From ebc158fe6c6d31e5850d6576090ba331114dece4 Mon Sep 17 00:00:00 2001
From: He Sun <bochang.sh@antfin.com>
Date: Fri, 27 Dec 2019 15:57:54 +0800
Subject: [PATCH] Add Dockerfile for CentOS 7.2

---
 tools/docker/Dockerfile.centos7.2             | 104 ++++++++++++++++++
 .../{Dockerfile => Dockerfile.ubuntu16.04}    |   0
 tools/docker/README.md                        |  22 ++++
 tools/docker/build.sh                         |  17 ---
 tools/docker/build_image.sh                   |  44 ++++++++
 tools/toolchains/gcc/build.sh                 |   2 +-
 6 files changed, 171 insertions(+), 18 deletions(-)
 create mode 100644 tools/docker/Dockerfile.centos7.2
 rename tools/docker/{Dockerfile => Dockerfile.ubuntu16.04} (100%)
 create mode 100644 tools/docker/README.md
 delete mode 100755 tools/docker/build.sh
 create mode 100755 tools/docker/build_image.sh

diff --git a/tools/docker/Dockerfile.centos7.2 b/tools/docker/Dockerfile.centos7.2
new file mode 100644
index 00000000..324becd9
--- /dev/null
+++ b/tools/docker/Dockerfile.centos7.2
@@ -0,0 +1,104 @@
+FROM centos:7.2.1511
+
+LABEL maintainer="He Sun <bochang.sh@antfin.com>"
+
+RUN yum update -y && \
+    yum install -y \
+        autoconf \
+        automake \
+        ca-certificates \
+        boost-devel \
+        cmake \
+        curl \
+        curl-devel \
+        expect \
+        fuse-devel \
+        fuse-libs \
+        gcc \
+        gcc-c++ \
+        glibc-headers \
+        gdb \
+        git \
+        git-core \
+        gmp-devel \
+        libmpc-devel \
+        libxml2-devel \
+        libtool \
+        pkgconfig \
+        python \
+        kmod \
+        make \
+        mod_ssl \
+        mpfr-devel \
+        ocaml \
+        ocaml-ocamlbuild \
+        openssl \
+        openssl-devel \
+        protobuf-compiler \
+        protobuf-devel \
+        sudo \
+        uuid-devel \
+        vim \
+        wget && \
+    yum groupinstall 'Development Tools' -y && \
+    yum clean all
+
+# Install cpuid tool for tests
+WORKDIR /tmp
+RUN wget http://www.etallen.com/cpuid/cpuid-20180519.x86_64.tar.gz && \
+    tar -xf ./cpuid-20180519.x86_64.tar.gz && \
+    cp ./cpuid-20180519/cpuid /usr/bin/ && \
+    rm -rf /tmp/cpuid-20180519*
+
+# Install SGX SDK
+WORKDIR /tmp
+RUN git clone https://github.com/occlum/linux-sgx && \
+    cd linux-sgx && \
+    ./download_prebuilt.sh && \
+    ./compile.sh && \
+    ./install.sh && \
+    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
+    rm -rf /tmp/linux-sgx
+
+# Install Rust
+ENV OCCLUM_RUST_VERSION=nightly-2019-01-28
+RUN curl https://sh.rustup.rs -sSf | \
+        sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
+    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git
+ENV PATH="/root/.cargo/bin:$PATH"
+
+# Upgrade gcc to compile occlum toolchain.
+# Use Developer Toolset 8 from Software Collections (SCLs) to have a newer gcc (8.3.1) than
+# the native one (4.8.5) and enable it during the build.
+RUN yum install centos-release-scl-rh -y && \
+    yum install devtoolset-8-toolchain -y && \
+    printf "unset BASH_ENV PROMPT_COMMAND ENV\nsource scl_source enable devtoolset-8\n" > /usr/bin/scl_enable
+ARG BASH_ENV="/usr/bin/scl_enable"
+ARG ENV="/usr/bin/scl_enable"
+ARG PROMPT_COMMAND=". /usr/bin/scl_enable"
+
+# Install Occlum toolchain
+COPY toolchains/gcc/* /tmp/
+WORKDIR /tmp
+RUN ./build.sh
+ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
+
+# Install the latest version of Occlum
+WORKDIR /root
+RUN git clone https://github.com/occlum/occlum && \
+    cd occlum && \
+    make submodule && \
+    make LIBOS_RELEASE=1 && \
+    make install && \
+    cp -r demos /root/demos && \
+    rm -rf /root/occlum
+
+# Start AESM service automatically
+#
+# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
+# as a "real" service since the pid 1 is not systemd in Docker. So we start
+# up AESM service when an user login with an interative shell.
+COPY docker/start_aesm.sh /opt/occlum/
+RUN echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
+
+WORKDIR /root
diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile.ubuntu16.04
similarity index 100%
rename from tools/docker/Dockerfile
rename to tools/docker/Dockerfile.ubuntu16.04
diff --git a/tools/docker/README.md b/tools/docker/README.md
new file mode 100644
index 00000000..95cfef74
--- /dev/null
+++ b/tools/docker/README.md
@@ -0,0 +1,22 @@
+# Building Occlum Docker images
+
+This folder contains scripts and Dockerfiles for users to build the Docker images
+for Occlum. An Occlum Docker image sets up the development environment for 
+Occlum and also gets Occlum preinstalled.
+
+Currently, two Linux OS distributions are supported: Ubuntu 16.04 and CentOS 7.2.
+
+## How to Build
+
+To build an Occlum Docker image, run the following command
+```
+./build_image.sh <OCCLUM_LABEL> <OS_NAME>
+```
+where `<OCCLUM_LABEL>` is an arbitrary string chosen by the user to 
+describe the version of Occlum preinstalled in the Docker image 
+(e.g., "latest", "0.8.0", and "prerelease") and `<OS_NAME>` is the 
+name of the OS distribution that the Docker image is based on. 
+Currently, `<OS_NAME>` must be one of the following values: 
+`ubuntu16.04` and `centos7.2`.
+
+The resulting Docker image will have `occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>` as its label.
diff --git a/tools/docker/build.sh b/tools/docker/build.sh
deleted file mode 100755
index 822d5d3f..00000000
--- a/tools/docker/build.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}"  )" >/dev/null 2>&1 && pwd )"
-
-set -e
-
-if [[ ( "$#" < 1 ) ]] ; then
-    echo "Error: tag is not given"
-    echo ""
-    echo "Usage: run command"
-    echo "    build.sh <tag>"
-    echo "to build a Docker image with a tag (e.g., occlum/occlum:latest)."
-    exit 1
-fi
-tag=$1
-
-cd "$script_dir/.."
-docker build -f "$script_dir/Dockerfile" -t "$tag" .
diff --git a/tools/docker/build_image.sh b/tools/docker/build_image.sh
new file mode 100755
index 00000000..163d9900
--- /dev/null
+++ b/tools/docker/build_image.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}"  )" >/dev/null 2>&1 && pwd )"
+
+report_error() {
+    RED=$(tput setaf 1)
+    NO_COLOR=$(tput sgr0)
+
+    cat <<EOF
+${RED}error:${NO_COLOR} input is invalid
+
+build_image
+Build an Occlum Docker image for a specific OS
+
+USAGE:
+    build_image.sh <OCCLUM_LABEL> <OS_NAME>
+
+<OCCLUM_LABEL>:
+    An arbitrary string chosen by the user to describe the version of Occlum preinstalled in the Docker image, e.g., "latest", "0.8.0", "prerelease", and etc.
+
+<OS_NAME>:
+    The name of the OS distribution that the Docker image is based on. Currently, <OS_NAME> must be one of the following values:
+        ubuntu16.04         Use Ubuntu 16.04 as the base image
+        centos7.2           Use CentOS 7.2 as the base image
+
+The resulting Docker image will have "occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>" as its label.
+EOF
+    exit 1
+}
+
+set -e
+
+if [[ ( "$#" < 2 ) ]] ; then
+    report_error
+fi
+
+occlum_label=$1
+os_name=$2
+
+if [ "$os_name" != "ubuntu16.04" ] && [ "$os_name" != "centos7.2" ];then
+    report_error
+fi
+
+cd "$script_dir/.."
+docker build -f "$script_dir/Dockerfile.$os_name" -t "occlum/occlum:$occlum_label-$os_name" .
diff --git a/tools/toolchains/gcc/build.sh b/tools/toolchains/gcc/build.sh
index 3c2033b5..d0dfc05d 100755
--- a/tools/toolchains/gcc/build.sh
+++ b/tools/toolchains/gcc/build.sh
@@ -41,7 +41,7 @@ GCC_VER = ${GCC_VER}
 MUSL_VER = git-${MUSL_VER}
 MUSL_REPO = ${MUSL_REPO}
 EOF
-make
+make -j$(nproc)
 make install
 
 # Remove all source code and build files