This repository has been archived by the owner on Aug 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 160
/
BuildDockerImage.sh
executable file
·405 lines (363 loc) · 12.2 KB
/
BuildDockerImage.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
#!/bin/bash
# MIT License
#
# Copyright (c) 2020 International Business Machines
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
bold=$(tput bold)
normal=$(tput sgr0)
BASEDIR="$PWD"/$(dirname $0)
SCRIPTNAME=$(basename $0)
source ConfigConstants.sh
# z/OS Container Extensions platform CURL implementation does not work as expected. If zCX platform detected, add flag to adjust.
# adding -k option to curl commands on zCX else the string stays empty
CURL_FIX_ZCX=""
print_usage(){
cat <<EOF
${bold}Usage: $SCRIPTNAME [options] CONTAINER_OS${normal}
${bold}CONTAINER_OS${normal} Selects the name of the operating system platform to
build the FHE Toolkit container.
Available OS are:
x86_64/amd64: {ubuntu, fedora, centos, alpine}
s390x: {ubuntu, fedora, alpine}
${bold}OPTIONS:${normal}
-h Displays this help information.
EOF
}
get_NTL(){
# We try to use curl to download the NTL
echo "Checking for cached NTL download..."
if [ ! -f ntl-$1.tar.gz ]; then
echo "INFO: Attempting to download NTL with the curl command..."
if ! curl $CURL_FIX_ZCX -L -o ntl-$1.tar.gz "https://libntl.org/ntl-$1.tar.gz"
#https://libntl.org/ntl-11.4.3.tar.gz
then
echo " FATAL: There was an issue downloading NTL-$1 from www.shoup.net."
fi
fi
# Now we untar whatever we fetched...
echo "INFO: Uncompressing NTL..."
if [ ! -d NTL ]; then
mkdir NTL
fi
tar --no-same-owner -C NTL --strip-components=1 -xf ntl-$1.tar.gz
if [ $? -ne 0 ]; then
echo " "
echo " FATAL: Aborting. There was an issue extracting files from ntl-$1.tar.gz"
echo " "
exit -1
fi
# Remove tar file
#rm ntl-$1.tar.gz
}
get_HElib(){
# We try to use curl to download the HElib distribution
echo "Checking for cached HElib download..."
if [ ! -f HElib-$1.tar.gz ]; then
echo "INFO: Attempting to download HElib $1 with the curl command..."
if ! curl $CURL_FIX_ZCX -Lo HElib-$1.tar.gz https://github.com/IBM-HElib/HElib/archive/$1.tar.gz
then
echo " FATAL: There was an issue downloading HElib $1 from https://github.com/IBM-HElib/HElib ."
fi
fi
# Now we untar whatever we fetched...
echo "INFO: Uncompressing HElib..."
if [ ! -d HElib ]; then
mkdir HElib
fi
tar --no-same-owner -C HElib --strip-components=1 -xf HElib-$1.tar.gz
if [ $? -ne 0 ]; then
echo " "
echo " FATAL: Aborting. There was an issue extracting files from HElib-$1.tar.gz"
echo " "
exit -1
fi
# Remove tar file
#rm HElib-$1.tar.gz
}
get_Boost(){
# We try to use curl to download Boost
# If we already downloaded it, no need to repeateldy download the same specified version we depend on...
echo "Checking for cached Boost download..."
if [ ! -f boost-${Boost_version}.tar.gz ]; then
echo "INFO: Attempting to download Boost with the curl command..."
if ! curl -fL $CURL_FIX_ZCX -o boost-$1.tar.gz https://boostorg.jfrog.io/artifactory/main/release/$1/source/boost_$2.tar.gz
then
echo " FATAL: There was an issue downloading boost_$2 from boostorg.jfrog.io."
fi
# Now we untar whatever we fetched...
echo "INFO: Uncompressing Boost..."
tar --no-same-owner -xf boost-$1.tar.gz
if [ $? -ne 0 ]; then
echo " "
echo " FATAL: Aborting. There was an issue extracting files from boost-$1.tar.gz"
echo " "
exit -1
fi
# Rename download and remove tar file
mv boost_$2 boost
fi
#rm boost-$1.tar.gz
}
# Check to see if the user is running the script as root/with sudo.
# We need the script to be running as non-sudo because we map volumes from the host machine into the
# container for data persistence, and we need a non-root id on the host side so we can map the permissions
# properly across the container and host as needed
#
if [ $EUID -eq 0 ]; then
echo " "
echo "FATAL: Aborting. Sorry but we need to run this script as a non-root user without sudo so we can properly map ids in the container. Please re-run without sudo."
echo " "
exit -1
fi
# First we determine which architecture we are running on... AMD64 or s390x
ARCH=`uname -m`
if [[ "$ARCH" == "x86_64" ]] || [[ "$ARCH" == "amd64" ]]; then
#echo "Determined AMD64/x86_64 Architecture"
architecture="AMD64/x86_64"
ARCH="amd64"
elif [[ $ARCH == "s390x" ]]; then
# echo "Determined s390x Architecture"
architecture="s390x"
ARCH="s390x"
# Ony on s390x arch is a situation where we might be running in a zOS Container extensions Docker host.
# z/OS Container Extensions platform CURL implementation does not work as expected. If zCX platform detected, add flag to adjust.
zPlatform= docker system info | grep platform
echo $zPlatform
if [[ $zPlatform -eq "zOS" ]]; then
# -k suppresses the security check allowing the curl download to complete. This check should be removed when
# the CURL implementation on z/OS Container Extensions is fixed properly in a future release.
CURL_FIX_ZCX=" -k "
fi
else
echo " "
echo " FATAL: Aborting. $ARCH is not a suppported platform for building the FHE Toolkit."
echo " "
exit -1
fi
#echo "$@"
NPARAM=$#
while getopts ":h" opt; do
case ${opt} in
h ) # Usage
print_usage
exit 0
;;
\? ) # Usage
echo "Fatal: Invalid options"
print_usage
exit -2
;;
: ) # Invalid option. Print usage
echo "Fatal: Invalid option: $OPTARG requires an argument" 1>&2
print_usage
exit -3
esac
done
shift $((OPTIND -1))
#echo "$@"
OPTINDNUMBER=$((OPTIND-1))
if [[ $((NPARAM - OPTINDNUMBER)) -ne 1 ]]; then
echo "Fatal: Options and parameters mismatch or missing parameters. Please check order and number of parameters."
print_usage
exit -4
fi
platform=$1
if [ $ARCH == "s390x" ]; then
if [[ "$platform" = "ubuntu" ]]; then
build="UBUNTU"
platform="ubuntu"
release="20.04"
elif [[ "$platform" = "fedora" ]]; then
build="FEDORA"
platform="fedora"
release="32"
elif [[ "$platform" = "alpine" ]]; then
build="ALPINE"
platform="alpine"
release="3.12"
else
echo " "
echo " Invalid platform: $platform Please specify a supported platform: <fedora>, <ubuntu>"
echo " "
print_usage
exit -5
fi
else
if [ $ARCH == "amd64" ]; then
if [[ "$platform" = "fedora" ]]; then
build="FEDORA"
platform="fedora"
release="32"
elif [[ "$platform" = "centos" ]]; then
build="CENTOS"
platform="centos"
release="8"
elif [[ "$platform" = "ubuntu" ]]; then
build="UBUNTU"
platform="ubuntu"
release="20.04"
elif [[ "$platform" = "alpine" ]]; then
build="ALPINE"
platform="alpine"
release="3.12"
else
echo " "
echo " Invalid platform: $platform Please specify a support platform: <fedora>, <centos>, <ubuntu>"
echo " "
print_usage
exit -6
fi
fi
fi
platform_tag=$platform-$ARCH
################################################################
# Check for required utilities: curl, git, tar, docker
if ! [ -x "$(command -v curl)" ]
then
echo " "
echo " FATAL: The curl command line utility is not installed. Please install curl to continue."
echo " "
exit -6
elif ! [ -x "$(command -v tar)" ]
then
echo " "
echo " FATAL: The tar command line utility is not installed. Please install tar to continue."
echo " "
exit -7
elif ! [ -x "$(command -v docker)" ]
then
echo " "
echo " FATAL: The docker utility is not installed. Please install docker to continue."
echo " "
exit -8
fi
################################################################
# The script has the following arguments:
# $(1): list of tags of the image
if [ $# -gt 0 ]; then
tags=("$@")
fi
# Looks for an environment var named DOCKER_BUILD_FLAGS. If not
# defined, uses the default flag value '--no-cache' for the docker build.
# Ex.: To enable docker caching, export DOCKER_BUILD_FLAGS="" (empty value)
# To then disable docker caching again, unset DOCKER_BUILD_FLAGS
#flags=${DOCKER_BUILD_FLAGS-"--no-cache"}
flags=${DOCKER_BUILD_FLAGS-""}
echo "==============================================================="
echo ""
echo " Building FHE Toolkit $HElib_version for Linux"
echo " Platform $build-$ARCH:$release "
echo ""
echo "==============================================================="
echo "==============================================================="
echo ""
echo " Phase 1: Downloading dependencies locally"
echo ""
echo "==============================================================="
#
# Fetch external dependencies
#
cd $BASEDIR/DEPENDENCIES
get_NTL $NTL_version
get_HElib $HElib_version
get_Boost $Boost_version $Boost_filename
echo "==============================================================="
echo ""
echo " Phase 2: Building Base Environment $flags"
echo ""
echo "==============================================================="
PlatformRelease=${platform}:${release}
HElib_tag=local/helib-${platform_tag}:${HElib_version}
FHEKit_tag=local/fhe-toolkit-${platform_tag}:${HElib_version}
FHEKit_tag_latest=local/fhe-toolkit-${platform_tag}
FHEKit_latest=local/fhe-toolkit-${platform}
#
# Change to $BASEDIR directory and build an HElib Docker image
#
cd $BASEDIR
if ! docker build -f ./Dockerfile.$build.HElib -t $HElib_tag --build-arg PlatformRelease=$PlatformRelease --build-arg USER_ID=$(id -u ${USER}) . $flags
then
echo " "
echo " FATAL: Failure building HElib base container. Please check that you have a working Docker installation"
echo " in your system and the necessary user privileges to run docker commands."
echo " "
exit 10
fi
#
# Build FHE Tookit Docker image
#
cd $BASEDIR
if ! docker build -f ./Dockerfile.$build-$ARCH.Toolkit -t $FHEKit_tag --build-arg HElib_tag=$HElib_tag . $flags
then
echo " "
echo " FATAL: Failure building Toolkit container. Please check that you have a working Docker installation"
echo " in your system and the necessary user privileges to run docker commands, and that the HElib base "
echo " container built correctly. This check can be done by issueing the command `docker images`"
echo " "
exit -11
else
echo " "
echo " Toolkit build $FHEKit_tag completed."
echo " "
fi
#
# Tag local build as local/latest
#
if ( ! docker tag $FHEKit_tag $FHEKit_tag_latest || ! docker tag $FHEKit_tag $FHEKit_latest )
then
echo " "
echo " Failed to re-tag the toolkit $FHEKit_tag "
echo " Please check for error messages above."
echo " "
exit -12
fi
#
# Clean up temporary containers
#
docker rmi $HElib_tag
if [ $? -ne 0 ]
then
echo " "
echo " WARNING: Failed to Remove $HElib_tag"
echo " Please check for matching docker image below."
docker images --all
echo " "
fi
docker rmi $PlatformRelease
if [ $? -ne 0 ]
then
echo " "
echo " WARNING: Failed to Remove $PlaformRelease"
echo " Please check for matching docker image below."
docker images --all
echo " "
fi
#Throwing in test comment so it forces rebuild
#makeing other change so it shows somethning is differetn
echo "==============================================================="
echo ""
echo " Phase 3: Setup Toolkit Persistent Working Directory"
echo ""
echo "==============================================================="
cd $BASEDIR
./PersistData.sh $FHEKit_latest
echo " "
echo " Toolkit Environment build is complete."
echo " "