occlum/tools/docker/Dockerfile.ubuntu18.04

FROM alpine:3.11 AS alpine

LABEL maintainer="Qing Li <geding.lq@antgroup.com>"

RUN apk update && \
    apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community

FROM ubuntu:18.04

LABEL maintainer="Qing Li <geding.lq@antgroup.com>"

RUN apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \
        alien \
        astyle \
        autoconf \
        automake \
        build-essential \
        ca-certificates \
        cmake \
        curl \
        debhelper \
        expect \
        g++ \
        gdb \
        git-core \
        golang-go \
        jq \
        kmod \
        libboost-system-dev \
        libboost-thread-dev \
        libcurl4-openssl-dev \
        libfuse-dev \
        libjsoncpp-dev \
        liblog4cpp5-dev \
        libprotobuf-c0-dev \
        libprotobuf-dev \
        libssl-dev \
        libtool \
        libxml2-dev \
        ocaml \
        ocamlbuild \
        pkg-config \
        protobuf-compiler \
        python \
        python-pip \
        sudo \
        unzip \
        uuid-dev \
        vim \
        wget \
        zip \
        && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Install cpuid tool for tests
WORKDIR /tmp
RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
    tar -xf ./cpuid-20200211.x86_64.tar.gz && \
    cp ./cpuid-20200211/cpuid /usr/bin/ && \
    rm -rf /tmp/cpuid-20200211*

# Install SGX SDK
WORKDIR /tmp
RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \
    mkdir /etc/init && \
    cd linux-sgx && \
    ./download_prebuilt.sh && \
    cp ./external/toolset/as /usr/local/bin/ && \
    cp ./external/toolset/ld /usr/local/bin/ && \
    cp ./external/toolset/ld.gold /usr/local/bin/ && \
    cp ./external/toolset/objdump /usr/local/bin/ && \  
    ./compile_and_install.sh && \
    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
    rm -rf /tmp/linux-sgx

# Install Rust
ENV PATH="/root/.cargo/bin:$PATH"
ENV OCCLUM_RUST_VERSION=nightly-2020-04-07
RUN curl https://sh.rustup.rs -sSf | \
        sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
    cargo -V

# Install Occlum toolchain
COPY toolchains/gcc /tmp/gcc
WORKDIR /tmp
RUN cd gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/gcc
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"

# Install Occlum Golang toolchain
COPY toolchains/golang /tmp/golang
WORKDIR /tmp
RUN cd golang && ./build.sh && rm -rf /tmp/golang
ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"

# Install Occlum Rust toolchain
COPY toolchains/rust /tmp/rust
WORKDIR /tmp
RUN cd rust && ./build.sh && rm -rf /tmp/rust
ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/intel/sgxsdk/sdk_libs"

# Install Occlum Java toolchain (JDK 11)
ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
RUN rm $JDK11_PATH/lib/security/cacerts
COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
COPY toolchains/java /tmp/java
WORKDIR /tmp
RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"

# Install the latest version of Occlum
WORKDIR /root
RUN git clone https://github.com/occlum/occlum && \
    cd occlum && \
    make submodule && \
    OCCLUM_RELEASE_BUILD=1 make && \
    make install && \
    cp -r demos /root/demos && \
    rm -rf /root/occlum

# Start AESM service automatically
#
# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
# as a "real" service since the pid 1 is not systemd in Docker. So we start
# up AESM service when an user login with an interative shell.
COPY docker/start_aesm.sh /opt/occlum/
RUN echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc

WORKDIR /root