diff --git a/samples/new_app/new_app_deploy_config.yaml b/samples/new_app/new_app_deploy_config.yaml index 922a45b..906c156 100644 --- a/samples/new_app/new_app_deploy_config.yaml +++ b/samples/new_app/new_app_deploy_config.yaml @@ -1,7 +1,7 @@ node_pubkey: 3mWjE6FnKQ8f9WRjGHdj1Jtyewsri87GXQpqLWpwtjhr -package_url: https://registry.detee.ltd/sgx/packages/actix-env-info_public-package_2025-03-06_00-53-30.tar.gz +package_url: https://registry.detee.ltd/sgx/packages/actix-app-info_package_2025-03-19_13-49-56.tar.gz private_package: false -public_package_mr_enclave: [ 152, 174, 10, 201, 41, 45, 15, 100, 123, 209, 103, 181, 205, 70, 145, 159, 134, 130, 140, 238, 196, 87, 145, 63, 222, 1, 230, 140, 118, 26, 238, 86] +# public_package_mr_enclave: [ 152, 174, 10, 201, 41, 45, 15, 100, 123, 209, 103, 181, 205, 70, 145, 159, 134, 130, 140, 238, 196, 87, 145, 63, 222, 1, 230, 140, 118, 26, 238, 86] hours: 1 node_unit_price: 200000 resource: diff --git a/samples/new_app/new_app_launch_config.yaml b/samples/new_app/new_app_launch_config.yaml index 4dba4b0..dbdb2fb 100644 --- a/samples/new_app/new_app_launch_config.yaml +++ b/samples/new_app/new_app_launch_config.yaml @@ -1,9 +1,9 @@ filesystems: - - path: /bin/actix-hello-world - content: !path "./samples/new_app/binaries/actix-test-app.bin" + # - path: /bin/actix-hello-world + # content: !path "./samples/new_app/binaries/actix-test-app.bin" environments: - name: APP_NAME - value: actix-test-dtpm-foo-bar-koo + value: actix-test - name: PORT value: 8080 child_processes: diff --git a/src/bin/detee-cli.rs b/src/bin/detee-cli.rs index 2a96860..9773d6d 100644 --- a/src/bin/detee-cli.rs +++ b/src/bin/detee-cli.rs @@ -45,6 +45,7 @@ fn main() { ) .subcommand(Command::new("app") .about("a lightweight service that run on Intel SGX") + /* .subcommand( Command::new("package") .about("package new app from x86_64-linux-musl binary") @@ -69,6 +70,7 @@ fn main() { .value_delimiter(' ') )) + */ .subcommand( Command::new("deploy") .about("create new app from a YAML configuration file") @@ -119,6 +121,7 @@ fn main() { ) .required(true) ) + /* .arg( Arg::new("package-type") .long("package-type") @@ -130,6 +133,7 @@ fn main() { .default_value("public") .value_parser(["public", "private"]) ) + */ .arg( Arg::new("name") .long("name") @@ -190,6 +194,7 @@ fn main() { Arg::new("config") .help("App config yaml file path to validate") .long_help("Validate YAML configuration file for the app which you want to run in the enclave") + .long("from-yaml") .required(true) ) ) @@ -199,7 +204,9 @@ fn main() { .long_about("Update the YAML configuration file for the app which you want to run in the enclave") .arg( Arg::new("config") - .required(true), + .help("Path to yaml file") + .long("from-yaml") + .required(true) ) .arg( Arg::new("uuid") diff --git a/src/sgx/cli_handler.rs b/src/sgx/cli_handler.rs index 4d9f650..f3dc6da 100644 --- a/src/sgx/cli_handler.rs +++ b/src/sgx/cli_handler.rs @@ -4,7 +4,7 @@ use crate::sgx::grpc_brain::{delete_app, new_app}; use crate::sgx::grpc_dtpm::{attest_and_send_config, get_config_from_enclave}; use crate::sgx::packaging::package_enclave; use crate::sgx::AppDeleteResponse; -use crate::utils::block_on; +use crate::utils::{block_on, fetch_config_and_mr_enclave}; use crate::{cli_print, SimpleOutput}; use clap::ArgMatches; use detee_shared::sgx::types::brain::AppDeployConfig; @@ -55,14 +55,15 @@ fn handle_deploy( let port = deploy_match.get_many::("port").unwrap_or_default().cloned().collect::>(); let package_url = deploy_match.get_one::("package-url").unwrap().clone(); - let package_type = deploy_match.get_one::("package-type").unwrap().clone(); + // let package_type = deploy_match.get_one::("package-type").unwrap().clone(); let hours = deploy_match.get_one::("hours").unwrap().clone(); let node_unit_price = deploy_match.get_one::("price").unwrap().clone(); let location = deploy_match.get_one::("location").unwrap().as_str(); let app_name = deploy_match.get_one::("name").cloned().unwrap_or_else(|| random_app_name()); - let private_package = package_type == "private"; + // let private_package = package_type == "private"; + let private_package = false; let resource = Resource { vcpu, memory_mb, disk_mb, port }; let node_pubkey = match block_on(get_app_node(resource.clone(), location.into())) { Ok(node) => node.node_pubkey, @@ -89,8 +90,17 @@ fn handle_deploy( app_deploy_config.app_name = random_app_name(); } + let (mr_enclave, launch_config) = + block_on(fetch_config_and_mr_enclave(&app_deploy_config.package_url))?; + app_deploy_config.public_package_mr_enclave = Some(mr_enclave.to_vec()); + match block_on(new_app(app_deploy_config)) { - Ok(new_app_res) if new_app_res.error == "" => Ok(new_app_res.into()), + Ok(new_app_res) if new_app_res.error == "" => { + println!("Deploying..."); + std::thread::sleep(std::time::Duration::from_secs(8)); + block_on(attest_and_send_config(launch_config, &new_app_res.uuid))?; + Ok(new_app_res.into()) + } Ok(new_app_res) => Err(Box::new(std::io::Error::other(new_app_res.error))), Err(e) => Err(Box::new(e)), } diff --git a/src/sgx/grpc_brain.rs b/src/sgx/grpc_brain.rs index 500a7e8..3b6674b 100644 --- a/src/sgx/grpc_brain.rs +++ b/src/sgx/grpc_brain.rs @@ -7,7 +7,7 @@ use detee_shared::sgx::types::brain::AppDeployConfig; use tokio_stream::StreamExt; use crate::config::Config; -use crate::utils::{self, calculate_nanolp_for_app, mr_enclave_from_public_registry, sign_request}; +use crate::utils::{self, calculate_nanolp_for_app, sign_request}; #[derive(thiserror::Error, Debug)] pub enum Error { @@ -40,11 +40,6 @@ pub async fn new_app(app_deploy_config: AppDeployConfig) -> Result { req.admin_pubkey = Config::get_detee_wallet().expect("No wallet found"); req.hratls_pubkey = Config::get_hratls_pubkey_hex(); - if !app_deploy_config.private_package && app_deploy_config.public_package_mr_enclave.is_none() { - let mr_enclave: [u8; 32] = mr_enclave_from_public_registry(&req.package_url).await?; - req.public_package_mr_enclave = Some(mr_enclave.to_vec()); - } - let mut daemon_serivce = BrainAppCliClient::connect(Config::get_brain_url()).await?; let res = daemon_serivce.deploy_app(sign_request(req)?).await?; Ok(res.into_inner()) diff --git a/src/sgx/grpc_dtpm.rs b/src/sgx/grpc_dtpm.rs index a9feff6..93b58c5 100644 --- a/src/sgx/grpc_dtpm.rs +++ b/src/sgx/grpc_dtpm.rs @@ -18,7 +18,7 @@ use crate::{config::Config, utils::hratls_url_and_mr_enclave_from_app_id}; pub enum Error { #[error("Failed to connect to the brain: {0}")] BrainConnection(#[from] tonic::transport::Error), - #[error("Received error from brain: {}", _0.message())] + #[error("Received error from dtpm: {}", _0.message())] ResponseStatus(#[from] tonic::Status), #[error("Hex: {0}")] HexDecode(#[from] hex::FromHexError), diff --git a/src/sgx/packaging.rs b/src/sgx/packaging.rs index be5d3f8..d35a826 100644 --- a/src/sgx/packaging.rs +++ b/src/sgx/packaging.rs @@ -18,7 +18,7 @@ pub fn package_enclave( format!( r#"docker run --rm -it -v ./:/app/ \ -v {signing_key_path}:/keys/app_signing_key.pem:ro \ - noormohammedb/enclave_packager_01:pub_v1 {package_items}"# + noormohammedb/enclave_packager_01:pub_v2 {package_items}"# ) } else { format!( diff --git a/src/utils.rs b/src/utils.rs index 7829371..03c84d7 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -1,6 +1,7 @@ use crate::config::Config; use crate::constants::HRATLS_APP_PORT; use crate::sgx::grpc_brain::list_apps; +use detee_shared::sgx::types::dtpm::DtpmConfig; use serde::{Deserialize, Serialize}; use tonic::metadata::errors::InvalidMetadataValue; use tonic::metadata::AsciiMetadataValue; @@ -73,23 +74,33 @@ struct PublicIndex { #[derive(Serialize, Deserialize, Debug)] struct PackageElement { package_url: String, + launch_config_url: String, mr_enclave: [u8; 32], } -pub async fn mr_enclave_from_public_registry(package_url: &str) -> Result<[u8; 32], Error> { - let public_index = - reqwest::get("https://registry.detee.ltd/sgx/public_index.yaml").await?.text().await?; +pub async fn fetch_config_and_mr_enclave( + package_url: &str, +) -> Result<([u8; 32], DtpmConfig), Error> { + let public_packages_index = + reqwest::get("https://registry.detee.ltd/sgx/public_packages_index.yaml") + .await? + .text() + .await?; - let index = serde_yaml::from_str::(&public_index)?; + let index = serde_yaml::from_str::(&public_packages_index)?; - let pub_package_mr_enclave = index - .packages - .iter() - .find(|package| package.package_url == package_url) - .ok_or(Error::PublicPackage("mr_enclave not found for this public package".to_string()))? - .mr_enclave; + let index_package_entry = + index.packages.iter().find(|package| package.package_url == package_url).ok_or( + Error::PublicPackage("mr_enclave not found for this public package".to_string()), + )?; - Ok(pub_package_mr_enclave) + let PackageElement { launch_config_url, mr_enclave, .. } = index_package_entry; + + let launch_config_str = reqwest::get(launch_config_url).await?.text().await?; + + let launch_config = serde_yaml::from_str::(&launch_config_str)?; + + Ok((*mr_enclave, launch_config)) } pub fn calculate_nanolp_for_app(