From 88d512586cb496c68bceddf4f97d29565abe09a2 Mon Sep 17 00:00:00 2001
From: "Zheng, Qi" <huaiqing.zq@antgroup.com>
Date: Wed, 24 May 2023 11:20:18 +0800
Subject: [PATCH] [Dockerfile] Update toolchains build

---
 Makefile                            |  2 --
 tools/docker/Dockerfile.anolis8.8   | 43 +++++++++++++++++---------
 tools/docker/Dockerfile.ubuntu20.04 | 48 ++++++++++++++++-------------
 3 files changed, 54 insertions(+), 39 deletions(-)

diff --git a/Makefile b/Makefile
index d2b9ddb5..0d0b4875 100644
--- a/Makefile
+++ b/Makefile
@@ -42,8 +42,6 @@ submodule: githooks init-submodule
 	@cp deps/sefs/sefs-cli/lib/libsefs-cli_sim.so build/lib
 	@cp deps/sefs/sefs-cli/lib/libsefs-cli.signed.so build/lib
 	@cp deps/sefs/sefs-cli/enclave/Enclave.config.xml build/sefs-cli.Enclave.xml
-	@# Build and install Occlum dcap lib
-	@cd tools/toolchains/dcap_lib && ./build.sh
 else
 submodule: githooks init-submodule
 	@rm -rf build
diff --git a/tools/docker/Dockerfile.anolis8.8 b/tools/docker/Dockerfile.anolis8.8
index 40b79b1c..a3d700e7 100644
--- a/tools/docker/Dockerfile.anolis8.8
+++ b/tools/docker/Dockerfile.anolis8.8
@@ -130,44 +130,45 @@ RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
 ARG OCCLUM_BRANCH
 WORKDIR /root
 RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
-    cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
+    cd /root/occlum && git submodule update --init && \
+    mkdir -p /opt/occlum/ && \
     cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
 
 # Install Occlum toolchain
-WORKDIR /tmp
-RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
+WORKDIR /root/occlum/tools/toolchains
+RUN cd musl-gcc && ./build.sh && ./install_zlib.sh
 ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
 
 # Install glibc
-WORKDIR /tmp
-RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
+WORKDIR /root/occlum/tools/toolchains
+RUN cd glibc && ./build.sh
 
 # Install Occlum Golang toolchain
-WORKDIR /tmp
-RUN cd golang && ./build.sh && rm -rf /tmp/golang
+WORKDIR /root/occlum/tools/toolchains
+RUN cd golang && ./build.sh
 ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
 
 # Install Occlum Rust toolchain
-WORKDIR /tmp
-RUN cd rust && ./build.sh && rm -rf /tmp/rust
+WORKDIR /root/occlum/tools/toolchains
+RUN cd rust && ./build.sh
 ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
 ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
 
 # Install Occlum bash
-WORKDIR /tmp
-RUN cd bash && ./build.sh && rm -rf /tmp/bash
+WORKDIR /root/occlum/tools/toolchains
+RUN cd bash && ./build.sh
 
 # Install Occlum busybox
-WORKDIR /tmp
-RUN cd busybox && ./build.sh && rm -rf /tmp/busybox
+WORKDIR /root/occlum/tools/toolchains
+RUN cd busybox && ./build.sh
 
 # Install Occlum Java toolchain (JDK 11)
 ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
 COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
 RUN rm $JDK11_PATH/lib/security/cacerts
 COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
-WORKDIR /tmp
-RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
+WORKDIR /root/occlum/tools/toolchains
+RUN cd java && ./install_dragonwell.sh
 ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
 
 # Install OpenJDK 8
@@ -176,6 +177,18 @@ COPY --from=alpine /usr/lib/jvm/java-1.8-openjdk $JDK8_PATH
 RUN rm $JDK8_PATH/jre/lib/security/cacerts
 COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK8_PATH/jre/lib/security/cacerts
 
+# Install DCAP library
+WORKDIR /root/occlum/tools/toolchains
+RUN cd dcap_lib && ./build.sh
+
+# Install AECS Client library
+WORKDIR /root/occlum/tools/toolchains
+RUN cd aecs_client && ./build.sh
+
+# Install GRPC RATLS
+WORKDIR /root/occlum/tools/toolchains
+RUN cd grpc_ratls && ./build.sh
+
 # Build and install Occlum
 WORKDIR /root
 RUN cd occlum && \
diff --git a/tools/docker/Dockerfile.ubuntu20.04 b/tools/docker/Dockerfile.ubuntu20.04
index a7b3c446..1b05a5c7 100644
--- a/tools/docker/Dockerfile.ubuntu20.04
+++ b/tools/docker/Dockerfile.ubuntu20.04
@@ -137,44 +137,45 @@ RUN git clone -b sgx_2.17.1_for_occlum https://github.com/occlum/linux-sgx && \
 ARG OCCLUM_BRANCH
 WORKDIR /root
 RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
-    cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
+    cd /root/occlum && git submodule update --init && \
+    mkdir -p /opt/occlum/ && \
     cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
 
 # Install Occlum toolchain
-WORKDIR /tmp
-RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
+WORKDIR /root/occlum/tools/toolchains
+RUN cd musl-gcc && ./build.sh && ./install_zlib.sh
 ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
 
 # Install glibc
-WORKDIR /tmp
-RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
+WORKDIR /root/occlum/tools/toolchains
+RUN cd glibc && ./build.sh
 
 # Install Occlum Golang toolchain
-WORKDIR /tmp
-RUN cd golang && ./build.sh && rm -rf /tmp/golang
+WORKDIR /root/occlum/tools/toolchains
+RUN cd golang && ./build.sh
 ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
 
 # Install Occlum Rust toolchain
-WORKDIR /tmp
-RUN cd rust && ./build.sh && rm -rf /tmp/rust
+WORKDIR /root/occlum/tools/toolchains
+RUN cd rust && ./build.sh
 ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
 ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
 
 # Install Occlum bash
-WORKDIR /tmp
-RUN cd bash && ./build.sh && rm -rf /tmp/bash
+WORKDIR /root/occlum/tools/toolchains
+RUN cd bash && ./build.sh
 
 # Install Occlum busybox
-WORKDIR /tmp
-RUN cd busybox && ./build.sh && rm -rf /tmp/busybox
+WORKDIR /root/occlum/tools/toolchains
+RUN cd busybox && ./build.sh
 
 # Install Occlum Java toolchain (JDK 11)
 ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
 COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
 RUN rm $JDK11_PATH/lib/security/cacerts
 COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
-WORKDIR /tmp
-RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
+WORKDIR /root/occlum/tools/toolchains
+RUN cd java && ./install_dragonwell.sh
 ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
 
 # Install OpenJDK 8
@@ -183,9 +184,17 @@ COPY --from=alpine /usr/lib/jvm/java-1.8-openjdk $JDK8_PATH
 RUN rm $JDK8_PATH/jre/lib/security/cacerts
 COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK8_PATH/jre/lib/security/cacerts
 
+# Install DCAP library
+WORKDIR /root/occlum/tools/toolchains
+RUN cd dcap_lib && ./build.sh
+
 # Install AECS Client library
-WORKDIR /tmp
-RUN cd aecs_client && ./build.sh && rm -rf /tmp/aecs_client
+WORKDIR /root/occlum/tools/toolchains
+RUN cd aecs_client && ./build.sh
+
+# Install GRPC RATLS
+WORKDIR /root/occlum/tools/toolchains
+RUN cd grpc_ratls && ./build.sh
 
 # Install Occlum
 WORKDIR /root
@@ -197,11 +206,6 @@ RUN cd occlum && \
     cp -r demos /root/demos && \
     rm -rf /root/occlum
 
-# Install GRPC RATLS
-# Do after installing Occlum is because it depends on the dcap library.
-WORKDIR /tmp
-RUN cd grpc_ratls && ./build.sh && rm -rf /tmp/grpc_ratls
-
 # Start AESM service automatically
 #
 # To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM