general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add "occlum package" command

Browse Source
This commit is contained in:
Hui, Chunyang 2020-08-11 02:32:01 +00:00 committed by Tate, Hongliang Tian
parent ec9ffed1b0
commit bfc0576ee7
1 changed files with 63 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
tools/occlum
View File

@ -12,10 +12,13 @@ else
occlum_sgx_env=$occlum_dir/etc/environment occlum_sgx_env=$occlum_dir/etc/environment
fi fi
# For deploy environment, version header file may not exist
if [ -f "$version_header" ]; then
major_ver=`grep '\#define OCCLUM_MAJOR_VERSION' $version_header | awk '{print $3}'` major_ver=`grep '\#define OCCLUM_MAJOR_VERSION' $version_header | awk '{print $3}'`
minor_ver=`grep '\#define OCCLUM_MINOR_VERSION' $version_header | awk '{print $3}'` minor_ver=`grep '\#define OCCLUM_MINOR_VERSION' $version_header | awk '{print $3}'`
patch_ver=`grep '\#define OCCLUM_PATCH_VERSION' $version_header | awk '{print $3}'` patch_ver=`grep '\#define OCCLUM_PATCH_VERSION' $version_header | awk '{print $3}'`
occlum_version="$major_ver.$minor_ver.$patch_ver" occlum_version="$major_ver.$minor_ver.$patch_ver"
fi
instance_dir=`pwd` instance_dir=`pwd`
@ -26,6 +29,11 @@ SGX_GDB="$SGX_SDK/bin/sgx-gdb"
ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign" ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign"
ENCLAVE_SIGN_KEY="$occlum_dir/etc/template/Enclave.pem" ENCLAVE_SIGN_KEY="$occlum_dir/etc/template/Enclave.pem"
get_enclave_debuggable_flag() {
cat "$instance_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['metadata']['debuggable']"
}
exit_error() { exit_error() {
echo "Error: $@" >&2 echo "Error: $@" >&2
exit 1 exit 1
@ -43,9 +51,10 @@ Usage:
Initialize a directory as the Occlum instance. Initialize a directory as the Occlum instance.
occlum build [--sign-key <key_path>] [--sign-tool <tool_path>] [-f/--force] occlum build [--sign-key <key_path>] [--sign-tool <tool_path>] [-f/--force]
Build and sign an Occlum SGX enclave (.so) and generate its associated secure FS image Build and sign an Occlum SGX enclave (.so) and generate its associated secure
according to the user-provided image directory and Occlum.json config file. FS image according to the user-provided image directory and Occlum.json config file.
The whole building process is incremental: the building artifacts are built only when needed. The whole building process is incremental: the building artifacts are built only
when needed.
To force rebuilding all artifacts, give the [-f/--force] flag. To force rebuilding all artifacts, give the [-f/--force] flag.
occlum run <program_name> <program_args> occlum run <program_name> <program_args>
@ -53,6 +62,14 @@ Usage:
To run the enclave in SGX hardware release mode, use: To run the enclave in SGX hardware release mode, use:
OCCLUM_RELEASE_ENCLAVE=1 occlum run <program_name> <program_args> OCCLUM_RELEASE_ENCLAVE=1 occlum run <program_name> <program_args>
occlum package [<package_name>.tar.gz]
Generate a minimal, self-contained package (.tar.gz) for the Occlum instance.
The resulting package can then be copied to a deployment environment and unpacked
as a runnable Occlum instance.
All runtime dependencies required by the Occlum instance---except Intel SGX driver,
enable_rdfsbase kernel module, and Intel SGX PSW---are included in the package.
If package_name is not specified, the directory name of Occlum instance will be used.
occlum gdb <program_name> <program_args> occlum gdb <program_name> <program_args>
Debug the program running inside an SGX enclave with GDB. Debug the program running inside an SGX enclave with GDB.
@ -78,7 +95,6 @@ check_has_built() {
fi fi
} }
cmd_new() { cmd_new() {
if [ -z $@ ]; then if [ -z $@ ]; then
echo "Error: target directory is not set" echo "Error: target directory is not set"
@ -265,6 +281,42 @@ cmd_stop() {
echo "built" > "$status_file" echo "built" > "$status_file"
} }
cmd_package() {
check_has_built
SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
echo '"occlum package" command should only be used for an Occlum instance of SGX hardware mode, not the simulation mode.'
echo 'Please run "occlum build --sgx-mode HW" and then use "occlum package"'
exit 1
fi
instance_base_name=$(basename $instance_dir)
if [[ -z "$@" ]]; then
package_name="$instance_base_name.tar.gz"
else
if [[ "$@" == *.tar.gz ]];then
package_name="$@"
else
package_name="$@.tar.gz"
fi
fi
rm -f $package_name
cd .. && tar -cvzf $instance_dir/$package_name $instance_base_name/Occlum.json $instance_base_name/build/bin \
$instance_base_name/build/lib/libocclum-libos.signed.so $instance_base_name/build/lib/libocclum-pal.so* \
$instance_base_name/build/mount $instance_base_name/build/Occlum.json.protected $instance_base_name/run \
$instance_base_name/.__occlum_status $instance_base_name/.sgx_mode
if [ "`get_enclave_debuggable_flag`" == "True" ]; then
echo 'Warning: current Occlum instance is configured as "debuggable".'
echo '(If it is not expected, you can modify the Occlum.json "metadata" - "debuggable" field to "false" and build again. And then use "occlum package")'
fi
echo "The package $package_name is generated successfully"
}
cmd_gdb() { cmd_gdb() {
check_has_built check_has_built
@ -372,6 +424,9 @@ case "$cmd" in
stop) stop)
cmd_stop cmd_stop
;; ;;
package)
cmd_package "${@:2}"
;;
gdb) gdb)
cmd_gdb "${@:2}" cmd_gdb "${@:2}"
;; ;;