general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
30c99add6f
occlum/tools/occlum

210 lines
6.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
occlum_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )"
working_dir=`pwd`
context_dir="$working_dir/.occlum"
SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}"
ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign"
ENCLAVE_SIGN_KEY="$occlum_dir/etc/template/Enclave.pem"
exit_error() {
echo "Error: $@" >&2
exit 1
}
report_arg_error() {
echo $1 >&2
echo ""
echo "Usage:"
echo " occlum init"
echo " occlum build [--sign-key <key_path>] [--sign-tool <tool_path>]"
echo " occlum run <program_name> <program_args>"
echo ""
echo " Run enclave in sgx release mode:"
echo " OCCLUM_RELEASE_ENCLAVE=1 occlum run <program_name> <program_args>"
}
get_conf_default_stack_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']"
}
get_conf_default_heap_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_heap_size']"
}
get_conf_default_mmap_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_mmap_size']"
}
get_conf_user_space_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['vm']['user_space_size']"
}
get_conf_env() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['env'])"
}
get_conf_entry_points() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['entry_points'])"
}
get_occlum_conf_file_mac() {
"$occlum_dir/build/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected"
}
parse_occlum_user_space_size() {
local size_with_unit=`get_conf_user_space_size`
numfmt --from=iec ${size_with_unit::-1}
}
cmd_init() {
cd "$working_dir"
mkdir -p .occlum
cd "$context_dir"
echo "initialized" > status
cd "$working_dir"
mkdir -p image
mkdir -p image/bin
mkdir -p image/lib
mkdir -p image/root
mkdir -p image/host
mkdir -p image/tmp
local occlum_gcc_lib=/usr/local/occlum/x86_64-linux-musl/lib
cp -t image/lib/ \
/lib/ld-musl-x86_64.so.1 \
"$occlum_gcc_lib/libc.so" \
"$occlum_gcc_lib/libstdc++.so.6" \
"$occlum_gcc_lib/libgcc_s.so.1" \
"$occlum_gcc_lib/libgomp.so.1"
cp "$occlum_dir"/etc/template/Enclave.xml "$working_dir"/
cp "$occlum_dir"/etc/template/Occlum.json "$working_dir"/
chmod 644 "$working_dir"/Enclave.xml
chmod 644 "$working_dir"/Occlum.json
echo "Initialized an Occlum context in $working_dir"
}
cmd_build() {
cd "$context_dir"
echo "building" > status
rm -rf build
mkdir -p build/bin
cp "$occlum_dir/build/bin/occlum-pal" build/bin/
mkdir -p build/lib
cp "$occlum_dir/build/lib/libocclum_core.a" build/lib/
cp "$occlum_dir/build/lib/libcompiler-rt-patch.a" build/lib/
mkdir -p build/src/libos/src/builtin
chmod 531 -R $working_dir/image/bin
chmod 531 -R $working_dir/image/lib
mkdir -p build/mount/
cd "$occlum_dir/deps/sefs/sefs-fuse/bin/" && \
./app \
--integrity-only \
"$context_dir/build/mount/__ROOT" \
"$working_dir/image" \
zip
export OCCLUM_CONF_ROOT_FS_MAC=`"$occlum_dir/build/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"`
export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size`
export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size`
export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size`
export OCCLUM_CONF_DEFAULT_MMAP_SIZE=`get_conf_default_mmap_size`
export OCCLUM_CONF_ENV=`get_conf_env`
export OCCLUM_CONF_ENTRY_POINTS=`get_conf_entry_points`
cd "$context_dir/build"
"$occlum_dir/build/bin/occlum-gen-default-occlum-json"\
> "Occlum.json"
"$occlum_dir/build/bin/occlum-protect-integrity" protect Occlum.json
export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac`
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=`parse_occlum_user_space_size`
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE"
cd "$context_dir"
mkdir -p src/libos/src/
cp "$occlum_dir/src/sgxenv.mk" src/
cp "$occlum_dir/src/libos/Makefile" src/libos/
cp "$occlum_dir/src/libos/Enclave.lds" src/libos/
cp -r "$occlum_dir/src/libos/src/builtin" src/libos/src/builtin
cd src/libos && \
make clean-builtin && \
make "$context_dir/build/lib/libocclum.so" ONLY_REBUILD_BUILTIN=1
while [ -n "$1" ]; do
case "$1" in
--sign-key) [ -n "$2" ] && ENCLAVE_SIGN_KEY=$2 ; shift 2 || exit_error "empty signing key path" ;;
--sign-tool) [ -n "$2" ] && ENCLAVE_SIGN_TOOL=$2 ; shift 2 || exit_error "empty signing tool path" ;;
*) exit_error "Unknown option: $1" ;;
esac
done
[ -e "$ENCLAVE_SIGN_KEY" ] || exit_error "invalid signing key path: $ENCLAVE_SIGN_KEY"
[ -e "$ENCLAVE_SIGN_TOOL" ] || exit_error "invalid signing tool path: $ENCLAVE_SIGN_TOOL"
echo "Enclave sign-tool: $ENCLAVE_SIGN_TOOL"
echo "Enclave sign-key: $ENCLAVE_SIGN_KEY"
$ENCLAVE_SIGN_TOOL sign \
-key $ENCLAVE_SIGN_KEY \
-config "$working_dir/Enclave.xml" \
-enclave "$context_dir/build/lib/libocclum.so" \
-out "$context_dir/build/lib/libocclum.signed.so"
cd "$context_dir"
echo "built" > status
echo "Built the Occlum image and enclave successfully"
}
cmd_run() {
cd "$working_dir"
echo "running" > "$context_dir/status"
mkdir -p "$context_dir/run/mount/root"
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum-pal" "$@"
echo "built" > "$context_dir/status"
}
cmd_status() {
cat "$context_dir/status"
}
set -e
if [[ ( "$#" < 1 ) ]] ; then
report_arg_error "Error: no sub-command is given"
exit 1
fi
cmd=$1
case "$cmd" in
init)
cmd_init
;;
build)
cmd_build "${@:2}"
;;
run)
cmd_run "${@:2}"
;;
status)
cmd_status
;;
*)
report_arg_error "Error: unknown sub-command $cmd"
exit 1
esac
Reference in New Issue View Git Blame Copy Permalink