forked from confidential-containers/guest-components
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.aa
45 lines (34 loc) · 2.03 KB
/
Dockerfile.aa
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Copyright (c) 2024 by Alibaba.
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0
FROM registry.cn-hangzhou.aliyuncs.com/lxx/trustiflux:anolisos-latest as builder
WORKDIR /tmp
RUN curl https://download.01.org/intel-sgx/sgx-dcap/1.21/linux/distro/Anolis86/sgx_rpm_local_repo.tgz --output sgx_rpm_local_repo.tgz && \
tar zxvf sgx_rpm_local_repo.tgz && \
yum -y install yum-utils && yum-config-manager --add-repo file:///tmp/sgx_rpm_local_repo && \
yum -y install epel-release && \
yum install -y --setopt=install_weak_deps=False --nogpgcheck libtdx-attest-devel perl wget curl clang openssl-devel protobuf-devel git libudev-devel && \
yum clean all && \
rm -rf /tmp/*
WORKDIR /usr/src/guest-components
COPY . .
# Install Rust
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
RUN rustup toolchain install 1.79.0-x86_64-unknown-linux-gnu
# Build attestation-agent. Notice that libc version is not enough thus --release cannot pass
RUN cargo +1.79.0 build -p attestation-agent --bin ttrpc-aa --no-default-features --features bin,ttrpc,rust-crypto,coco_as,kbs,tdx-attester,system-attester --target x86_64-unknown-linux-gnu
RUN strip target/x86_64-unknown-linux-gnu/debug/ttrpc-aa
FROM registry.cn-hangzhou.aliyuncs.com/lxx/trustiflux:anolisos-latest
WORKDIR /tmp
RUN curl https://download.01.org/intel-sgx/sgx-dcap/1.21/linux/distro/Anolis86/sgx_rpm_local_repo.tgz --output sgx_rpm_local_repo.tgz && \
tar zxvf sgx_rpm_local_repo.tgz && \
yum -y install yum-utils && yum-config-manager --add-repo file:///tmp/sgx_rpm_local_repo && \
yum -y install epel-release && \
yum install -y --setopt=install_weak_deps=False --nogpgcheck libtdx-attest-devel && \
yum clean all && \
rm -rf /tmp/*
# Copy binaries
COPY --from=builder /usr/src/guest-components/target/x86_64-unknown-linux-gnu/debug/ttrpc-aa /usr/local/bin/attestation-agent
COPY aa-start.sh /usr/bin/start.sh
COPY tdx-attest.conf /etc/tdx-attest.conf