Gramine Integartion with Avalon #775
Conversation
ntk97
requested review from
danintel,
dcmiddle,
EugeneYYY,
karthikamurthy,
manju956,
pankajgoyal2,
Ram-srini,
rranjan3,
SriharshaSubbakrishna and
TomBarnes
as code owners
ntk97
force-pushed
the
Gramine_Integration
branch
from
324b2c5
to
b445a2e
Compare
| echo $LIST_MANIFEST_FILES | ||
|
|
||
| MANIFEST_FILE="${TCF_HOME}tc/graphene/python_worker/graphene_sgx/manifest/avalon.manifest" | ||
| echo $MANIFEST_FILE |
There was a problem hiding this comment.
Need to print manifest filename? You could remove if added for debugging.
There was a problem hiding this comment.
Added for debugging purpose, removed now
|
|
||
| # Build image | ||
| echo "Build unsigned GSC image" | ||
| ./gsc build --insecure-args $IMAGE_NAME $LIST_MANIFEST_FILES | ||
| sudo ./gsc build --insecure-args $IMAGE_NAME $MANIFEST_FILE |
There was a problem hiding this comment.
Why sudo needed here? gsc binary should run with user permission itself.
There was a problem hiding this comment.
yes, sudo is not required. gsc runs with user permission, tested with gramine production release.
Removed sudo, in all the gsc build scripts
| sudo ./gsc sign-image $IMAGE_NAME $SIGN_KEY_FILE | ||
|
|
||
| # Retrieve SGX-related information from graphenized image using gsc info-image | ||
| # sudo ./gsc info-image $IMAGE_NAME |
| @@ -0,0 +1,34 @@ | |||
| #!/usr/bin/env python | |||
|
|
|||
| # Copyright 2020 Intel Corporation | |||
enclave_manager/Dockerfile-graphene
Outdated
| @@ -167,7 +167,7 @@ COPY ./enclave_manager/Makefile-graphene /project/avalon/enclave_manager/ | |||
| COPY ./enclave_manager/avalon_enclave_manager/*.py /project/avalon/enclave_manager/avalon_enclave_manager/ | |||
| COPY ./enclave_manager/avalon_enclave_manager/${ENCLAVE_TYPE} /project/avalon/enclave_manager/avalon_enclave_manager/${ENCLAVE_TYPE} | |||
| COPY ./enclave_manager/avalon_enclave_manager/wpe_common /project/avalon/enclave_manager/avalon_enclave_manager/wpe_common | |||
| COPY ./wpe_mr_enclave.txt /project/avalon/ | |||
| # COPY ./wpe_mr_enclave.txt /project/avalon/ | |||
| done | ||
| echo $LIST_MANIFEST_FILES | ||
|
|
||
| MANIFEST_FILE="./avalon.manifest" #"${TCF_HOME}tc/graphene/python_worker/graphene_sgx/manifest/python.manifest" |
There was a problem hiding this comment.
its better to address file with absolute path than relative path, it leads to bugs if run from different paths
There was a problem hiding this comment.
Addressed the file with absolute path.
|
|
||
| # Build image | ||
| echo "Build unsigned GSC image" | ||
| ./gsc build --insecure-args $IMAGE_NAME $LIST_MANIFEST_FILES | ||
| sudo ./gsc build --insecure-args $IMAGE_NAME $MANIFEST_FILE |
There was a problem hiding this comment.
remove sudo here and everywhere
|
@manju956, Have addressed all the review comments and appended the changes to the same commit itself. |
DCO check failed. Include sign-off while creating commit and push |
This PR has the changes required to integrate @Gramine with Avalon.
Changes includes: