feat(sgx): get token when buiding image

bytedance · Mar 5, 2024 · 7dd7a64 · 7dd7a64
1 parent f994c84
commit 7dd7a64
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 1 deletion.
diff --git a/deploy/scripts/sgx/enclave_env.sh b/deploy/scripts/sgx/enclave_env.sh
@@ -45,9 +45,20 @@ function make_custom_env() {
     export ISV_PROD_ID=`get_env isv_prod_id`
     export ISV_SVN=`get_env isv_svn`
     export RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1
+
+    if [ -z "$PEER_MR_SIGNER" ]; then
+        export PEER_MR_SIGNER=`get_env mr_signer`
+    fi
+
+    if [ -z "$PEER_MR_ENCLAVE" ]; then
+        export PEER_MR_ENCLAVE=`get_env mr_enclave`
+    fi
+
     # network proxy
     unset http_proxy https_proxy
-    jq ' .sgx_mrs[0].mr_enclave = ''"'`get_env mr_enclave`'" | .sgx_mrs[0].mr_signer = ''"'`get_env mr_signer`'" ' \
+    # need meituan's
+    jq --arg mr_enclave "$PEER_MR_ENCLAVE" --arg mr_signer "$PEER_MR_SIGNER" \
+        '.sgx_mrs[0].mr_enclave = $mr_enclave | .sgx_mrs[0].mr_signer = $mr_signer' \
         $GRPC_PATH/examples/dynamic_config.json > ./dynamic_config.json
 }
 

diff --git a/deploy/scripts/sgx/get_token.sh b/deploy/scripts/sgx/get_token.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /gramine/CI-Examples/generate-token/
+make clean > /dev/null
+export SGX=1
+export SGX_SIGNER_KEY=/root/.config/gramine/enclave-key.pem
+make all > /dev/null
+if [ $? -eq 0 ]; then
+    gramine-sgx-get-token -s python.sig -o /dev/null
+fi
+make clean > /dev/null
diff --git a/fedlearner-sgx-dev.dockerfile b/fedlearner-sgx-dev.dockerfile
@@ -188,5 +188,7 @@ WORKDIR ${WORK_SPACE_PATH}
 
 EXPOSE 6006 50051 50052
 
+RUN bash -x /app/deploy/scripts/sgx/get_token.sh
+
 RUN chmod +x /root/entrypoint.sh
 # ENTRYPOINT ["/root/entrypoint.sh"]