EnCSharp/Dockerfile at main · DistriNet/EnCSharp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
FROM quay.io/centos/centos:9
SHELL ["/bin/bash", "-c"]
RUN dnf config-manager --set-enabled crb
RUN dnf install \
    https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
    https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm -y
RUN dnf install \
    dotnet-sdk-9.0 clang git gcc llvm make cmake ccache systemd gawk \
    openssl openssl-devel protobuf wget perl libicu-devel -y


RUN mkdir -p /opt/intel
WORKDIR /opt/intel

# Install SGX SDK
RUN wget https://download.01.org/intel-sgx/sgx-linux/2.26/distro/centos-stream9/sgx_linux_x64_sdk_2.26.100.0.bin
RUN sh -c 'echo yes | sh ./sgx_linux_x64_sdk_2.26.100.0.bin'
RUN source /opt/intel/sgxsdk/environment

# Install SGX RPM
RUN wget https://download.01.org/intel-sgx/sgx-linux/2.26/distro/centos-stream9/sgx_rpm_local_repo.tgz
RUN tar -xvzf sgx_rpm_local_repo.tgz
RUN rm ./sgx_rpm_local_repo/tdx-qgs-1.23.100.0-1.el9.x86_64.rpm
RUN rpm -i ./sgx_rpm_local_repo/*.rpm

# Build SGX SSL
# Using custom SGX SSL repo because we need to merge TLS support to the recent update, which
# Intel did not do after two years.
RUN git clone https://github.com/gilanghamidy/intel-sgx-ssl.git
WORKDIR /opt/intel/intel-sgx-ssl/openssl_source
RUN wget https://github.com/openssl/openssl/releases/download/openssl-3.1.8/openssl-3.1.8.tar.gz
WORKDIR /opt/intel/intel-sgx-ssl/Linux

RUN make all
RUN make install

# Copy the EncSharp directory into the container and remove artifact folder if exists
ADD ./ /opt/encsharp/src
RUN rm -rf /opt/encsharp/src/artifact

# # Patch SGX SDK C++ include header to support Clang
RUN sed -i '/#if defined(__clang__)/a #include <__sgx>' /opt/intel/sgxsdk/include/libcxx/__config

WORKDIR /opt/encsharp/src/external/dotnet-runtime/
RUN mkdir -p artifacts/obj/
RUN ./eng/native/version/copy_version_files.sh
WORKDIR /opt/encsharp/src/

RUN dotnet build eng/projects -c Release

# Replace the test projects with SDK style
RUN for i in test/evaluation/**/*.csproj; do \
        sed -i '/<Sdk/d' $i; \
        sed -i '/<Project>/c\<Project Sdk="EnCSharp.Sdk/1.0.0">' $i;\
    done

RUN mkdir -p /opt/encsharp
RUN mv /opt/encsharp/src/test /opt/encsharp/test

# Copy the package to custom nuget package dir
RUN mkdir -p /opt/encsharp/package
RUN cp /opt/encsharp/src/artifact/Unix/package/EnCSharp.Sdk.1.0.0.nupkg /opt/encsharp/package/EnCSharp.Sdk.1.0.0.nupkg

# Add into dotnet nuget source
RUN dotnet nuget add source /opt/encsharp/package/ --name encsharp-local

# Clean up all build sources
RUN rm -rf /opt/encsharp/src /opt/intel/intel-sgx-ssl /opt/intel/sgx_rpm_local_repo /opt/intel/sgx_rpm_local_repo.tgx /opt/intel/sgx_linux_x64_sdk_2.26.100.0.bin
WORKDIR /