-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile.ttrpc
71 lines (55 loc) · 2.7 KB
/
Dockerfile.ttrpc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Copyright (c) 2024 by Inclavare Containers Project (https://github.com/inclavare-containers)
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0
# See https://hub.docker.com/_/rust/tags
FROM rust:latest as builder
# The list of build argument with docker build --build-arg NAME=VALUE
# Define the default commit of source code
ARG AA_COMMIT=HEAD
WORKDIR /usr/src
# Install the build dependencies
RUN apt-get update && \
apt-get install -y clang libtss2-dev sudo
# Install the SGX & TDX build dependencies
RUN curl \
-L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \
tee intel-sgx-deb.key | apt-key add - && \
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | \
tee /etc/apt/sources.list.d/intel-sgx.list && \
apt-get update && \
apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify-dev
# Build the attestation-agent with all features
RUN git clone https://github.com/confidential-containers/guest-components \
guest-components && \
cd guest-components/attestation-agent && git checkout ${AA_COMMIT} && \
make ATTESTER=all-attesters ttrpc=true
FROM ubuntu:22.04
# The list of runtime argument with docker run -e NAME=VALUE
# Use the default KBC cc_kbc and local KBS with address http://127.0.0.1:8085
ARG AA_KBC_PARAMS=cc_kbc::http://127.0.0.1:8085
ARG RUST_LOG=debug
# Define the source of this AA image
LABEL org.opencontainers.image.source="https://github.com/inclavare-containers/attestation-agent"
# Install the SGX & TDX runtime dependencies
RUN apt-get update && apt-get install -y curl gnupg openssl && \
curl \
-L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \
tee intel-sgx-deb.key | apt-key add - && \
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | \
tee /etc/apt/sources.list.d/intel-sgx.list && \
apt-get update && \
apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify && \
rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*
# Copy the TPM runtime dependencies
COPY --from=builder /usr/lib/x86_64-linux-gnu/libtss* /usr/lib/x86_64-linux-gnu
# Copy the attestation-agent binary
COPY --from=builder \
/usr/src/guest-components/target/x86_64-unknown-linux-gnu/release/attestation-agent \
/usr/local/bin/attestation-agent
# Set the environment parameters
ENV AA_KBC_PARAMS=${AA_KBC_PARAMS}
ENV RUST_LOG=${RUST_LOG}
# Start attestation-agent with the unix domain socket
# at /run/confidential-containers/attestation-agent/attestation-agent.sock
VOLUME /run/confidential-containers/attestation-agent/
CMD [ "attestation-agent" ]