cd5cc0cb5c
1. Replace the OpenJDK with an unmodified OpenJDK from Alpine Linux 2. Add Alibaba Dragonwell as the default JDK for the Java demos
147 lines
4.6 KiB
Docker
147 lines
4.6 KiB
Docker
FROM alpine:3.11 AS alpine
|
|
|
|
LABEL maintainer="Qing Li <geding.lq@antgroup.com>"
|
|
|
|
RUN apk update && \
|
|
apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
|
|
|
|
FROM centos:7.5.1804
|
|
|
|
LABEL maintainer="He Sun <bochang.sh@antfin.com>"
|
|
|
|
RUN yum install -y \
|
|
astyle \
|
|
autoconf \
|
|
automake \
|
|
ca-certificates \
|
|
boost-devel \
|
|
cmake \
|
|
curl \
|
|
curl-devel \
|
|
epel-release \
|
|
expect \
|
|
fuse-devel \
|
|
fuse-libs \
|
|
gcc \
|
|
gcc-c++ \
|
|
glibc-headers \
|
|
gdb \
|
|
git \
|
|
git-core \
|
|
gmp-devel \
|
|
libmpc-devel \
|
|
libxml2-devel \
|
|
libtool \
|
|
pkgconfig \
|
|
python \
|
|
kmod \
|
|
make \
|
|
mod_ssl \
|
|
mpfr-devel \
|
|
ocaml \
|
|
ocaml-ocamlbuild \
|
|
openssl \
|
|
openssl-devel \
|
|
sudo \
|
|
uuid-devel \
|
|
vim \
|
|
wget && \
|
|
yum groupinstall 'Development Tools' -y && \
|
|
yum install -y golang && \
|
|
yum clean all
|
|
|
|
# Install Protobuf (version >= 3.0)
|
|
WORKDIR /tmp
|
|
RUN yum install -y https://cbs.centos.org/kojifiles/packages/protobuf/3.6.1/4.el7/x86_64/protobuf-3.6.1-4.el7.x86_64.rpm && \
|
|
yum install -y https://cbs.centos.org/kojifiles/packages/protobuf/3.6.1/4.el7/x86_64/protobuf-compiler-3.6.1-4.el7.x86_64.rpm && \
|
|
yum install -y https://cbs.centos.org/kojifiles/packages/protobuf/3.6.1/4.el7/x86_64/protobuf-devel-3.6.1-4.el7.x86_64.rpm
|
|
|
|
# Upgrade git (version >= 1.8.4)
|
|
RUN yum install -y http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm && \
|
|
yum install -y git
|
|
|
|
# Install cpuid tool for tests
|
|
WORKDIR /tmp
|
|
RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
|
|
tar -xf ./cpuid-20200211.x86_64.tar.gz && \
|
|
cp ./cpuid-20200211/cpuid /usr/bin/ && \
|
|
rm -rf /tmp/cpuid-20200211*
|
|
|
|
# Upgrade GCC
|
|
# Use Developer Toolset 8 from Software Collections (SCLs) to have a newer gcc (8.3.1) than
|
|
# the native one (4.8.5) and enable it during the build.
|
|
RUN yum install centos-release-scl-rh -y && \
|
|
yum install devtoolset-8-toolchain -y && \
|
|
printf "unset BASH_ENV PROMPT_COMMAND ENV\nsource scl_source enable devtoolset-8\n" > /usr/bin/scl_enable && \
|
|
echo 'source /opt/rh/devtoolset-8/enable' >> /root/.bashrc
|
|
ARG BASH_ENV="/usr/bin/scl_enable"
|
|
ARG ENV="/usr/bin/scl_enable"
|
|
ARG PROMPT_COMMAND=". /usr/bin/scl_enable"
|
|
|
|
# Install SGX SDK
|
|
WORKDIR /tmp
|
|
RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \
|
|
cd linux-sgx && \
|
|
./download_prebuilt.sh && \
|
|
./compile_and_install.sh no_mitigation && \
|
|
echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
|
|
rm -rf /tmp/linux-sgx
|
|
|
|
# Install Rust
|
|
ENV PATH="/root/.cargo/bin:$PATH"
|
|
ENV OCCLUM_RUST_VERSION=nightly-2020-04-07
|
|
RUN curl https://sh.rustup.rs -sSf | \
|
|
sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
|
|
rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
|
|
cargo -V
|
|
|
|
# Install Occlum toolchain
|
|
COPY toolchains/gcc /tmp/gcc
|
|
WORKDIR /tmp
|
|
RUN cd gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/gcc
|
|
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
|
|
|
|
# Install Occlum Golang toolchain
|
|
COPY toolchains/golang /tmp/golang
|
|
WORKDIR /tmp
|
|
RUN cd golang && ./build.sh && rm -rf /tmp/golang
|
|
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
|
|
|
|
# Install Occlum Rust toolchain
|
|
COPY toolchains/rust /tmp/rust
|
|
WORKDIR /tmp
|
|
RUN cd rust && ./build.sh && rm -rf /tmp/rust
|
|
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
|
|
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/intel/sgxsdk/sdk_libs"
|
|
|
|
# Install Occlum Java toolchain (JDK 11)
|
|
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
|
|
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
|
|
RUN rm $JDK11_PATH/lib/security/cacerts
|
|
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
|
|
COPY toolchains/java /tmp/java
|
|
WORKDIR /tmp
|
|
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
|
|
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
|
|
|
|
# Install the latest version of Occlum
|
|
WORKDIR /root
|
|
RUN git clone https://github.com/occlum/occlum && \
|
|
cd occlum && \
|
|
source /root/.bashrc && \
|
|
make submodule && \
|
|
OCCLUM_RELEASE_BUILD=1 make && \
|
|
make install && \
|
|
cp -r demos /root/demos && \
|
|
rm -rf /root/occlum
|
|
|
|
# Start AESM service automatically
|
|
#
|
|
# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
|
|
# as a "real" service since the pid 1 is not systemd in Docker. So we start
|
|
# up AESM service when an user login with an interative shell.
|
|
COPY docker/start_aesm.sh /opt/occlum/
|
|
RUN echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
|
|
|
|
WORKDIR /root
|