Update docker file for CentOS

2020-05-19 14:39:09 +08:00 · 2020-05-19 14:39:09 +08:00 · f193f271a4
commit f193f271a4
parent 17b4912055
4 changed files with 30 additions and 130 deletions
--- a/tools/docker/Dockerfile.centos7.5
+++ b/tools/docker/Dockerfile.centos7.5
@ -1,4 +1,4 @@
-FROM centos:7.2.1511
+FROM centos:7.5.1804

 LABEL maintainer="He Sun <bochang.sh@antfin.com>"

@ -35,8 +35,6 @@ RUN yum update -y && \
        ocaml-ocamlbuild \
        openssl \
        openssl-devel \
-        protobuf-compiler \
-        protobuf-devel \
        sudo \
        uuid-devel \
        vim \
@ -45,6 +43,16 @@ RUN yum update -y && \
    yum install -y golang && \
    yum clean all

+# Install Protobuf (version >= 3.0)
+WORKDIR /tmp
+RUN yum install -y https://cbs.centos.org/kojifiles/packages/protobuf/3.6.1/4.el7/x86_64/protobuf-3.6.1-4.el7.x86_64.rpm && \
+    yum install -y https://cbs.centos.org/kojifiles/packages/protobuf/3.6.1/4.el7/x86_64/protobuf-compiler-3.6.1-4.el7.x86_64.rpm && \
+    yum install -y https://cbs.centos.org/kojifiles/packages/protobuf/3.6.1/4.el7/x86_64/protobuf-devel-3.6.1-4.el7.x86_64.rpm
+
+# Upgrade git (version >= 1.8.4)
+RUN yum install -y http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm && \
+    yum install -y git
+
 # Install cpuid tool for tests
 WORKDIR /tmp
 RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
@ -52,16 +60,23 @@ RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
    cp ./cpuid-20200211/cpuid /usr/bin/ && \
    rm -rf /tmp/cpuid-20200211*

+# Upgrade GCC
+# Use Developer Toolset 8 from Software Collections (SCLs) to have a newer gcc (8.3.1) than
+# the native one (4.8.5) and enable it during the build.
+RUN yum install centos-release-scl-rh -y && \
+    yum install devtoolset-8-toolchain -y && \
+    printf "unset BASH_ENV PROMPT_COMMAND ENV\nsource scl_source enable devtoolset-8\n" > /usr/bin/scl_enable && \
+    echo 'source /opt/rh/devtoolset-8/enable' >> /root/.bashrc
+ARG BASH_ENV="/usr/bin/scl_enable"
+ARG ENV="/usr/bin/scl_enable"
+ARG PROMPT_COMMAND=". /usr/bin/scl_enable"
+
 # Install SGX SDK
 WORKDIR /tmp
 RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \
    cd linux-sgx && \
    ./download_prebuilt.sh && \
-    cp ./external/toolset/as /usr/local/bin/ && \
-    cp ./external/toolset/ld /usr/local/bin/ && \
-    cp ./external/toolset/ld.gold /usr/local/bin/ && \
-    cp ./external/toolset/objdump /usr/local/bin/ && \
-    ./compile_and_install.sh && \
+    ./compile_and_install.sh no_mitigation && \
    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
    rm -rf /tmp/linux-sgx

@ -73,16 +88,6 @@ RUN curl https://sh.rustup.rs -sSf | \
    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
    cargo -V

-# Upgrade gcc to compile occlum toolchain.
-# Use Developer Toolset 8 from Software Collections (SCLs) to have a newer gcc (8.3.1) than
-# the native one (4.8.5) and enable it during the build.
-RUN yum install centos-release-scl-rh -y && \
-    yum install devtoolset-8-toolchain -y && \
-    printf "unset BASH_ENV PROMPT_COMMAND ENV\nsource scl_source enable devtoolset-8\n" > /usr/bin/scl_enable
-ARG BASH_ENV="/usr/bin/scl_enable"
-ARG ENV="/usr/bin/scl_enable"
-ARG PROMPT_COMMAND=". /usr/bin/scl_enable"
-
 # Install Occlum toolchain
 COPY toolchains/gcc/* /tmp/
 WORKDIR /tmp
@ -99,6 +104,7 @@ ENV PATH="/usr/local/occlum/golang/bin:$PATH"
 WORKDIR /root
 RUN git clone https://github.com/occlum/occlum && \
    cd occlum && \
+    source /root/.bashrc && \
    make submodule && \
    OCCLUM_RELEASE_BUILD=1 make && \
    make install && \
--- a/tools/docker/Dockerfile.ubuntu16.04
+++ b/tools/docker/Dockerfile.ubuntu16.04
@ -1,105 +0,0 @@
-FROM ubuntu:16.04
-
-LABEL maintainer="Tate, Hongliang Tian <tate.thl@antfin.com>"
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-        alien \
-        autoconf \
-        automake \
-        build-essential \
-        ca-certificates \
-        cmake \
-        curl \
-        debhelper \
-        expect \
-        g++ \
-        gdb \
-        git-core \
-        golang-go \
-        jq \
-        kmod \
-        libboost-system-dev \
-        libboost-thread-dev \
-        libcurl4-openssl-dev \
-        libfuse-dev \
-        libjsoncpp-dev \
-        liblog4cpp5-dev \
-        libprotobuf-c0-dev \
-        libprotobuf-dev \
-        libssl-dev \
-        libtool \
-        libxml2-dev \
-        ocaml \
-        pkg-config \
-        protobuf-compiler \
-        python \
-        python-pip \
-        sudo \
-        unzip \
-        uuid-dev \
-        vim \
-        wget \
-        zip \
-        && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-# Install cpuid tool for tests
-WORKDIR /tmp
-RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
-    tar -xf ./cpuid-20200211.x86_64.tar.gz && \
-    cp ./cpuid-20200211/cpuid /usr/bin/ && \
-    rm -rf /tmp/cpuid-20200211*
-
-# Install SGX SDK
-WORKDIR /tmp
-RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \
-    cd linux-sgx && \
-    ./download_prebuilt.sh && \
-    cp ./external/toolset/as /usr/local/bin/ && \
-    cp ./external/toolset/ld /usr/local/bin/ && \
-    cp ./external/toolset/ld.gold /usr/local/bin/ && \
-    cp ./external/toolset/objdump /usr/local/bin/ && \
-    ./compile_and_install.sh && \
-    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
-    rm -rf /tmp/linux-sgx
-
-# Install Rust
-ENV PATH="/root/.cargo/bin:$PATH"
-ENV OCCLUM_RUST_VERSION=nightly-2020-04-07
-RUN curl https://sh.rustup.rs -sSf | \
-        sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
-    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
-    cargo -V
-
-# Install Occlum toolchain
-COPY toolchains/gcc/* /tmp/
-WORKDIR /tmp
-RUN ./build.sh
-ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
-
-# Install Occlum Golang toolchain
-COPY toolchains/golang/* /tmp/
-WORKDIR /tmp
-RUN ./build.sh
-ENV PATH="/usr/local/occlum/golang/bin:$PATH"
-
-# Install the latest version of Occlum
-WORKDIR /root
-RUN git clone https://github.com/occlum/occlum && \
-    cd occlum && \
-    make submodule && \
-    OCCLUM_RELEASE_BUILD=1 make && \
-    make install && \
-    cp -r demos /root/demos && \
-    rm -rf /root/occlum
-
-# Start AESM service automatically
-#
-# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
-# as a "real" service since the pid 1 is not systemd in Docker. So we start
-# up AESM service when an user login with an interative shell.
-COPY docker/start_aesm.sh /opt/occlum/
-RUN echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
-
-WORKDIR /root
--- a/tools/docker/README.md
+++ b/tools/docker/README.md
@ -4,7 +4,7 @@ This folder contains scripts and Dockerfiles for users to build the Docker image
 for Occlum. An Occlum Docker image sets up the development environment for
 Occlum and also gets Occlum preinstalled.

-Currently, Three Linux OS distributions are supported: Ubuntu 16.04, Ubuntu 18.04 and CentOS 7.2.
+Currently, Two Linux OS distributions are supported: Ubuntu 18.04 and CentOS 7.5.

 ## How to Build

@ -14,9 +14,9 @@ To build an Occlum Docker image, run the following command
 ```
 where `<OCCLUM_LABEL>` is an arbitrary string chosen by the user to
 describe the version of Occlum preinstalled in the Docker image
-(e.g., "latest", "0.9.0", and "prerelease") and `<OS_NAME>` is the
+(e.g., "latest", "0.12.0", and "prerelease") and `<OS_NAME>` is the
 name of the OS distribution that the Docker image is based on.
 Currently, `<OS_NAME>` must be one of the following values:
-`ubuntu16.04`, `ubuntu18.04` and `centos7.2`.
+`ubuntu18.04` and `centos7.5`.

 The resulting Docker image will have `occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>` as its label.
--- a/tools/docker/build_image.sh
+++ b/tools/docker/build_image.sh
@ -15,13 +15,12 @@ USAGE:
    build_image.sh <OCCLUM_LABEL> <OS_NAME>

 <OCCLUM_LABEL>:
-    An arbitrary string chosen by the user to describe the version of Occlum preinstalled in the Docker image, e.g., "latest", "0.9.0", "prerelease", and etc.
+    An arbitrary string chosen by the user to describe the version of Occlum preinstalled in the Docker image, e.g., "latest", "0.12.0", "prerelease", and etc.

 <OS_NAME>:
    The name of the OS distribution that the Docker image is based on. Currently, <OS_NAME> must be one of the following values:
-        ubuntu16.04         Use Ubuntu 16.04 as the base image
        ubuntu18.04         Use Ubuntu 18.04 as the base image
-        centos7.2           Use CentOS 7.2 as the base image
+        centos7.5           Use CentOS 7.5 as the base image

 The resulting Docker image will have "occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>" as its label.
 EOF
@ -43,7 +42,7 @@ function check_item_in_list() {
    [[ $list =~ (^|[[:space:]])$item($|[[:space:]]) ]]
 }

-check_item_in_list "$os_name" "ubuntu16.04 ubuntu18.04 centos7.2" || report_error
+check_item_in_list "$os_name" "ubuntu18.04 centos7.5" || report_error

 cd "$script_dir/.."
 docker build -f "$script_dir/Dockerfile.$os_name" -t "occlum/occlum:$occlum_label-$os_name" .