Merge pull request #922 from intel/docker_build_fix

PSW: fix docker build and psw bin installer for urts version update

Author: haitaohuang

docker/build/Dockerfile

@@ -59,6 +59,7 @@ RUN make sdk_install_pkg_no_mitigation
 WORKDIR /opt/intel
 RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin'
 
+ENV SGX_SDK=/opt/intel/sgxsdk
 WORKDIR /linux-sgx
 RUN make psw_install_pkg
 

docker/build/build_and_run_aesm_deb_docker.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# Copyright (C) 2022 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+set -e
+docker build --target aesm_deb --build-arg https_proxy=$https_proxy \
+             --build-arg http_proxy=$http_proxy -t sgx_aesm_deb -f ./Dockerfile ../../
+
+docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=rw aesmd-socket
+
+# If you use the Legacy Launch Control driver, replace /dev/sgx_enclave with /dev/isgx, and remove
+# --device=/dev/sgx_provision
+
+docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave --device=/dev/sgx_provision -v /dev/log:/dev/log -v aesmd-socket:/var/run/aesmd -it sgx_aesm_deb

docker/build/build_and_run_aesm_docker.sh

@@ -35,7 +35,7 @@ docker build --target aesm --build-arg https_proxy=$https_proxy \
 
 docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=rw aesmd-socket
 
-# If you use the Legacy Launch Control driver, replace /dev/sgx/enclave with /dev/isgx, and remove
-# --device=/dev/sgx/provision
+# If you use the Legacy Launch Control driver, replace /dev/sgx_enclave with /dev/isgx, and remove
+# --device=/dev/sgx_provision
 
-docker run --env http_proxy --env https_proxy --device=/dev/sgx/enclave --device=/dev/sgx/provision -v /dev/log:/dev/log -v aesmd-socket:/var/run/aesmd -it sgx_aesm
+docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave --device=/dev/sgx_provision -v /dev/log:/dev/log -v aesmd-socket:/var/run/aesmd -it sgx_aesm

docker/build/build_and_run_qgs_docker.sh

@@ -35,7 +35,7 @@ docker build --target qgs --build-arg https_proxy=$https_proxy \
 
 docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=rw qgs-socket
 
-# If you use the Legacy Launch Control driver, replace /dev/sgx/enclave with /dev/isgx, and remove
-# --device=/dev/sgx/provision
+# If you use the Legacy Launch Control driver, replace /dev/sgx_enclave with /dev/isgx, and remove
+# --device=/dev/sgx_provision
 
-docker run --device=/dev/sgx/enclave --device=/dev/sgx/provision -v /dev/log:/dev/log -v qgs-socket:/var/run/tdx-qgs/ -it --add-host=host.docker.internal:host-gateway tdx_qgs /opt/intel/tdx-qgs/qgs --no-daemon
+docker run --device=/dev/sgx_enclave --device=/dev/sgx_provision -v /dev/log:/dev/log -v qgs-socket:/var/run/tdx-qgs/ -it --add-host=host.docker.internal:host-gateway tdx_qgs /opt/intel/tdx-qgs/qgs --no-daemon

docker/build/build_and_run_sample_deb_docker.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Copyright (C) 2022 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+set -e
+docker build --target sample_deb --build-arg https_proxy=$https_proxy \
+             --build-arg http_proxy=$http_proxy -t sgx_sample_deb -f ./Dockerfile ../../
+
+# Another container should expose AESM and its socket in aesmd-socket volume.
+# Replace /dev/sgx_enclave with /dev/isgx if you use the Legacy Launch Control driver
+docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave -v aesmd-socket:/var/run/aesmd -it sgx_sample_deb

docker/build/build_and_run_sample_docker.sh

@@ -34,5 +34,5 @@ docker build --target sample --build-arg https_proxy=$https_proxy \
              --build-arg http_proxy=$http_proxy -t sgx_sample -f ./Dockerfile ../../
 
 # Another container should expose AESM and its socket in aesmd-socket volume.
-# Replace /dev/sgx/enclave with /dev/isgx if you use the Legacy Launch Control driver
-docker run --env http_proxy --env https_proxy --device=/dev/sgx/enclave -v aesmd-socket:/var/run/aesmd -it sgx_sample
+# Replace /dev/sgx_enclave with /dev/isgx if you use the Legacy Launch Control driver
+docker run --env http_proxy --env https_proxy --device=/dev/sgx_enclave -v aesmd-socket:/var/run/aesmd -it sgx_sample

linux/installer/common/psw/Makefile

@@ -46,6 +46,8 @@ ECL_VER=1.0.0
 LCH_VER=1.0.0
 EPID_VER=1.0.0
 QEX_VER=1.0.0
+URTS_VER:= 2.0.0.0
+QE3L_VER:=1.0.0
 
 default:
 
@@ -63,6 +65,9 @@ install:
 	mv $(PSW_LIB_PATH)/libsgx_enclave_common.so $(USR_LIB_PATH)
 	rmdir $(PSW_LIB_PATH)
 	cd $(USR_LIB_PATH) && \
+	mv libsgx_urts.so libsgx_urts.so.$(URTS_VER) && \
+	ln -fs libsgx_urts.so.$(URTS_VER) libsgx_urts.so.$(call SPLIT_VERSION,$(URTS_VER),1) && \
+	ln -fs libsgx_urts.so.$(call SPLIT_VERSION,$(URTS_VER),1) libsgx_urts.so &&\
 	mv libsgx_enclave_common.so libsgx_enclave_common.so.$(ECL_VER) && \
 	ln -fs libsgx_enclave_common.so.$(ECL_VER) libsgx_enclave_common.so.$(call SPLIT_VERSION,$(ECL_VER),1) && \
 	ln -fs libsgx_enclave_common.so.$(call SPLIT_VERSION,$(ECL_VER),1) libsgx_enclave_common.so && \
@@ -76,4 +81,5 @@ install:
 	ln -fs libsgx_quote_ex.so.$(QEX_VER) libsgx_quote_ex.so.$(call SPLIT_VERSION,$(QEX_VER),1) && \
 	ln -fs libsgx_quote_ex.so.$(call SPLIT_VERSION,$(QEX_VER),1) libsgx_quote_ex.so
 	cd $(INSTALL_PATH)/aesm && \
-	ln -fs liburts_internal.so libsgx_urts.so
+	ln -fs liburts_internal.so libsgx_urts.so.$(call SPLIT_VERSION,$(URTS_VER),1) && \
+	ln -fs libsgx_qe3_logic.so.$(call SPLIT_VERSION,$(QE3L_VER),1) libsgx_qe3_logic.so