must be one of the following values: -`ubuntu18.04` and `centos7.5`. +`ubuntu18.04`, `centos7.5` and `centos8.1`. The resulting Docker image will have `occlum/occlum:-` as its label. diff --git a/tools/docker/build_image.sh b/tools/docker/build_image.sh index bd184967..ff0ff5f1 100755 --- a/tools/docker/build_image.sh +++ b/tools/docker/build_image.sh @@ -21,6 +21,7 @@ USAGE: The name of the OS distribution that the Docker image is based on. Currently, must be one of the following values: ubuntu18.04 Use Ubuntu 18.04 as the base image centos7.5 Use CentOS 7.5 as the base image + centos8.1 Use CentOS 8.1 as the base image The resulting Docker image will have "occlum/occlum:-" as its label. EOF @@ -42,7 +43,7 @@ function check_item_in_list() { [[ $list =~ (^|[[:space:]])$item($|[[:space:]]) ]] } -check_item_in_list "$os_name" "ubuntu18.04 centos7.5" || report_error +check_item_in_list "$os_name" "ubuntu18.04 centos7.5 centos8.1" || report_error cd "$script_dir/.." docker build -f "$script_dir/Dockerfile.$os_name" -t "occlum/occlum:$occlum_label-$os_name" .