From c506334ca87582cfc4f40f44d4dcb7d64246addc Mon Sep 17 00:00:00 2001 From: Qi Zheng Date: Wed, 1 Nov 2023 16:05:15 +0800 Subject: [PATCH] [tools] Update ubuntu20.04-rt dockerfile for 0.30.0 --- tools/docker/Dockerfile.ubuntu20.04-rt | 7 ++++--- tools/docker/docker-entrypoint.sh | 5 ++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tools/docker/Dockerfile.ubuntu20.04-rt b/tools/docker/Dockerfile.ubuntu20.04-rt index 6e890bcc..94d04c23 100644 --- a/tools/docker/Dockerfile.ubuntu20.04-rt +++ b/tools/docker/Dockerfile.ubuntu20.04-rt @@ -3,9 +3,9 @@ LABEL maintainer="Qi Zheng " # Install SGX DCAP and Occlum runtime ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 -ARG PSW_VERSION=2.17.100.3 -ARG DCAP_VERSION=1.14.100.3 -ARG OCCLUM_VERSION=0.29.7 +ARG PSW_VERSION=2.20.100.4 +ARG DCAP_VERSION=1.17.100.4 +ARG OCCLUM_VERSION=0.30.0 RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gnupg wget ca-certificates jq && \ echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \ @@ -37,6 +37,7 @@ COPY docker-entrypoint.sh /usr/local/bin/ ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH" # This PCCS value could be updated by env passed from user by below entryp ENV PCCS_URL="https://localhost:8081/sgx/certification/v3/" +ENV USE_SECURE_CERT=true ENTRYPOINT ["docker-entrypoint.sh"] WORKDIR /root diff --git a/tools/docker/docker-entrypoint.sh b/tools/docker/docker-entrypoint.sh index 7c312b63..414e763e 100755 --- a/tools/docker/docker-entrypoint.sh +++ b/tools/docker/docker-entrypoint.sh @@ -1,7 +1,10 @@ #!/bin/bash # Update PCCS_URL -line=$(grep -n "pccs_url" /etc/sgx_default_qcnl.conf | cut -d ":" -f 1) +line=$(grep -n '"pccs_url"' /etc/sgx_default_qcnl.conf | cut -d ":" -f 1) sed -i "${line}c \"pccs_url\": \"${PCCS_URL}\"," /etc/sgx_default_qcnl.conf +# Update use_secure_cert +line=$(grep -n '"use_secure_cert"' /etc/sgx_default_qcnl.conf | cut -d ":" -f 1) +sed -i "${line}c \"use_secure_cert\": ${USE_SECURE_CERT}," /etc/sgx_default_qcnl.conf exec "$@"