-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy gateway backend as sgx #2050
Open
zkokelj
wants to merge
13
commits into
main
Choose a base branch
from
ziga/deploy_gateway_backend_as_sgx
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
8be78fe
Dockerfile, enclave.json and entry.sh added for running gateway insid…
zkokelj 80edc46
Merge branch 'ziga/deploy_gateway_backend_as_sgx' of https://github.c…
zkokelj 20f8d48
run gateway in ego in simulation mode
zkokelj 7417ef6
use same machine and image as our node
zkokelj cd19c22
use smaller version of the VM
zkokelj 47c1ed9
fix
zkokelj b909338
fix sgx issues with converting variables to strings
zkokelj 9160a29
lint
zkokelj 1ab3d38
deploy without a simulation mode
zkokelj 93bca9c
fix description to match actual state
zkokelj f1caef8
switch back to simulation mode
zkokelj 4022673
add devices
zkokelj 09d9087
turn off simulation mode
zkokelj File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Build Stages: | ||
# build-base = downloads modules and prepares the directory for compilation. Based on the ego-dev image | ||
# build-enclave = copies over the actual source code of the project and builds it using a compiler cache | ||
# deploy = copies over only the enclave executable without the source | ||
# in a lightweight base image specialized for deployment | ||
|
||
# Final container folder structure: | ||
# /home/ten/go-ten/tools/walletextension/main contains the executable for the enclave | ||
|
||
|
||
FROM ghcr.io/edgelesssys/ego-dev:v1.5.3 AS build-base | ||
|
||
# setup container data structure | ||
RUN mkdir -p /home/ten/go-ten | ||
|
||
# Ensures container layer caching when dependencies are not changed | ||
WORKDIR /home/ten/go-ten | ||
COPY go.mod . | ||
COPY go.sum . | ||
RUN ego-go mod download | ||
|
||
|
||
# Trigger new build stage for compiling the enclave | ||
FROM build-base AS build-enclave | ||
COPY . . | ||
|
||
WORKDIR /home/ten/go-ten/tools/walletextension/main | ||
|
||
# Build the enclave using the cross image build cache. | ||
RUN --mount=type=cache,target=/root/.cache/go-build \ | ||
ego-go build | ||
|
||
# Sign the enclave executable | ||
RUN ego sign enclave.json | ||
|
||
|
||
# Trigger a new build stage and use the smaller ego version: | ||
FROM ghcr.io/edgelesssys/ego-deploy:v1.5.3 | ||
|
||
# Copy just the binary for the enclave into this build stage | ||
COPY --from=build-enclave \ | ||
/home/ten/go-ten/tools/walletextension/main /home/ten/go-ten/tools/walletextension/main | ||
|
||
WORKDIR /home/ten/go-ten/tools/walletextension/main | ||
|
||
# simulation mode is ACTIVE by default | ||
ENV OE_SIMULATION=1 | ||
EXPOSE 3000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{ | ||
"exe": "main", | ||
"key": "testnet.pem", | ||
"debug": true, | ||
"heapSize": 4096, | ||
"executableHeap": true, | ||
"productID": 1, | ||
"securityVersion": 1, | ||
"env": [ | ||
{ | ||
"name": "TESTMODE", | ||
"value": "false" | ||
} | ||
], | ||
"files": [ | ||
{ | ||
"source": "../storage/database/mariadb/001_init.sql", | ||
"target": "/home/ten/go-ten/tools/walletextension/storage/database/mariadb/001_init.sql" | ||
}, | ||
{ | ||
"source": "../storage/database/mariadb/002_store_incoming_txs.sql", | ||
"target": "/home/ten/go-ten/tools/walletextension/storage/database/mariadb/002_store_incoming_txs.sql" | ||
}, | ||
{ | ||
"source": "../storage/database/mariadb/003_add_signature_type.sql", | ||
"target": "/home/ten/go-ten/tools/walletextension/storage/database/mariadb/003_add_signature_type.sql" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/bin/sh | ||
set -e | ||
# | ||
# This script is the entry point for starting the enclave under a Docker container. | ||
# It allows running SGX sdk using different parameters. | ||
# | ||
|
||
# It's expected to be a link between the /dev/sgx_enclave Docker device and the container /dev/sgx/enclave | ||
mkdir -p /dev/sgx | ||
if [ ! -L /dev/sgx/enclave ]; then | ||
ln -s /dev/sgx_enclave /dev/sgx/enclave | ||
fi | ||
|
||
PCCS_URL=https://global.acccache.azure.net/sgx/certification/v4/ | ||
echo "PCCS_URL: ${PCCS_URL}" | ||
|
||
apt-get install -qq libsgx-dcap-default-qpl | ||
|
||
echo "PCCS_URL=${PCCS_URL}\nUSE_SECURE_CERT=FALSE" > /etc/sgx_default_qcnl.conf | ||
|
||
"$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this comment here is not accurate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed