You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by sh...@apache.org on 2022/11/11 05:18:23 UTC
[incubator-teaclave-java-tee-sdk] 43/48: [sdk] Update build and deploy in JavaEnclave
This is an automated email from the ASF dual-hosted git repository.
shaojunwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 033f9b85bd8fc455e0a652c86088edbc56718f20
Author: jeffery.wsj <je...@alibaba-inc.com>
AuthorDate: Thu Aug 25 19:30:51 2022 +0800
[sdk] Update build and deploy in JavaEnclave
Summary: Optimize building and deploying process in JavaEnclave.
Test Plan: all tests pass
Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh
Issue: https://aone.alibaba-inc.com/task/44433361
CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9882860
---
benchmark/guomi/pom.xml | 2 +-
build.sh | 35 ++---
samples/springboot/pom.xml | 2 +-
test/pom.xml | 2 +-
third-party-libs/bouncycastle-native/pom.xml | 2 +-
tools/cicd/Dockerfile | 45 -------
tools/cicd/dockerfile_base | 45 +++++++
tools/cicd/dockerfile_release | 7 +
tools/cicd/make.sh | 194 +++++++++++++++++++++++----
9 files changed, 241 insertions(+), 93 deletions(-)
diff --git a/benchmark/guomi/pom.xml b/benchmark/guomi/pom.xml
index 08f51eb..3f4a9ec 100644
--- a/benchmark/guomi/pom.xml
+++ b/benchmark/guomi/pom.xml
@@ -49,7 +49,7 @@
<dependency>
<groupId>com.alibaba.confidentialcomputing</groupId>
<artifactId>bouncycastle-native</artifactId>
- <version>1.0-SNAPSHOT</version>
+ <version>0.1.0</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
diff --git a/build.sh b/build.sh
index e6338da..0333b68 100755
--- a/build.sh
+++ b/build.sh
@@ -1,29 +1,34 @@
#!/bin/bash
+STAGE=$1
+
# set sgx enclave remote attestation PCCS_URL.
echo "PCCS_URL=${PCCS_URL}" > /etc/sgx_default_qcnl.conf
echo "USE_SECURE_CERT=TRUE" >> /etc/sgx_default_qcnl.conf
# parse shell file's path location.
SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
-
cd "${SHELL_FOLDER}"
-# fix occlum aesm service issue.
-sed -i '128,129s/.*//g' /opt/occlum/build/bin/occlum
-
# workspace dir is the same as build.sh path location.
WORKDIR="$PWD"
SETTING="--settings /root/tools/settings.xml"
-# Build JavaEnclave SDK
-cd "${WORKDIR}"/sdk && mvn $SETTING clean install
-# Install JavaEnclave SDK
-rm -rf /opt/javaenclave && mkdir -p /opt/javaenclave && cp -r ${SHELL_FOLDER}/sdk/native/bin /opt/javaenclave \
-&& cp -r ${SHELL_FOLDER}/sdk/native/config /opt/javaenclave && cp -r ${SHELL_FOLDER}/sdk/native/script/build_app /opt/javaenclave
-# Install JavaEnclave archetype
-cd "${WORKDIR}"/archetype && mvn $SETTING clean install
-# Install BouncyCastle Native Package
-cd "${WORKDIR}"/third-party-libs/bouncycastle-native && mvn $SETTING clean install
-# Test unit test cases in JavaEnclave
-cd "${WORKDIR}"/test && OCCLUM_RELEASE_ENCLAVE=true mvn $SETTING -Pnative clean package
+if [ ! "$STAGE" -o "build" = "$STAGE" ]; then
+ pushd "${WORKDIR}"/sdk && mvn ${SETTING} clean install && popd
+ # Install BouncyCastle Native Package
+ pushd "${WORKDIR}"/third-party-libs/bouncycastle-native && mvn $SETTING clean install && popd
+ # Install JavaEnclave archetype
+ pushd "${WORKDIR}"/archetype && mvn $SETTING clean install && popd
+elif [ ! "$STAGE" -o "test" = "$STAGE" ]; then
+ # Test unit test cases in JavaEnclave
+ pushd "${WORKDIR}"/test && OCCLUM_RELEASE_ENCLAVE=true mvn $SETTING -Pnative clean package && popd
+elif [ ! "$STAGE" -o "samples" = "$STAGE" ]; then
+ # samples in JavaEnclave
+ pushd "${WORKDIR}"/samples/helloworld && ./run.sh && popd
+ pushd "${WORKDIR}"/samples/springboot && ./run.sh && popd
+elif [ ! "$STAGE" -o "benchmark" = "$STAGE" ]; then
+ # benchmark in JavaEnclave
+ pushd "${WORKDIR}"/benchmark/guomi && ./run.sh && popd
+ pushd "${WORKDIR}"/benchmark/string && ./run.sh && popd
+fi
diff --git a/samples/springboot/pom.xml b/samples/springboot/pom.xml
index 7ed2109..279cf5f 100644
--- a/samples/springboot/pom.xml
+++ b/samples/springboot/pom.xml
@@ -54,7 +54,7 @@
<dependency>
<groupId>com.alibaba.confidentialcomputing</groupId>
<artifactId>bouncycastle-native</artifactId>
- <version>1.0-SNAPSHOT</version>
+ <version>0.1.0</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
diff --git a/test/pom.xml b/test/pom.xml
index a5e79dd..1556912 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -50,7 +50,7 @@
<dependency>
<groupId>com.alibaba.confidentialcomputing</groupId>
<artifactId>bouncycastle-native</artifactId>
- <version>1.0-SNAPSHOT</version>
+ <version>0.1.0</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
diff --git a/third-party-libs/bouncycastle-native/pom.xml b/third-party-libs/bouncycastle-native/pom.xml
index c21c2ec..bf07950 100644
--- a/third-party-libs/bouncycastle-native/pom.xml
+++ b/third-party-libs/bouncycastle-native/pom.xml
@@ -5,7 +5,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.alibaba.confidentialcomputing</groupId>
<artifactId>bouncycastle-native</artifactId>
- <version>1.0-SNAPSHOT</version>
+ <version>0.1.0</version>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<graal.version>22.2.0</graal.version>
diff --git a/tools/cicd/Dockerfile b/tools/cicd/Dockerfile
deleted file mode 100644
index cdac972..0000000
--- a/tools/cicd/Dockerfile
+++ /dev/null
@@ -1,45 +0,0 @@
-FROM ubuntu:18.04
-
-LABEL maintainer="Junshao Wang <je...@alibaba-inc.com>"
-
-ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
-ENV DEBIAN_FRONTEND noninteractive
-
-ADD ["graalvm-ce-java11-22.2.0.tar", "/root/tools/"]
-ADD ["zlib-1.2.11.tar.gz", "/root/tools/"]
-ADD ["settings.xml", "/root/tools/"]
-ADD ["zlib-1.2.11.tar.gz", "/root/tools/"]
-ADD ["Alibaba_Dragonwell_11.0.15.11.9_x64_alpine-linux.tar.gz", "/root/tools"]
-ADD ["sgx_linux_x64_sdk_2.17.100.1.bin", "/root/tools/"]
-ENV GRAALVM_HOME "/root/tools/graalvm-ce-java11-22.2.0"
-ENV JAVA_HOME "/root/tools/graalvm-ce-java11-22.2.0"
-ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
-ENV CC=/usr/local/occlum/bin/occlum-gcc
-
-ARG PSW_VERSION=2.17.100.3
-ARG DCAP_VERSION=1.14.100.3
-
-# install necessary tools.
-RUN apt-get update && apt-get install -y gdb gnupg wget aptitude libfuse-dev libtool tzdata jq && \
- echo -e 'yes\n' | apt-get install -y maven && \
- echo -e 'yes\n' | apt-get install -y build-essential libz-dev zlib1g-dev && \
- echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' > /etc/apt/sources.list.d/intel-sgx.list && \
- wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
- echo 'deb [arch=amd64] https://occlum.io/occlum-package-repos/debian bionic main' | tee /etc/apt/sources.list.d/occlum.list && \
- wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | apt-key add - && \
- apt-get update && aptitude install -y \
- occlum \
- libsgx-launch-dev=$PSW_VERSION-bionic1 \
- libsgx-urts=$PSW_VERSION-bionic1 \
- libsgx-urts-dbgsym=$PSW_VERSION-bionic1 \
- libsgx-uae-service=$PSW_VERSION-bionic1 \
- libsgx-dcap-quote-verify-dev=$DCAP_VERSION-bionic1 \
- libsgx-dcap-ql-dev=$DCAP_VERSION-bionic1 \
- libsgx-dcap-default-qpl=$DCAP_VERSION-bionic1 && \
- echo -e 'yes\n' | apt-get install -y maven && \
- echo -e 'yes\n' | apt-get install -y build-essential libz-dev zlib1g-dev && \
- cd /root/tools/zlib-1.2.11 && ./configure --prefix=/opt/occlum/toolchains/gcc/x86_64-linux-musl && make && make install && \
- cd /root/tools && chmod 777 sgx_linux_x64_sdk_2.17.100.1.bin && echo -e 'no\n/opt/teesdk\n' | ./sgx_linux_x64_sdk_2.17.100.1.bin
-
-# copy dcap_occlum lib from occlum docker image.
-COPY --from=occlum/occlum:0.26.4-ubuntu18.04 /opt/occlum/toolchains/dcap_lib /opt/occlum/toolchains/dcap_lib
diff --git a/tools/cicd/dockerfile_base b/tools/cicd/dockerfile_base
new file mode 100644
index 0000000..22e9f86
--- /dev/null
+++ b/tools/cicd/dockerfile_base
@@ -0,0 +1,45 @@
+FROM ubuntu:18.04 as javaenclave_base
+
+LABEL maintainer="Junshao Wang <je...@alibaba-inc.com>"
+
+ENV GRAALVM_HOME="/root/tools/graalvm-ce-java11-22.2.0"
+ENV JAVA_HOME="/root/tools/graalvm-ce-java11-22.2.0"
+ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
+ENV CC=/usr/local/occlum/bin/occlum-gcc
+
+ARG PSW_VERSION=2.17.100.3
+ARG DCAP_VERSION=1.14.100.3
+
+ADD ["tmpDownloadDir/graalvm-ce-java11-22.2.0.tar", "/root/tools/"]
+ADD ["tmpDownloadDir/zlib-1.2.11.tar.gz", "/root/tools/"]
+ADD ["tmpDownloadDir/settings.xml", "/root/tools/"]
+ADD ["tmpDownloadDir/Alibaba_Dragonwell_11.0.15.11.9_x64_alpine-linux.tar.gz", "/root/tools"]
+ADD ["tmpDownloadDir/sgx_linux_x64_sdk_2.17.100.1.bin", "/root/tools/"]
+
+# install necessary tools.
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y gdb gnupg wget aptitude libfuse-dev libtool tzdata jq && \
+ echo -e 'yes\n' | DEBIAN_FRONTEND=noninteractive apt-get install -y maven && \
+ echo -e 'yes\n' | DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential libz-dev zlib1g-dev && \
+ echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' > /etc/apt/sources.list.d/intel-sgx.list && \
+ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - && \
+ echo 'deb [arch=amd64] https://occlum.io/occlum-package-repos/debian bionic main' | tee /etc/apt/sources.list.d/occlum.list && \
+ wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - && \
+ apt-get update && aptitude install -y \
+ occlum \
+ libsgx-launch-dev=${PSW_VERSION}-bionic1 \
+ libsgx-urts=${PSW_VERSION}-bionic1 \
+ libsgx-urts-dbgsym=${PSW_VERSION}-bionic1 \
+ libsgx-uae-service=${PSW_VERSION}-bionic1 \
+ libsgx-dcap-quote-verify-dev=${DCAP_VERSION}-bionic1 \
+ libsgx-dcap-ql-dev=${DCAP_VERSION}-bionic1 \
+ libsgx-dcap-default-qpl=${DCAP_VERSION}-bionic1 && \
+ echo -e 'yes\n' | DEBIAN_FRONTEND=noninteractive apt-get install -y maven && \
+ echo -e 'yes\n' | DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential libz-dev zlib1g-dev && \
+ cd /root/tools/zlib-1.2.11 && ./configure --prefix=/opt/occlum/toolchains/gcc/x86_64-linux-musl && make && make install && \
+ cd /root/tools && chmod 777 sgx_linux_x64_sdk_2.17.100.1.bin && echo -e 'no\n/opt/teesdk\n' | ./sgx_linux_x64_sdk_2.17.100.1.bin
+
+# copy dcap_occlum lib from occlum docker image.
+COPY --from=occlum/occlum:0.26.4-ubuntu18.04 /opt/occlum/toolchains/dcap_lib /opt/occlum/toolchains/dcap_lib
+
+# fix occlum aesm service issue.
+RUN sed -i '/"Error: AESM service is not started yet. Need to start it first"/{N;s/.*//}' /opt/occlum/build/bin/occlum
\ No newline at end of file
diff --git a/tools/cicd/dockerfile_release b/tools/cicd/dockerfile_release
new file mode 100644
index 0000000..ab6d421
--- /dev/null
+++ b/tools/cicd/dockerfile_release
@@ -0,0 +1,7 @@
+FROM javaenclave_base:v0.1.0 as javaenclave_release
+
+LABEL maintainer="Junshao Wang <je...@alibaba-inc.com>"
+
+# Install JavaEnclave SDK
+WORKDIR /opt
+ADD ["javaenclave.tar.gz", "."]
diff --git a/tools/cicd/make.sh b/tools/cicd/make.sh
index c05d6f3..321a701 100755
--- a/tools/cicd/make.sh
+++ b/tools/cicd/make.sh
@@ -1,53 +1,189 @@
#!/bin/bash
-MODE=$1
+STAGE=$1
-BUILD_IMAGE=javaenclave_build
-BUILD_TAG=v0.1.12
+BASE_IMAGE=javaenclave_base
+BASE_TAG=v0.1.0
-SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+RELEASE_IMAGE=javaenclave_release
+RELEASE_TAG=v0.1.0
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
cd "${SHELL_FOLDER}"
WORKDIR=$(dirname $(dirname "$PWD"))
-
-# check target images exist or not, build it if not.
-if [[ "$(docker images -q ${BUILD_IMAGE}:${BUILD_TAG} 2> /dev/null)" == "" ]]; then
- # We have built and packaged GraalVM 22.2.0 from source code and then uploaded to OSS, the official release of GraalVM CE required to manually install native-image component.
- wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/JDK11-22.2.0/graalvm-ce-java11-22.2.0.tar
- wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/zlib-1.2.11.tar.gz
- wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/settings_taobao.xml -O settings.xml
- wget https://dragonwell.oss-cn-shanghai.aliyuncs.com/11/tee_java/dependency/sgx_linux_x64_sdk_2.17.100.1.bin
- wget https://dragonwell.oss-cn-shanghai.aliyuncs.com/11.0.15.11.9/Alibaba_Dragonwell_11.0.15.11.9_x64_alpine-linux.tar.gz
- docker build -t ${BUILD_IMAGE}:${BUILD_TAG} .
- rm -f graalvm-ce-java11-22.2.0.tar
- rm -f settings.xml
- rm -f zlib-1.2.11.tar.gz
- rm -f sgx_linux_x64_sdk_2.17.100.1.bin
- rm -f Alibaba_Dragonwell_11.0.15.11.9_x64_alpine-linux.tar.gz
-fi
-
# Set PCCS for DCAP Remote Attestation.
PCCS_URL='https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/'
-if [ ! "$MODE" -o "build" = "$MODE" ]; then
- echo "enter build mode"
- # test JavaEnclave's unit test cases and samples
+function build_base_image() {
+ # check base image exist or not, build it if not.
+ if [[ "$(docker images -q ${BASE_IMAGE}:${BASE_TAG} 2> /dev/null)" == "" ]]; then
+ echo "build base image"
+ # We have built and packaged GraalVM 22.2.0 from source code and then uploaded to OSS, the official release of GraalVM CE required to manually install native-image component.
+ wget -P tmpDownloadDir http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/JDK11-22.2.0/graalvm-ce-java11-22.2.0.tar
+ wget -P tmpDownloadDir http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/zlib-1.2.11.tar.gz
+ wget -P tmpDownloadDir https://dragonwell.oss-cn-shanghai.aliyuncs.com/11/tee_java/dependency/sgx_linux_x64_sdk_2.17.100.1.bin
+ wget -P tmpDownloadDir https://dragonwell.oss-cn-shanghai.aliyuncs.com/11.0.15.11.9/Alibaba_Dragonwell_11.0.15.11.9_x64_alpine-linux.tar.gz
+ wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/settings_taobao.xml -O tmpDownloadDir/settings.xml
+ # Build JavaEnclave Base Image.
+ docker build -t ${BASE_IMAGE}:${BASE_TAG} -f dockerfile_base .
+ rm -rf tmpDownloadDir
+ fi
+}
+
+function build_javaenclave() {
+ echo "build javaenclave"
+ build_base_image
+ docker run -i --rm --privileged --network host \
+ -w "${WORKDIR}" \
+ -v "${HOME}"/.m2:/root/.m2 -v "${WORKDIR}":"${WORKDIR}" \
+ -v /dev/sgx_enclave:/dev/sgx/enclave \
+ -v /dev/sgx_provision:/dev/sgx/provision \
+ ${BASE_IMAGE}:${BASE_TAG} /bin/bash build.sh ${STAGE}
+}
+
+function build_release_image() {
+ # check release image exist or not, build it if not.
+ if [[ "$(docker images -q ${RELEASE_IMAGE}:${RELEASE_TAG} 2> /dev/null)" == "" ]]; then
+ echo "build release image"
+ build_javaenclave
+ tar zcvf javaenclave.tar.gz -C ${WORKDIR}/release/opt javaenclave
+ docker build -t ${RELEASE_IMAGE}:${RELEASE_TAG} -f dockerfile_release .
+ rm -rf javaenclave.tar.gz
+ fi
+}
+
+function test_javaenclave() {
+ echo "test javaenclave"
+ build_release_image
+ # test JavaEnclave's unit test cases
+ docker run -i --rm --privileged --network host \
+ -w "${WORKDIR}" \
+ -v "${HOME}"/.m2:/root/.m2 -v "${WORKDIR}":"${WORKDIR}" \
+ -e PCCS_URL=${PCCS_URL} \
+ -v /dev/sgx_enclave:/dev/sgx/enclave \
+ -v /dev/sgx_provision:/dev/sgx/provision \
+ ${RELEASE_IMAGE}:${RELEASE_TAG} /bin/bash build.sh ${STAGE}
+}
+
+function samples_javaenclave() {
+ echo "samples javaenclave"
+ build_release_image
+ # samples JavaEnclave's samples
+ docker run -i --rm --privileged --network host \
+ -w "${WORKDIR}" \
+ -v "${HOME}"/.m2:/root/.m2 -v "${WORKDIR}":"${WORKDIR}" \
+ -e PCCS_URL=${PCCS_URL} \
+ -v /dev/sgx_enclave:/dev/sgx/enclave \
+ -v /dev/sgx_provision:/dev/sgx/provision \
+ ${RELEASE_IMAGE}:${RELEASE_TAG} /bin/bash build.sh ${STAGE}
+}
+
+function benchmark_javaenclave() {
+ echo "benchmark javaenclave"
+ build_release_image
+ # benchmark JavaEnclave
docker run -i --rm --privileged --network host \
-w "${WORKDIR}" \
-v "${HOME}"/.m2:/root/.m2 -v "${WORKDIR}":"${WORKDIR}" \
-e PCCS_URL=${PCCS_URL} \
-v /dev/sgx_enclave:/dev/sgx/enclave \
-v /dev/sgx_provision:/dev/sgx/provision \
- ${BUILD_IMAGE}:${BUILD_TAG} /bin/bash build.sh
-elif [ "develop" = "$MODE" ]; then
- echo "enter develop mode"
- # /bin/bash build.sh and then develop your project.
+ ${RELEASE_IMAGE}:${RELEASE_TAG} /bin/bash build.sh ${STAGE}
+}
+
+function collect_javaenclave_release() {
+ echo "collect javaenclave release"
+ mkdir -p ${WORKDIR}/release/opt/javaenclave
+ cp -r ${WORKDIR}/sdk/native/bin ${WORKDIR}/release/opt/javaenclave
+ cp -r ${WORKDIR}/sdk/native/config ${WORKDIR}/release/opt/javaenclave
+ cp -r ${WORKDIR}/sdk/native/script/build_app ${WORKDIR}/release/opt/javaenclave
+ mkdir -p ${WORKDIR}/release/opt/javaenclave/jar/sdk
+ mkdir -p ${WORKDIR}/release/opt/javaenclave/jar/sdk/host
+ mkdir -p ${WORKDIR}/release/opt/javaenclave/jar/sdk/enclave
+ mkdir -p ${WORKDIR}/release/opt/javaenclave/jar/sdk/common
+ cp -r ${WORKDIR}/sdk/pom.xml ${WORKDIR}/release/opt/javaenclave/jar/sdk
+ cp -r ${WORKDIR}/sdk/host/pom.xml ${WORKDIR}/release/opt/javaenclave/jar/sdk/host
+ cp -r ${WORKDIR}/sdk/host/target/*.jar ${WORKDIR}/release/opt/javaenclave/jar/sdk/host
+ cp -r ${WORKDIR}/sdk/enclave/pom.xml ${WORKDIR}/release/opt/javaenclave/jar/sdk/enclave
+ cp -r ${WORKDIR}/sdk/enclave/target/*.jar ${WORKDIR}/release/opt/javaenclave/jar/sdk/enclave
+ cp -r ${WORKDIR}/sdk/common/pom.xml ${WORKDIR}/release/opt/javaenclave/jar/sdk/common
+ cp -r ${WORKDIR}/sdk/common/target/*.jar ${WORKDIR}/release/opt/javaenclave/jar/sdk/common
+ mkdir -p ${WORKDIR}/release/opt/javaenclave/jar/archetype
+ cp -r ${WORKDIR}/archetype/pom.xml ${WORKDIR}/release/opt/javaenclave/jar/archetype
+ cp -r ${WORKDIR}/archetype/target/*.jar ${WORKDIR}/release/opt/javaenclave/jar/archetype
+ mkdir -p ${WORKDIR}/release/opt/javaenclave/jar/bouncycastle-native
+ cp -r ${WORKDIR}/third-party-libs/bouncycastle-native/pom.xml ${WORKDIR}/release/opt/javaenclave/jar/bouncycastle-native
+ cp -r ${WORKDIR}/third-party-libs/bouncycastle-native/target/*.jar ${WORKDIR}/release/opt/javaenclave/jar/bouncycastle-native
+ build_release_image
+}
+
+function develop_javaenclave() {
+ echo "develop javaenclave"
+ build_base_image
docker run -it --rm --privileged --network host \
-w "${WORKDIR}" \
-v "${HOME}"/.m2:/root/.m2 -v "${WORKDIR}":"${WORKDIR}" \
-e PCCS_URL=${PCCS_URL} \
-v /dev/sgx_enclave:/dev/sgx/enclave \
-v /dev/sgx_provision:/dev/sgx/provision \
- ${BUILD_IMAGE}:${BUILD_TAG} /bin/bash
+ ${BASE_IMAGE}:${BASE_TAG} /bin/bash
+}
+
+function develop_application() {
+ echo "develop application based on JavaEnclave"
+ build_release_image
+ docker run -it --rm --privileged --network host \
+ -w "${WORKDIR}" \
+ -v "${HOME}"/.m2:/root/.m2 -v "${WORKDIR}":"${WORKDIR}" \
+ -e PCCS_URL=${PCCS_URL} \
+ -v /dev/sgx_enclave:/dev/sgx/enclave \
+ -v /dev/sgx_provision:/dev/sgx/provision \
+ ${RELEASE_IMAGE}:${RELEASE_TAG} /bin/bash
+}
+
+function clean_javaenclave() {
+ echo "clean javaenclave"
+ pushd ${WORKDIR}
+ # remove all files generated in building and developing.
+ # remove all target dir.
+ find -name target | xargs rm -rf
+ # remove all .o and .so files
+ find -name *.o | xargs rm -rf && find -name *.so | xargs rm -rf
+ # remove release dir.
+ rm -rf ${WORKDIR}/release
+ popd
+}
+
+if [ ! "$STAGE" ]; then
+ # docker build javaenclave base image.
+ # build JavaEnclave in javaenclave base image docker.
+ # test JavaEnclave unit test case in javaenclave release image docker.
+ build_javaenclave
+ collect_javaenclave_release
+ test_javaenclave
+elif [ "build" = "$STAGE" ]; then
+ # docker build javaenclave base image.
+ build_javaenclave
+elif [ "release" = "$STAGE" ]; then
+ # docker build javaenclave release image.
+ collect_javaenclave_release
+elif [ "test" = "$STAGE" ]; then
+ # test JavaEnclave unit test case in javaenclave release image docker.
+ test_javaenclave
+elif [ "samples" = "$STAGE" ]; then
+ # run samples in javaenclave release image docker.
+ samples_javaenclave
+elif [ "benchmark" = "$STAGE" ]; then
+ # run benchmark in javaenclave release image docker.
+ benchmark_javaenclave
+elif [ "develop" = "$STAGE" ]; then
+ # enter javaenclave base image docker and develop JavaEnclave.
+ develop_javaenclave
+elif [ "develop_app" = "$STAGE" ]; then
+ # enter javaenclave release image docker and develop application.
+ develop_application
+elif [ "clean" = "$STAGE" ]; then
+ # remove all tmp files generated in build.
+ clean_javaenclave
fi
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org