Add Occlum version for dynamic libraries

Makefile

@@ -63,20 +63,29 @@ test:
 OCCLUM_PREFIX ?= /opt/occlum
 install:
 	@# Install both libraries for HW mode and SIM mode
-	@$(MAKE) --no-print-directory -C src
+	@$(MAKE) SGX_MODE=HW --no-print-directory -C src
 	@$(MAKE) SGX_MODE=SIM --no-print-directory -C src
-	install -d $(OCCLUM_PREFIX)/build/bin/
-	install -t $(OCCLUM_PREFIX)/build/bin/ -D build/bin/*
-	install -d $(OCCLUM_PREFIX)/build/lib/
-	install -t $(OCCLUM_PREFIX)/build/lib/ -D build/lib/*
-	install -d $(OCCLUM_PREFIX)/build_sim/bin/
-	install -t $(OCCLUM_PREFIX)/build_sim/bin/ -D build_sim/bin/*
-	install -d $(OCCLUM_PREFIX)/build_sim/lib/
-	install -t $(OCCLUM_PREFIX)/build_sim/lib/ -D build_sim/lib/*
-	install -d $(OCCLUM_PREFIX)/include/
-	install -t $(OCCLUM_PREFIX)/include/ -m 444 src/pal/include/*.h
-	install -d $(OCCLUM_PREFIX)/etc/template/
-	install -t $(OCCLUM_PREFIX)/etc/template/ -m 444 etc/template/*
+
+	@echo "Install libraries for SGX hardware mode ..."
+	@mkdir -p $(OCCLUM_PREFIX)/build/bin/
+	@cp build/bin/* $(OCCLUM_PREFIX)/build/bin
+	@mkdir -p $(OCCLUM_PREFIX)/build/lib/
+	@cp --no-dereference build/lib/* $(OCCLUM_PREFIX)/build/lib/
+
+	@echo "Install libraries for SGX simulation mode ..."
+	@mkdir -p $(OCCLUM_PREFIX)/build_sim/bin/
+	@cp build_sim/bin/* $(OCCLUM_PREFIX)/build_sim/bin
+	@mkdir -p $(OCCLUM_PREFIX)/build_sim/lib/
+	@cp --no-dereference build_sim/lib/* $(OCCLUM_PREFIX)/build_sim/lib/
+
+	@echo "Install headers and miscs ..."
+	@mkdir -p $(OCCLUM_PREFIX)/include/
+	@cp -r src/pal/include/*.h $(OCCLUM_PREFIX)/include
+	@chmod 444 $(OCCLUM_PREFIX)/include/*.h
+	@mkdir -p $(OCCLUM_PREFIX)/etc/template/
+	@cp etc/template/* $(OCCLUM_PREFIX)/etc/template
+	@chmod 444 $(OCCLUM_PREFIX)/etc/template/*
+	@echo "Installation is done."
 
 format:
 	@$(MAKE) --no-print-directory -C test format

src/libos/Makefile

@@ -44,6 +44,8 @@ include ../sgxenv.mk
 LIBOS_LOG ?= error
 
 LIBOS_SO := $(BUILD_DIR)/lib/libocclum-libos.so
+LIBOS_SONAME := $(LIBOS_SO).$(MAJOR_VER_NUM)
+LIBOS_SO_REAL := $(LIBOS_SO).$(VERSION_NUM)
 LIBOS_CORE_A := $(BUILD_DIR)/lib/libocclum-libos-core.a
 LIBOS_CORE_RS_A := $(BUILD_DIR)/lib/libocclum_libos_core_rs.a
 
@@ -60,7 +62,7 @@ CXX_OBJS := $(addprefix $(BUILD_DIR)/src/libos/,$(CXX_SRCS:.cpp=.o))
 S_SRCS := $(sort $(wildcard src/*.S src/*/*.S src/*/*/*.S))
 S_OBJS := $(addprefix $(BUILD_DIR)/src/libos/,$(S_SRCS:.S=.o))
 
-ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(LIBOS_SO) $(EDL_C_OBJS) $(C_OBJS) $(CXX_OBJS) $(S_OBJS)) $(RUST_TARGET_DIR) $(RUST_OUT_DIR)))
+ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(LIBOS_SO_REAL) $(EDL_C_OBJS) $(C_OBJS) $(CXX_OBJS) $(S_OBJS)) $(RUST_TARGET_DIR) $(RUST_OUT_DIR)))
 
 C_COMMON_FLAGS := -fno-stack-protector -I./include/
 # SGX GDB support
@@ -74,15 +76,16 @@ LINK_FLAGS := $(SGX_LFLAGS_T)
 
 .PHONY: all clean
 
-all: $(ALL_BUILD_SUBDIRS) $(LIBOS_SO)
+all: $(ALL_BUILD_SUBDIRS) $(LIBOS_SO_REAL)
 
 $(ALL_BUILD_SUBDIRS):
 	@mkdir -p $@
 
 LIBOS_SO_DEPS := $(LIBOS_CORE_A) $(LIBCOMPILER_RT_PATCH_A)
 
-$(LIBOS_SO): $(LIBOS_CORE_A) $(LIBCOMPILER_RT_PATCH_A)
-	@$(CC) $(LIBOS_SO_DEPS) -o $@ $(LINK_FLAGS)
+$(LIBOS_SO_REAL): $(LIBOS_CORE_A) $(LIBCOMPILER_RT_PATCH_A)
+	@$(CC) $(LIBOS_SO_DEPS) -o $@ $(LINK_FLAGS) -Wl,-soname=$(LIBOS_SONAME)
+	@cd $(BUILD_DIR)/lib && ln -sf $(notdir $(LIBOS_SO_REAL)) $(notdir $(LIBOS_SONAME))
 	@echo "LINK => $@"
 
 $(LIBOS_CORE_A): $(LIBOS_CORE_RS_A) $(C_OBJS) $(CXX_OBJS) $(S_OBJS) $(EDL_C_OBJS)
@@ -121,6 +124,6 @@ $(BUILD_DIR)/src/libos/%.o: %.S
 	@echo "AS <= $@"
 
 clean:
-	@-$(RM) -f $(LIBOS_SO) $(LIBOS_CORE_A) $(LIBOS_CORE_RS_A) \
+	@-$(RM) -f $(LIBOS_SONAME) $(LIBOS_SO_REAL) $(LIBOS_CORE_A) $(LIBOS_CORE_RS_A) \
 		$(EDL_C_OBJS) $(EDL_C_SRCS) $(C_OBJS) $(CXX_OBJS) $(S_OBJS)
 	@-$(RM) -rf $(RUST_TARGET_DIR)

src/pal/Makefile

@@ -1,6 +1,8 @@
 include ../sgxenv.mk
 
 LIBOCCLUM_PAL_SO := $(BUILD_DIR)/lib/libocclum-pal.so
+LIBOCCLUM_PAL_SONAME := $(LIBOCCLUM_PAL_SO).$(MAJOR_VER_NUM)
+LIBOCCLUM_PAL_SO_REAL := $(LIBOCCLUM_PAL_SO).$(VERSION_NUM)
 
 # A dependency on Rust SGX SDK
 LIBSGX_USTDC_A := $(BUILD_DIR)/lib/libsgx_ustdc.a
@@ -23,13 +25,15 @@ ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(LIBOCCLUM_PAL_SO) $(EDL_C_OB
 
 .PHONY: all format format-check clean
 
-all: $(ALL_BUILD_SUBDIRS) $(LIBOCCLUM_PAL_SO)
+all: $(ALL_BUILD_SUBDIRS) $(LIBOCCLUM_PAL_SO_REAL)
 
 $(ALL_BUILD_SUBDIRS):
 	@mkdir -p $@
 
-$(LIBOCCLUM_PAL_SO): $(LIBSGX_USTDC_A) $(EDL_C_OBJS) $(C_OBJS) $(CXX_OBJS)
-	@$(CXX) $^ -o $@ $(LINK_FLAGS)
+$(LIBOCCLUM_PAL_SO_REAL): $(LIBSGX_USTDC_A) $(EDL_C_OBJS) $(C_OBJS) $(CXX_OBJS)
+	@$(CXX) $^ -o $@ $(LINK_FLAGS) -Wl,-soname=$(LIBOCCLUM_PAL_SONAME)
+	@cd $(BUILD_DIR)/lib && ln -sf $(notdir $(LIBOCCLUM_PAL_SO_REAL)) $(notdir $(LIBOCCLUM_PAL_SONAME)) && \
+		ln -sf $(notdir $(LIBOCCLUM_PAL_SONAME)) $(notdir $(LIBOCCLUM_PAL_SO))
 	@echo "LINK => $@"
 
 $(BUILD_DIR)/src/pal/src/Enclave_u.o: $(BUILD_DIR)/src/pal/src/Enclave_u.c
@@ -63,4 +67,4 @@ format-check: $(C_SRCS) $(CXX_SRCS) $(HEADER_FILES)
 	@$(C_FORMATTER) --check $^
 
 clean:
-	@-$(RM) -f $(LIBOCCLUM_PAL_SO) $(LIBSGX_USTDC_A) $(C_OBJS) $(CXX_OBJS) $(EDL_C_OBJS) $(EDL_C_SRCS)
+	@-$(RM) -f $(LIBOCCLUM_PAL_SO) $(LIBOCCLUM_PAL_SO_REAL) $(LIBOCCLUM_PAL_SONAME) $(LIBSGX_USTDC_A) $(C_OBJS) $(CXX_OBJS) $(EDL_C_OBJS) $(EDL_C_SRCS)

src/pal/include/occlum_version.h

@@ -0,0 +1,14 @@
+#ifndef _OCCLUM_VERSION_H_
+#define _OCCLUM_VERSION_H_
+
+#define OCCLUM_MAJOR_VERSION    0
+#define OCCLUM_MINOR_VERSION    13
+#define OCCLUM_PATCH_VERSION    0
+
+#define STRINGIZE_PRE(X) #X
+#define STRINGIZE(X) STRINGIZE_PRE(X)
+
+#define OCCLUM_VERSION_NUM_STR STRINGIZE(OCCLUM_MAJOR_VERSION) "." \
+                    STRINGIZE(OCCLUM_MAJOR_VERSION) "." STRINGIZE(OCCLUM_PATCH_VERSION)
+
+#endif

src/sgxenv.mk

@@ -7,6 +7,11 @@ SGX_SDK ?= /opt/intel/sgxsdk
 SGX_MODE ?= HW
 SGX_ARCH ?= x64
 
+MAJOR_VER_NUM = $(shell grep '\#define OCCLUM_MAJOR_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h |  awk '{print $$3}')
+MINOR_VER_NUM = $(shell grep '\#define OCCLUM_MINOR_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h |  awk '{print $$3}')
+PATCH_VER_NUM = $(shell grep '\#define OCCLUM_PATCH_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h |  awk '{print $$3}')
+VERSION_NUM = $(MAJOR_VER_NUM).$(MINOR_VER_NUM).$(PATCH_VER_NUM)
+
 C_FORMATTER := $(PROJECT_DIR)/tools/c_formatter
 
 ifneq ($(SGX_MODE), HW)

tools/occlum

@@ -2,6 +2,7 @@
 
 this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}"  )" >/dev/null 2>&1 && pwd )"
 occlum_dir="$( cd "$( dirname "$this_dir/../../../"  )" >/dev/null 2>&1 && pwd )"
+occlum_major_ver=0
 
 if [ -z $OCCLUM_INSTANCE_DIR ];then
     OCCLUM_INSTANCE_DIR=".occlum"
@@ -169,7 +170,7 @@ cmd_build() {
     mkdir -p build/bin
     cp "$occlum_dir/$build_dir/bin/occlum-run" build/bin/
     mkdir -p build/lib
-    cp "$occlum_dir/$build_dir/lib/libocclum-pal.so" build/lib/
+    cp "$occlum_dir/$build_dir/lib/libocclum-pal.so.$occlum_major_ver" build/lib/
 
     chmod 531 -R $working_dir/image/bin
     chmod 531 -R $working_dir/image/lib
@@ -199,9 +200,9 @@ cmd_build() {
     echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE"
 
     cd $context_dir/build/lib && \
-    cp "$occlum_dir/$build_dir/lib/libocclum-libos.so" .
+    cp "$occlum_dir/$build_dir/lib/libocclum-libos.so.$occlum_major_ver" .
     echo -e "$OCCLUM_BUILTIN_CONF_FILE_MAC\c" > temp_mac_file && \
-    objcopy --update-section .builtin_config=temp_mac_file libocclum-libos.so && \
+    objcopy --update-section .builtin_config=temp_mac_file libocclum-libos.so.$occlum_major_ver && \
     rm temp_mac_file
 
     $occlum_dir/$build_dir/bin/gen_enclave_conf -i "$working_dir/Occlum.json" -o "$context_dir/build/Enclave.xml"
@@ -209,7 +210,7 @@ cmd_build() {
     $ENCLAVE_SIGN_TOOL sign \
         -key $ENCLAVE_SIGN_KEY \
         -config "$context_dir/build/Enclave.xml" \
-        -enclave "$context_dir/build/lib/libocclum-libos.so" \
+        -enclave "$context_dir/build/lib/libocclum-libos.so.$occlum_major_ver" \
         -out "$context_dir/build/lib/libocclum-libos.signed.so"
     rm -f "$context_dir/build/Enclave.xml"
     cd "$context_dir"

tools/protect-integrity/App/App.cpp

@@ -16,9 +16,11 @@
 #include <sgx_error.h>
 #include <sgx_urts.h>
 
+#include "../../../src/pal/include/occlum_version.h"
+
 #define MAX_PATH            FILENAME_MAX
 #define TOKEN_FILENAME      "enclave.token"
-#define ENCLAVE_FILENAME    "occlum-protect-integrity.signed.so"
+#define ENCLAVE_FILENAME    "occlum-protect-integrity.signed.so." STRINGIZE(OCCLUM_MAJOR_VERSION)
 
 // ==========================================================================
 //  Enclave Initialization

tools/protect-integrity/Makefile

@@ -3,6 +3,11 @@
 CUR_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 PROJECT_DIR := $(realpath $(CUR_DIR)/../../)
 
+MAJOR_VER_NUM = $(shell grep '\#define OCCLUM_MAJOR_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h |  awk '{print $$3}')
+MINOR_VER_NUM = $(shell grep '\#define OCCLUM_MINOR_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h |  awk '{print $$3}')
+PATCH_VER_NUM = $(shell grep '\#define OCCLUM_PATCH_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h |  awk '{print $$3}')
+VERSION_NUM = $(MAJOR_VER_NUM).$(MINOR_VER_NUM).$(PATCH_VER_NUM)
+
 SGX_SDK ?= /opt/intel/sgxsdk
 SGX_MODE ?= HW
 SGX_ARCH ?= x64
@@ -130,7 +135,9 @@ ENCLAVE_CPP_OBJS := $(addprefix $(OBJS_DIR)/,$(ENCLAVE_CPP_FILES:.cpp=.o))
 ENCLAVE_OBJS := $(ENCLAVE_C_OBJS) $(ENCLAVE_CPP_OBJS)
 
 ENCLAVE_NAME := $(BUILD_DIR)/lib/occlum-protect-integrity.so
-SIGNED_ENCLAVE_NAME := $(BUILD_DIR)/lib/occlum-protect-integrity.signed.so
+ENCLAVE_REAL_NAME := $(ENCLAVE_NAME).$(VERSION_NUM)
+SIGNED_ENCLAVE_NAME := $(BUILD_DIR)/lib/occlum-protect-integrity.signed.so.$(VERSION_NUM)
+SIGNED_ENCLAVE_SONAME := $(BUILD_DIR)/lib/occlum-protect-integrity.signed.so.$(MAJOR_VER_NUM) # used for soft link
 ENCLAVE_CONFIG_FILE := Enclave/Enclave.config.xml
 
 ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(APP_NAME) $(SIGNED_ENCLAVE_NAME) $(ENCLAVE_OBJS) $(APP_OBJS))))
@@ -147,16 +154,16 @@ endif
 .PHONY: all test format format-check clean
 
 ifeq ($(BUILD_MODE), HW_RELEASE)
-all: $(APP_NAME) $(ENCLAVE_NAME)
+all: $(APP_NAME) $(ENCLAVE_REAL_NAME)
 	@echo "The project has been built in release hardware mode."
-	@echo "Please sign the $(ENCLAVE_NAME) first with your signing key before you run the $(APP_NAME) to launch and access the enclave."
+	@echo "Please sign the $(ENCLAVE_REAL_NAME) first with your signing key before you run the $(APP_NAME) to launch and access the enclave."
 	@echo "To sign the enclave use the command:"
-	@echo "   $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(ENCLAVE_NAME) -out <$(SIGNED_ENCLAVE_NAME)> -config $(ENCLAVE_CONFIG_FILE)"
+	@echo "   $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(ENCLAVE_REAL_NAME) -out <$(SIGNED_ENCLAVE_NAME)> -config $(ENCLAVE_CONFIG_FILE)"
 	@echo "You can also sign the enclave using an external signing tool."
 	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
 else
 
-all: $(ALL_BUILD_SUBDIRS) $(APP_NAME) $(SIGNED_ENCLAVE_NAME)
+all: $(ALL_BUILD_SUBDIRS) $(APP_NAME) $(SIGNED_ENCLAVE_SONAME)
 
 endif
 
@@ -204,12 +211,13 @@ $(OBJS_DIR)/Enclave/%.o: Enclave/%.c
 	@$(CC) $(ENCLAVE_C_FLAGS) -c $< -o $@
 	@echo "CC  <=  $@"
 
-$(ENCLAVE_NAME): $(ENCLAVE_OBJS)
+$(ENCLAVE_REAL_NAME): $(ENCLAVE_OBJS)
 	@$(CXX) $^ -o $@ $(ENCLAVE_LINK_FLAGS)
 	@echo "LINK =>  $@"
 
-$(SIGNED_ENCLAVE_NAME): $(ENCLAVE_NAME)
-	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(ENCLAVE_NAME) -out $@ -config $(ENCLAVE_CONFIG_FILE)
+$(SIGNED_ENCLAVE_SONAME): $(ENCLAVE_REAL_NAME)
+	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(ENCLAVE_REAL_NAME) -out $(SIGNED_ENCLAVE_NAME) -config $(ENCLAVE_CONFIG_FILE)
+	@cd $(BUILD_DIR)/lib && ln -sf $(notdir $(SIGNED_ENCLAVE_NAME)) $(notdir $(SIGNED_ENCLAVE_SONAME))
 	@echo "SIGN =>  $@"
 
 test: all random.txt
@@ -231,4 +239,4 @@ format-check: $(APP_HEADER_FILES) $(APP_CPP_FILES) $(ENCLAVE_HEADER_FILES) $(ENC
 
 
 clean:
-	@rm -f $(APP_NAME) $(ENCLAVE_NAME) $(SIGNED_ENCLAVE_NAME) $(APP_OBJS) $(OBJS_DIR)/App/Enclave_u.* $(ENCLAVE_OBJS) $(OBJS_DIR)/Enclave/Enclave_t.* *.test.txt random.txt*
+	@rm -f $(APP_NAME) $(ENCLAVE_REAL_NAME) $(SIGNED_ENCLAVE_NAME) $(SIGNED_ENCLAVE_SONAME) $(APP_OBJS) $(OBJS_DIR)/App/Enclave_u.* $(ENCLAVE_OBJS) $(OBJS_DIR)/Enclave/Enclave_t.* *.test.txt random.txt*