Adding manifest-check during build stage

Signed-off-by: Davis Benny <[email protected]>
gramineproject · Nov 11, 2024 · c72dcdf · c72dcdf
1 parent 1143bb6
commit c72dcdf
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 4 deletions.
diff --git a/templates/Dockerfile.common.build.template b/templates/Dockerfile.common.build.template
@@ -61,6 +61,8 @@ RUN chmod u+x /gramine/app_files/apploader.sh \
     && /usr/bin/python3 -B /gramine/app_files/finalize_manifest.py \
     && rm -f /gramine/app_files/finalize_manifest.py
 
+RUN {% block path %}{% endblock %} gramine-manifest-check /gramine/app_files/entrypoint.manifest
+
 # Define default command
 ENTRYPOINT ["/bin/bash", "/gramine/app_files/apploader.sh"]
 {% if insecure_args and cmd %}CMD {{ cmd | tojson }}{% endif %}
diff --git a/templates/Dockerfile.common.sign.template b/templates/Dockerfile.common.sign.template
@@ -10,8 +10,6 @@ COPY gsc-signer-key.pem /gramine/app_files/gsc-signer-key.pem
 
 ARG passphrase
 
-RUN {% block path %}{% endblock %} gramine-manifest-check /gramine/app_files/entrypoint.manifest
-
 RUN {% block path %}{% endblock %} gramine-sgx-sign \
       --key /gramine/app_files/gsc-signer-key.pem \
       --manifest /gramine/app_files/entrypoint.manifest \

diff --git a/templates/centos/Dockerfile.build.template b/templates/centos/Dockerfile.build.template
@@ -38,3 +38,5 @@ RUN dnf install -y \
         vim
 {% endif %}
 {% endblock %}
+
+{% block path %}export PYTHONPATH="${PYTHONPATH}:$(find /gramine/meson_build_output/lib64 -type d -path '*/site-packages')" &&{% endblock %}
diff --git a/templates/centos/entrypoint.manifest.template b/templates/centos/entrypoint.manifest.template
@@ -1,6 +1,6 @@
 {% extends "entrypoint.common.manifest.template" %}
 
 {% block loader %}
-loader.entrypoint = "file:/gramine/meson_build_output/lib64/gramine/libsysdb.so"
+loader.entrypoint.uri = "file:/gramine/meson_build_output/lib64/gramine/libsysdb.so"
 loader.env.LD_LIBRARY_PATH = "/gramine/meson_build_output/lib64/gramine/runtime/glibc:/usr/lib64:{{"{{library_paths}}"}}"
 {% endblock %}
diff --git a/templates/debian/Dockerfile.build.template b/templates/debian/Dockerfile.build.template
@@ -50,3 +50,5 @@ ENV LC_ALL en_US.UTF-8
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US.UTF-8
 {% endblock %}
+
+{% block path %}export PYTHONPATH="${PYTHONPATH}:$(find /gramine/meson_build_output/lib -type d -path '*/site-packages')" &&{% endblock %}
diff --git a/templates/debian/entrypoint.manifest.template b/templates/debian/entrypoint.manifest.template
@@ -1,7 +1,7 @@
 {% extends "entrypoint.common.manifest.template" %}
 
 {% block loader %}
-loader.entrypoint = "file:/gramine/meson_build_output/lib/x86_64-linux-gnu/gramine/libsysdb.so"
+loader.entrypoint.uri = "file:/gramine/meson_build_output/lib/x86_64-linux-gnu/gramine/libsysdb.so"
 
 # Add "/usr/lib/x86_64-linux-gnu" explicitly because ldconfig in Ubuntu 21.04 doesn't
 # produce it; note that this Debian template is used by Ubuntu templates as well

diff --git a/templates/entrypoint.common.manifest.template b/templates/entrypoint.common.manifest.template
@@ -11,6 +11,8 @@ fs.root.uri = "file:/"
 
 # Gramine's default working dir is '/', so change the working directory to the desired one
 fs.start_dir = "{{working_dir}}"
+fs.mounts = [
+]
 
 sgx.debug = {% if buildtype != "release" %} true {% else %} false {% endif %}
 

diff --git a/templates/redhat/ubi-minimal/Dockerfile.build.template b/templates/redhat/ubi-minimal/Dockerfile.build.template
@@ -46,3 +46,5 @@ RUN microdnf install -y \
         strace
 {% endif %}
 {% endblock %}
+
+{% block path %}export PYTHONPATH="${PYTHONPATH}:$(find /gramine/meson_build_output/lib64 -type d -path '*/site-packages')" &&{% endblock %}
diff --git a/templates/redhat/ubi/Dockerfile.build.template b/templates/redhat/ubi/Dockerfile.build.template
@@ -44,3 +44,5 @@ RUN dnf install -y \
         strace
 {% endif %}
 {% endblock %}
+
+{% block path %}export PYTHONPATH="${PYTHONPATH}:$(find /gramine/meson_build_output/lib64 -type d -path '*/site-packages')" &&{% endblock %}
diff --git a/templates/suse/Dockerfile.build.template b/templates/suse/Dockerfile.build.template
@@ -42,3 +42,5 @@ RUN zypper install -y \
         vim
 {% endif %}
 {% endblock %}
+
+{% block path %}export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(find /gramine/meson_build_output/lib64 -type d -path '*/site-packages')" &&{% endblock %}