-
Notifications
You must be signed in to change notification settings - Fork 14
/
Makefile
117 lines (94 loc) · 3.61 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Copyright 2024 Signal Messenger, LLC
# SPDX-License-Identifier: AGPL-3.0-only
dockall: docker_all
.PHONY: host
.PHONY: enclave
all: validate host enclave cmds
MAKE_ARGS ?=
ARCH ?= $(shell arch)
ifeq ($(ARCH),arm64)
MAKE_ARGS += 'GO_TEST_FLAGS=-short' # long tests can cause qemu crashes in x86 emulation
endif
validate:
$(MAKE) $(MAKE_ARGS) -C enclave validate
$(MAKE) $(MAKE_ARGS) -C host validate
./check_copyrights.sh
git:
git submodule init || true
git submodule update --recursive --init || true
git submodule update --recursive || true
ETARGET ?= all
enclave: | git
$(MAKE) $(MAKE_ARGS) -C enclave $(ETARGET)
enclave_test: | git
$(MAKE) $(MAKE_ARGS) -C enclave test
enclave_valgrind: enclave_test | git
$(MAKE) $(MAKE_ARGS) -C enclave valgrind
host: enclave | git
$(MAKE) $(MAKE_ARGS) -C host all
cmds: | git
$(MAKE) $(MAKE_ARGS) -C host cmds
clean:
$(MAKE) $(MAKE_ARGS) -C enclave clean
$(MAKE) $(MAKE_ARGS) -C host clean
rm -rf docker/build
rm -rf .cargohome/* .cargohome/.*cache* .cargotarget/*
dockerbase: | git
[ "" != "$(SKIP_DOCKER_BUILD)" ] || \
docker buildx build $(DOCKER_BUILD_ARGS) --load -f docker/Dockerfile -t svr2_buildenv --target=builder .
enclave_releaser: enclave host # depends on 'host' so its tests will run
cp -vn enclave/build/enclave.signed "enclave/releases/sgx/default.$$(/opt/openenclave/bin/oesign dump -e enclave/build/enclave.signed | fgrep -i mrenclave | cut -d '=' -f2)"
cp -vn enclave/build/enclave.small "enclave/releases/sgx/small.$$(/opt/openenclave/bin/oesign dump -e enclave/build/enclave.small | fgrep -i mrenclave | cut -d '=' -f2)"
### Remaining targets run docker/packer and should be run directly on the host (not with docker_) ###
OS:=$(shell uname -s)
ifeq ($(OS), Linux)
PARALLEL ?= $(shell cat /proc/cpuinfo | grep '^cpu cores' | awk 'BEGIN { sum = 1 } { sum += $$4 } END { print sum }')
endif
ifeq ($(OS), Darwin)
PARALLEL ?= $(shell sysctl -n hw.ncpu)
endif
DOCKER_MAKE_ARGS ?= -j$(PARALLEL) MAKE_ARGS='$(MAKE_ARGS)'
DOCKER_RUN_ARGS ?=
DOCKER_BUILD_ARGS ?=
docker_%: dockerbase
docker run \
-v "$$(pwd):/src" \
-u "$$(id -u):$$(id -g)" \
$(DOCKER_RUN_ARGS) \
svr2_buildenv /bin/bash -c "make V=$(V) $(DOCKER_MAKE_ARGS) $*"
dockersh: dockerbase
docker run --rm -it \
-v "$$(pwd):/src" \
-u "$$(id -u):$$(id -g)" \
-e "TERM=xterm-256color" \
$(DOCKER_RUN_ARGS) \
svr2_buildenv
docker/build/nsmrun.tar: docker_enclave
mkdir -p docker/build
docker run --rm \
-v $${PWD}:/workspace \
gcr.io/kaniko-project/executor@sha256:7914350eda14b43f3dcc6925afca88d6b7ba5dff13d221bb70ef44d4da73a1e8 \
--dockerfile /workspace/docker/Dockerfile --context dir:///workspace/ \
--reproducible --no-push --skip-unused-stages \
--destination svr2_nsmrun:latest \
--custom-platform linux/amd64 \
--tar-path /workspace/docker/build/nsmrun.tar \
--target nsmrun
nsmrun: docker/build/nsmrun.tar
docker load < docker/build/nsmrun.tar
enclave_release: docker_enclave_releaser nsmrun
docker buildx build $(DOCKER_BUILD_ARGS) --load -f docker/Dockerfile -t svr2_nsmeif --target=nsmeif .
docker buildx build $(DOCKER_BUILD_ARGS) --load -f docker/Dockerfile -t svr2_sgxrun --target=sgxrun .
docker run $(DOCKER_RUN_ARGS) --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $${PWD}/enclave/releases/nitro:/out/ \
-u "0:0" \
-e "TERM=xterm-256color" \
-e "DOCKER_IMAGE=svr2_nsmrun:latest" \
-e "OUTPUT_DIR=/out" \
-e "CHOWN_TO=$$(id -u):$$(id -g)" \
svr2_nsmeif:latest
docker buildx build $(DOCKER_BUILD_ARGS) --load -f docker/Dockerfile -t svr2_nsmhost --target=nsmhost .
.PHONY: trustedimage
trustedimage:
$(MAKE) -C trustedimage