Build python wheel for eservice and pservice

bin/lib/common.sh

@@ -66,6 +66,19 @@ function check_python_version() {
     fi
 }
 
+# Common function to force name/address to address format
+#-----------------------------------------
+function force_to_ip()
+{
+    local name=$1
+
+    if [[ $name =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+        echo $name
+    else
+        echo $(dig +short $name)
+    fi
+}
+
 # -----------------------------------------
 # Check the environment for completeness
 # -----------------------------------------

build/python_requirements.txt

@@ -1,3 +1,4 @@
+build>=0.10.0
 colorlog>=6.7.0
 lmdb>=1.4.0
 loguru>=0.6.0

docker/ccf_base.yaml

@@ -30,7 +30,7 @@ services:
     network_mode: "host"
     volumes:
       - ./xfer/:/project/pdo/xfer/
-    entrypoint: /project/pdo/tools/start_ccf.sh
+    # entrypoint: /project/pdo/tools/start_ccf.sh
     healthcheck:
       test: ["CMD", "test", "-r", "/project/pdo/xfer/ccf/keys/networkcert.pem"]
       start_period: 10s

docker/pdo_ccf_base.dockerfile

@@ -15,8 +15,12 @@
 # ------------------------------------------------------------------------------
 # syntax=docker/dockerfile:1
 
-ARG CCF_VERSION=1.0.19
-FROM ccfciteam/ccf-app-ci:${CCF_VERSION}
+ARG CCF_VERSION=4.0.1-virtual
+FROM mcr.microsoft.com/ccf/app/dev:${CCF_VERSION}
+
+ARG REBUILD=0
+ARG UBUNTU_VERSION=20.04
+ARG UBUNTU_NAME=focal
 
 ENV TERM=screen-256color
 
@@ -34,7 +38,20 @@ RUN apt-get update \
         python3-virtualenv \
         virtualenv \
         net-tools \
-    && apt-get clean \
+        wget
+
+RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu ${UBUNTU_NAME} main" >> /etc/apt/sources.list
+RUN curl https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -
+
+RUN apt-get update \
+    && apt-get install -y \
+        sgx-aesm-service \
+        libsgx-dcap-ql \
+        libsgx-urts \
+        libsgx-uae-service \
+        libsgx-headers
+
+RUN apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
 # -----------------------------------------------------------------

docker/tools/environment.sh

@@ -42,7 +42,7 @@ else
     export PDO_DEFAULT_SIGCURVE=SECP256K1
 fi
 
-export CCF_BASE=/opt/ccf
+export CCF_BASE=/opt/ccf_virtual
 export XFER_DIR=${XFER_DIR:-/project/pdo/xfer}
 
 # if the container is running HW mode, then we will grab the

docker/tools/run_ccf_tests.sh

@@ -14,27 +14,34 @@
 # limitations under the License.
 
 # Tests are run EXCLUSIVELY with all services running on localhost
+source /project/pdo/tools/environment.sh
+source ${PDO_HOME}/bin/lib/common.sh
+
 export PDO_HOSTNAME=localhost
-export PDO_LEDGER_URL=http://localhost:6600
+export PDO_LEDGER_ADDRESS=$(force_to_ip ${PDO_HOSTNAME})
+export PDO_LEDGER_URL="http://${PDO_LEDGER_ADDRESS}:6600"
 
-source /project/pdo/tools/environment.sh
-source ${PDO_HOME}/ccf/bin/lib/pdo_common.sh
+export no_proxy=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$no_proxy
+export NO_PROXY=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$NO_PROXY
 
-export no_proxy=$PDO_HOSTNAME,$no_proxy
-export NO_PROXY=$POD_HOSTNAME,$NO_PROXY
+# this is ridiculous. we need to canonicalize the ledger and
+# sgx keys into the keys directory hierarchy NOT the etc
+# hierarchy. future PR.
+mkdir -p ${PDO_LEDGER_KEY_ROOT}
 
-# -----------------------------------------------------------------
-yell configure services for host $PDO_HOSTNAME and ledger $PDO_LEDGER_URL
-# -----------------------------------------------------------------
-rm -f ${PDO_HOME}/ccf/etc/cchost.toml ${PDO_HOME}/ccf/etc/constitution.js
-try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf keys
-try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf config
+# # -----------------------------------------------------------------
+# yell configure services for host $PDO_HOSTNAME and ledger $PDO_LEDGER_URL
+# # -----------------------------------------------------------------
+# rm -f ${PDO_HOME}/ccf/etc/cchost.toml ${PDO_HOME}/ccf/etc/constitution.js
+# try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf keys
+# try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf config
 
 # -----------------------------------------------------------------
 yell start the ccf service
 # -----------------------------------------------------------------
 . ${PDO_HOME}/ccf/bin/activate
-try ${PDO_HOME}/ccf/bin/start_ccf_network.sh
+yell ${PDO_HOME}/ccf/bin/start_ccf_network.sh -i ${PDO_LEDGER_ADDRESS}
+try ${PDO_HOME}/ccf/bin/start_ccf_network.sh -i ${PDO_LEDGER_ADDRESS}
 
 # -----------------------------------------------------------------
 yell copy the ledger keys

docker/tools/run_client_tests.sh

@@ -14,14 +14,16 @@
 # limitations under the License.
 
 # Tests are run EXCLUSIVELY with all services running on localhost
-export PDO_HOSTNAME=localhost
-export PDO_LEDGER_URL=http://localhost:6600
 
 source /project/pdo/tools/environment.sh
 source ${PDO_HOME}/bin/lib/common.sh
 
-export no_proxy=$PDO_HOSTNAME,$no_proxy
-export NO_PROXY=$PDO_HOSTNAME,$NO_PROXY
+export PDO_HOSTNAME=localhost
+export PDO_LEDGER_ADDRESS=$(force_to_ip ${PDO_HOSTNAME})
+export PDO_LEDGER_URL="http://${PDO_LEDGER_ADDRESS}:6600"
+
+export no_proxy=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$no_proxy
+export NO_PROXY=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$NO_PROXY
 
 # -----------------------------------------------------------------
 yell configure client for host $PDO_HOSTNAME and ledger $PDO_LEDGER_URL

docker/tools/run_services_tests.sh

@@ -14,15 +14,17 @@
 # limitations under the License.
 
 # Tests are run EXCLUSIVELY with all services running on localhost
-export PDO_HOSTNAME=localhost
-export PDO_LEDGER_URL=http://localhost:6600
 
 source /opt/intel/sgxsdk/environment
 source /project/pdo/tools/environment.sh
 source ${PDO_HOME}/bin/lib/common.sh
 
-export no_proxy=$PDO_HOSTNAME,$no_proxy
-export NO_PROXY=$PDO_HOSTNAME,$NO_PROXY
+export PDO_HOSTNAME=localhost
+export PDO_LEDGER_ADDRESS=$(force_to_ip ${PDO_HOSTNAME})
+export PDO_LEDGER_URL="http://${PDO_LEDGER_ADDRESS}:6600"
+
+export no_proxy=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$no_proxy
+export NO_PROXY=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$NO_PROXY
 
 # -----------------------------------------------------------------
 yell configure services for host $PDO_HOSTNAME and ledger $PDO_LEDGER_URL

docker/tools/start_ccf.sh

@@ -55,46 +55,51 @@ done
 # -----------------------------------------------------------------
 # Set up the ledger url and proxy configuration
 # -----------------------------------------------------------------
+source /project/pdo/tools/environment.sh
+source ${PDO_HOME}/bin/lib/common.sh
+
 export PDO_HOSTNAME=${PDO_HOSTNAME:-${HOSTNAME}}
 if [ ! -z "${F_INTERFACE}" ] ; then
     export PDO_HOSTNAME=$F_INTERFACE
 fi
 
-export PDO_LEDGER_ADDRESS=$(dig +short ${PDO_HOSTNAME})
+export PDO_LEDGER_ADDRESS=$(force_to_ip ${PDO_HOSTNAME})
 export PDO_LEDGER_URL="http://${PDO_LEDGER_ADDRESS}:6600"
 
 export no_proxy=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$no_proxy
 export NO_PROXY=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$NO_PROXY
 
-source /project/pdo/tools/environment.sh
-source ${PDO_HOME}/ccf/bin/lib/pdo_common.sh
+# this is ridiculous. we need to canonicalize the ledger and
+# sgx keys into the keys directory hierarchy NOT the etc
+# hierarchy. future PR.
+mkdir -p ${PDO_LEDGER_KEY_ROOT}
 
 # -----------------------------------------------------------------
 # Handle the configuration of the services
 #
 # Note the environment should have been created during the build
 # process for the ccf image
 # -----------------------------------------------------------------
-if [ "${F_MODE,,}" == "build" ]; then
-    yell configure services for host $PDO_HOSTNAME and ledger $PDO_LEDGER_URL
-    try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf keys
-    try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf config
-elif [ "${F_MODE,,}" == "copy" ]; then
-    yell copy the configuration from xfer/ccf/etc and xfer/ccf/keys
-    try cp ${XFER_DIR}/ccf/etc/* ${PDO_HOME}/ccf/etc/
-    try cp ${XFER_DIR}/ccf/keys/* ${PDO_LEDGER_KEY_ROOT}/
-elif [ "${F_MODE,,}" == "skip" ]; then
-    yell restart with existing configuration
-else
-    die "invalid restart mode; ${F_MODE}"
-fi
+# if [ "${F_MODE,,}" == "build" ]; then
+#     yell configure services for host $PDO_HOSTNAME and ledger $PDO_LEDGER_URL
+#     try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf keys
+#     try make -C ${PDO_SOURCE_ROOT}/ledgers/ccf config
+# elif [ "${F_MODE,,}" == "copy" ]; then
+#     yell copy the configuration from xfer/ccf/etc and xfer/ccf/keys
+#     try cp ${XFER_DIR}/ccf/etc/* ${PDO_HOME}/ccf/etc/
+#     try cp ${XFER_DIR}/ccf/keys/* ${PDO_LEDGER_KEY_ROOT}/
+# elif [ "${F_MODE,,}" == "skip" ]; then
+#     yell restart with existing configuration
+# else
+#     die "invalid restart mode; ${F_MODE}"
+# fi
 
 # -----------------------------------------------------------------
 say start the ccf network
 # -----------------------------------------------------------------
 . ${PDO_HOME}/ccf/bin/activate
 if [ ${F_NETWORK_MODE} == "start" ] ; then
-    try ${PDO_HOME}/ccf/bin/start_ccf_network.sh
+    try ${PDO_HOME}/ccf/bin/start_ccf_network.sh -i ${PDO_LEDGER_ADDRESS}
 elif [ ${F_NETWORK_MODE} == "join" ] ; then
     die "joining a network is not yet supported"
 else

docker/tools/start_client.sh

@@ -54,12 +54,15 @@ done
 # -----------------------------------------------------------------
 # Set up the interface, ledger url and proxy configuration
 # -----------------------------------------------------------------
+source /project/pdo/tools/environment.sh
+source ${PDO_HOME}/bin/lib/common.sh
+
 export PDO_HOSTNAME=${PDO_HOSTNAME:-$HOSTNAME}
 if [ ! -z "${F_INTERFACE}" ] ; then
     export PDO_HOSTNAME=${F_INTERFACE}
 fi
 
-export PDO_LEDGER_ADDRESS=$(dig +short ${PDO_HOSTNAME})
+export PDO_LEDGER_ADDRESS=$(force_to_ip ${PDO_HOSTNAME})
 export PDO_LEDGER_URL=${PDO_LEDGER_URL:-http://${PDO_LEDGER_ADDRESS}:6600}
 if [ ! -z "${F_LEDGER_URL}" ] ; then
     export PDO_LEDGER_URL=${F_LEDGER_URL}
@@ -68,9 +71,6 @@ fi
 export no_proxy=$PDO_HOSTNAME,$no_proxy
 export NO_PROXY=$PDO_HOSTNAME,$NO_PROXY
 
-source /project/pdo/tools/environment.sh
-source ${PDO_HOME}/bin/lib/common.sh
-
 # -----------------------------------------------------------------
 # Handle the configuration of the services
 # -----------------------------------------------------------------

docker/tools/start_services.sh

@@ -60,12 +60,16 @@ done
 # -----------------------------------------------------------------
 # Set up the interface, ledger url and proxy configuration
 # -----------------------------------------------------------------
+source /opt/intel/sgxsdk/environment
+source /project/pdo/tools/environment.sh
+source ${PDO_HOME}/bin/lib/common.sh
+
 export PDO_HOSTNAME=${PDO_HOSTNAME:-$HOSTNAME}
 if [ ! -z "${F_INTERFACE}" ] ; then
     export PDO_HOSTNAME=${F_INTERFACE}
 fi
 
-export PDO_LEDGER_ADDRESS=$(dig +short ${PDO_HOSTNAME})
+export PDO_LEDGER_ADDRESS=$(force_to_ip ${PDO_HOSTNAME})
 export PDO_LEDGER_URL=${PDO_LEDGER_URL:-http://${PDO_LEDGER_ADDRESS}:6600}
 if [ ! -z "${F_LEDGER_URL}" ] ; then
     export PDO_LEDGER_URL=${F_LEDGER_URL}
@@ -74,10 +78,6 @@ fi
 export no_proxy=$PDO_HOSTNAME,$no_proxy
 export NO_PROXY=$PDO_HOSTNAME,$NO_PROXY
 
-source /opt/intel/sgxsdk/environment
-source /project/pdo/tools/environment.sh
-source ${PDO_HOME}/bin/lib/common.sh
-
 # -----------------------------------------------------------------
 # Handle the configuration of the services
 # -----------------------------------------------------------------

eservice/Makefile

@@ -23,7 +23,10 @@ ifneq ($(basename ${PY_VERSION}),3)
 $(error must be run with python3)
 endif
 
-EGG_FILE=dist/pdo_eservice-${MOD_VERSION}-py${PY_VERSION}-linux-x86_64.egg
+# wheels are now built with a PY_VERSION without the dot separation
+PY_VERSION_NODOT=$(shell echo ${PY_VERSION} | sed 's/\.//g')
+
+WHEEL_FILE=dist/pdo_eservice-${MOD_VERSION}-cp${PY_VERSION_NODOT}-cp${PY_VERSION_NODOT}-linux_x86_64.whl
 
 ENCLAVE_LIB=deps/bin/libpdo-enclave.signed.so
 
@@ -52,12 +55,12 @@ SCRIPTS = \
 TEST_LOG_LEVEL ?= warn
 TEST_LOG_FILE ?= __screen__
 
-all : $(ENCLAVE_LIB) $(EGG_FILE)
+all : $(ENCLAVE_LIB) $(WHEEL_FILE)
 
-$(EGG_FILE) : $(ENCLAVE_LIB) $(SWIG_TARGET) $(PYTHON_FILES) $(SCRIPTS)
+$(WHEEL_FILE) : $(ENCLAVE_LIB) $(SWIG_TARGET) $(PYTHON_FILES) $(SCRIPTS)
 	@echo Build Distribution
 	@ . $(abspath $(DSTDIR)/bin/activate) && \
-		python3 setup.py bdist_egg
+		python3 -m build --wheel .
 
 $(ENCLAVE_LIB) : build
 	@echo Build Enclave
@@ -71,9 +74,9 @@ build :
 	mkdir $@
 	cd $@ && cmake .. -G "Unix Makefiles"
 
-install: $(EGG_FILE)
+install: $(WHEEL_FILE)
 	@ . $(abspath $(DSTDIR)/bin/activate) && \
-		python3 setup.py install
+		pip install $(WHEEL_FILE)
 
 # these cannot be run in the current directory because python tries to
 # pick up the local versions of the library which do not have the same

eservice/setup.py

@@ -153,13 +153,12 @@
 version = subprocess.check_output(
     os.path.join(pdo_root_dir, 'bin/get_version')).decode('ascii').strip()
 
-setup(name='pdo_eservice',
+setup(name='pdo-eservice',
       version = version,
       description = 'Private Data Objects SGX Contract Enclave',
-      author = 'Hyperledger',
-      url = 'http://www.intel.com',
+      author = 'Hyperledger Labs PDO maintainers',
+      url = 'https://github.com/hyperledger-labs/private-data-objects',
       packages = find_packages(exclude='./eservice'),
-      namespace_packages=['pdo'],
       install_requires = [
           'colorlog',
           'lmdb',

ledgers/ccf/CMakeLists.txt

@@ -1,4 +1,4 @@
-# Copyright 2020 Intel Corporation
+# Copyright 2023 Intel Corporation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,18 +12,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-CMAKE_MINIMUM_REQUIRED(VERSION 3.11)
+CMAKE_MINIMUM_REQUIRED(VERSION 3.16)
 
 INCLUDE(${CCF_DIR}/cmake/preproject.cmake)
 PROJECT(pdoenc LANGUAGES C CXX)
 INCLUDE(${CCF_DIR}/cmake/ccf_app.cmake)
 
-FIND_PACKAGE(ccf REQUIRED)
+FIND_PACKAGE(ccf_virtual REQUIRED)
 
 # Add the PDO transaction processor target
 add_ccf_app(pdoenc
   SRCS transaction_processor/pdo_tp.cpp transaction_processor/verify_signatures.cpp
-  INCLUDE_DIRS ${CCF_DIR}/include/ccf ${CCF_DIR}/include/3rdparty ${CCF_DIR}/include}
+  INCLUDE_DIRS ${CCF_DIR}/include/ccf ${CCF_DIR}/include/3rdparty ${CCF_DIR}/include
 )
 
 INSTALL(TARGETS pdoenc.virtual DESTINATION lib)