general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bf736ff09d
occlum/tools/occlum
Hui, Chunyang 6909629241 Add Occlum version for dynamic libraries
2020-06-22 07:36:03 +00:00

364 lines
10 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
occlum_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )"
occlum_major_ver=0
if [ -z $OCCLUM_INSTANCE_DIR ];then
OCCLUM_INSTANCE_DIR=".occlum"
fi
working_dir=`pwd`
context_dir="$working_dir/$OCCLUM_INSTANCE_DIR"
SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}"
SGX_GDB="$SGX_SDK/bin/sgx-gdb"
ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign"
ENCLAVE_SIGN_KEY="$occlum_dir/etc/template/Enclave.pem"
exit_error() {
echo "Error: $@" >&2
exit 1
}
report_arg_error() {
echo $1 >&2
echo ""
cat <<EOF
Usage:
occlum init
Initialize a directory as the Occlum context
occlum build [--sign-key <key_path>] [--sign-tool <tool_path>]
Generate a secure Occlum FS image and Occlum SGX enclave.
occlum run <program_name> <program_args>
Run the user program inside an SGX enclave.
To run the enclave in SGX hardware release mode, use:
OCCLUM_RELEASE_ENCLAVE=1 occlum run <program_name> <program_args>
occlum gdb <program_name> <program_args>
Debug the program running inside an SGX enclave with GDB.
EOF
}
get_conf_root_fs_mac() {
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
"$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"
}
get_conf_default_stack_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']"
}
get_conf_default_heap_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_heap_size']"
}
get_conf_default_mmap_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_mmap_size']"
}
get_conf_user_space_size() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['resource_limits']['user_space_size']"
}
get_conf_env() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['env'])"
}
get_conf_entry_points() {
cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['entry_points'])"
}
get_occlum_conf_file_mac() {
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
"$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected"
}
parse_occlum_user_space_size() {
local size_with_unit=`get_conf_user_space_size`
numfmt --from=iec ${size_with_unit::-1}
}
check_has_init() {
if [ ! -d "$context_dir" ]; then
echo "Error: the current working directory is not initialized as an Occlum context. Need to run \"occlum init\" first."
exit 1
fi
}
check_has_built() {
check_has_init
if [ ! -d "$context_dir/run/mount/root" ]; then
echo "Error: the Occlum image and enclave are not built yet. Need to run \"occlum build\" first."
exit 1
fi
}
cmd_init() {
if [ -d "$context_dir" ]; then
echo "Error: the current working directory has been initialized as an Occlum context"
exit 1
fi
mkdir "$context_dir"
cd "$context_dir"
echo "initialized" > status
cd "$working_dir"
mkdir -p image
mkdir -p image/bin
mkdir -p image/lib
mkdir -p image/root
mkdir -p image/host
mkdir -p image/tmp
local occlum_gcc_lib=/usr/local/occlum/x86_64-linux-musl/lib
cp -t image/lib/ \
/lib/ld-musl-x86_64.so.1 \
"$occlum_gcc_lib/libc.so" \
"$occlum_gcc_lib/libstdc++.so.6" \
"$occlum_gcc_lib/libgcc_s.so.1" \
"$occlum_gcc_lib/libgomp.so.1"
cp "$occlum_dir"/etc/template/Occlum.json "$working_dir"/
chmod 644 "$working_dir"/Occlum.json
echo "Initialized an Occlum context in $working_dir"
}
cmd_build() {
check_has_init
build_dir=build
while [ -n "$1" ]; do
case "$1" in
--sign-key) [ -n "$2" ] && ENCLAVE_SIGN_KEY=$2 ; shift 2 || exit_error "empty signing key path" ;;
--sign-tool) [ -n "$2" ] && ENCLAVE_SIGN_TOOL=$2 ; shift 2 || exit_error "empty signing tool path" ;;
--sgx-mode) [[ -n "$2" && "$2" != "HW" ]] && export SGX_MODE=SW && build_dir=build_sim ; shift 2 || exit_error "empty sgx mode";;
*) exit_error "Unknown option: $1" ;;
esac
done
[ -e "$ENCLAVE_SIGN_KEY" ] || exit_error "invalid signing key path: $ENCLAVE_SIGN_KEY"
[ -e "$ENCLAVE_SIGN_TOOL" ] || exit_error "invalid signing tool path: $ENCLAVE_SIGN_TOOL"
echo "Enclave sign-tool: $ENCLAVE_SIGN_TOOL"
echo "Enclave sign-key: $ENCLAVE_SIGN_KEY"
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SGX_SDK/sdk_libs
build_dir=build_sim
echo "SGX mode: $SGX_MODE"
else
echo "SGX mode: HW"
fi
cd "$context_dir"
echo "building" > status
rm -rf build
rm -rf run
mkdir -p build/bin
cp "$occlum_dir/$build_dir/bin/occlum-run" build/bin/
mkdir -p build/lib
cp "$occlum_dir/$build_dir/lib/libocclum-pal.so.$occlum_major_ver" build/lib/
chmod 531 -R $working_dir/image/bin
chmod 531 -R $working_dir/image/lib
mkdir -p build/mount/
cd "$occlum_dir/$build_dir/bin/" && \
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" ./sefs-fuse \
--integrity-only \
"$context_dir/build/mount/__ROOT" \
"$working_dir/image" \
zip
export OCCLUM_CONF_ROOT_FS_MAC=`get_conf_root_fs_mac`
export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size`
export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size`
export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size`
export OCCLUM_CONF_DEFAULT_MMAP_SIZE=`get_conf_default_mmap_size`
export OCCLUM_CONF_ENV=`get_conf_env`
export OCCLUM_CONF_ENTRY_POINTS=`get_conf_entry_points`
cd "$context_dir/build"
"$occlum_dir/$build_dir/bin/occlum-gen-default-occlum-json"\
> "Occlum.json"
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" "$occlum_dir/$build_dir/bin/occlum-protect-integrity" protect Occlum.json
export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac`
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=`parse_occlum_user_space_size`
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE"
cd $context_dir/build/lib && \
cp "$occlum_dir/$build_dir/lib/libocclum-libos.so.$occlum_major_ver" .
echo -e "$OCCLUM_BUILTIN_CONF_FILE_MAC\c" > temp_mac_file && \
objcopy --update-section .builtin_config=temp_mac_file libocclum-libos.so.$occlum_major_ver && \
rm temp_mac_file
$occlum_dir/$build_dir/bin/gen_enclave_conf -i "$working_dir/Occlum.json" -o "$context_dir/build/Enclave.xml"
$ENCLAVE_SIGN_TOOL sign \
-key $ENCLAVE_SIGN_KEY \
-config "$context_dir/build/Enclave.xml" \
-enclave "$context_dir/build/lib/libocclum-libos.so.$occlum_major_ver" \
-out "$context_dir/build/lib/libocclum-libos.signed.so"
rm -f "$context_dir/build/Enclave.xml"
cd "$context_dir"
echo "built" > status
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
echo "SIM" > .sgx_mode
else
echo "HW" > .sgx_mode
fi
mkdir -p "$context_dir/run/mount/root"
ln -s $occlum_dir/$build_dir/bin/occlum_exec_client $context_dir/build/bin/occlum_exec_client
ln -s $occlum_dir/$build_dir/bin/occlum_exec_server $context_dir/build/bin/occlum_exec_server
echo "Built the Occlum image and enclave successfully"
}
cmd_run() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum-run" "$@"
echo "built" > "$context_dir/status"
}
cmd_start() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum_exec_client" start
echo "built" > "$context_dir/status"
}
cmd_exec() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum_exec_client" exec -- "$@"
echo "built" > "$context_dir/status"
}
cmd_stop() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
fi
cd "$working_dir"
echo "running" > "$context_dir/status"
RUST_BACKTRACE=1 "$context_dir/build/bin/occlum_exec_client" stop -t 0
echo "built" > "$context_dir/status"
}
cmd_gdb() {
check_has_built
SGX_MODE=$(cat $context_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH="$context_dir/build/lib:$SGX_SDK/sdk_libs/"
else
export LD_LIBRARY_PATH="$context_dir/build/lib"
fi
cd "$working_dir"
echo "debugging" > "$context_dir/status"
OCCLUM_GDB=1 $SGX_GDB --args "$context_dir/build/bin/occlum-run" "$@"
echo "built" > "$context_dir/status"
}
cmd_status() {
cat "$context_dir/status"
}
set -e
if [[ ( "$#" < 1 ) ]] ; then
report_arg_error "Error: no sub-command is given"
exit 1
fi
cmd=$1
case "$cmd" in
init)
cmd_init
;;
build)
cmd_build "${@:2}"
;;
run)
cmd_run "${@:2}"
;;
start)
cmd_start
;;
exec)
cmd_exec "${@:2}"
;;
stop)
cmd_stop
;;
gdb)
cmd_gdb "${@:2}"
;;
status)
cmd_status
;;
*)
report_arg_error "Error: unknown sub-command $cmd"
exit 1
esac
Reference in New Issue View Git Blame Copy Permalink