general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c46c28ef8b
occlum/demos/ra_tls/build_occlum_instance.sh

70 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e
function get_mr() {
cd ${script_dir}/occlum_$1 && occlum print $2
}
function build_instance() {
# 1. Init Occlum Workspace
rm -rf occlum_$postfix
mkdir occlum_$postfix
pushd occlum_$postfix
occlum init
new_json="$(jq '.resource_limits.user_space_size = "500MB" |
.metadata.debuggable = false' Occlum.json)" && \
echo "${new_json}" > Occlum.json
if [ "$postfix" == "server" ]; then
# Server will verify client's mr_enclave and mr_signer
jq ' .verify_mr_enclave = "on" |
.verify_mr_signer = "on" |
.verify_isv_prod_id = "off" |
.verify_isv_svn = "off" |
.verify_config_svn = "off" |
.verify_enclave_debuggable = "on" |
.sgx_mrs[0].mr_enclave = ''"'`get_mr client mrenclave`'" |
.sgx_mrs[0].mr_signer = ''"'`get_mr client mrsigner`'" |
.sgx_mrs[0].debuggable = false ' ../ra_config_template.json > dynamic_config.json
if [ "$libnss_require" == "y" ]; then
cp /lib/x86_64-linux-gnu/libnss*.so.2 image/$occlum_glibc
cp /lib/x86_64-linux-gnu/libresolv.so.2 image/$occlum_glibc
fi
bomfile="../grpc_ratls_server.yaml"
else
# Client verify only enclave non-debuggable from server
jq ' .verify_mr_enclave = "off" |
.verify_mr_signer = "off" |
.verify_isv_prod_id = "off" |
.verify_isv_svn = "off" |
.verify_config_svn = "off" |
.verify_enclave_debuggable = "on" |
.sgx_mrs[0].debuggable = false ' ../ra_config_template.json > dynamic_config.json
bomfile="../grpc_ratls_client.yaml"
fi
rm -rf image
copy_bom -f $bomfile --root image --include-dir /opt/occlum/etc/template
occlum build
popd
}
if [[ $1 == "musl" ]]; then
echo "*** Build musl-libc Occlum instance ***"
else
echo "*** Build glibc Occlum instance ***"
# glibc version requires libnss
libnss_require="y"
occlum_glibc=/opt/occlum/glibc/lib/
fi
postfix=client
build_instance
postfix=server
build_instance
Reference in New Issue View Git Blame Copy Permalink