lightweight docker container and docker volumes

Reviewed-on: SGX/hacker-challenge-sgx#3
Co-authored-by: Jakub Doka <jakub.doka2@gmail.com>
Co-committed-by: Jakub Doka <jakub.doka2@gmail.com>

README.md

@@ -30,6 +30,12 @@ curl localhost:your-port
 
 The node homepage source is also [here](./src/HOMEPAGE.md).
 
+## Production build
+
+```bash
+./scripts/build-container.sh
+```
+
 ## Contributing to the challenge
 
 Don't forget to run `cargo clippy` and `cargo fmt` before submitting a PR.

docker/challenge.Dockerfile

@@ -1,6 +1,22 @@
-FROM occlum/occlum:latest-ubuntu20.04
+FROM occlum/occlum:latest-ubuntu20.04 AS build
+
+WORKDIR /
+RUN mkdir sgx_libs &&\
+        cp /usr/lib/x86_64-linux-gnu/libsgx_* sgx_libs/ &&\
+        cp /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1 sgx_libs/libdcap_quoteprov.so
+
+FROM ubuntu:20.04
+
+RUN apt update -y && apt install -y jq curl
+
 COPY challenge.sh /challenge.sh
 COPY challenge.tar.gz /challenge.tar.gz
 COPY challenge.qcnl.conf /etc/sgx_default_qcnl.conf
+
+COPY --from=build /opt/occlum/build/bin/occlum-run /opt/occlum/build/bin/occlum-run
+COPY --from=build /opt/occlum/build/bin/occlum /usr/bin/occlum
+COPY --from=build /sgx_libs /sgx_libs
+RUN cp /sgx_libs/* /usr/lib/x86_64-linux-gnu/
+
 WORKDIR /
 ENTRYPOINT ["/challenge.sh"]

scripts/build-container.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+echo "Building the hacker-challenge docker image"
+
+if ! command -v docker 2>&1 >/dev/null
+then
+    echo "docker not found, please install docker"
+    exit 1
+fi
+
+if [ ! -e challenge_instance/challenge.tar.gz ]; then
+  echo "Please build the challenge first, see README.md"
+  exit 1
+fi
+
+cd docker
+cp ../challenge_instance/challenge.tar.gz challenge.tar.gz
+docker build -f challenge.Dockerfile -t hacker-challenge:latest .
+cd ..
+
+echo "Container named 'hacker-challenge' built"

scripts/package.sh

@@ -12,10 +12,11 @@ if [ "$prerequisites" == "--prep" ]; then
     rustup install stable-x86_64-unknown-linux-gnu
     rustup default stable
     rustup target add x86_64-unknown-linux-musl
+    echo "net.git-fetch-with-cli = true" >> /root/.cargo/config.toml
+
     mkdir -p /root/.ssh
 
     echo
-    #echo "docker cp ~/.ssh/config packager:/root/.ssh/config"
     echo "docker cp deploy_ed25519 packager:/root/.ssh/id_ed25519"
     echo
     echo "Run above commands in another terminal"

scripts/testnet.sh

@@ -31,27 +31,7 @@ function build_mint_sol_tool() {
     cd ..
 }
 
-function build_challenge_image() {
+source "${script_dir}/build-container.sh"
-    echo "Building the hacker-challenge docker image"
-
-    if ! command -v docker 2>&1 >/dev/null
-    then
-        echo "docker not found, please install docker"
-        exit 1
-    fi
-
-    if [ ! -e challenge_instance/challenge.tar.gz ]; then
-      echo "Please build the challenge first, see README.md"
-      exit 1
-    fi
-
-    cd docker
-    cp ../challenge_instance/challenge.tar.gz challenge.tar.gz
-    docker build -f challenge.Dockerfile -t hacker-challenge:latest .
-    cd ..
-}
-
-build_challenge_image
 build_mint_sol_tool
 
 # Cleanup old containers and run the network root
@@ -80,6 +60,7 @@ for p in {31311..31320}; do
     docker run --device /dev/sgx/enclave \
                --device /dev/sgx/provision \
                --env INIT_NODES="172.17.0.2 172.17.0.3 172.17.0.4" \
+               -v "/tmp/hacker-challenge${p}:/challenge/main" \
                --name "hacker-challenge${p}" -p "${p}:31372" \
                -d hacker-challenge:latest
 done

src/main.rs

@@ -20,7 +20,7 @@ use tokio::{
 };
 
 const INIT_NODES: &str = "/host/detee_challenge_nodes";
-const DISK_PERSISTENCE: &str = "TRY_TO_HACK_THIS";
+const DISK_PERSISTENCE: &str = "/host/main/TRY_TO_HACK_THIS";
 const MAINTAINED_CONNECTIONS: usize = 3;
 
 pub async fn localhost_cron(ds: Arc<Store>, tx: Sender<NodeUpdate>) {