Dockerfile.rust-sgx

# Copyright (c) 2022 to 2024 MobileCoin Inc.
# hadolint global ignore=DL3008, DL3015, DL3007

# Rust with SGX libraries
# Note: only works for x86_64/amd64 and is intended to be built immediately after the rust-base image.
ARG BASE_IMAGE_TAG=latest
FROM mobilecoin/rust-base:${BASE_IMAGE_TAG}

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Install SGX SDK
ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.23/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.23.100.2.bin
RUN curl -sSfL -o sgx.bin "${SGX_URL}" \
  && chmod +x ./sgx.bin \
  && ./sgx.bin --prefix=/opt/intel \
  && rm ./sgx.bin

# Install DCAP libraries
ARG DCAP_VERSION=1.22.100.3-noble1
RUN mkdir -p /etc/apt/keyrings \
  && curl -sSfL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor -o /etc/apt/keyrings/intel-sgx.gpg \
  && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main" | tee /etc/apt/sources.list.d/intel-sgx.list \
  && apt-get update \
  && apt-get install -y \
     libsgx-dcap-ql=${DCAP_VERSION} \
     libsgx-dcap-ql-dev=${DCAP_VERSION} \
     libsgx-dcap-quote-verify=${DCAP_VERSION} \
     libsgx-dcap-quote-verify-dev=${DCAP_VERSION} \
  && apt-get clean \
  && rm -r /var/lib/apt/lists/*

ENV SGX_SDK=/opt/intel/sgxsdk
ENV PATH=${PATH}:/opt/intel/sgxsdk/bin:/opt/intel/sgxsdk/bin/x64
ENV PKG_CONFIG_PATH=/opt/intel/sgxsdk/pkgconfig
ENV LD_LIBRARY_PATH=/opt/intel/sgxsdk/sdk_libs