general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add ubuntu20.04 docker file

Browse Source
This commit is contained in:
zongmin.gu 2022-02-10 15:07:07 +08:00 committed by Zongmin.Gu
parent d5164239d0
commit f790f3d964
3 changed files with 252 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
.github/workflows/build_and_push_docker_image.yml vendored
View File

@ -5,9 +5,9 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
OS: OS:
description: 'OS name (must choose from <centos, ubuntu>)' description: 'OS name (must choose from <centos, ubuntu18, ubuntu20>)'
required: true required: true
default: 'ubuntu' default: 'ubuntu18'
jobs: jobs:
generate-centos-image: generate-centos-image:
@ -55,10 +55,9 @@ jobs:
push: true push: true
tags: occlum/occlum:${{ env.RELEASE_VERSION }}-centos8.2 tags: occlum/occlum:${{ env.RELEASE_VERSION }}-centos8.2
generate-ubuntu18-image:
generate-ubuntu-image:
runs-on: ubuntu-18.04 runs-on: ubuntu-18.04
if: github.event.inputs.OS == 'ubuntu' if: github.event.inputs.OS == 'ubuntu18'
steps: steps:
- name: Checkout code - name: Checkout code
@ -102,3 +101,50 @@ jobs:
build-args: OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }} build-args: OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }}
push: true push: true
tags: occlum/occlum:${{ env.RELEASE_VERSION }}-ubuntu18.04 tags: occlum/occlum:${{ env.RELEASE_VERSION }}-ubuntu18.04
generate-ubuntu20-image:
runs-on: ubuntu-20.04
if: github.event.inputs.OS == 'ubuntu20'
steps:
- name: Checkout code
uses: actions/checkout@v2
# Because "Build and push" step `context` field can't be subdir,
# we need to copy files needed by dockerfile to root dir of the project
- name: Copy context for docker build
run: |
cp -r tools/toolchains .
cp -r tools/docker .
- name: Get Occlum release version
run: echo "RELEASE_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
- name: Get branch name
# GITHUB_REF=refs/heads/branch-name
# ${GITHUB_REF##*/} == branch-name
run: echo "OCCLUM_BRANCH=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV;
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=104857600
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./tools/docker/Dockerfile.ubuntu20.04
platforms: linux/amd64
build-args: OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }}
push: true
tags: occlum/occlum:${{ env.RELEASE_VERSION }}-ubuntu20.04

199
tools/docker/Dockerfile.ubuntu20.04 Normal file
View File

@ -0,0 +1,199 @@
FROM alpine:3.11 AS alpine
LABEL maintainer="Qing Li <geding.lq@antgroup.com>"
RUN apk update && \
apk --no-cache add openjdk11 openjdk8 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
FROM ubuntu:20.04
LABEL maintainer="Qing Li <geding.lq@antgroup.com>"
#The default shell for the RUN instruction is ["/bin/sh", "-c"], which sometimes cause unexpected error
#for example "source a_file". Use bash as default shell instead.
SHELL ["/bin/bash", "-c"]
RUN apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \
alien \
astyle \
autoconf \
automake \
bison \
build-essential \
ca-certificates \
cmake \
curl \
debhelper \
expect \
g++ \
gawk \
gdb \
git-core \
golang-go \
jq \
kmod \
lcov \
libboost-system-dev \
libboost-thread-dev \
libclang-dev \
libcurl4-openssl-dev \
libfuse-dev \
libjsoncpp-dev \
liblog4cpp5-dev \
libprotobuf-c-dev \
libprotobuf-dev \
libssl-dev \
libtool \
libxml2-dev \
nano \
ocaml \
ocamlbuild \
pkg-config \
protobuf-compiler \
python \
python3-pip \
sudo \
unzip \
uuid-dev \
vim \
wget \
zip \
gnupg \
aptitude \
rsync \
cpuid \
&& \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN echo "ca_directory=/etc/ssl/certs" >> /etc/wgetrc && \
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list &&\
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key --no-check-certificate | apt-key add -
# Install cpuid tool for tests
# WORKDIR /tmp
# RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
# tar -xf ./cpuid-20200211.x86_64.tar.gz && \
# cp ./cpuid-20200211/cpuid /usr/bin/ && \
# rm -rf /tmp/cpuid-20200211*
# Install Rust
ENV PATH="/root/.cargo/bin:$PATH"
ENV OCCLUM_RUST_VERSION=nightly-2021-11-01
RUN curl https://sh.rustup.rs -sSf | \
sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
cargo -V
# Install SGX PSW
ARG PSW_VERSION=2.15.101.1
ARG DCAP_VERSION=1.12.101.1
RUN apt-get update && aptitude install -y \
libsgx-launch-dev=$PSW_VERSION-focal1 \
libsgx-epid-dev=$PSW_VERSION-focal1 \
libsgx-quote-ex-dev=$PSW_VERSION-focal1 \
libsgx-urts=$PSW_VERSION-focal1 \
libsgx-enclave-common=$PSW_VERSION-focal1 \
libsgx-uae-service=$PSW_VERSION-focal1 \
libsgx-ae-epid=$PSW_VERSION-focal1 \
libsgx-ae-le=$PSW_VERSION-focal1 \
libsgx-ae-pce=$PSW_VERSION-focal1 \
libsgx-aesm-launch-plugin=$PSW_VERSION-focal1 \
sgx-aesm-service=$PSW_VERSION-focal1 \
libsgx-aesm-launch-plugin=$PSW_VERSION-focal1 \
libsgx-aesm-pce-plugin=$PSW_VERSION-focal1 \
libsgx-aesm-ecdsa-plugin=$PSW_VERSION-focal1 \
libsgx-aesm-epid-plugin=$PSW_VERSION-focal1 \
libsgx-aesm-quote-ex-plugin=$PSW_VERSION-focal1 \
libsgx-dcap-quote-verify=$DCAP_VERSION-focal1 \
libsgx-dcap-quote-verify-dev=$DCAP_VERSION-focal1 \
libsgx-dcap-ql=$DCAP_VERSION-focal1 \
libsgx-dcap-ql-dev=$DCAP_VERSION-focal1 \
libsgx-epid=$PSW_VERSION-focal1 \
libsgx-quote-ex=$PSW_VERSION-focal1 \
libsgx-pce-logic=$DCAP_VERSION-focal1 \
libsgx-qe3-logic=$DCAP_VERSION-focal1 \
libsgx-launch=$PSW_VERSION-focal1 \
libsgx-dcap-default-qpl=$DCAP_VERSION-focal1 \
&& \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
ln -s /usr/lib/x86_64-linux-gnu/libsgx_enclave_common.so.1 /usr/lib/x86_64-linux-gnu/libsgx_enclave_common.so
# Install SGX SDK
WORKDIR /tmp
RUN git clone -b sgx_2.15.1_for_occlum https://github.com/occlum/linux-sgx && \
mkdir /etc/init && \
cd linux-sgx && \
make preparation && \
./compile_and_install.sh no_mitigation USE_OPT_LIBS=3 && \
echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
rm -rf /tmp/linux-sgx
# Download the Occlum source
ARG OCCLUM_BRANCH
WORKDIR /root
RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
# Install Occlum toolchain
WORKDIR /tmp
RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
# Install glibc
WORKDIR /tmp
RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
# Install Occlum Golang toolchain
WORKDIR /tmp
RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
# Install Occlum Rust toolchain
WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
# Install Occlum bash
WORKDIR /tmp
RUN cd bash && ./build.sh && rm -rf /tmp/bash
# Install Occlum busybox
WORKDIR /tmp
RUN cd busybox && ./build.sh && rm -rf /tmp/busybox
# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
# Install OpenJDK 8
ARG JDK8_PATH=/opt/occlum/toolchains/jvm/java-1.8-openjdk
COPY --from=alpine /usr/lib/jvm/java-1.8-openjdk $JDK8_PATH
RUN rm $JDK8_PATH/jre/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK8_PATH/jre/lib/security/cacerts
WORKDIR /root
RUN cd occlum && \
source /opt/intel/sgxsdk/environment && \
make submodule && \
OCCLUM_RELEASE_BUILD=1 make && \
make install && \
cp -r demos /root/demos && \
rm -rf /root/occlum
# Start AESM service automatically
#
# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
# as a "real" service since the pid 1 is not systemd in Docker. So we start
# up AESM service when an user login with an interative shell.
RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
WORKDIR /root

3
tools/docker/build_image.sh
View File

@ -20,6 +20,7 @@ USAGE:
<OS_NAME>: <OS_NAME>:
The name of the OS distribution that the Docker image is based on. Currently, <OS_NAME> must be one of the following values: The name of the OS distribution that the Docker image is based on. Currently, <OS_NAME> must be one of the following values:
ubuntu18.04 Use Ubuntu 18.04 as the base image ubuntu18.04 Use Ubuntu 18.04 as the base image
ubuntu20.04 Use Ubuntu 20.04 as the base image
centos8.2 Use CentOS 8.2 as the base image centos8.2 Use CentOS 8.2 as the base image
aliyunlinux3 Use AliyunLinux 3 as the base image aliyunlinux3 Use AliyunLinux 3 as the base image
@ -48,7 +49,7 @@ function check_item_in_list() {
[[ $list =~ (^|[[:space:]])$item($|[[:space:]]) ]] [[ $list =~ (^|[[:space:]])$item($|[[:space:]]) ]]
} }
check_item_in_list "$os_name" "ubuntu18.04 centos8.2 aliyunlinux3" || report_error check_item_in_list "$os_name" "ubuntu18.04 ubuntu20.04 centos8.2 aliyunlinux3" || report_error
cd "$script_dir/.." cd "$script_dir/.."
docker build -f "$script_dir/Dockerfile.$os_name" -t "occlum/occlum:$occlum_label-$os_name" --build-arg OCCLUM_BRANCH=$occlum_branch . docker build -f "$script_dir/Dockerfile.$os_name" -t "occlum/occlum:$occlum_label-$os_name" --build-arg OCCLUM_BRANCH=$occlum_branch .