general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve implementation for occlum build

Browse Source 
This commit mainly accomplish two things:
1. Use makefile to manage dependencies for `occlum build`, which can save lots of time
2. Take dirs `build`, `run` outside from `.occlum`. Remove env var "OCCLUM_INSTANCE_DIR"
This commit is contained in:
Hui, Chunyang 2020-07-30 09:58:32 +00:00 committed by Tate, Hongliang Tian
parent 3f6bcec1c5
commit 85501d8993
12 changed files with 231 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -30,12 +30,12 @@ Hello World
```
Note that the Occlum toolchain is not cross-compiling in the traditional sense: the binaries built by the Occlum toolchain is also runnable on Linux. This property makes it convenient to compile, debug, and test user programs intended for Occlum.
**Step 2. Initialize a directory as the Occlum context via `occlum init`**
**Step 2. Initialize a directory as the Occlum instance via `occlum init`**
```
$ mkdir occlum_context && cd occlum_context
$ occlum init
```
The `occlum init` command creates in the current working directory a new directory named `.occlum`, which contains the compile-time and run-time state of Occlum. Each Occlum context should be used for a single instance of an application; multiple applications or different instances of a single application should use different Occlum contexts.
The `occlum init` command creates the compile-time and run-time state of Occlum in the current working directory. Each Occlum instance directory should be used for a single instance of an application; multiple applications or different instances of a single application should use different Occlum instances.
**Step 3. Generate a secure Occlum FS image and Occlum SGX enclave via `occlum build`**
```
@ -62,7 +62,7 @@ The `occlum run` command starts up an Occlum SGX enclave, which, behind the scen
### Config Occlum
Occlum can be configured easily via a config file named `Occlum.json`, which is generated by the `occlum init` command in the Occlum context directory. The user can modify `Occlum.json` to config Occlum. A sample of `Occlum.json` is shown below. Some comments are added to provide a brief explanation.
Occlum can be configured easily via a config file named `Occlum.json`, which is generated by the `occlum init` command in the Occlum instance directory. The user can modify `Occlum.json` to config Occlum. A sample of `Occlum.json` is shown below. Some comments are added to provide a brief explanation.
```js
{
// Resource limits

1
demos/embedded_mode/bench_driver/main.c
View File

@ -44,7 +44,6 @@ int main(int argc, char *argv[]) {
// Init Occlum PAL
occlum_pal_attr_t pal_attr = OCCLUM_PAL_ATTR_INITVAL;
pal_attr.instance_dir = ".occlum";
if (occlum_pal_init(&pal_attr) < 0) {
return EXIT_FAILURE;
}

2
demos/gdb_support/gdb_sample_on_occlum.sh
View File

@ -3,7 +3,7 @@ set -e
rm -rf occlum_context && mkdir -p occlum_context
cd occlum_context
# 1. Initialize a directory as the Occlum context
# 1. Initialize a directory as the Occlum instance
occlum init
# 2. Generate a secure Occlum FS image and Occlum SGX enclave

7
demos/local_attestation/AppInitiator/app.cpp
View File

@ -24,7 +24,6 @@ int main(int argc, char *argv[]) {
sgx_launch_token_t token = {0};
sgx_status_t status;
int exit_status = 0;
const char *occlum_instance_dir = ".occlum";
const char *cmd_path = "/bin/responder"; // Prepare cmd path and arguments
const char *cmd_args[] = {NULL};
@ -38,10 +37,8 @@ int main(int argc, char *argv[]) {
}
printf("succeed to load enclave %s\n", ENCLAVE_INITIATOR_NAME);
struct occlum_pal_attr attr {
.instance_dir = occlum_instance_dir,
.log_level = (const char *) getenv("OCCLUM_LOG_LEVEL"),
};
occlum_pal_attr_t pal_attr = OCCLUM_PAL_ATTR_INITVAL;
pal_attr.log_level = (const char *) getenv("OCCLUM_LOG_LEVEL");
if (occlum_pal_init(&attr) < 0) {
return EXIT_FAILURE;
}

19
src/exec/src/bin/occlum_exec_server.rs
View File

@ -118,15 +118,11 @@ extern "C" {
#[repr(C)]
/// Occlum PAL attributes. Defined by occlum pal.
pub struct occlum_pal_attr_t {
/// Occlum instance dir.
/// Occlum instance directory.
///
/// Specifies the path of an Occlum instance directory. Usually, this
/// directory is initialized by executing "occlum init" command, which
/// creates a hidden directory named ".occlum/". This ".occlum/" is an
/// Occlum instance directory. The name of the directory is not necesarrily
/// ".occlum"; it can be renamed to an arbitrary name.
///
/// Mandatory field. Must not be NULL.
/// Specifies the path of an Occlum instance directory, which is usually created with the
/// `occlum new` command. The default value is "."; that is, the current working directory
/// is the Occlum instance directory.
pub instance_dir: *const libc::c_char,
/// Log level.
///
@ -139,12 +135,7 @@ pub struct occlum_pal_attr_t {
/// Loads and initializes the Occlum enclave image
fn rust_occlum_pal_init() -> Result<(), i32> {
let mut instance_dir = OsString::from("./.occlum\0");
if let Some(val) = env::var_os("OCCLUM_INSTANCE_DIR") {
instance_dir = val;
instance_dir.push("\0");
};
let instance_dir = OsString::from(".\0");
let mut log_level = OsString::from("off\0");
if let Some(val) = env::var_os("OCCLUM_LOG_LEVEL") {
log_level = val;

14
src/pal/include/occlum_pal_api.h
View File

@ -21,15 +21,11 @@ int occlum_pal_get_version(void);
* Occlum PAL attributes
*/
typedef struct occlum_pal_attr {
// Occlum instance dir.
// Occlum instance directory.
//
// Specifies the path of an Occlum instance directory. Usually, this
// directory is initialized by executing "occlum init" command, which
// creates a hidden directory named ".occlum/". This ".occlum/" is an
// Occlum instance directory. The name of the directory is not necesarrily
// ".occlum"; it can be renamed to an arbitrary name.
//
// Mandatory field. Must not be NULL.
// Specifies the path of an Occlum instance directory, which is usually created with the
// `occlum new` command. The default value is "."; that is, the current working directory
// is the Occlum instance directory.
const char *instance_dir;
// Log level.
//
@ -41,7 +37,7 @@ typedef struct occlum_pal_attr {
} occlum_pal_attr_t;
#define OCCLUM_PAL_ATTR_INITVAL { \
.instance_dir = NULL, \
.instance_dir = ".", \
.log_level = NULL \
}

10
src/run/main.c
View File

@ -6,15 +6,6 @@
#include <sys/wait.h>
#include <occlum_pal_api.h>
static const char *get_instance_dir(void) {
const char *instance_dir_from_env = (const char *) getenv("OCCLUM_INSTANCE_DIR");
if (instance_dir_from_env != NULL) {
return instance_dir_from_env;
} else {
return "./.occlum";
}
}
int main(int argc, char *argv[]) {
// Parse arguments
if (argc < 2) {
@ -34,7 +25,6 @@ int main(int argc, char *argv[]) {
// Init Occlum PAL
struct occlum_pal_attr attr = OCCLUM_PAL_ATTR_INITVAL;
attr.instance_dir = get_instance_dir();
attr.log_level = getenv("OCCLUM_LOG_LEVEL");
if (occlum_pal_init(&attr) < 0) {
return EXIT_FAILURE;

2
test/Makefile
View File

@ -60,7 +60,7 @@ $(BUILD_TARGETS): %:
postbuild:
@cd $(BUILD_DIR)/test && \
$(BUILD_DIR)/bin/occlum build
$(BUILD_DIR)/bin/occlum build -f
#############################################################################
# Test targets

1
tools/Makefile
View File

@ -5,6 +5,7 @@ BUILD_DIR := build
all:
@mkdir -p ../$(BUILD_DIR)/bin/
@ln -s -f ../../tools/occlum_build.mk ../$(BUILD_DIR)/bin/occlum_build.mk
@ln -s -f ../../tools/occlum ../$(BUILD_DIR)/bin/occlum
@ln -s -f ../../tools/occlum-gen-default-occlum-json ../$(BUILD_DIR)/bin/occlum-gen-default-occlum-json
@$(MAKE) --no-print-directory -C protect-integrity

232
tools/occlum
View File

@ -2,6 +2,7 @@
this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
occlum_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )"
build_makefile=$occlum_dir/build/bin/occlum_build.mk
if [[ "$occlum_dir" == "/opt/occlum" ]]; then
version_header=$occlum_dir/include/occlum_version.h
@ -14,11 +15,9 @@ minor_ver=`grep '\#define OCCLUM_MINOR_VERSION' $version_header | awk '{print $
patch_ver=`grep '\#define OCCLUM_PATCH_VERSION' $version_header | awk '{print $3}'`
occlum_version="$major_ver.$minor_ver.$patch_ver"
if [ -z $OCCLUM_INSTANCE_DIR ];then
OCCLUM_INSTANCE_DIR=".occlum"
fi
working_dir=`pwd`
context_dir="$working_dir/$OCCLUM_INSTANCE_DIR"
instance_dir=`pwd`
status_file=$instance_dir/.__occlum_status
SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}"
SGX_GDB="$SGX_SDK/bin/sgx-gdb"
@ -36,10 +35,13 @@ report_arg_error() {
cat <<EOF
Usage:
occlum init
Initialize a directory as the Occlum context
Initialize a directory as the Occlum instance
occlum build [--sign-key <key_path>] [--sign-tool <tool_path>]
Generate a secure Occlum FS image and Occlum SGX enclave.
occlum build [--sign-key <key_path>] [--sign-tool <tool_path>] [-f/--force]
Build and sign an Occlum SGX enclave (.so) and generate its associated secure FS image
according to the user-provided image directory and Occlum.json config file.
The whole building process is incremental: the building artifacts are built only when needed.
To force rebuilding all artifacts, give the [-f/--force] flag.
occlum run <program_name> <program_args>
Run the user program inside an SGX enclave.
@ -51,54 +53,9 @@ Usage:
EOF
}
get_conf_root_fs_mac() {
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
"$occlum_dir/build/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"
}
get_conf_default_stack_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']"
}
get_conf_default_heap_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_heap_size']"
}
get_conf_default_mmap_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_mmap_size']"
}
get_conf_user_space_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['resource_limits']['user_space_size']"
}
get_conf_env() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['env'])"
}
get_conf_entry_points() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['entry_points'])"
}
get_occlum_conf_file_mac() {
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
"$occlum_dir/build/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected"
}
parse_occlum_user_space_size() {
local size_with_unit=`get_conf_user_space_size`
numfmt --from=iec ${size_with_unit::-1}
}
check_has_init() {
if [ ! -d "$context_dir" ]; then
echo "Error: the current working directory is not initialized as an Occlum context. Need to run \"occlum init\" first."
if [ ! -f "$status_file" ]; then
echo "Error: the current working directory is not initialized as an Occlum instance. Need to run \"occlum init\" first."
exit 1
fi
}
@ -106,7 +63,7 @@ check_has_init() {
check_has_built() {
check_has_init
if [ ! -d "$context_dir/run/mount/__ROOT" ]; then
if [ ! -d "$instance_dir/run/mount/__ROOT" ]; then
echo "Error: the Occlum image and enclave are not built yet. Need to run \"occlum build\" first."
exit 1
fi
@ -114,16 +71,14 @@ check_has_built() {
cmd_init() {
if [ -d "$context_dir" ]; then
echo "Error: the current working directory has been initialized as an Occlum context"
if [ -f "$status_file" ]; then
echo "Error: the current working directory has been initialized as an Occlum instance"
exit 1
fi
mkdir "$context_dir"
cd "$context_dir"
echo "initialized" > status
echo "initialized" > $status_file
cd "$working_dir"
cd "$instance_dir"
mkdir -p image
mkdir -p image/bin
mkdir -p image/lib
@ -139,10 +94,10 @@ cmd_init() {
"$occlum_gcc_lib/libgcc_s.so.1" \
"$occlum_gcc_lib/libgomp.so.1"
cp "$occlum_dir"/etc/template/Occlum.json "$working_dir"/
chmod 644 "$working_dir"/Occlum.json
cp "$occlum_dir"/etc/template/Occlum.json "$instance_dir"/
chmod 644 "$instance_dir"/Occlum.json
echo "Initialized an Occlum context in $working_dir"
echo "$instance_dir initialized as an Occlum instance"
}
cmd_build() {
@ -155,7 +110,8 @@ cmd_build() {
case "$1" in
--sign-key) [ -n "$2" ] && ENCLAVE_SIGN_KEY=$2 ; shift 2 || exit_error "empty signing key path" ;;
--sign-tool) [ -n "$2" ] && ENCLAVE_SIGN_TOOL=$2 ; shift 2 || exit_error "empty signing tool path" ;;
--sgx-mode) [[ -n "$2" && "$2" != "HW" ]] && export SGX_MODE=SIM; shift 2 || exit_error "empty sgx mode";;
--sgx-mode) [[ -n "$2" && "$2" != "HW" ]] && export SGX_MODE=SIM ; shift 2 || exit_error "empty sgx mode";;
--force | -f) MAKE_OPTION="--always-make" ; shift ;;
*) exit_error "Unknown option: $1" ;;
esac
done
@ -173,61 +129,27 @@ cmd_build() {
echo "SGX mode: HW"
fi
cd "$context_dir"
echo "building" > status
# If sgx mode is changed, build thoroughly again
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
if [ "$(cat $instance_dir/.sgx_mode 2>/dev/null)" != "SIM" ]; then
MAKE_OPTION="--always-make"
fi
else
#HW mode
if [ "$(cat $instance_dir/.sgx_mode 2>/dev/null)" != "HW" ]; then
MAKE_OPTION="--always-make"
fi
fi
rm -rf build
rm -rf run
rm -rf "$instance_dir/run"
mkdir -p build/bin
ln -s $occlum_dir/build/bin/occlum-run $context_dir/build/bin/occlum-run
mkdir -p build/lib
cp "$occlum_dir/build/lib/$pal_lib.$occlum_version" build/lib/
cd build/lib && ln -sf "$pal_lib.$occlum_version" "libocclum-pal.so.$major_ver" && \
ln -sf "libocclum-pal.so.$major_ver" libocclum-pal.so && cd -
occlum_dir=$occlum_dir instance_dir=$instance_dir pal_lib=$pal_lib major_ver=$major_ver \
occlum_version=$occlum_version libos_lib=$libos_lib ENCLAVE_SIGN_KEY=$ENCLAVE_SIGN_KEY \
ENCLAVE_SIGN_TOOL=$ENCLAVE_SIGN_TOOL \
make -f $build_makefile $MAKE_OPTION
mkdir -p build/mount/
cd "$occlum_dir/build/bin/" && \
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" ./sefs-cli \
--integrity-only \
"$context_dir/build/mount/__ROOT" \
"$working_dir/image" \
zip
export OCCLUM_CONF_ROOT_FS_MAC=`get_conf_root_fs_mac`
export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size`
export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size`
export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size`
export OCCLUM_CONF_DEFAULT_MMAP_SIZE=`get_conf_default_mmap_size`
export OCCLUM_CONF_ENV=`get_conf_env`
export OCCLUM_CONF_ENTRY_POINTS=`get_conf_entry_points`
cd "$context_dir/build"
"$occlum_dir/build/bin/occlum-gen-default-occlum-json"\
> "Occlum.json"
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" "$occlum_dir/build/bin/occlum-protect-integrity" protect Occlum.json
export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac`
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=`parse_occlum_user_space_size`
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE"
cd $context_dir/build/lib && \
cp "$occlum_dir/build/lib/$libos_lib.$occlum_version" . && ln -sf "$libos_lib.$occlum_version" "libocclum-libos.so.$major_ver" && \
ln -sf "libocclum-libos.so.$major_ver" libocclum-libos.so
echo -e "$OCCLUM_BUILTIN_CONF_FILE_MAC\c" > temp_mac_file && \
objcopy --update-section .builtin_config=temp_mac_file libocclum-libos.so.$major_ver && \
rm temp_mac_file
$occlum_dir/build/bin/gen_enclave_conf -i "$working_dir/Occlum.json" -o "$context_dir/build/Enclave.xml"
$ENCLAVE_SIGN_TOOL sign \
-key $ENCLAVE_SIGN_KEY \
-config "$context_dir/build/Enclave.xml" \
-enclave "$context_dir/build/lib/libocclum-libos.so.$major_ver" \
-out "$context_dir/build/lib/libocclum-libos.signed.so"
rm -f "$context_dir/build/Enclave.xml"
cd "$context_dir"
echo "built" > status
cd "$instance_dir"
echo "built" > $status_file
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
echo "SIM" > .sgx_mode
@ -235,11 +157,8 @@ cmd_build() {
echo "HW" > .sgx_mode
fi
mkdir -p "$context_dir/run/mount/__ROOT"
mkdir -p "$context_dir/run/mount/tmp"
ln -s $occlum_dir/build/bin/occlum_exec_client $context_dir/build/bin/occlum_exec_client
ln -s $occlum_dir/build/bin/occlum_exec_server $context_dir/build/bin/occlum_exec_server
mkdir -p "$instance_dir/run/mount/__ROOT"
mkdir -p "$instance_dir/run/mount/tmp"
echo "Built the Occlum image and enclave successfully"
}
@ -247,95 +166,90 @@ cmd_build() {
cmd_run() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
export LD_LIBRARY_PATH="$instance_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
export LD_LIBRARY_PATH="$instance_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
echo "running" > $status_file
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum-run" "$@"
RUST_BACKTRACE=1 "$instance_dir/build/bin/occlum-run" "$@"
echo "built" > "$context_dir/status"
echo "built" > $status_file
}
cmd_start() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
export LD_LIBRARY_PATH="$instance_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
export LD_LIBRARY_PATH="$instance_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
echo "running" > $status_file
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum_exec_client" start
RUST_BACKTRACE=1 "$instance_dir/build/bin/occlum_exec_client" start
echo "built" > "$context_dir/status"
echo "built" > $status_file
}
cmd_exec() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
export LD_LIBRARY_PATH="$instance_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
export LD_LIBRARY_PATH="$instance_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
echo "running" > "$status_file"
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum_exec_client" exec -- "$@"
RUST_BACKTRACE=1 "$instance_dir/build/bin/occlum_exec_client" exec -- "$@"
echo "built" > "$context_dir/status"
echo "built" > "$status_file"
}
cmd_stop() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
export LD_LIBRARY_PATH="$instance_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
export LD_LIBRARY_PATH="$instance_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
echo "running" > "$status_file"
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum_exec_client" stop -t 0
RUST_BACKTRACE=1 "$instance_dir/build/bin/occlum_exec_client" stop -t 0
echo "built" > "$context_dir/status"
echo "built" > "$status_file"
}
cmd_gdb() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
export LD_LIBRARY_PATH="$instance_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
export LD_LIBRARY_PATH="$instance_dir/build/lib"
fi
cd "$working_dir"
echo "debugging" > "$context_dir/status"
echo "debugging" > "$status_file"
OCCLUM_GDB=1 $SGX_GDB --args "$context_dir/build/bin/occlum-run" "$@"
OCCLUM_GDB=1 $SGX_GDB --args "$instance_dir/build/bin/occlum-run" "$@"
echo "built" > "$context_dir/status"
echo "built" > "$status_file"
}
cmd_status() {
cat "$context_dir/status"
cat "$status_file"
}
set -e

4
tools/occlum-gen-default-occlum-json
View File

@ -1,8 +1,6 @@
#!/bin/bash
if [ -z $OCCLUM_INSTANCE_DIR ];then
OCCLUM_INSTANCE_DIR=".occlum"
fi
OCCLUM_INSTANCE_DIR="."
cat <<EOF
{

139
tools/occlum_build.mk Normal file
View File

@ -0,0 +1,139 @@
SGX_SDK ?= /opt/intel/sgxsdk
IMAGE := $(instance_dir)/image
SECURE_IMAGE := $(instance_dir)/build/mount/__ROOT/metadata
JSON_CONF := $(instance_dir)/Occlum.json
LIBOS := $(instance_dir)/build/lib/$(libos_lib).$(occlum_version)
SIGNED_ENCLAVE := $(instance_dir)/build/lib/libocclum-libos.signed.so
BIN_LINKS := occlum_exec_client occlum_exec_server occlum-run
BIN_LINKS := $(addprefix $(instance_dir)/build/bin/, $(BIN_LINKS))
LIB_LINKS := libocclum-pal.so.$(major_ver) libocclum-pal.so
LIB_LINKS := $(addprefix $(instance_dir)/build/lib/, $(LIB_LINKS))
ifneq (, $(wildcard $(IMAGE)/. ))
IMAGE_DIRS := $(shell find $(IMAGE) -type d 2>/dev/null || true)
IMAGE_FILES := $(shell find $(IMAGE) -type f 2>/dev/null || true)
endif
SHELL:=/bin/bash
define get_conf_root_fs_mac
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" \
"$(occlum_dir)/build/bin/occlum-protect-integrity" show-mac "$(instance_dir)/build/mount/__ROOT/metadata"
endef
define get_conf_default_stack_size
cat "$(JSON_CONF)" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']"
endef
define get_conf_default_heap_size
cat "$(JSON_CONF)" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_heap_size']"
endef
define get_conf_default_mmap_size
cat "$(JSON_CONF)" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_mmap_size']" ['resource_limits']['user_space_size']
endef
define get_conf_user_space_size
cat "$(JSON_CONF)" | \
python -c "import sys, json; print json.load(sys.stdin)['resource_limits']['user_space_size']"
endef
define get_conf_env
cat "$(JSON_CONF)" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['env'])"
endef
define get_conf_entry_points
cat "$(JSON_CONF)" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['entry_points'])"
endef
define get_occlum_conf_file_mac
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" \
"$(occlum_dir)/build/bin/occlum-protect-integrity" show-mac "$(instance_dir)/build/Occlum.json.protected"
endef
define parse_occlum_user_space_size
size_with_unit=$$($(get_conf_user_space_size)); echo $${size_with_unit:0:-1} | numfmt --from=iec
endef
.PHONY : all
all: $(SIGNED_ENCLAVE) $(BIN_LINKS) $(LIB_LINKS)
$(SIGNED_ENCLAVE): $(LIBOS)
@echo "Signing the enclave..."
@$(occlum_dir)/build/bin/gen_enclave_conf -i "$(instance_dir)/Occlum.json" -o "$(instance_dir)/build/Enclave.xml"
@$(ENCLAVE_SIGN_TOOL) sign \
-key $(ENCLAVE_SIGN_KEY) \
-config "$(instance_dir)/build/Enclave.xml" \
-enclave "$(instance_dir)/build/lib/libocclum-libos.so.$(major_ver)" \
-out "$(instance_dir)/build/lib/libocclum-libos.signed.so"
$(LIBOS): $(instance_dir)/build/Occlum.json.protected
@echo "Building libOS..."
@export OCCLUM_BUILTIN_CONF_FILE_MAC=`$(get_occlum_conf_file_mac)` ; \
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $$OCCLUM_BUILTIN_CONF_FILE_MAC" ; \
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=$$($(parse_occlum_user_space_size)) ; \
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $$OCCLUM_BUILTIN_VM_USER_SPACE_SIZE" ; \
cd $(instance_dir)/build/lib && \
cp "$(occlum_dir)/build/lib/$(libos_lib).$(occlum_version)" . && ln -sf "$(libos_lib).$(occlum_version)" "libocclum-libos.so.$(major_ver)" && \
ln -sf "libocclum-libos.so.$(major_ver)" libocclum-libos.so ; \
echo -e "$$OCCLUM_BUILTIN_CONF_FILE_MAC\c" > temp_mac_file && \
objcopy --update-section .builtin_config=temp_mac_file libocclum-libos.so && \
rm temp_mac_file
$(instance_dir)/build/Occlum.json.protected: $(instance_dir)/build/Occlum.json
@cd "$(instance_dir)/build" ; \
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" "$(occlum_dir)/build/bin/occlum-protect-integrity" protect Occlum.json ;
$(instance_dir)/build/Occlum.json: $(SECURE_IMAGE) $(JSON_CONF) | $(instance_dir)/build/lib
@export OCCLUM_CONF_ROOT_FS_MAC=`$(get_conf_root_fs_mac)` ; \
export OCCLUM_CONF_USER_SPACE_SIZE=`$(get_conf_user_space_size)` ; \
export OCCLUM_CONF_DEFAULT_STACK_SIZE=`$(get_conf_default_stack_size)` ; \
export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`$(get_conf_default_heap_size)` ; \
export OCCLUM_CONF_DEFAULT_MMAP_SIZE=`$(get_conf_default_mmap_size)` ; \
export OCCLUM_CONF_ENV="`$(get_conf_env)`" ; \
export OCCLUM_CONF_ENTRY_POINTS=`$(get_conf_entry_points)` ; \
cd "$(instance_dir)/build" ; \
"$(occlum_dir)/build/bin/occlum-gen-default-occlum-json" > "Occlum.json"
$(BIN_LINKS): $(instance_dir)/build/bin/%: $(occlum_dir)/build/bin/% | $(instance_dir)/build/bin
@ln -sf $< $@
$(instance_dir)/build/bin:
@mkdir -p build/bin
$(instance_dir)/build/lib/libocclum-pal.so:
$(instance_dir)/build/lib/libocclum-pal.so.0: | $(instance_dir)/build/lib
@cp "$(occlum_dir)/build/lib/$(pal_lib).$(occlum_version)" build/lib/
@cd build/lib && ln -sf "$(pal_lib).$(occlum_version)" "libocclum-pal.so.$(major_ver)" && \
ln -sf "libocclum-pal.so.$(major_ver)" libocclum-pal.so
$(instance_dir)/build/lib:
@mkdir -p build/lib
# If image dir not exist, just use the secure Occlum FS image
ifneq ($(wildcard $(IMAGE)/. ),)
$(SECURE_IMAGE): $(IMAGE) $(IMAGE_DIRS) $(IMAGE_FILES)
@echo "Building new image..."
@rm -rf build/mount
@mkdir -p build/mount/
@cd "$(occlum_dir)/build/bin/" && \
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" ./sefs-cli \
--integrity-only \
"$(instance_dir)/build/mount/__ROOT" \
"$(instance_dir)/image" \
zip
endif