occlum/tools/docker/Dockerfile.centos8.1

FROM alpine:3.11 AS alpine
LABEL maintainer="Qing Li <geding.lq@antgroup.com>"
RUN apk update && \
    apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community

FROM centos:8.1.1911

LABEL maintainer="He Sun <bochang.sh@antgroup.com>"

RUN yum install epel-release -y && \
    dnf clean all && rm -r /var/cache/dnf && \
    dnf group install 'Development Tools' -y && \
    dnf --enablerepo=PowerTools install -y \
    astyle \
    bison \
    boost-devel \
    cmake \
    createrepo \
    curl-devel \
    expect \
    fuse-devel \
    fuse-libs \
    gawk \
    gmp-devel \
    golang \
    jq \
    libcurl-devel \
    libmpc-devel \
    libxml2-devel \
    mod_ssl \
    mpfr-devel \
    ocaml \
    ocaml-ocamlbuild \
    openssl \
    openssl-devel \
    perl \
    protobuf-devel \
    python2 \
    python3 \
    sudo \
    wget \
    uuid-devel \
    vim \
    yum-utils \
    http://downloads.sourceforge.net/ltp/lcov-1.14-1.noarch.rpm &&\
    alternatives --set python /usr/bin/python2

# Install cpuid tool for tests
WORKDIR /tmp
RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
    tar -xf ./cpuid-20200211.x86_64.tar.gz && \
    cp ./cpuid-20200211/cpuid /usr/bin/ && \
    rm -rf /tmp/cpuid-20200211*

# Install SGX SDK
WORKDIR /tmp
RUN git clone -b sgx_2.11_for_occlum https://github.com/occlum/linux-sgx && \
    cd linux-sgx && \
    ./compile_and_install.sh no_mitigation USE_OPT_LIBS=2 && \
    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
    rm -rf /tmp/linux-sgx

# Install Rust
ENV PATH="/root/.cargo/bin:$PATH"
ENV OCCLUM_RUST_VERSION=nightly-2020-09-08
RUN curl https://sh.rustup.rs -sSf | \
        sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
    cargo -V && \
    cargo install sccache

# Install Occlum toolchain
COPY toolchains/musl-gcc /tmp/musl-gcc
WORKDIR /tmp
RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"

# Install glibc
COPY toolchains/glibc /tmp/glibc
WORKDIR /tmp
RUN cd glibc && ./build.sh && rm -rf /tmp/glibc

# Install Occlum Golang toolchain
COPY toolchains/golang /tmp/golang
WORKDIR /tmp
RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"

# Install Occlum Rust toolchain
COPY toolchains/rust /tmp/rust
WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"

# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
COPY toolchains/java /tmp/java
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"

# Install the latest version of Occlum
ARG OCCLUM_BRANCH
WORKDIR /root
RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
    cd occlum && \
    source /root/.bashrc && \
    make submodule && \
    OCCLUM_RELEASE_BUILD=1 make && \
    make install && \
    cp -r demos /root/demos && \
    rm -rf /root/occlum

# Start AESM service automatically
#
# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
# as a "real" service since the pid 1 is not systemd in Docker. So we start
# up AESM service when an user login with an interative shell.
COPY docker/start_aesm.sh /opt/occlum/
RUN echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc

WORKDIR /root