Add Dockerfile based on CentOS 8.1

2020-08-14 22:49:11 +08:00 · 2020-08-14 22:49:11 +08:00 · 33e840143a
commit 33e840143a
parent 000cd88756
3 changed files with 122 additions and 4 deletions
--- a/tools/docker/Dockerfile.centos8.1
+++ b/tools/docker/Dockerfile.centos8.1
@ -0,0 +1,117 @@
+FROM alpine:3.11 AS alpine
+LABEL maintainer="Qing Li <geding.lq@antgroup.com>"
+RUN apk update && \
+    apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
+
+FROM centos:8.1.1911
+
+LABEL maintainer="He Sun <bochang.sh@antgroup.com>"
+
+RUN yum install epel-release -y && \
+    dnf clean all && rm -r /var/cache/dnf && \
+    dnf group install 'Development Tools' -y && \
+    dnf --enablerepo=PowerTools install -y \
+    astyle \
+    boost-devel \
+    cmake \
+    createrepo \
+    curl-devel \
+    expect \
+    fuse-devel \
+    fuse-libs \
+    gmp-devel \
+    golang \
+    jq \
+    libcurl-devel \
+    libmpc-devel \
+    libxml2-devel \
+    mod_ssl \
+    mpfr-devel \
+    ocaml \
+    ocaml-ocamlbuild \
+    openssl \
+    openssl-devel \
+    perl \
+    protobuf-devel \
+    python2 \
+    python3 \
+    sudo \
+    wget \
+    uuid-devel \
+    vim \
+    yum-utils &&\
+    alternatives --set python /usr/bin/python2
+
+# Install cpuid tool for tests
+WORKDIR /tmp
+RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
+    tar -xf ./cpuid-20200211.x86_64.tar.gz && \
+    cp ./cpuid-20200211/cpuid /usr/bin/ && \
+    rm -rf /tmp/cpuid-20200211*
+
+# Install SGX SDK
+WORKDIR /tmp
+RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \
+    cd linux-sgx && \
+    ./download_prebuilt.sh && \
+    ./compile_and_install.sh no_mitigation && \
+    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
+    rm -rf /tmp/linux-sgx
+
+# Install Rust
+ENV PATH="/root/.cargo/bin:$PATH"
+ENV OCCLUM_RUST_VERSION=nightly-2020-04-07
+RUN curl https://sh.rustup.rs -sSf | \
+        sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
+    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
+    cargo -V
+
+# Install Occlum toolchain
+COPY toolchains/gcc /tmp/gcc
+WORKDIR /tmp
+RUN cd gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/gcc
+ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
+
+# Install Occlum Golang toolchain
+COPY toolchains/golang /tmp/golang
+WORKDIR /tmp
+RUN cd golang && ./build.sh && rm -rf /tmp/golang
+ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
+
+# Install Occlum Rust toolchain
+COPY toolchains/rust /tmp/rust
+WORKDIR /tmp
+RUN cd rust && ./build.sh && rm -rf /tmp/rust
+ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/intel/sgxsdk/sdk_libs"
+
+# Install Occlum Java toolchain (JDK 11)
+ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
+COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
+RUN rm $JDK11_PATH/lib/security/cacerts
+COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
+COPY toolchains/java /tmp/java
+WORKDIR /tmp
+RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
+ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
+
+# Install the latest version of Occlum
+WORKDIR /root
+RUN git clone https://github.com/occlum/occlum && \
+    cd occlum && \
+    source /root/.bashrc && \
+    make submodule && \
+    OCCLUM_RELEASE_BUILD=1 make && \
+    make install && \
+    cp -r demos /root/demos && \
+    rm -rf /root/occlum
+
+# Start AESM service automatically
+#
+# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
+# as a "real" service since the pid 1 is not systemd in Docker. So we start
+# up AESM service when an user login with an interative shell.
+COPY docker/start_aesm.sh /opt/occlum/
+RUN echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
+
+WORKDIR /root
--- a/tools/docker/README.md
+++ b/tools/docker/README.md
@ -4,7 +4,7 @@ This folder contains scripts and Dockerfiles for users to build the Docker image
 for Occlum. An Occlum Docker image sets up the development environment for
 Occlum and also gets Occlum preinstalled.

-Currently, Two Linux OS distributions are supported: Ubuntu 18.04 and CentOS 7.5.
+Currently, three Linux OS distributions are supported: Ubuntu 18.04, CentOS 7.5 and CentOS 8.1.

 ## How to Build

@ -14,9 +14,9 @@ To build an Occlum Docker image, run the following command
 ```
 where `<OCCLUM_LABEL>` is an arbitrary string chosen by the user to
 describe the version of Occlum preinstalled in the Docker image
-(e.g., "latest", "0.12.0", and "prerelease") and `<OS_NAME>` is the
+(e.g., "latest", "0.15.0", and "prerelease") and `<OS_NAME>` is the
 name of the OS distribution that the Docker image is based on.
 Currently, `<OS_NAME>` must be one of the following values:
-`ubuntu18.04` and `centos7.5`.
+`ubuntu18.04`, `centos7.5` and `centos8.1`.

 The resulting Docker image will have `occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>` as its label.
--- a/tools/docker/build_image.sh
+++ b/tools/docker/build_image.sh
@ -21,6 +21,7 @@ USAGE:
    The name of the OS distribution that the Docker image is based on. Currently, <OS_NAME> must be one of the following values:
        ubuntu18.04         Use Ubuntu 18.04 as the base image
        centos7.5           Use CentOS 7.5 as the base image
+        centos8.1           Use CentOS 8.1 as the base image

 The resulting Docker image will have "occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>" as its label.
 EOF
@ -42,7 +43,7 @@ function check_item_in_list() {
    [[ $list =~ (^|[[:space:]])$item($|[[:space:]]) ]]
 }

-check_item_in_list "$os_name" "ubuntu18.04 centos7.5" || report_error
+check_item_in_list "$os_name" "ubuntu18.04 centos7.5 centos8.1" || report_error

 cd "$script_dir/.."
 docker build -f "$script_dir/Dockerfile.$os_name" -t "occlum/occlum:$occlum_label-$os_name" .