general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2d7fbefcc2
occlum/demos/ra_tls/build_occlum_instance.sh
Zheng, Qi 2d7fbefcc2 Clean up and update ra_tls demo
2022-03-09 15:53:45 +08:00

68 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e
function get_mr() {
sgx_sign dump -enclave ../occlum_$1/build/lib/libocclum-libos.signed.so -dumpfile ../metadata_info_$1.txt
if [ "$2" == "mr_enclave" ]; then
sed -n -e '/enclave_hash.m/,/metadata->enclave_css.body.isv_prod_id/p' ../metadata_info_$1.txt |head -3|tail -2|xargs|sed 's/0x//g'|sed 's/ //g'
elif [ "$2" == "mr_signer" ]; then
tail -2 ../metadata_info_$1.txt |xargs|sed 's/0x//g'|sed 's/ //g'
fi
}
function build_instance() {
# 1. Init Occlum Workspace
rm -rf occlum_$postfix
mkdir occlum_$postfix
pushd occlum_$postfix
occlum init
new_json="$(jq '.resource_limits.user_space_size = "500MB"' Occlum.json)" && \
echo "${new_json}" > Occlum.json
if [ "$postfix" == "server" ]; then
# Server will verify client's mr_enclave and mr_signer
jq ' .verify_mr_enclave = "on" |
.verify_mr_signer = "on" |
.verify_isv_prod_id = "off" |
.verify_isv_svn = "off" |
.sgx_mrs[0].mr_enclave = ''"'`get_mr client mr_enclave`'" |
.sgx_mrs[0].mr_signer = ''"'`get_mr client mr_signer`'" ' ../ra_config_template.json > dynamic_config.json
if [ "$libnss_require" == "y" ]; then
cp /lib/x86_64-linux-gnu/libnss*.so.2 image/$occlum_glibc
cp /lib/x86_64-linux-gnu/libresolv.so.2 image/$occlum_glibc
fi
bomfile="../grpc_ratls_server.yaml"
else
# Client verify nothing from server
jq ' .verify_mr_enclave = "off" |
.verify_mr_signer = "off" |
.verify_isv_prod_id = "off" |
.verify_isv_svn = "off" ' ../ra_config_template.json > dynamic_config.json
bomfile="../grpc_ratls_client.yaml"
fi
rm -rf image
copy_bom -f $bomfile --root image --include-dir /opt/occlum/etc/template
occlum build
popd
}
if [[ $1 == "musl" ]]; then
echo "*** Build and musl-libc Occlum instance ***"
else
echo "*** Build and run glibc Occlum instance ***"
# glibc version requires libnss
libnss_require="y"
occlum_glibc=/opt/occlum/glibc/lib/
fi
postfix=client
build_instance
postfix=server
build_instance
Reference in New Issue View Git Blame Copy Permalink