From 07de221c62dc0496cbae2803796cc3a12312101f Mon Sep 17 00:00:00 2001 From: Noor Date: Thu, 3 Apr 2025 13:22:41 +0530 Subject: [PATCH 1/4] fix println with eprintln for error --- src/sgx/cli_handler.rs | 6 +++--- src/sgx/grpc_brain.rs | 2 +- src/sgx/utils.rs | 5 ++--- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/sgx/cli_handler.rs b/src/sgx/cli_handler.rs index e8ac91a..d23bbfc 100644 --- a/src/sgx/cli_handler.rs +++ b/src/sgx/cli_handler.rs @@ -28,7 +28,7 @@ pub fn handle_app(app_matche: &ArgMatches) { Some(("delete", subcom_args)) => cli_print(handle_delete(subcom_args)), Some(("list", subcom_args)) => cli_print(handle_list(subcom_args)), Some(("config", subcom_args)) => handle_config(subcom_args), - _ => println!("No valid subcommand provided. Use --help for more information."), + _ => eprintln!("No valid subcommand provided. Use --help for more information."), } } @@ -46,7 +46,7 @@ pub fn handle_app_nodes(matches: &ArgMatches) { todo!() } _ => { - println!("Available commands are search, inspec and report. Use --help for more information.") + eprintln!("Available commands are search, inspec and report. Use --help for more information.") } } } @@ -202,7 +202,7 @@ fn handle_config(matches: &ArgMatches) { Some(("update", subcom_args)) => cli_print(handle_config_sub_update(subcom_args)), Some(("get", subcom_args)) => cli_print(handle_config_sub_get(subcom_args)), _ => { - println!("No valid config subcommand provided."); + eprintln!("No valid config subcommand provided."); } } } diff --git a/src/sgx/grpc_brain.rs b/src/sgx/grpc_brain.rs index dd92e18..c2b4678 100644 --- a/src/sgx/grpc_brain.rs +++ b/src/sgx/grpc_brain.rs @@ -109,7 +109,7 @@ pub async fn list_contracts(req: ListAppContractsReq) -> Result app_contracts.push(contract); } Err(e) => { - println!("Brain disconnected from register_node: {e}"); + eprintln!("Brain disconnected from register_node: {e}"); } } } diff --git a/src/sgx/utils.rs b/src/sgx/utils.rs index 7444d65..422c3ee 100644 --- a/src/sgx/utils.rs +++ b/src/sgx/utils.rs @@ -74,8 +74,7 @@ pub fn calculate_nanolp_for_app( let total_units = (vcpus as f64 * 5f64) + (memory_mb as f64 / 200f64) + (disk_size_mb as f64 / 10000f64); let locked_nano = (hours as f64 * 60f64 * total_units * node_price as f64) as u64; - // TODO: change all println to eprintln - println!( + eprintln!( "Node price: {}/unit/minute. Total Units for hardware requested: {:.4}. Locking {} LP (offering the App for {} hours).", node_price as f64 / 1_000_000_000.0, total_units, @@ -127,7 +126,7 @@ pub async fn deploy_new_app_and_update_config( if new_app_res.error.is_empty() { if let Some(launch_config) = launch_config { - println!("Deploying..."); + eprintln!("Deploying..."); tokio::time::sleep(tokio::time::Duration::from_millis(2500)).await; Retry::spawn(FixedInterval::from_millis(1000).take(10), || { log::debug!("retrying attestation and launch config update"); -- 2.43.0 From bf7d8707f4666d4327825fa0edc83fbb9a6c3fc3 Mon Sep 17 00:00:00 2001 From: Noor Date: Fri, 11 Apr 2025 15:29:57 +0530 Subject: [PATCH 2/4] detailed clap version add shadow-rs for build metadata git commit hash, build time, branch etc, in version --- Cargo.lock | 151 +++++++++++++++++++++++++++++++++++++ Cargo.toml | 2 + build.rs | 5 ++ src/bin/detee-cli.rs | 4 +- src/bin/super-detee-cli.rs | 4 +- 5 files changed, 164 insertions(+), 2 deletions(-) create mode 100644 build.rs diff --git a/Cargo.lock b/Cargo.lock index a13f5d3..a290c09 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -712,6 +712,38 @@ dependencies = [ "serde", ] +[[package]] +name = "camino" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b96ec4966b5813e2c0507c1f86115c8c5abaadc3980879c3424042a02fd1ad3" +dependencies = [ + "serde", +] + +[[package]] +name = "cargo-platform" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e35af189006b9c0f00a064685c727031e3ed2d8020f7ba284d78cc2671bd36ea" +dependencies = [ + "serde", +] + +[[package]] +name = "cargo_metadata" +version = "0.19.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd5eb614ed4c27c5d706420e4320fbe3216ab31fa1c33cd8246ac36dae4479ba" +dependencies = [ + "camino", + "cargo-platform", + "semver 1.0.24", + "serde", + "serde_json", + "thiserror 2.0.11", +] + [[package]] name = "cc" version = "1.2.11" @@ -833,6 +865,26 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" +[[package]] +name = "const_format" +version = "0.2.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "126f97965c8ad46d6d9163268ff28432e8f6a1196a55578867832e3049df63dd" +dependencies = [ + "const_format_proc_macros", +] + +[[package]] +name = "const_format_proc_macros" +version = "0.2.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d57c2eccfb16dbac1f4e61e206105db5820c9d26c3c472bc17c774259ef7744" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + [[package]] name = "core-foundation" version = "0.9.4" @@ -1062,6 +1114,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", + "shadow-rs", "tabled", "thiserror 2.0.11", "tokio", @@ -1521,6 +1574,19 @@ version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +[[package]] +name = "git2" +version = "0.20.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5220b8ba44c68a9a7f7a7659e864dd73692e417ef0211bea133c7b74e031eeb9" +dependencies = [ + "bitflags", + "libc", + "libgit2-sys", + "log", + "url", +] + [[package]] name = "glob" version = "0.3.2" @@ -1961,6 +2027,12 @@ version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130" +[[package]] +name = "is_debug" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fe266d2e243c931d8190177f20bf7f24eed45e96f39e87dc49a27b32d12d407" + [[package]] name = "is_terminal_polyfill" version = "1.70.1" @@ -2069,6 +2141,18 @@ version = "0.2.169" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" +[[package]] +name = "libgit2-sys" +version = "0.18.1+1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1dcb20f84ffcdd825c7a311ae347cce604a6f084a767dec4a4929829645290e" +dependencies = [ + "cc", + "libc", + "libz-sys", + "pkg-config", +] + [[package]] name = "libloading" version = "0.8.6" @@ -2085,6 +2169,18 @@ version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" +[[package]] +name = "libz-sys" +version = "1.1.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "linux-raw-sys" version = "0.4.14" @@ -2215,6 +2311,15 @@ dependencies = [ "libm", ] +[[package]] +name = "num_threads" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9" +dependencies = [ + "libc", +] + [[package]] name = "object" version = "0.36.7" @@ -3039,6 +3144,9 @@ name = "semver" version = "1.0.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba" +dependencies = [ + "serde", +] [[package]] name = "semver-parser" @@ -3149,6 +3257,21 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "shadow-rs" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d5625ed609cf66d7e505e7d487aca815626dc4ebb6c0dd07637ca61a44651a6" +dependencies = [ + "cargo_metadata", + "const_format", + "git2", + "is_debug", + "serde_json", + "time", + "tzdb", +] + [[package]] name = "shlex" version = "1.3.0" @@ -3408,7 +3531,9 @@ checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21" dependencies = [ "deranged", "itoa", + "libc", "num-conv", + "num_threads", "powerfmt", "serde", "time-core", @@ -3707,6 +3832,32 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" +[[package]] +name = "tz-rs" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1450bf2b99397e72070e7935c89facaa80092ac812502200375f1f7d33c71a1" + +[[package]] +name = "tzdb" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0be2ea5956f295449f47c0b825c5e109022ff1a6a53bb4f77682a87c2341fbf5" +dependencies = [ + "iana-time-zone", + "tz-rs", + "tzdb_data", +] + +[[package]] +name = "tzdb_data" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0604b35c1f390a774fdb138cac75a99981078895d24bcab175987440bbff803b" +dependencies = [ + "tz-rs", +] + [[package]] name = "ucd-trie" version = "0.1.7" diff --git a/Cargo.toml b/Cargo.toml index 5fe3ceb..2641048 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,9 +33,11 @@ hyper-rustls = { version = "0.27.5", features = ["http2"] } openssl = { version = "0.10.71", features = ["vendored"] } tokio-retry = "0.3.0" detee-sgx = { git = "ssh://git@gitea.detee.cloud/testnet/detee-sgx.git", branch = "hratls", features=["hratls", "qvl"] } +shadow-rs = { version = "1.1.1", features = ["metadata"] } detee-shared = { git = "ssh://git@gitea.detee.cloud/testnet/proto.git", branch = "main" } # detee-shared = { path = "../detee-shared" } [build-dependencies] +shadow-rs = "1.1.1" tonic-build = "0.12" diff --git a/build.rs b/build.rs new file mode 100644 index 0000000..429f0a7 --- /dev/null +++ b/build.rs @@ -0,0 +1,5 @@ +use shadow_rs::ShadowBuilder; + +fn main() { + ShadowBuilder::builder().deny_const(Default::default()).build().unwrap(); +} diff --git a/src/bin/detee-cli.rs b/src/bin/detee-cli.rs index ae625d9..7d80f61 100644 --- a/src/bin/detee-cli.rs +++ b/src/bin/detee-cli.rs @@ -12,6 +12,8 @@ More information can be found at https://detee.ltd Feel free to browser applications bundles or VM disks available for immediate deployment."#; +shadow_rs::shadow!(build); + fn main() { // TODO: figure if there is a more elegant way to solve this than calling default_provider in main let _ = rustls::crypto::aws_lc_rs::default_provider().install_default(); @@ -50,7 +52,7 @@ fn main() { fn clap_cmd() -> Command { Command::new("detee-cli") - .version("0.0.1") + .version(build::CLAP_LONG_VERSION) .author("https://detee.ltd") .about(ABOUT) .arg( diff --git a/src/bin/super-detee-cli.rs b/src/bin/super-detee-cli.rs index 9a9cdb3..ec04b3d 100644 --- a/src/bin/super-detee-cli.rs +++ b/src/bin/super-detee-cli.rs @@ -13,6 +13,8 @@ It allows you to: The admin pubkeys are hardcoded in the brain."#; +shadow_rs::shadow!(build); + fn main() { let _ = rustls::crypto::aws_lc_rs::default_provider().install_default(); let log_level = match std::env::var("LOG_LEVEL") { @@ -26,7 +28,7 @@ fn main() { env_logger::builder().filter_level(log_level).format_timestamp(None).init(); let cmd = Command::new("super-detee-cli") - .version("0.0.1") + .version(build::CLAP_LONG_VERSION) .author("https://detee.ltd") .about(ABOUT) .subcommand( -- 2.43.0 From 9a5387b93194acda73d7fc9bcac5acd00bacd7f7 Mon Sep 17 00:00:00 2001 From: Noor Date: Mon, 14 Apr 2025 15:49:46 +0530 Subject: [PATCH 3/4] feat: app node report contract admin can report app node --- src/bin/detee-cli.rs | 2 -- src/sgx/cli_handler.rs | 12 +++++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/bin/detee-cli.rs b/src/bin/detee-cli.rs index 7d80f61..93719a8 100644 --- a/src/bin/detee-cli.rs +++ b/src/bin/detee-cli.rs @@ -284,7 +284,6 @@ fn clap_cmd() -> Command { .required(true) ) ) - /* .subcommand(Command::new("report").about("report a node for poor performance") .arg( Arg::new("pubkey") @@ -304,7 +303,6 @@ fn clap_cmd() -> Command { .help("detail the performance issue you experienced") ) ) - */ ) .subcommand(Command::new("vm") .about("virtual machines that run on AMD SEV-SNP nodes") diff --git a/src/sgx/cli_handler.rs b/src/sgx/cli_handler.rs index d23bbfc..a898ed0 100644 --- a/src/sgx/cli_handler.rs +++ b/src/sgx/cli_handler.rs @@ -39,11 +39,13 @@ pub fn handle_app_nodes(matches: &ArgMatches) { let ip: String = subcom_args.get_one::("ip").unwrap().clone(); cli_print(inspect_node(ip).map_err(Into::into)); } - Some(("report", _)) => { - // let node_pubkey: String = path_subcommand.get_one::("pubkey").unwrap().clone(); - // let contract_uuid: String = path_subcommand.get_one::("contract").unwrap().clone(); - // let reason: String = path_subcommand.get_one::("reason").unwrap().clone(); - todo!() + Some(("report", subcom_args)) => { + let node_pubkey: String = subcom_args.get_one::("pubkey").unwrap().clone(); + let contract_uuid: String = subcom_args.get_one::("contract").unwrap().clone(); + let reason: String = subcom_args.get_one::("reason").unwrap().clone(); + cli_print( + crate::general::report_node(node_pubkey, contract_uuid, reason).map_err(Into::into), + ) } _ => { eprintln!("Available commands are search, inspec and report. Use --help for more information.") -- 2.43.0 From a7eb288b5ab7f6790fd4ea216611dbda7a660220 Mon Sep 17 00:00:00 2001 From: Noor Date: Thu, 10 Apr 2025 10:33:22 +0000 Subject: [PATCH 4/4] feat: upload directory in launch config - stream file upload - remove base 64 encoding - dtpm grpc compression - increase retry attempts while app deployment - improve ux while deploying with progress update - new actix static server package - updated config with directory sample - updated Dtpm client connection - remove mr_signer from connetion - reuse dtpm client connection --- Cargo.lock | 146 ++++++++++++++++++++- Cargo.toml | 5 +- samples/new_app/new_app_launch_config.yaml | 16 ++- src/bin/detee-cli.rs | 6 +- src/sgx/cli_handler.rs | 6 +- src/sgx/grpc_dtpm.rs | 112 +++++++++------- src/sgx/mod.rs | 19 ++- src/sgx/packaging.rs | 2 +- src/sgx/utils.rs | 31 +++-- 9 files changed, 258 insertions(+), 85 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a290c09..9f01b77 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -605,6 +605,26 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +[[package]] +name = "bincode" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" +dependencies = [ + "bincode_derive", + "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", +] + [[package]] name = "bindgen" version = "0.69.5" @@ -1099,7 +1119,6 @@ dependencies = [ "detee-shared", "ed25519-dalek", "env_logger", - "hex", "hyper", "hyper-rustls", "lazy_static", @@ -1163,15 +1182,17 @@ dependencies = [ [[package]] name = "detee-shared" version = "0.1.0" -source = "git+ssh://git@gitea.detee.cloud/testnet/proto.git?branch=main#3024c00b8e1c93e70902793385b92bc0a8d1f26a" +source = "git+ssh://git@gitea.detee.cloud/testnet/proto.git?branch=feat_dir_support_dtpm_config#20ba749427ac4453a06bc8a8ef3fb8f0ec6bb592" dependencies = [ - "base64", + "bincode", "prost", "serde", "serde_yaml", + "tar", "thiserror 2.0.11", "tonic", "tonic-build", + "zstd", ] [[package]] @@ -1369,6 +1390,18 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" +[[package]] +name = "filetime" +version = "0.2.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586" +dependencies = [ + "cfg-if", + "libc", + "libredox", + "windows-sys 0.59.0", +] + [[package]] name = "fixed-hash" version = "0.8.0" @@ -2169,6 +2202,17 @@ version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" +[[package]] +name = "libredox" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" +dependencies = [ + "bitflags", + "libc", + "redox_syscall", +] + [[package]] name = "libz-sys" version = "1.1.22" @@ -2187,6 +2231,12 @@ version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" +[[package]] +name = "linux-raw-sys" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12" + [[package]] name = "litemap" version = "0.7.4" @@ -2787,6 +2837,15 @@ dependencies = [ "yasna", ] +[[package]] +name = "redox_syscall" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2f103c6d277498fbceb16e84d317e2a400f160f46904d5f5410848c829511a3" +dependencies = [ + "bitflags", +] + [[package]] name = "regex" version = "1.11.1" @@ -2988,10 +3047,23 @@ dependencies = [ "bitflags", "errno", "libc", - "linux-raw-sys", + "linux-raw-sys 0.4.14", "windows-sys 0.59.0", ] +[[package]] +name = "rustix" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d97817398dd4bb2e6da002002db259209759911da105da92bec29ccb12cf58bf" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys 0.9.4", + "windows-sys 0.52.0", +] + [[package]] name = "rustls" version = "0.23.23" @@ -3469,6 +3541,17 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" +[[package]] +name = "tar" +version = "0.4.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d863878d212c87a19c1a610eb53bb01fe12951c0501cf5a0d65f724914a667a" +dependencies = [ + "filetime", + "libc", + "xattr", +] + [[package]] name = "tempfile" version = "3.17.1" @@ -3479,7 +3562,7 @@ dependencies = [ "fastrand", "getrandom 0.3.1", "once_cell", - "rustix", + "rustix 0.38.42", "windows-sys 0.59.0", ] @@ -3717,6 +3800,7 @@ dependencies = [ "tower-layer", "tower-service", "tracing", + "zstd", ] [[package]] @@ -3918,6 +4002,12 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "ureq" version = "3.0.3" @@ -4002,6 +4092,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -4134,7 +4230,7 @@ dependencies = [ "either", "home", "once_cell", - "rustix", + "rustix 0.38.42", ] [[package]] @@ -4331,6 +4427,16 @@ dependencies = [ "time", ] +[[package]] +name = "xattr" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d65cbf2f12c15564212d48f4e3dfb87923d25d611f2aed18f4cb23f0413d89e" +dependencies = [ + "libc", + "rustix 1.0.5", +] + [[package]] name = "yasna" version = "0.5.2" @@ -4447,3 +4553,31 @@ dependencies = [ "quote", "syn 2.0.91", ] + +[[package]] +name = "zstd" +version = "0.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e91ee311a569c327171651566e07972200e76fcfe2242a4fa446149a3881c08a" +dependencies = [ + "zstd-safe", +] + +[[package]] +name = "zstd-safe" +version = "7.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f49c4d5f0abb602a93fb8736af2a4f4dd9512e36f7f570d66e65ff867ed3b9d" +dependencies = [ + "zstd-sys", +] + +[[package]] +name = "zstd-sys" +version = "2.0.15+zstd.1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb81183ddd97d0c74cedf1d50d85c8d08c1b8b68ee863bdee9e706eedba1a237" +dependencies = [ + "cc", + "pkg-config", +] diff --git a/Cargo.toml b/Cargo.toml index 2641048..98b0ddd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,13 +19,12 @@ serde_yaml = "0.9.34" tabled = "0.17.0" tokio-stream = "0.1.17" tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] } -tonic = { version = "0.12" } +tonic = { version = "0.12", features = ["zstd"] } thiserror = "2.0.9" bs58 = "0.5.1" chrono = "0.4.39" reqwest = {version = "0.12.12", features = ["blocking"] } serde_json = "1.0.139" -hex = "0.4.3" hyper = "1.6.0" rustls = "0.23.23" tower = "0.5.2" @@ -35,7 +34,7 @@ tokio-retry = "0.3.0" detee-sgx = { git = "ssh://git@gitea.detee.cloud/testnet/detee-sgx.git", branch = "hratls", features=["hratls", "qvl"] } shadow-rs = { version = "1.1.1", features = ["metadata"] } -detee-shared = { git = "ssh://git@gitea.detee.cloud/testnet/proto.git", branch = "main" } +detee-shared = { git = "ssh://git@gitea.detee.cloud/testnet/proto.git", branch = "feat_dir_support_dtpm_config" } # detee-shared = { path = "../detee-shared" } [build-dependencies] diff --git a/samples/new_app/new_app_launch_config.yaml b/samples/new_app/new_app_launch_config.yaml index dbdb2fb..4641a86 100644 --- a/samples/new_app/new_app_launch_config.yaml +++ b/samples/new_app/new_app_launch_config.yaml @@ -1,15 +1,21 @@ -filesystems: - # - path: /bin/actix-hello-world - # content: !path "./samples/new_app/binaries/actix-test-app.bin" environments: - name: APP_NAME value: actix-test - name: PORT value: 8080 +# - name: STATIC_DIR +# value: "/static/html_doc" child_processes: - - path: /bin/actix-app-info - arguments: ["pg_1_arg_1", "pg_1_arg_2"] + - path: /bin/actix-static-server + arguments: [] restart: max_retries: 2 delay_seconds: 2 policy: !OnNonZeroExit true +filesystems: + - path: /host + content: !path "./src" + - path: /host + content: !path "./samples" +# - path: /static +# content: !path "./html_doc" \ No newline at end of file diff --git a/src/bin/detee-cli.rs b/src/bin/detee-cli.rs index 93719a8..49086f0 100644 --- a/src/bin/detee-cli.rs +++ b/src/bin/detee-cli.rs @@ -120,8 +120,8 @@ fn clap_cmd() -> Command { .arg( Arg::new("memory") .long("memory") - .default_value("500") - .value_parser(clap::value_parser!(u32).range(200..4050)) + .default_value("1000") + .value_parser(clap::value_parser!(u32).range(1000..8000)) .help("memory in MB") ) .arg( @@ -144,7 +144,7 @@ fn clap_cmd() -> Command { .long("package") .help("Enclave package name") .default_value("base-package") - .value_parser(["base-package", "actix-app-info", "go-app-info"]) + .value_parser(["base-package", "actix-static-server", "actix-app-info", "go-app-info"]) ) .arg( Arg::new("name") diff --git a/src/sgx/cli_handler.rs b/src/sgx/cli_handler.rs index a898ed0..1c21a61 100644 --- a/src/sgx/cli_handler.rs +++ b/src/sgx/cli_handler.rs @@ -2,7 +2,7 @@ use crate::config::Config; use crate::name_generator::random_app_name; use crate::sgx::config::{validate_yaml, DeteeCliExt}; use crate::sgx::grpc_brain::{delete_app, list_contracts}; -use crate::sgx::grpc_dtpm::{attest_and_send_config, get_config_from_enclave}; +use crate::sgx::grpc_dtpm::{get_config, update_config}; use crate::sgx::packaging::package_enclave; use crate::sgx::utils::{ deploy_new_app_and_update_config, fetch_config, override_envs_and_args_launch_config, @@ -227,7 +227,7 @@ fn handle_config_sub_update( (update_matche.get_one::("config"), update_matche.get_one::("uuid")) { let loaded_config = validate_yaml(file_path).unwrap(); - match block_on(attest_and_send_config(loaded_config, uuid)) { + match block_on(update_config(uuid, loaded_config)) { Ok(_) => Ok(SimpleOutput::from("App launch config updated successfully")), Err(e) => Err(Box::new(std::io::Error::other(format!( "Could not attest and update app launch config due to error: {e}" @@ -244,7 +244,7 @@ fn handle_config_sub_get( if let (Some(file_path_to_save), Some(uuid)) = (get_matche.get_one::("path"), get_matche.get_one::("uuid")) { - match block_on(get_config_from_enclave(uuid)) { + match block_on(get_config(uuid)) { Ok(config) => { let config_yaml = serde_yaml::to_string(&config).unwrap(); std::fs::write(file_path_to_save, config_yaml).unwrap(); diff --git a/src/sgx/grpc_dtpm.rs b/src/sgx/grpc_dtpm.rs index 6930279..9a27269 100644 --- a/src/sgx/grpc_dtpm.rs +++ b/src/sgx/grpc_dtpm.rs @@ -1,13 +1,22 @@ use detee_sgx::{prelude::*, HRaTlsConfigBuilder}; -use detee_shared::common_proto::Empty; +use detee_shared::{ + common_proto::Empty, + sgx::{pb::dtpm_proto::DtpmGetConfigRes, types::dtpm::FileEntry}, +}; use hyper_rustls::HttpsConnectorBuilder; use rustls::ClientConfig; use std::sync::{Arc, RwLock}; -use tonic::transport::{Channel, Endpoint}; +use tokio::sync::mpsc; +use tokio_stream::wrappers::ReceiverStream; +use tonic::{ + codec::CompressionEncoding, + transport::{Channel, Endpoint}, +}; use detee_shared::sgx::{ pb::dtpm_proto::{ - dtpm_config_manager_client::DtpmConfigManagerClient, DtpmConfigData, DtpmSetConfigReq, + dtpm_config_manager_client::DtpmConfigManagerClient, DtpmSetConfigReq, + FileEntry as FileEntryPb, }, types::dtpm::DtpmConfig, }; @@ -21,34 +30,26 @@ pub enum Error { DtpmConnection(#[from] tonic::transport::Error), #[error("Received error from DTPM: {}", _0.message())] ResponseStatus(#[from] tonic::Status), - #[error("Hex: {0}")] - HexDecode(#[from] hex::FromHexError), #[error("Disk access error: {0}")] DiskAccess(#[from] std::io::Error), #[error("HRatls: {0}")] SgxHRatls(#[from] detee_sgx::error::SgxError), - #[error("DtpmConfig: {0}")] - DtpmConfig(String), + #[error("Dtpm: {0}")] + Dtpm(String), #[error(transparent)] ConfigError(#[from] crate::config::Error), } type Result = std::result::Result; -pub async fn connect_dtpm_grpc_client( - hratls_uri: String, - package_mr_enclave: Option<[u8; 32]>, -) -> Result> { +pub async fn connect_app_dtpm_client(app_uuid: &str) -> Result> { let private_key_pem = Config::get_hratls_private_key()?; - let mut mr_signer = [0u8; 32]; - hex::decode_to_slice(Config::get_mrsigner()?, &mut mr_signer)?; - let mr_signers = vec![mr_signer]; - let hratls_config = Arc::new(RwLock::new( - HRaTlsConfig::new() - .allow_instance_measurement(InstanceMeasurement::new().with_mrsigners(mr_signers)) - .with_hratls_private_key_pem(private_key_pem), - )); + let (hratls_uri, package_mr_enclave) = hratls_url_and_mr_enclave_from_app_id(app_uuid).await?; + log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &package_mr_enclave); + + let hratls_config = + Arc::new(RwLock::new(HRaTlsConfig::new().with_hratls_private_key_pem(private_key_pem))); if let Some(mr_enclave) = package_mr_enclave { hratls_config.write().unwrap().allow_more_instance_measurement( @@ -65,45 +66,60 @@ pub async fn connect_dtpm_grpc_client( let channel = Endpoint::from_shared(hratls_uri)?.connect_with_connector(connector).await?; - Ok(DtpmConfigManagerClient::new(channel)) + Ok(DtpmConfigManagerClient::new(channel).send_compressed(CompressionEncoding::Zstd)) } -pub async fn attest_and_send_config(loaded_config: DtpmConfig, uuid: &str) -> Result<()> { - let config_data = Some(DtpmConfigData::from(loaded_config)); - let req_data = DtpmSetConfigReq { config_data, ..Default::default() }; +pub async fn update_config(app_uuid: &str, config: DtpmConfig) -> Result<()> { + let dtpm_client = connect_app_dtpm_client(app_uuid).await?; - log::trace!("Decoded the configuration... {:?}", req_data); + upload_files_pb(config.filesystems.clone(), &dtpm_client).await?; + let req = DtpmSetConfigReq { config_data: Some(config.into()), ..Default::default() }; + set_config_pb(req, &dtpm_client).await?; + Ok(()) +} - let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await; - log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave); +pub async fn get_config(app_uuid: &str) -> Result { + let dtpm_client = connect_app_dtpm_client(app_uuid).await?; + let config_res = get_config_pb(&dtpm_client).await?; + let config: DtpmConfig = + config_res.config_data.ok_or(Error::Dtpm("config data not found".to_string()))?.into(); + Ok(config) +} - let client = connect_dtpm_grpc_client(hratls_uri, mr_enclave).await?; +pub async fn upload_files_pb( + reqs: Vec, + client: &DtpmConfigManagerClient, +) -> Result<()> { + let (tx, rx) = mpsc::channel(6); + tokio::spawn(async move { + for file in reqs { + let file_pb: FileEntryPb = file.into(); + let _ = tx.send(file_pb).await; + } + }); - let response = client - .max_decoding_message_size(10240000) - .set_config(tonic::Request::new(req_data)) - .await?; + let fs_stream = ReceiverStream::new(rx); + + let _ = client.clone().upload_files(tonic::Request::new(fs_stream)).await?; + + Ok(()) +} + +pub(crate) async fn set_config_pb( + req: DtpmSetConfigReq, + client: &DtpmConfigManagerClient, +) -> Result<()> { + let response = client.clone().set_config(tonic::Request::new(req)).await?; log::trace!("Received respose from the server...{:?}", response.into_inner()); Ok(()) } -pub async fn get_config_from_enclave(uuid: &str) -> Result { - let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await; - log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave); - - let client = connect_dtpm_grpc_client(hratls_uri, None).await?; - - let mgr_config_pb = client - .max_decoding_message_size(10240000) - .get_config(tonic::Request::new(Empty {})) - .await? - .into_inner(); - - let config: DtpmConfig = mgr_config_pb - .config_data - .ok_or(Error::DtpmConfig("config data not found".to_string()))? - .into(); - Ok(config) +pub(crate) async fn get_config_pb( + client: &DtpmConfigManagerClient, +) -> Result { + let mgr_config_pb = + client.clone().get_config(tonic::Request::new(Empty {})).await?.into_inner(); + Ok(mgr_config_pb) } diff --git a/src/sgx/mod.rs b/src/sgx/mod.rs index 278d8e4..149211f 100644 --- a/src/sgx/mod.rs +++ b/src/sgx/mod.rs @@ -71,24 +71,29 @@ pub struct PackageElement { pub static PACKAGES_INDEX: LazyLock = LazyLock::new(|| { PublicIndex { packages: vec![ + PackageElement{ + package_name: "actix-static-server".to_string(), + package_url: "https://registry.detee.ltd/sgx/packages/actix-static-server_package_2025-04-16_21-27-07.tar.gz".to_string(), + launch_config_url: "https://registry.detee.ltd/sgx/launch_configs/actix-static-server-launch-config_001.yaml".to_string(), + mr_enclave: [97, 9, 55, 254, 254, 21, 143, 123, 239, 36, 47, 228, 8, 224, 114, 237, 159, 40, 32, 244, 54, 253, 126, 19, 13, 86, 42, 142, 248, 20, 89, 58], + }, PackageElement{ package_name: "base-package".to_string(), - package_url: "https://registry.detee.ltd/sgx/packages/base-package_2025-03-25_13-54-06.tar.gz".to_string(), + package_url: "https://registry.detee.ltd/sgx/packages/base_package_2025-04-17_11-01-08.tar.gz".to_string(), launch_config_url: "https://registry.detee.ltd/sgx/launch_configs/base-package-launch-config_001.yaml".to_string(), - mr_enclave: [47, 58, 112, 8, 157, 109, 224, 80, 78, 225, 47, 55, 103, 53, 71, 234, 97, 11, 16, 22, 231, 77, 113, 52, 203, 97, 136, 109, 178, 240, 128, 169], + mr_enclave: [52, 183, 102, 210, 251, 219, 218, 140, 168, 118, 10, 193, 98, 240, 147, 124, 240, 189, 46, 95, 138, 172, 15, 246, 227, 114, 70, 159, 232, 212, 9, 234], }, PackageElement{ package_name: "actix-app-info".to_string(), - package_url: "https://registry.detee.ltd/sgx/packages/actix-app-info_package_2025-03-19_13-49-56.tar.gz".to_string(), + package_url: "https://registry.detee.ltd/sgx/packages/actix-app-info_package_2025-04-16_21-59-38.tar.gz".to_string(), launch_config_url: "https://registry.detee.ltd/sgx/launch_configs/actix-app-info-launch-config_001.yaml".to_string(), - mr_enclave: [ 139, 208, 253, 40, 81, 80, 225, 137, 106, 182, 27, 200, 25, 128, 212, 235, 76, 153, 215, 42, 160, 69, 26, 132, 77, 223, 182, 180, 136, 218, 173, 184 ], + mr_enclave: [128, 0, 97, 103, 165, 103, 68, 203, 240, 145, 153, 254, 34, 129, 75, 140, 8, 186, 63, 226, 144, 129, 201, 187, 175, 66, 80, 1, 151, 114, 183, 159], }, PackageElement{ package_name: "go-app-info".to_string(), - package_url: "https://registry.detee.ltd/sgx/packages/go-gin-app-info_01_package_2025-03-26_11-30-45.tar.gz".to_string(), + package_url: "https://registry.detee.ltd/sgx/packages/go-app-info_package_2025-04-16_21-39-18.tar.gz".to_string(), launch_config_url: "https://registry.detee.ltd/sgx/launch_configs/go-gin-app-info-launch-config_001.yaml".to_string(), - mr_enclave: [239, 153, 28, 180, 45, 214, 226, 253, 140, 243, 34, 120, 146, 198, 75, 43, 205, 229, 33, 160, 62, 22, 244, 123, 213, 37, 186, 93, 177, 8, 129, 170], - + mr_enclave: [188, 233, 211, 196, 237, 6, 46, 236, 229, 173, 239, 94, 99, 172, 233, 37, 255, 20, 54, 212, 172, 30, 182, 71, 219, 76, 78, 11, 72, 68, 46, 204], } ], } diff --git a/src/sgx/packaging.rs b/src/sgx/packaging.rs index 3f98e4f..ae065e3 100644 --- a/src/sgx/packaging.rs +++ b/src/sgx/packaging.rs @@ -18,7 +18,7 @@ pub fn package_enclave( format!( r#"docker run --rm -it -v ./:/app/ \ -v {signing_key_path}:/keys/app_signing_key.pem:ro \ - noormohammedb/enclave_packager_01:pub_v3 {package_items}"# + noormohammedb/enclave_packager_01:pub_v5 {package_items}"# ) } else { format!( diff --git a/src/sgx/utils.rs b/src/sgx/utils.rs index 422c3ee..7d87e9d 100644 --- a/src/sgx/utils.rs +++ b/src/sgx/utils.rs @@ -1,9 +1,12 @@ use crate::constants::HRATLS_APP_PORT; use crate::sgx::get_one_contract; use crate::sgx::grpc_brain::new_app; -use crate::sgx::grpc_dtpm::attest_and_send_config; +use crate::sgx::grpc_dtpm::connect_app_dtpm_client; +use crate::sgx::grpc_dtpm::set_config_pb; +use crate::sgx::grpc_dtpm::upload_files_pb; use crate::sgx::package_entry_from_name; use detee_shared::app_proto::NewAppRes; +use detee_shared::sgx::pb::dtpm_proto::DtpmSetConfigReq; use detee_shared::sgx::types::brain::AppDeployConfig; use detee_shared::sgx::types::dtpm::DtpmConfig; use detee_shared::sgx::types::dtpm::EnvironmentEntry; @@ -17,7 +20,7 @@ pub enum Error { #[error(transparent)] Serde(#[from] serde_yaml::Error), #[error("{0}")] - PublicPackage(std::string::String), + Package(std::string::String), #[error("{0}")] Brain(#[from] crate::sgx::grpc_brain::Error), #[error("{0}")] @@ -26,7 +29,9 @@ pub enum Error { Deployment(String), } -pub async fn hratls_url_and_mr_enclave_from_app_id(app_id: &str) -> (String, Option<[u8; 32]>) { +pub async fn hratls_url_and_mr_enclave_from_app_id( + app_id: &str, +) -> Result<(String, Option<[u8; 32]>), crate::sgx::grpc_dtpm::Error> { let app_contract = get_one_contract(app_id).await; if app_contract.is_err() { eprintln!("Could not find App contract with ID: {}", app_id); @@ -44,15 +49,15 @@ pub async fn hratls_url_and_mr_enclave_from_app_id(app_id: &str) -> (String, Opt .mapped_ports .iter() .find(|port| port.app_port == HRATLS_APP_PORT) - .unwrap() + .ok_or(crate::sgx::grpc_dtpm::Error::Dtpm("Could not find DTMP port".to_string()))? .host_port; - (format!("https://{public_ip}:{dtpm_port}"), mr_enclave) + Ok((format!("https://{public_ip}:{dtpm_port}"), mr_enclave)) } pub async fn fetch_config(package_name: &str) -> Result { let index_package_entry = package_entry_from_name(package_name) - .ok_or(Error::PublicPackage("package not found for ".to_string() + package_name))?; + .ok_or(Error::Package("package not found for ".to_string() + package_name))?; let launch_config_url = index_package_entry.launch_config_url.clone(); @@ -126,13 +131,21 @@ pub async fn deploy_new_app_and_update_config( if new_app_res.error.is_empty() { if let Some(launch_config) = launch_config { - eprintln!("Deploying..."); + eprint!("Deploying..."); tokio::time::sleep(tokio::time::Duration::from_millis(2500)).await; - Retry::spawn(FixedInterval::from_millis(1000).take(10), || { + let dtpm_client = Retry::spawn(FixedInterval::from_millis(1000).take(30), || { log::debug!("retrying attestation and launch config update"); - attest_and_send_config(launch_config.clone(), &new_app_res.uuid) + eprint!("."); + connect_app_dtpm_client(&new_app_res.uuid) }) .await?; + println!(""); + upload_files_pb(launch_config.filesystems.clone(), &dtpm_client).await?; + + let config_data = Some(launch_config.into()); + log::trace!("Decoded the configuration... {:?}", config_data); + let req = DtpmSetConfigReq { config_data, ..Default::default() }; + set_config_pb(req, &dtpm_client).await?; Ok(new_app_res) } else { Ok(new_app_res) -- 2.43.0