Add key-provider build files

kvinwang · kvinwang · commit 44f3eb58c8a0 · 2024-12-26T07:43:05.000Z
diff --git a/key-provider-build/Dockerfile b/key-provider-build/Dockerfile
@@ -0,0 +1,55 @@
+FROM gramineproject/gramine:v1.5
+
+# Prevent timezone prompt by setting noninteractive frontend and configuring tzdata
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Etc/UTC \
+    TZDATA=Etc/UTC \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8
+
+# Set timezone
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+# Install required packages
+RUN apt update && apt install -y \
+    build-essential \
+    chrpath \
+    diffstat \
+    lz4 \
+    python3 \
+    locales \
+    git \
+    file \
+    gawk \
+    wget \
+    curl \
+    libclang-dev \
+    xorriso
+
+# Runtime dependencies
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    sgx-aesm-service \
+    libsgx-aesm-launch-plugin \
+    libsgx-aesm-quote-ex-plugin \
+    libsgx-aesm-ecdsa-plugin \
+    libsgx-dcap-quote-verify \
+    psmisc
+
+# Install Rust
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+RUN git clone https://github.com/MoeMahhouk/gramine-sealing-key-provider.git
+
+WORKDIR /gramine-sealing-key-provider
+# Build gramine-sealing-key-provider binary
+RUN make target/release/gramine-sealing-key-provider
+# Generate private key
+RUN gramine-sgx-gen-private-key
+# Build gramine manifest
+RUN make RUST_LOG=info
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/key-provider-build/docker-compose.yaml b/key-provider-build/docker-compose.yaml
@@ -0,0 +1,16 @@
+services:
+  gramine-sealing-key-provider:
+    container_name: gramine-sealing-key-provider
+    build:
+      context: .
+      dockerfile: Dockerfile
+    privileged: true
+    devices:
+      - "/dev/sgx_enclave:/dev/sgx_enclave"
+      - "/dev/sgx_provision:/dev/sgx_provision"
+    volumes:
+      - ./:/workspace
+    environment:
+      - SGX=1 
+    ports:
+      - "3443:3443"
diff --git a/key-provider-build/entrypoint.sh b/key-provider-build/entrypoint.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -e
+AESM_PATH=/opt/intel/sgx-aesm-service/aesm LD_LIBRARY_PATH=/opt/intel/sgx-aesm-service/aesm /opt/intel/sgx-aesm-service/aesm/aesm_service --no-syslog
+echo "Starting Gramine Sealing Key Provider"
+make SGX=1 run-provider
diff --git a/key-provider-build/run.sh b/key-provider-build/run.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+docker compose up --build

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/bin/sh`
	`2`	`+docker compose up --build`