gramineproject · woju · Oct 14, 2024 · Sep 13, 2024 · Oct 14, 2024 · Sep 18, 2024
diff --git a/.ci/lib/config.jenkinsfile b/.ci/lib/config.jenkinsfile
@@ -12,5 +12,9 @@ env.RA_TLS_ALLOW_HW_CONFIG_NEEDED = '1'
 env.RA_TLS_ALLOW_SW_HARDENING_NEEDED = '1'
 env.RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE = '1'
 
+if (env.RA_TYPE == null) {
+    env.RA_TYPE = 'dcap'
+}
+
 env.LC_ALL = 'C.UTF-8'
 env.LANG = env.LC_ALL
diff --git a/.ci/lib/stage-test-sgx.jenkinsfile b/.ci/lib/stage-test-sgx.jenkinsfile
@@ -14,10 +14,6 @@ stage('test-sgx') {
         fi
     '''
 
-    if (env.RA_TYPE == null) {
-        env.RA_TYPE = 'epid'
-    }
-
     timeout(time: 5, unit: 'MINUTES') {
         sh '''
             cd CI-Examples/helloworld
@@ -116,79 +112,4 @@ stage('test-sgx') {
             make ${MAKEOPTS} regression
         '''
     }
-    timeout(time: 5, unit: 'MINUTES') {
-        sh '''
-            cd CI-Examples/ra-tls-mbedtls
-            export RA_TLS_MRSIGNER=any
-            export RA_TLS_MRENCLAVE=any
-            export RA_TLS_ISV_PROD_ID=any
-            export RA_TLS_ISV_SVN=any
-            if [ "${RA_TYPE}" = "epid" ]; then \
-                if [ "${ra_client_spid}" != "" ] && [ "${ra_client_key}" != "" ]; \
-                then \
-                    make check_epid RA_TYPE=epid RA_CLIENT_SPID=${ra_client_spid} \
-                        RA_TLS_EPID_API_KEY=${ra_client_key} RA_CLIENT_LINKABLE=0; \
-                    make check_epid_fail RA_TYPE=epid RA_CLIENT_SPID=${ra_client_spid} \
-                        RA_TLS_EPID_API_KEY=${ra_client_key} RA_CLIENT_LINKABLE=0; \
-                else \
-                    echo "Failure: no ra_client_spid and/or ra_client_key!"; \
-                    exit 1; \
-                fi \
-            elif [ "${RA_TYPE}" = "dcap" ]; then \
-                make check_dcap RA_TYPE=dcap; \
-                make check_dcap_fail RA_TYPE=dcap; \
-            else \
-                echo "Invalid RA_TYPE env variable: ${RA_TYPE}"; \
-                exit 1; \
-            fi
-        '''
-    }
-    timeout(time: 5, unit: 'MINUTES') {
-        sh '''
-            cd CI-Examples/ra-tls-secret-prov
-            export RA_TLS_MRSIGNER=any
-            export RA_TLS_MRENCLAVE=any
-            export RA_TLS_ISV_PROD_ID=any
-            export RA_TLS_ISV_SVN=any
-            if [ "${RA_TYPE}" = "epid" ]; then \
-                if [ "${ra_client_spid}" != "" ] && [ "${ra_client_key}" != "" ]; \
-                then \
-                    make check_epid RA_TYPE=epid RA_CLIENT_SPID=${ra_client_spid} \
-                        RA_TLS_EPID_API_KEY=${ra_client_key} RA_CLIENT_LINKABLE=0; \
-                else \
-                    echo "Failure: no ra_client_spid and/or ra_client_key!"; \
-                    exit 1; \
-                fi \
-            elif [ "${RA_TYPE}" = "dcap" ]; then \
-                make check_dcap RA_TYPE=dcap; \
-            else \
-                echo "Invalid RA_TYPE env variable: ${RA_TYPE}"; \
-                exit 1; \
-            fi
-        '''
-    }
-    timeout(time: 5, unit: 'MINUTES') {
-        sh '''
-            cd CI-Examples/ra-tls-nginx
-            export RA_TLS_MRSIGNER=any
-            export RA_TLS_MRENCLAVE=any
-            export RA_TLS_ISV_PROD_ID=any
-            export RA_TLS_ISV_SVN=any
-            if [ "${RA_TYPE}" = "epid" ]; then \
-                if [ "${ra_client_spid}" != "" ] && [ "${ra_client_key}" != "" ]; \
-                then \
-                    make check RA_TYPE=epid RA_CLIENT_SPID=${ra_client_spid} \
-                        RA_TLS_EPID_API_KEY=${ra_client_key} RA_CLIENT_LINKABLE=0; \
-                else \
-                    echo "Failure: no ra_client_spid and/or ra_client_key!"; \
-                    exit 1; \
-                fi \
-            elif [ "${RA_TYPE}" = "dcap" ]; then \
-                make check; \
-            else \
-                echo "Invalid RA_TYPE env variable: ${RA_TYPE}"; \
-                exit 1; \
-            fi
-        '''
-    }
 }
diff --git a/.ci/lib/stage-test.jenkinsfile b/.ci/lib/stage-test.jenkinsfile
@@ -1,8 +1,4 @@
 stage('test') {
-    if (env.RA_TYPE == null) {
-        env.RA_TYPE = 'epid'
-    }
-
     timeout(time: 15, unit: 'MINUTES') {
         try {
             sh '''

diff --git a/.ci/linux-sgx-edmm.jenkinsfile b/.ci/linux-sgx-edmm.jenkinsfile
@@ -4,7 +4,6 @@ node('sgx-edmm && aesni') {
     env.AVX = '1'  // EDMM-capable machines in our CI always have AVX
     env.SGX = '1'
     env.EDMM = '1'
-    env.RA_TYPE = 'dcap'
 
     load '.ci/lib/config-docker.jenkinsfile'
 

diff --git a/.ci/linux-sgx-sanitizers.jenkinsfile b/.ci/linux-sgx-sanitizers.jenkinsfile
@@ -3,6 +3,7 @@ node('sgx_slave_2.6 && aesni') {
 
     env.SGX = '1'
     env.SGX_DRIVER = 'oot'
+    env.RA_TYPE = 'epid'
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(

diff --git a/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile
@@ -3,6 +3,7 @@ node('sgx_slave_2.6 && aesni') {
 
     env.SGX = '1'
     env.SGX_DRIVER = 'oot'
+    env.RA_TYPE = 'epid'
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(

diff --git a/.ci/linux-sgx-ubuntu20.04-gcc-release.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-gcc-release.jenkinsfile
@@ -3,6 +3,7 @@ node('sgx_slave_2.6 && aesni') {
 
     env.SGX = '1'
     env.SGX_DRIVER = 'oot'
+    env.RA_TYPE = 'epid'
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(

diff --git a/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile
@@ -3,6 +3,7 @@ node('sgx_slave_2.6 && aesni') {
 
     env.SGX = '1'
     env.SGX_DRIVER = 'oot'
+    env.RA_TYPE = 'epid'
     env.GRAMINE_MUSL = '1'
 
     load '.ci/lib/config-docker.jenkinsfile'

diff --git a/.ci/ubuntu20.04.dockerfile b/.ci/ubuntu20.04.dockerfile
@@ -5,6 +5,7 @@ RUN apt-get update && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
     bc \
     bison \
     build-essential \
+    busybox \
     cargo \
     clang \
     cmake \

diff --git a/.ci/ubuntu22.04.dockerfile b/.ci/ubuntu22.04.dockerfile
@@ -43,7 +43,9 @@ RUN apt-get update && apt-get satisfy -y \
 # jq: used in jenkinsfiles
 # cpio dwarves gcc/g++-12 kmod qemu-kvm: for building kernel modules and running VMs
 # wget: scripts/download
+# busybox: CI-Examples/busybox
 RUN apt-get update && apt-get install -y \
+    busybox \
     cargo \
     clang \
     cmake \

diff --git a/.ci/ubuntu24.04.dockerfile b/.ci/ubuntu24.04.dockerfile
@@ -39,7 +39,9 @@ RUN apt-get update && apt-get satisfy -y \
 # libunwind8: libos/test/regression/bootstrap_cpp.manifest.template
 # nginx: CI-Examples/ra-tls-nginx
 # shellcheck: .ci/run-shellcheck
+# busybox: CI-Examples/busybox
 RUN apt-get update && apt-get install -y \
+    busybox \
     cmake \
     git \
     libunwind8 \

diff --git a/CI-Examples/busybox/Makefile b/CI-Examples/busybox/Makefile
@@ -1,14 +1,7 @@
 # Copyright (C) 2023 Gramine contributors
 # SPDX-License-Identifier: BSD-3-Clause
 
-ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine)
-
-SRCDIR = src
-BUSYBOX_SHA256 ?= c35d87f1d04b2b153d33c275c2632e40d388a88f19a9e71727e0bbbff51fe689
-BUSYBOX_SRC ?= busybox-1.32.0.tar.bz2
-BUSYBOX_MIRRORS ?= \
-    https://busybox.net/downloads \
-    https://packages.gramineproject.io/distfiles
+BUSYBOX ?= $(shell sh -c 'command -v busybox')
 
 ifeq ($(DEBUG),1)
 GRAMINE_LOG_LEVEL = debug
@@ -21,31 +14,15 @@ RA_CLIENT_SPID ?=
 RA_CLIENT_LINKABLE ?= 0
 
 .PHONY: all
-all: busybox busybox.manifest
+all: busybox.manifest
 ifeq ($(SGX),1)
 all: busybox.manifest.sgx busybox.sig
 endif
 
-$(SRCDIR)/Makefile:
-	../common_tools/download --output busybox.tar.bz2 --sha256 $(BUSYBOX_SHA256) \
-		$(foreach mirror,$(BUSYBOX_MIRRORS),--url $(mirror)/$(BUSYBOX_SRC))
-	mkdir $(SRCDIR)
-	tar -C $(SRCDIR) --strip-components=1 -xf busybox.tar.bz2
-
-$(SRCDIR)/.config: $(SRCDIR)/Makefile
-	$(MAKE) -C $(SRCDIR) clean
-	$(MAKE) -C $(SRCDIR) defconfig
-	# Enable usage of Busybox's built-in applets
-	sed -e 's/.*CONFIG_FEATURE_SH_STANDALONE.*/CONFIG_FEATURE_SH_STANDALONE=y/' \
-		-i $(SRCDIR)/.config
-
-$(SRCDIR)/busybox: $(SRCDIR)/.config
-	$(MAKE) -C $(SRCDIR)
-
-busybox.manifest: busybox.manifest.template busybox
+busybox.manifest: busybox.manifest.template
 	gramine-manifest \
+		-Dbusybox=$(BUSYBOX) \
 		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
-		-Darch_libdir=$(ARCH_LIBDIR) \
 		-Dra_type=$(RA_TYPE) \
 		-Dra_client_spid=$(RA_CLIENT_SPID) \
 		-Dra_client_linkable=$(RA_CLIENT_LINKABLE) \
@@ -62,10 +39,6 @@ sgx_sign: busybox.manifest
 		--manifest $< \
 		--output $<.sgx
 
-# Copy Busybox binary to our root directory for simplicity.
-busybox: $(SRCDIR)/busybox
-	cp $(SRCDIR)/busybox busybox
-
 ifeq ($(SGX),)
 GRAMINE = gramine-direct
 else
@@ -80,8 +53,7 @@ check: all
 
 .PHONY: clean
 clean:
-	$(RM) *.token *.sig *.manifest.sgx *.manifest busybox OUTPUT
+	$(RM) *.token *.sig *.manifest.sgx *.manifest OUTPUT
 
 .PHONY: distclean
 distclean: clean
-	$(RM) -r $(SRCDIR) busybox.tar.bz2
diff --git a/CI-Examples/busybox/busybox.manifest.template b/CI-Examples/busybox/busybox.manifest.template
@@ -12,7 +12,7 @@ loader.env.LD_LIBRARY_PATH = "/lib"
 loader.insecure__use_cmdline_argv = true
 
 fs.mounts = [
-  { path = "/busybox", uri = "file:busybox" },
+  { path = "/busybox", uri = "file:{{ busybox }}" },
   { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
 
   # hardcoded mappings of local hostnames to IP addresses, required by e.g. `hostname` applet
@@ -30,6 +30,6 @@ sgx.ra_client_spid = "{{ ra_client_spid }}"
 sgx.ra_client_linkable = {{ 'true' if ra_client_linkable == '1' else 'false' }}
 
 sgx.trusted_files = [
-  "file:busybox",
+  "file:{{ busybox }}",
   "file:{{ gramine.runtimedir() }}/",
 ]
-Original file line number
+Diff line change
@@ Expand Up @@
         bc \
         bison \
         build-essential \
+        busybox \
         cargo \
         clang \
         cmake \
@@ Expand Down @@