From 9435b1a1969b9233950d55d3e88ea9bdeb5775dc Mon Sep 17 00:00:00 2001 From: "Hui, Chunyang" Date: Tue, 4 Aug 2020 02:47:51 +0000 Subject: [PATCH] Add RPM installer for Occlum and C/C++ toolchains --- Makefile | 1 + README.md | 4 + deps/sefs | 2 +- src/sgxenv.mk | 2 +- tools/installer/README.md | 63 +++++++++ tools/installer/rpm/Makefile | 78 +++++++++++ tools/installer/rpm/occlum-filelist | 11 ++ tools/installer/rpm/occlum-pal-filelist | 1 + tools/installer/rpm/occlum-pal.sh | 1 + tools/installer/rpm/occlum-platform-filelist | 5 + tools/installer/rpm/occlum-platform.sh | 1 + tools/installer/rpm/occlum.spec | 94 +++++++++++++ .../rpm/toolchains/gcc/download_sources.sh | 14 ++ .../musl-cross-make-disable-download.patch | 65 +++++++++ .../rpm/toolchains/gcc/occlum-gcc.sh | 1 + .../toolchains/gcc/occlum-toolchains-gcc.spec | 127 ++++++++++++++++++ .../rpm/tools/occlum-sgx-tools-filelist | 7 + .../installer/rpm/tools/occlum-sgx-tools.spec | 29 ++++ tools/protect-integrity/Makefile | 8 +- tools/toolchains/gcc/build.sh | 2 +- 20 files changed, 511 insertions(+), 5 deletions(-) create mode 100644 tools/installer/README.md create mode 100644 tools/installer/rpm/Makefile create mode 100644 tools/installer/rpm/occlum-filelist create mode 100644 tools/installer/rpm/occlum-pal-filelist create mode 100644 tools/installer/rpm/occlum-pal.sh create mode 100644 tools/installer/rpm/occlum-platform-filelist create mode 100644 tools/installer/rpm/occlum-platform.sh create mode 100644 tools/installer/rpm/occlum.spec create mode 100755 tools/installer/rpm/toolchains/gcc/download_sources.sh create mode 100644 tools/installer/rpm/toolchains/gcc/musl-cross-make-disable-download.patch create mode 100644 tools/installer/rpm/toolchains/gcc/occlum-gcc.sh create mode 100644 tools/installer/rpm/toolchains/gcc/occlum-toolchains-gcc.spec create mode 100644 tools/installer/rpm/tools/occlum-sgx-tools-filelist create mode 100644 tools/installer/rpm/tools/occlum-sgx-tools.spec diff --git a/Makefile b/Makefile index ecdbd82a..ae060556 100644 --- a/Makefile +++ b/Makefile @@ -83,3 +83,4 @@ clean: @$(MAKE) --no-print-directory -C test clean @$(MAKE) SGX_MODE=SIM --no-print-directory -C src clean @$(MAKE) SGX_MODE=SIM --no-print-directory -C test clean + @$(MAKE) --no-print-directory -C tools/installer/rpm clean diff --git a/README.md b/README.md index fcade5d6..4263a015 100644 --- a/README.md +++ b/README.md @@ -259,6 +259,10 @@ $ OCCLUM_RELEASE_ENCLAVE=yes occlum run Ultimately, whether an enclave is running in the release mode should be checked and judged by a trusted client through remotely attesting the enclave. See the remote attestation demo [here](demos/remote_attestation). +## How to Run Occlum Without Docker? + +One easy way to run Occlum without Docker is to use the Occlum Installer. We have prepared the RPM installer for Occlum, which can be downloaded with every release of Occlum. For more info about the installer, see [here](tools/installer/README.md). + ## What is the Implementation Status? Occlum is being actively developed. We now focus on implementing more system calls and additional features required in the production environment. diff --git a/deps/sefs b/deps/sefs index f06c02df..74e9c2d2 160000 --- a/deps/sefs +++ b/deps/sefs @@ -1 +1 @@ -Subproject commit f06c02dfc5fa91cb9be7574f1882cdab863673f1 +Subproject commit 74e9c2d2a8cea48912a297d9508182e8df9da047 diff --git a/src/sgxenv.mk b/src/sgxenv.mk index b84d3333..b389dded 100644 --- a/src/sgxenv.mk +++ b/src/sgxenv.mk @@ -85,7 +85,7 @@ SGX_CFLAGS_U := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes \ SGX_CXXFLAGS_U := $(SGX_CFLAGS_U) -std=c++11 ifneq ($(SGX_MODE), HW) - SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -lsgx_urts_sim -lsgx_uae_service_sim + SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts_sim -Wl,-Bdynamic -lsgx_uae_service_sim else SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts -Wl,-Bdynamic -lsgx_uae_service -lsgx_enclave_common endif diff --git a/tools/installer/README.md b/tools/installer/README.md new file mode 100644 index 00000000..a1d8fd81 --- /dev/null +++ b/tools/installer/README.md @@ -0,0 +1,63 @@ +# Occlum Installer + +## RPM Installer + +### How to Build + +To build RPM packages, a docker container with Occlum CentOS image is needed. Execute below commands under the occlum directory: +``` +cd tools/installer/rpm +make +``` +and occlum rpm installer can be found under `build/rpms`. + +If a user wants to build his application on a platform installed with Occlum installer, toolchain installers are also needed. To build language specific toolchain installer, just run the command: +``` +cd tools/installer/rpm +make +``` +Now, only `c/c++` option is supported. And the installer can be found under `build/rpms`. + +### How to Use + +RPM installer should be found together with Occlum release package at [this page](https://github.com/occlum/occlum/releases). +To run Occlum on clean Centos 8, please follow below steps: + +**Step 1. Install Prerequisites** +``` +yum install -y libcurl-devel openssl-devel fuse-devel fuse-libs autoconf automake cmake libtool make yum-utils gdb python2 +ln -s /usr/bin/python2 /usr/local/bin/python +dnf config-manager --set-enabled PowerTools +yum install -y ocaml ocaml-ocamlbuild +``` + +**Step 2. Install IntelĀ® SGX driver and IntelĀ® SGX PSW** +Please follow [Intel SGX Installation Guide](https://download.01.org/intel-sgx/sgx-linux/2.9.1/docs/Intel_SGX_Installation_Guide_Linux_2.9.1_Open_Source.pdf) to install SGX driver and SGX PSW. SGX SDK is not required. Using RPM installer is recommanded. + +Also, UAE service libraries are needed but may not installed together with SGX PSW if SGX PSW installer is used. Go to SGX RPM local repo and run: +``` +rpm -i libsgx-uae-service-2.9.101.2-1.el7.x86_64.rpm +``` + +**Step 3. Install Occlum Installer and Toolchains Installer** +``` +rpm -i occlum-sgx-tools-*.rpm +rpm -i occlum-"$occlum_version"-*.rpm +rpm -i occlum-pal-*.rpm +rpm -i occlum-platform-*.rpm +``` + +Toolchains are needed when compile applications and also during runtime. Choose to install the toolchain installer based on the application's language. Currently, we only supports `C/C++`. More language toolchain installers are on the way. To install `C/C++` toolchain, just run the command: +``` +rpm -i occlum-toolchains-gcc-*.rpm +``` + +To make the new installed binaries and libraries work, this command must be executed: +``` +source /etc/profile +``` + +Finally, you are good to go! + +### Build DEB Installer +TBD diff --git a/tools/installer/rpm/Makefile b/tools/installer/rpm/Makefile new file mode 100644 index 00000000..af524b94 --- /dev/null +++ b/tools/installer/rpm/Makefile @@ -0,0 +1,78 @@ +CUR_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +PROJECT_DIR := $(CUR_DIR)/../../.. +TARGET_DIR := $(abspath $(PROJECT_DIR)/build/rpms) + +MAJOR_VER_NUM = $(shell grep '\#define OCCLUM_MAJOR_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h | awk '{print $$3}') +MINOR_VER_NUM = $(shell grep '\#define OCCLUM_MINOR_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h | awk '{print $$3}') +PATCH_VER_NUM = $(shell grep '\#define OCCLUM_PATCH_VERSION' $(PROJECT_DIR)/src/pal/include/occlum_version.h | awk '{print $$3}') +VERSION_NUM := $(MAJOR_VER_NUM).$(MINOR_VER_NUM).$(PATCH_VER_NUM) + +RPM_FILELIST = occlum-filelist occlum-pal-filelist occlum-platform-filelist +EXPORT_SCRIPT = occlum-pal.sh occlum-platform.sh + +GCC_PATCH = toolchains/gcc/musl-cross-make-disable-download.patch +GCC_SCRIPT = toolchains/gcc/occlum-gcc.sh + +SGX_TOOLS_FILELIST = tools/occlum-sgx-tools-filelist + +PACKAGE_DIR = /tmp + +.PHONY: all main main_deps c/c++ deps_c tools clean + +all: tools main + +main: main_deps + @mkdir -p $(TARGET_DIR) + @rpmbuild -ba --define '_version $(VERSION_NUM)' occlum.spec + @mv $$HOME/rpmbuild $$HOME/rpmbuild-occlum + @cp $$HOME/rpmbuild-occlum/RPMS/x86_64/*.rpm $(TARGET_DIR) + @echo "$$(ls $$HOME/rpmbuild-occlum/RPMS/x86_64) can be found at $(TARGET_DIR)" + +main_deps: $$HOME/rpmbuild/SOURCES/$(firstword $(EXPORT_SCRIPT)) $(PACKAGE_DIR)/$(VERSION_NUM).tar.gz + +$$HOME/rpmbuild/SOURCES/$(firstword $(EXPORT_SCRIPT)): + @if [ -d $$HOME/rpmbuild ]; then \ + mv $$HOME/rpmbuild $$HOME/rpmbuild-old-$$(date +%Y%m%d-%T); fi + @mkdir -p $$HOME/rpmbuild/{BUILD,RPMS,SPECS,SOURCES,SRPMS} + @cp -t $$HOME/rpmbuild/SOURCES $(RPM_FILELIST) $(EXPORT_SCRIPT) + +$(PACKAGE_DIR)/$(VERSION_NUM).tar.gz: + @cp -r $(PROJECT_DIR) $(PACKAGE_DIR)/occlum-$(VERSION_NUM) + @cd $(PACKAGE_DIR)/occlum-$(VERSION_NUM); \ + git submodule deinit -f . ; \ + rm -rf $(PACKAGE_DIR)/occlum-$(VERSION_NUM)/build + @cd $(PACKAGE_DIR) && tar -cvzf "$$HOME/rpmbuild/SOURCES/$(VERSION_NUM).tar.gz" occlum-$(VERSION_NUM) + +c/c++: deps_c + @rpmbuild -ba --define '_musl_version $(VERSION_NUM)' toolchains/gcc/occlum-toolchains-gcc.spec + @mv $$HOME/rpmbuild $$HOME/rpmbuild-occlum-toolchains-gcc + @cp $$HOME/rpmbuild-occlum-toolchains-gcc/RPMS/x86_64/*.rpm $(TARGET_DIR) + @echo "$$(ls $$HOME/rpmbuild-occlum-toolchains-gcc/RPMS/x86_64) can be found at $(TARGET_DIR)" + +deps_c: $$HOME/rpmbuild/SOURCES/$(GCC_PATCH) +$$HOME/rpmbuild/SOURCES/$(GCC_PATCH): + @mkdir -p $(TARGET_DIR) + @yum install -y rpmdevtools wget + @if [ -d $$HOME/rpmbuild ]; then \ + mv $$HOME/rpmbuild $$HOME/rpmbuild-old-$$(date +%Y%m%d-%T); fi + @mkdir -p $$HOME/rpmbuild/{BUILD,RPMS,SPECS,SOURCES,SRPMS} + @MUSL_VERSION=$(VERSION_NUM) toolchains/gcc/download_sources.sh + @spectool -g -R --define '_musl_version $(VERSION_NUM)' toolchains/gcc/occlum-toolchains-gcc.spec + @cp -t $$HOME/rpmbuild/SOURCES $(GCC_PATCH) $(GCC_SCRIPT) + +# TODO: Occlum specific SGX related tools and libraries should be put to a different place +tools: + @mkdir -p $(TARGET_DIR) + @if [ -d $$HOME/rpmbuild ]; then \ + mv $$HOME/rpmbuild $$HOME/rpmbuild-old-$$(date +%Y%m%d-%T); fi + @mkdir -p $$HOME/rpmbuild/{BUILD,RPMS,SPECS,SOURCES,SRPMS} + @cp -t $$HOME/rpmbuild/SOURCES $(SGX_TOOLS_FILELIST) + @rpmbuild -ba tools/occlum-sgx-tools.spec + @mv $$HOME/rpmbuild $$HOME/rpmbuild-occlum-sgx-tools + @cp $$HOME/rpmbuild-occlum-sgx-tools/RPMS/x86_64/*.rpm $(TARGET_DIR) + @echo "$$(ls $$HOME/rpmbuild-occlum-sgx-tools/RPMS/x86_64) can be found at $(TARGET_DIR)" + +clean: + @rm -rf $(PACKAGE_DIR)/occlum-$(VERSION_NUM) + @rm -rf $$HOME/rpmbuild $$HOME/rpmbuild-occlum-sgx-tools $$HOME/rpmbuild-occlum-toolchains-gcc $$HOME/rpmbuild-occlum + @rm -rf $(TARGET_DIR) diff --git a/tools/installer/rpm/occlum-filelist b/tools/installer/rpm/occlum-filelist new file mode 100644 index 00000000..a6734def --- /dev/null +++ b/tools/installer/rpm/occlum-filelist @@ -0,0 +1,11 @@ +/opt/occlum/build/bin/gen_enclave_conf +/opt/occlum/build/bin/occlum-gen-default-occlum-json +/opt/occlum/build/bin/occlum-protect-integrity +/opt/occlum/build/bin/sefs-cli +/opt/occlum/build/lib/libocclum-pal_sim.so* +/opt/occlum/build/lib/libocclum-libos.so* +/opt/occlum/build/lib/libocclum-libos_sim.so* +/opt/occlum/build/lib/libsefs-cli.signed.so +/opt/occlum/build/lib/occlum-protect-integrity.signed.so* +/opt/occlum/etc/template/* +/opt/occlum/include/* diff --git a/tools/installer/rpm/occlum-pal-filelist b/tools/installer/rpm/occlum-pal-filelist new file mode 100644 index 00000000..b77c6db1 --- /dev/null +++ b/tools/installer/rpm/occlum-pal-filelist @@ -0,0 +1 @@ +/opt/occlum/build/lib/libocclum-pal.so* diff --git a/tools/installer/rpm/occlum-pal.sh b/tools/installer/rpm/occlum-pal.sh new file mode 100644 index 00000000..4571bb3b --- /dev/null +++ b/tools/installer/rpm/occlum-pal.sh @@ -0,0 +1 @@ +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/occlum/build/lib diff --git a/tools/installer/rpm/occlum-platform-filelist b/tools/installer/rpm/occlum-platform-filelist new file mode 100644 index 00000000..50a63937 --- /dev/null +++ b/tools/installer/rpm/occlum-platform-filelist @@ -0,0 +1,5 @@ +/opt/occlum/build/bin/occlum +/opt/occlum/build/bin/occlum_build.mk +/opt/occlum/build/bin/occlum-run +/opt/occlum/build/bin/occlum_exec_client +/opt/occlum/build/bin/occlum_exec_server diff --git a/tools/installer/rpm/occlum-platform.sh b/tools/installer/rpm/occlum-platform.sh new file mode 100644 index 00000000..115fa371 --- /dev/null +++ b/tools/installer/rpm/occlum-platform.sh @@ -0,0 +1 @@ +export PATH="/opt/occlum/build/bin:$PATH" diff --git a/tools/installer/rpm/occlum.spec b/tools/installer/rpm/occlum.spec new file mode 100644 index 00000000..301d4f8d --- /dev/null +++ b/tools/installer/rpm/occlum.spec @@ -0,0 +1,94 @@ +%define centos_base_release 1 + +%define _unpackaged_files_terminate_build 0 +%define sgxsdk_install_dir /opt/intel + +Name: occlum +Version: %{_version} +Release: %{centos_base_release}%{?dist} +Summary: Memory-safe, multi-process library OS (LibOS) for Intel SGX +Group: Development/Libraries +License: BSD License +URL: https://github.com/occlum/occlum +Source0: https://github.com/occlum/occlum/archive/%{_version}.tar.gz +Source10: occlum-pal.sh +Source11: occlum-filelist +Source12: occlum-pal-filelist +Source13: occlum-platform-filelist +SOURCE14: occlum-platform.sh + +ExclusiveArch: x86_64 + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: cmake +BuildRequires: libtool +BuildRequires: ocaml +BuildRequires: ocaml-ocamlbuild +BuildRequires: python +BuildRequires: openssl-devel +BuildRequires: libcurl-devel +BuildRequires: git +BuildRequires: fuse-devel +BuildRequires: fuse-libs + +%description +Occlum is a memory-safe, multi-process library OS (LibOS) for Intel SGX. +As a LibOS, it enables legacy applications to run on SGX with little or even no modifications of source code, +thus protecting the confidentiality and integrity of user workloads transparently. + +%package pal +Summary: Platform Abstraction Layer of Occlum enclave + +%description pal +occlum-pal is the Platform Abstraction Layer of Occlum enclave. +It provides interfaces to execute trused applications inside enclave. + +%package platform +Summary: Platform Abstraction Layer command for occlum enclave + +%description platform +occlum-platform contains command for occlum enclave. + +%prep +%setup -q -c -n %{name}-%{_version} + +%build +# build occlum +cd %{?_builddir}/%{name}-%{_version}/occlum-%{_version} +NOT_GIT=true make submodule + +%install +# set sgxsdk env +source %{sgxsdk_install_dir}/sgxsdk/environment + +cd occlum-%{_version} +OCCLUM_RELEASE_BUILD=1 make +OCCLUM_PREFIX=%{?buildroot}/opt/occlum make install + +# install occlum-pal.sh +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/profile.d +install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ +install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ + +%files -f %{SOURCE11} + +%files pal -f %{SOURCE12} +/etc/profile.d/occlum-pal.sh + +%files platform -f %{SOURCE13} +/etc/profile.d/occlum-platform.sh + +%post pal +echo 'Please execute command "source /etc/profile" to validate envs immediately' + +%post platform +echo 'Please execute command "source /etc/profile" to validate envs immediately' + +%changelog +* Mon Aug 03 2020 Chunyang Hui - 0.14.0-1 +- Integrate with Occlum +- Remove sgxsdk installation + +* Mon Jul 20 2020 Chunmei Xu - 0.14.0-0 +- Initial commit diff --git a/tools/installer/rpm/toolchains/gcc/download_sources.sh b/tools/installer/rpm/toolchains/gcc/download_sources.sh new file mode 100755 index 00000000..55bf828a --- /dev/null +++ b/tools/installer/rpm/toolchains/gcc/download_sources.sh @@ -0,0 +1,14 @@ +#! /bin/bash +set -e + +yum install -y wget + +# Get musl-cross-make config file +CONFIG_SUB_REV=3d5db9ebe860 +wget -O $HOME/rpmbuild/SOURCES/config.sub "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=$CONFIG_SUB_REV" + +if [ ! -f "$HOME/rpmbuild/SOURCES/musl-$MUSL_VERSION.tar.gz" ]; then + wget -O $HOME/rpmbuild/SOURCES/musl-$MUSL_VERSION.tar.gz https://github.com/occlum/musl/archive/$MUSL_VERSION.tar.gz +else + echo "musl-$MUSL_VERSION.tar.gz already exists, skipping download" +fi diff --git a/tools/installer/rpm/toolchains/gcc/musl-cross-make-disable-download.patch b/tools/installer/rpm/toolchains/gcc/musl-cross-make-disable-download.patch new file mode 100644 index 00000000..4ed935ea --- /dev/null +++ b/tools/installer/rpm/toolchains/gcc/musl-cross-make-disable-download.patch @@ -0,0 +1,65 @@ +diff --git a/Makefile b/Makefile +index 3d688f7..9049901 100644 +--- a/Makefile ++++ b/Makefile +@@ -57,24 +57,24 @@ distclean: clean + + ifeq ($(SOURCES),sources) + +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/gmp*)): SITE = $(GMP_SITE) +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/mpc*)): SITE = $(MPC_SITE) +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/mpfr*)): SITE = $(MPFR_SITE) +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/isl*)): SITE = $(ISL_SITE) +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/binutils*)): SITE = $(BINUTILS_SITE) +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/gcc*)): SITE = $(GCC_SITE)/$(basename $(basename $(notdir $@))) +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/musl*)): SITE = $(MUSL_SITE) +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-4*)): SITE = $(LINUX_SITE)/v4.x +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-3*)): SITE = $(LINUX_SITE)/v3.x +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-2.6*)): SITE = $(LINUX_SITE)/v2.6 +-$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-headers-*)): SITE = $(LINUX_HEADERS_SITE) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/gmp*)): SITE = $(GMP_SITE) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/mpc*)): SITE = $(MPC_SITE) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/mpfr*)): SITE = $(MPFR_SITE) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/isl*)): SITE = $(ISL_SITE) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/binutils*)): SITE = $(BINUTILS_SITE) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/gcc*)): SITE = $(GCC_SITE)/$(basename $(basename $(notdir $@))) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/musl*)): SITE = $(MUSL_SITE) ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-4*)): SITE = $(LINUX_SITE)/v4.x ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-3*)): SITE = $(LINUX_SITE)/v3.x ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-2.6*)): SITE = $(LINUX_SITE)/v2.6 ++#$(patsubst hashes/%.sha1,$(SOURCES)/%,$(wildcard hashes/linux-headers-*)): SITE = $(LINUX_HEADERS_SITE) + + $(SOURCES): + mkdir -p $@ + + $(SOURCES)/config.sub: | $(SOURCES) + mkdir -p $@.tmp +- cd $@.tmp && $(DL_CMD) $(notdir $@) "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=$(CONFIG_SUB_REV)" ++# cd $@.tmp && $(DL_CMD) $(notdir $@) "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=$(CONFIG_SUB_REV)" + cd $@.tmp && touch $(notdir $@) + cd $@.tmp && sha1sum -c $(CURDIR)/hashes/$(notdir $@).$(CONFIG_SUB_REV).sha1 + mv $@.tmp/$(notdir $@) $@ +@@ -82,7 +82,7 @@ $(SOURCES)/config.sub: | $(SOURCES) + + $(SOURCES)/%: hashes/%.sha1 | $(SOURCES) + mkdir -p $@.tmp +- cd $@.tmp && $(DL_CMD) $(notdir $@) $(SITE)/$(notdir $@) ++# cd $@.tmp && $(DL_CMD) $(notdir $@) $(SITE)/$(notdir $@) + cd $@.tmp && touch $(notdir $@) + cd $@.tmp && sha1sum -c $(CURDIR)/hashes/$(notdir $@).sha1 + mv $@.tmp/$(notdir $@) $@ +@@ -94,11 +94,9 @@ endif + # Rules for extracting and patching sources, or checking them out from git. + + musl-git-%: +- rm -rf $@.tmp +- git clone -b $(patsubst musl-git-%,%,$@) $(MUSL_REPO) $@.tmp +- cd $@.tmp && git fsck +- mv $@.tmp $@ +- ++# rm -rf $@.tmp ++# git clone -b $(patsubst musl-git-%,%,$@) $(MUSL_REPO) $@.tmp ++ cd $@ && git fsck + %.orig: $(SOURCES)/%.tar.gz + case "$@" in */*) exit 1 ;; esac + rm -rf $@.tmp diff --git a/tools/installer/rpm/toolchains/gcc/occlum-gcc.sh b/tools/installer/rpm/toolchains/gcc/occlum-gcc.sh new file mode 100644 index 00000000..b5166345 --- /dev/null +++ b/tools/installer/rpm/toolchains/gcc/occlum-gcc.sh @@ -0,0 +1 @@ +export PATH="$PATH:/usr/local/occlum/bin" diff --git a/tools/installer/rpm/toolchains/gcc/occlum-toolchains-gcc.spec b/tools/installer/rpm/toolchains/gcc/occlum-toolchains-gcc.spec new file mode 100644 index 00000000..d5b174e6 --- /dev/null +++ b/tools/installer/rpm/toolchains/gcc/occlum-toolchains-gcc.spec @@ -0,0 +1,127 @@ +%define centos_base_release 1 + +%define GCC_VER 8.3.0 +%define TARGET x86_64-linux-musl +%define INSTALL_DIR /opt/occlum/toolchains/gcc + +# to skip no build id error +%undefine _missing_build_ids_terminate_build + +Name: occlum-toolchains-gcc +Version: %{_musl_version} +Release: %{centos_base_release}%{?dist} +Summary: occlum toolchains gcc + +Group: Development/Libraries +License: BSD License +URL: https://github.com/occlum/occlum +Source0: https://github.com/occlum/occlum/archive/%{_musl_version}.tar.gz +Source1: https://github.com/richfelker/musl-cross-make/archive/v0.9.9.tar.gz +Source2: https://ftp.gnu.org/pub/gnu/gcc/gcc-%{GCC_VER}/gcc-%{GCC_VER}.tar.xz +Source3: config.sub +Source4: https://ftp.gnu.org/pub/gnu/binutils/binutils-2.33.1.tar.xz +Source5: https://ftp.gnu.org/pub/gnu/gmp/gmp-6.1.2.tar.bz2 +Source6: https://ftp.gnu.org/pub/gnu/mpc/mpc-1.1.0.tar.gz +Source7: https://ftp.gnu.org/pub/gnu/mpfr/mpfr-4.0.2.tar.bz2 +Source8: https://ftp.barfooze.de/pub/sabotage/tarballs/linux-headers-4.19.88.tar.xz +# Get Source9 from download script +Source9: musl-%{_musl_version}.tar.gz +Source10: occlum-gcc.sh + +Patch0: musl-cross-make-disable-download.patch + +ExclusiveArch: x86_64 + +BuildRequires: git +BuildRequires: devtoolset-9-gcc-c++ + +%description +Occlum toolchains gcc + +%prep +%setup -q -c -n %{name}-%{version} +%setup -q -T -D -a 1 + +# This patch replaces syscall instruction with libc's syscall wrapper +cp occlum-%{version}/tools/toolchains/gcc/0014-libgomp-*.diff musl-cross-make-0.9.9/patches/gcc-%{GCC_VER}/ + +pushd musl-cross-make-0.9.9 +mkdir -p sources/gcc-%{GCC_VER}.tar.xz.tmp && cp %{SOURCE2} sources/gcc-%{GCC_VER}.tar.xz.tmp +mkdir -p sources/config.sub.tmp && cp %{SOURCE3} sources/config.sub.tmp +mkdir -p sources/binutils-2.33.1.tar.xz.tmp && cp %{SOURCE4} sources/binutils-2.33.1.tar.xz.tmp +mkdir -p sources/gmp-6.1.2.tar.bz2.tmp && cp %{SOURCE5} sources/gmp-6.1.2.tar.bz2.tmp +mkdir -p sources/mpc-1.1.0.tar.gz.tmp && cp %{SOURCE6} sources/mpc-1.1.0.tar.gz.tmp +mkdir -p sources/mpfr-4.0.2.tar.bz2.tmp && cp %{SOURCE7} sources/mpfr-4.0.2.tar.bz2.tmp +mkdir -p sources/linux-headers-4.19.88.tar.xz.tmp && cp %{SOURCE8} sources/linux-headers-4.19.88.tar.xz.tmp +tar xf %{SOURCE9} +%patch0 -p1 +popd + +%build +source /opt/rh/devtoolset-9/enable +cd musl-cross-make-0.9.9 +cat > config.mak < %{buildroot}%{INSTALL_DIR}/bin/occlum-gcc < %{buildroot}%{INSTALL_DIR}/bin/occlum-g++ < %{buildroot}%{INSTALL_DIR}/bin/occlum-ld < - 0.14.0-1 +- Integrate with Occlum + +* Mon Jul 20 2020 Chunmei Xu - 0.14.0-0 +- Package init diff --git a/tools/installer/rpm/tools/occlum-sgx-tools-filelist b/tools/installer/rpm/tools/occlum-sgx-tools-filelist new file mode 100644 index 00000000..86788812 --- /dev/null +++ b/tools/installer/rpm/tools/occlum-sgx-tools-filelist @@ -0,0 +1,7 @@ +/opt/intel/sgxsdk/lib64/libsgx_uae_service_sim.so +/opt/intel/sgxsdk/sdk_libs/libsgx_uae_service_sim.so +/opt/intel/sgxsdk/lib64/libsgx_ptrace.so +/opt/intel/sgxsdk/lib64/gdb-sgx-plugin/* +/opt/intel/sgxsdk/bin/sgx-gdb +/opt/intel/sgxsdk/bin/x64/sgx_sign +/opt/intel/sgxsdk/environment diff --git a/tools/installer/rpm/tools/occlum-sgx-tools.spec b/tools/installer/rpm/tools/occlum-sgx-tools.spec new file mode 100644 index 00000000..0ec590a3 --- /dev/null +++ b/tools/installer/rpm/tools/occlum-sgx-tools.spec @@ -0,0 +1,29 @@ +%define centos_base_release 1 + +Name: occlum-sgx-tools +Version: 0.14.0 +Release: %{centos_base_release}%{?dist} +Summary: Occlum sgx tools + +Group: Development/Libraries +License: BSD License +URL: https://github.com/occlum/occlum +Source0: occlum-sgx-tools-filelist + +ExclusiveArch: x86_64 + +%description +Occlum sgx tools used during `occlum build` and `occlum gdb` + +%prep +mkdir -p %{?buildroot} +cp --parents /opt/intel/sgxsdk/lib64/{libsgx_ptrace.so,libsgx_uae_service_sim.so} %{?buildroot} +cp --parents /opt/intel/sgxsdk/lib64/gdb-sgx-plugin/* %{?buildroot} +cp --parents /opt/intel/sgxsdk/{bin/sgx-gdb,bin/x64/sgx_sign,environment,sdk_libs/libsgx_uae_service_sim.so} %{?buildroot} + +%files +%files -f %{SOURCE0} + +%changelog +* Wed Aug 05 2020 Chunyang Hui - 0.14.0-1 +- Package init diff --git a/tools/protect-integrity/Makefile b/tools/protect-integrity/Makefile index 4985a05e..9107a5cc 100644 --- a/tools/protect-integrity/Makefile +++ b/tools/protect-integrity/Makefile @@ -53,7 +53,9 @@ endif ######## App Settings ######## ifneq ($(SGX_MODE), HW) - URTS_LIBRARY_NAME := sgx_urts_sim + # Tools are built in simulation mode by default and should be built with sgx_urts_sim_with_se_event + # to resolve undefined symbols + URTS_LIBRARY_NAME := sgx_urts_sim_with_se_event else URTS_LIBRARY_NAME := sgx_urts endif @@ -78,7 +80,9 @@ else endif APP_CPP_FLAGS := $(APP_C_FLAGS) -std=c++11 -APP_LINK_FLAGS := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(URTS_LIBRARY_NAME) -lsgx_uprotected_fs -lpthread +APP_LINK_FLAGS := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -l$(URTS_LIBRARY_NAME) -Wl,-Bdynamic + +APP_LINK_FLAGS += -lsgx_uprotected_fs -ldl -lcrypto ifneq ($(SGX_MODE), HW) APP_LINK_FLAGS += -lsgx_uae_service_sim diff --git a/tools/toolchains/gcc/build.sh b/tools/toolchains/gcc/build.sh index 8a775a31..105cbb38 100755 --- a/tools/toolchains/gcc/build.sh +++ b/tools/toolchains/gcc/build.sh @@ -17,7 +17,7 @@ cd ${BUILD_DIR} # Download musl-cross-make project git clone https://github.com/richfelker/musl-cross-make cd musl-cross-make -git checkout d969dea983a2cc54a1e0308a0cdeb6c3307e4bfa +git checkout v0.9.9 # Let musl-cross-make build for x86-64 Linux TARGET=x86_64-linux-musl