Skip to content

Commit ba44c36

Browse files
gbryant-armgbryant-arm
committed
Adjust end-to-end deployment scripts
1 parent 12d1277 commit ba44c36

File tree

2 files changed

+70
-52
lines changed

2 files changed

+70
-52
lines changed

deploy_vod_big_linux.sh

Lines changed: 35 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,9 @@ RUNTIME_MANAGER_PATH="$VERACRUZ_PATH/workspaces/$BACKEND-runtime/target/$PROFILE
1212
PROGRAM_PATH="."
1313
DATA_PATH="program_data"
1414
POLICY_PATH="policy.json"
15-
INPUT_VIDEO_PATH="in.h264"
15+
INPUT_VIDEO_PATH="in_enc.h264"
16+
KEY_PATH="key"
17+
IV_PATH="iv"
1618

1719
CA_CERT_CONF_PATH="$VERACRUZ_PATH/workspaces/ca-cert.conf"
1820
CERT_CONF_PATH="$VERACRUZ_PATH/workspaces/cert.conf"
@@ -22,10 +24,10 @@ PROGRAM_CLIENT_CERT_PATH="program_client_cert.pem"
2224
PROGRAM_CLIENT_KEY_PATH="program_client_key.pem"
2325
DATA_CLIENT_CERT_PATH="data_client_cert.pem"
2426
DATA_CLIENT_KEY_PATH="data_client_key.pem"
25-
VIDEO_CLIENT_CERT_PATH="video_client_cert.pem"
26-
VIDEO_CLIENT_KEY_PATH="video_client_key.pem"
27-
RESULT_CLIENT_CERT_PATH="result_client_cert.pem"
28-
RESULT_CLIENT_KEY_PATH="result_client_key.pem"
27+
S3_APP_CLIENT_CERT_PATH="s3_app_client_cert.pem"
28+
S3_APP_CLIENT_KEY_PATH="s3_app_client_key.pem"
29+
USER_CLIENT_CERT_PATH="user_client_cert.pem"
30+
USER_CLIENT_KEY_PATH="user_client_key.pem"
2931

3032
SERVER_LOG="server.log"
3133

@@ -38,14 +40,14 @@ killall -9 proxy-attestation-server veracruz-server veracruz-client runtime_encl
3840

3941
echo "=============Generating certificates & keys if necessary"
4042
if [ ! -f $CA_CERT_PATH ] || [ ! -f $CA_KEY_PATH ]; then
41-
echo "=============Generating $CA_CERT_PATH and $CA_KEY_PATH"
42-
openssl ecparam -name prime256v1 -genkey > $CA_KEY_PATH
43-
openssl req -x509 \
44-
-key $CA_KEY_PATH \
45-
-out $CA_CERT_PATH \
46-
-config $CA_CERT_CONF_PATH
43+
echo "=============Generating $CA_CERT_PATH and $CA_KEY_PATH"
44+
openssl ecparam -name prime256v1 -genkey > $CA_KEY_PATH
45+
openssl req -x509 \
46+
-key $CA_KEY_PATH \
47+
-out $CA_CERT_PATH \
48+
-config $CA_CERT_CONF_PATH
4749
fi
48-
for i in "$PROGRAM_CLIENT_CERT_PATH $PROGRAM_CLIENT_KEY_PATH" "$DATA_CLIENT_CERT_PATH $DATA_CLIENT_KEY_PATH" "$VIDEO_CLIENT_CERT_PATH $VIDEO_CLIENT_KEY_PATH" "$RESULT_CLIENT_CERT_PATH $RESULT_CLIENT_KEY_PATH"; do
50+
for i in "$PROGRAM_CLIENT_CERT_PATH $PROGRAM_CLIENT_KEY_PATH" "$DATA_CLIENT_CERT_PATH $DATA_CLIENT_KEY_PATH" "$S3_APP_CLIENT_CERT_PATH $S3_APP_CLIENT_KEY_PATH" "$USER_CLIENT_CERT_PATH $USER_CLIENT_KEY_PATH"; do
4951
set -- $i
5052
if [ ! -f $1 ] || [ ! -f $2 ]; then
5153
echo "=============Generating $1 and $2"
@@ -73,12 +75,12 @@ $POLICY_GENERATOR_PATH \
7375
--capability "/program/:w" \
7476
--certificate $DATA_CLIENT_CERT_PATH \
7577
--capability "/program_data/:w" \
76-
--certificate $VIDEO_CLIENT_CERT_PATH \
77-
--capability "/video_input/:w" \
78-
--certificate $RESULT_CLIENT_CERT_PATH \
79-
--capability "/program/:x,/output/:r,stdout:r,stderr:r" \
78+
--certificate $S3_APP_CLIENT_CERT_PATH \
79+
--capability "/s3_app_input/:w" \
80+
--certificate $USER_CLIENT_CERT_PATH \
81+
--capability "/program/:x,/user_input/:w,/output/:r,stdout:r,stderr:r" \
8082
--binary /program/detector.wasm=$PROGRAM_PATH/detector.wasm \
81-
--capability "/program_data/:r,/video_input/:r,/program_internal/:rw,/output/:w,stdout:w,stderr:w" \
83+
--capability "/program_data/:r,/s3_app_input/:r,/user_input/:r,/program_internal/:rw,/output/:w,stdout:w,stderr:w" \
8284
--output-policy-file $POLICY_PATH
8385

8486

@@ -120,22 +122,29 @@ RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
120122

121123
echo "=============Provisioning video"
122124
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
123-
--data /video_input/in.h264=$INPUT_VIDEO_PATH \
124-
--identity $VIDEO_CLIENT_CERT_PATH \
125-
--key $VIDEO_CLIENT_KEY_PATH
125+
--data /s3_app_input/in_enc.h264=$INPUT_VIDEO_PATH \
126+
--identity $S3_APP_CLIENT_CERT_PATH \
127+
--key $S3_APP_CLIENT_KEY_PATH
128+
129+
echo "=============Provisioning keying material"
130+
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
131+
--data /user_input/key=$KEY_PATH \
132+
--data /user_input/iv=$IV_PATH \
133+
--identity $USER_CLIENT_CERT_PATH \
134+
--key $USER_CLIENT_KEY_PATH
126135

127136
echo "=============Requesting computation"
128137
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
129138
--compute /program/detector.wasm \
130-
--identity $RESULT_CLIENT_CERT_PATH \
131-
--key $RESULT_CLIENT_KEY_PATH
139+
--identity $USER_CLIENT_CERT_PATH \
140+
--key $USER_CLIENT_KEY_PATH
132141

133142
echo "=============Querying results (stdout and stderr)"
134143
dump=$(RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
135144
--result stdout=- \
136145
--result stderr=- \
137-
--identity $RESULT_CLIENT_CERT_PATH \
138-
--key $RESULT_CLIENT_KEY_PATH \
146+
--identity $USER_CLIENT_CERT_PATH \
147+
--key $USER_CLIENT_KEY_PATH \
139148
-n)
140149
echo "$dump"
141150
frame_count=$(echo "$dump" | grep "^Frames:" | awk '{print $2}')
@@ -146,5 +155,5 @@ for ((i=0;i<frame_count;i++)); do
146155
done
147156
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
148157
$result_line \
149-
--identity $RESULT_CLIENT_CERT_PATH \
150-
--key $RESULT_CLIENT_KEY_PATH
158+
--identity $USER_CLIENT_CERT_PATH \
159+
--key $USER_CLIENT_KEY_PATH

deploy_vod_big_nitro.sh

Lines changed: 35 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,9 @@ PCR0_PATH="$VERACRUZ_PATH/workspaces/$BACKEND-runtime/PCR0"
1313
PROGRAM_PATH="."
1414
DATA_PATH="program_data"
1515
POLICY_PATH="policy.json"
16-
INPUT_VIDEO_PATH="in.h264"
16+
INPUT_VIDEO_PATH="in_enc.h264"
17+
KEY_PATH="key"
18+
IV_PATH="iv"
1719

1820
CA_CERT_CONF_PATH="$VERACRUZ_PATH/workspaces/ca-cert.conf"
1921
CERT_CONF_PATH="$VERACRUZ_PATH/workspaces/cert.conf"
@@ -23,10 +25,10 @@ PROGRAM_CLIENT_CERT_PATH="program_client_cert.pem"
2325
PROGRAM_CLIENT_KEY_PATH="program_client_key.pem"
2426
DATA_CLIENT_CERT_PATH="data_client_cert.pem"
2527
DATA_CLIENT_KEY_PATH="data_client_key.pem"
26-
VIDEO_CLIENT_CERT_PATH="video_client_cert.pem"
27-
VIDEO_CLIENT_KEY_PATH="video_client_key.pem"
28-
RESULT_CLIENT_CERT_PATH="result_client_cert.pem"
29-
RESULT_CLIENT_KEY_PATH="result_client_key.pem"
28+
S3_APP_CLIENT_CERT_PATH="s3_app_client_cert.pem"
29+
S3_APP_CLIENT_KEY_PATH="s3_app_client_key.pem"
30+
USER_CLIENT_CERT_PATH="user_client_cert.pem"
31+
USER_CLIENT_KEY_PATH="user_client_key.pem"
3032

3133
SERVER_LOG="server.log"
3234
NITRO_LOG="nitro.log"
@@ -41,14 +43,14 @@ nitro-cli terminate-enclave --all || exit
4143

4244
echo "=============Generating certificates & keys if necessary"
4345
if [ ! -f $CA_CERT_PATH ] || [ ! -f $CA_KEY_PATH ]; then
44-
echo "=============Generating $CA_CERT_PATH and $CA_KEY_PATH"
45-
openssl ecparam -name prime256v1 -genkey > $CA_KEY_PATH
46-
openssl req -x509 \
47-
-key $CA_KEY_PATH \
48-
-out $CA_CERT_PATH \
49-
-config $CA_CERT_CONF_PATH
46+
echo "=============Generating $CA_CERT_PATH and $CA_KEY_PATH"
47+
openssl ecparam -name prime256v1 -genkey > $CA_KEY_PATH
48+
openssl req -x509 \
49+
-key $CA_KEY_PATH \
50+
-out $CA_CERT_PATH \
51+
-config $CA_CERT_CONF_PATH
5052
fi
51-
for i in "$PROGRAM_CLIENT_CERT_PATH $PROGRAM_CLIENT_KEY_PATH" "$DATA_CLIENT_CERT_PATH $DATA_CLIENT_KEY_PATH" "$VIDEO_CLIENT_CERT_PATH $VIDEO_CLIENT_KEY_PATH" "$RESULT_CLIENT_CERT_PATH $RESULT_CLIENT_KEY_PATH"; do
53+
for i in "$PROGRAM_CLIENT_CERT_PATH $PROGRAM_CLIENT_KEY_PATH" "$DATA_CLIENT_CERT_PATH $DATA_CLIENT_KEY_PATH" "$S3_APP_CLIENT_CERT_PATH $S3_APP_CLIENT_KEY_PATH" "$USER_CLIENT_CERT_PATH $USER_CLIENT_KEY_PATH"; do
5254
set -- $i
5355
if [ ! -f $1 ] || [ ! -f $2 ]; then
5456
echo "=============Generating $1 and $2"
@@ -76,12 +78,12 @@ $POLICY_GENERATOR_PATH \
7678
--capability "/program/:w" \
7779
--certificate $DATA_CLIENT_CERT_PATH \
7880
--capability "/program_data/:w" \
79-
--certificate $VIDEO_CLIENT_CERT_PATH \
80-
--capability "/video_input/:w" \
81-
--certificate $RESULT_CLIENT_CERT_PATH \
82-
--capability "/program/:x,/output/:r,stdout:r,stderr:r" \
81+
--certificate $S3_APP_CLIENT_CERT_PATH \
82+
--capability "/s3_app_input/:w" \
83+
--certificate $USER_CLIENT_CERT_PATH \
84+
--capability "/program/:x,/user_input/:w,/output/:r,stdout:r,stderr:r" \
8385
--binary /program/detector.wasm=$PROGRAM_PATH/detector.wasm \
84-
--capability "/program_data/:r,/video_input/:r,/program_internal/:rw,/output/:w,stdout:w,stderr:w" \
86+
--capability "/program_data/:r,/s3_app_input/:r,/user_input/:r,/program_internal/:rw,/output/:w,stdout:w,stderr:w" \
8587
--output-policy-file $POLICY_PATH
8688

8789

@@ -129,22 +131,29 @@ RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
129131

130132
echo "=============Provisioning video"
131133
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
132-
--data /video_input/in.h264=$INPUT_VIDEO_PATH \
133-
--identity $VIDEO_CLIENT_CERT_PATH \
134-
--key $VIDEO_CLIENT_KEY_PATH
134+
--data /s3_app_input/in_enc.h264=$INPUT_VIDEO_PATH \
135+
--identity $S3_APP_CLIENT_CERT_PATH \
136+
--key $S3_APP_CLIENT_KEY_PATH
137+
138+
echo "=============Provisioning keying material"
139+
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
140+
--data /user_input/key=$KEY_PATH \
141+
--data /user_input/iv=$IV_PATH \
142+
--identity $USER_CLIENT_CERT_PATH \
143+
--key $USER_CLIENT_KEY_PATH
135144

136145
echo "=============Requesting computation"
137146
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
138147
--compute /program/detector.wasm \
139-
--identity $RESULT_CLIENT_CERT_PATH \
140-
--key $RESULT_CLIENT_KEY_PATH
148+
--identity $USER_CLIENT_CERT_PATH \
149+
--key $USER_CLIENT_KEY_PATH
141150

142151
echo "=============Querying results (stdout and stderr)"
143152
dump=$(RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
144153
--result stdout=- \
145154
--result stderr=- \
146-
--identity $RESULT_CLIENT_CERT_PATH \
147-
--key $RESULT_CLIENT_KEY_PATH \
155+
--identity $USER_CLIENT_CERT_PATH \
156+
--key $USER_CLIENT_KEY_PATH \
148157
-n)
149158
echo "$dump"
150159
frame_count=$(echo "$dump" | grep "^Frames:" | awk '{print $2}')
@@ -155,5 +164,5 @@ for ((i=0;i<frame_count;i++)); do
155164
done
156165
RUST_LOG=error $CLIENT_PATH $POLICY_PATH \
157166
$result_line \
158-
--identity $RESULT_CLIENT_CERT_PATH \
159-
--key $RESULT_CLIENT_KEY_PATH
167+
--identity $USER_CLIENT_CERT_PATH \
168+
--key $USER_CLIENT_KEY_PATH

0 commit comments

Comments
 (0)