diff --git a/.github/workflows/build-geth-node.yaml b/.github/workflows/build-geth-node.yaml new file mode 100644 index 0000000..c02c9b9 --- /dev/null +++ b/.github/workflows/build-geth-node.yaml @@ -0,0 +1,78 @@ +name: Build and Publish Docker image + + +on: + release: + types: [published] + push: + branches: + - main + paths: + - GethNode/** + - .github/workflows/build-geth-node.yaml + + +jobs: + build_geth_node: + name: Build and publish Geth Node image + runs-on: ubuntu-22.04 + permissions: + packages: write + contents: read + + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate package repo name + id: ghcr_repo + run: echo "path=ghcr.io/${{ github.repository_owner }}/decent-gethnode" | tr '[:upper:]' '[:lower:]' >> $GITHUB_OUTPUT + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ steps.ghcr_repo.outputs.path }} + + - name: Get current commit SHA short + id: commit_sha + run: echo "short=$(git rev-parse --short HEAD)" | tr '[:upper:]' '[:lower:]' >> $GITHUB_OUTPUT + + - name: Manually generate sha tag + id: tag_sha + run: echo "tag=${{ steps.ghcr_repo.outputs.path }}:${{ steps.commit_sha.outputs.short }}" >> $GITHUB_OUTPUT + + - name: Manually generate ver tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + id: tag_ver + run: echo "tag=${{ steps.ghcr_repo.outputs.path }}:${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + + - name: Build and push Docker images for each commit + uses: docker/build-push-action@v5 + if: ${{ !startsWith(github.ref, 'refs/tags/') }} + with: + context: ./GethNode + platforms: linux/amd64 + push: true + tags: | + ${{ steps.tag_sha.outputs.tag }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Create and push a manifest with ver referencing latest commit + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + docker buildx imagetools create \ + -t ${{ steps.tag_ver.outputs.tag }} \ + ${{ steps.tag_sha.outputs.tag }} + diff --git a/.github/workflows/build-sgx-dev.yaml b/.github/workflows/build-sgx-dev.yaml new file mode 100644 index 0000000..e796573 --- /dev/null +++ b/.github/workflows/build-sgx-dev.yaml @@ -0,0 +1,146 @@ +name: Build and Publish Docker image + + +on: + release: + types: [published] + push: + branches: + - main + paths: + - SGXDev/** + - SGXSolDev/** + - .github/workflows/build-sgx-dev.yaml + + +jobs: + build_sgx_dev: + name: Build and publish SGX Dev image + runs-on: ubuntu-22.04 + permissions: + packages: write + contents: read + + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate package repo name + id: ghcr_repo + run: echo "path=ghcr.io/${{ github.repository_owner }}/decent-sgxdev" | tr '[:upper:]' '[:lower:]' >> $GITHUB_OUTPUT + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ steps.ghcr_repo.outputs.path }} + + - name: Get current commit SHA short + id: commit_sha + run: echo "short=$(git rev-parse --short HEAD)" | tr '[:upper:]' '[:lower:]' >> $GITHUB_OUTPUT + + - name: Manually generate sha tag + id: tag_sha + run: echo "tag=${{ steps.ghcr_repo.outputs.path }}:${{ steps.commit_sha.outputs.short }}" >> $GITHUB_OUTPUT + + - name: Manually generate ver tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + id: tag_ver + run: echo "tag=${{ steps.ghcr_repo.outputs.path }}:${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + + - name: Build and push Docker images for each commit + uses: docker/build-push-action@v5 + if: ${{ !startsWith(github.ref, 'refs/tags/') }} + with: + context: ./SGXDev + platforms: linux/amd64 + push: true + tags: | + ${{ steps.tag_sha.outputs.tag }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Create and push a manifest with ver referencing latest commit + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + docker buildx imagetools create \ + -t ${{ steps.tag_ver.outputs.tag }} \ + ${{ steps.tag_sha.outputs.tag }} + + + build_sgx_sol_dev: + name: Build and publish SGX Solidity Dev image + needs: [ build_sgx_dev ] + runs-on: ubuntu-22.04 + permissions: + packages: write + contents: read + + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate package repo name + id: ghcr_repo + run: echo "path=ghcr.io/${{ github.repository_owner }}/decent-sgxsoldev" | tr '[:upper:]' '[:lower:]' >> $GITHUB_OUTPUT + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ steps.ghcr_repo.outputs.path }} + + - name: Get current commit SHA short + id: commit_sha + run: echo "short=$(git rev-parse --short HEAD)" | tr '[:upper:]' '[:lower:]' >> $GITHUB_OUTPUT + + - name: Manually generate sha tag + id: tag_sha + run: echo "tag=${{ steps.ghcr_repo.outputs.path }}:${{ steps.commit_sha.outputs.short }}" >> $GITHUB_OUTPUT + + - name: Manually generate ver tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + id: tag_ver + run: echo "tag=${{ steps.ghcr_repo.outputs.path }}:${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + + - name: Build and push Docker images for each commit + uses: docker/build-push-action@v5 + if: ${{ !startsWith(github.ref, 'refs/tags/') }} + with: + context: ./SGXSolDev + platforms: linux/amd64 + build-args: | + BASE_IMG_TAG=${{ steps.commit_sha.outputs.short }} + push: true + tags: | + ${{ steps.tag_sha.outputs.tag }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Create and push a manifest with ver referencing latest commit + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + docker buildx imagetools create \ + -t ${{ steps.tag_ver.outputs.tag }} \ + ${{ steps.tag_sha.outputs.tag }} + diff --git a/GethNode/Dockerfile b/GethNode/Dockerfile new file mode 100644 index 0000000..2ecfd61 --- /dev/null +++ b/GethNode/Dockerfile @@ -0,0 +1,53 @@ +# Copyright (c) 2023 Haofan Zheng +# Use of this source code is governed by an MIT-style +# license that can be found in the LICENSE file or at +# https://opensource.org/licenses/MIT. + +FROM ubuntu:22.04 + +ENV DEBIAN_FRONTEND=noninteractive + +############################### Install packages ############################### +RUN apt-get update -y && \ + apt-get install -y \ + apt-utils \ + lsb-release + +RUN apt-get update -y && \ + apt-get upgrade -y + +RUN apt-get update -y && \ + apt-get install -y software-properties-common && \ + add-apt-repository -y ppa:ethereum/ethereum + +RUN apt-get update -y && \ + apt-get install -y \ + ethereum \ + openssl \ + curl + + +# Prysm +RUN mkdir /opt/prysm +RUN curl https://github.com/prysmaticlabs/prysm/raw/master/prysm.sh \ + --output /opt/prysm/prysm.sh +RUN chmod 755 /opt/prysm/prysm.sh +################################################################################ + +ENV DEBIAN_FRONTEND= + +ENV LANG=C.UTF-8 + +# environment +RUN mkdir /geth +WORKDIR /geth + +# test script +COPY test.sh /bin/test.sh +RUN chmod 755 /bin/test.sh + +# entrypoint +COPY init-geth /bin/init-geth +RUN chmod 755 /bin/init-geth + +ENTRYPOINT [ "/bin/init-geth" ] diff --git a/GethNode/init-geth b/GethNode/init-geth new file mode 100755 index 0000000..5a14a26 --- /dev/null +++ b/GethNode/init-geth @@ -0,0 +1,10 @@ +#!/bin/bash + +set -e + +if [[ ! -f /geth/jwt.hex ]]; then + echo "JWT not found, generating..." + openssl rand -hex 32 | tr -d "\n" > "/geth/jwt.hex" +fi + +/bin/test.sh --existing-arg1 --existing-arg2 ${GETH_OPTS} diff --git a/GethNode/test.sh b/GethNode/test.sh new file mode 100755 index 0000000..324fc0a --- /dev/null +++ b/GethNode/test.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +for var in "$@" +do + echo "$var" +done diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..860fd88 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 Haofan Zheng + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..e80aaa8 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# DecentDevContainer + +## SGXDev + +- Build locally + +```sh +docker build \ + -t ghcr.io/lsd-ucsc/decent-sgxdev:local \ + ./SGXDev +``` + +## SGXSolDev + +- Build locally + +```sh +docker build \ + --build-arg BASE_IMG_TAG=local \ + -t ghcr.io/lsd-ucsc/decent-sgxsoldev:local \ + ./SGXSolDev +``` + +## GethNode + +- Build locally + +```sh +docker build \ + -t ghcr.io/lsd-ucsc/decent-gethnode:local \ + ./GethNode +``` diff --git a/SGXDev/Dockerfile b/SGXDev/Dockerfile new file mode 100644 index 0000000..4cae603 --- /dev/null +++ b/SGXDev/Dockerfile @@ -0,0 +1,78 @@ +# Copyright (c) 2023 Haofan Zheng +# Use of this source code is governed by an MIT-style +# license that can be found in the LICENSE file or at +# https://opensource.org/licenses/MIT. + +FROM ubuntu:22.04 + +ENV DEBIAN_FRONTEND=noninteractive + +############################### Install packages ############################### +RUN apt-get update -y && \ + apt-get install -y \ + apt-utils \ + lsb-release + +RUN apt-get update -y && \ + apt-get upgrade -y + +RUN apt-get update -y && \ + apt-get install -y \ + nano \ + less \ + net-tools \ + iputils-ping \ + build-essential \ + git \ + cmake \ + python3 \ + python3-pip \ + curl + +# SSH Server +RUN apt-get update -y && \ + apt-get install -y \ + openssh-server +RUN rm /etc/ssh/ssh_host_* + +# SGX PSW +RUN curl \ + -o /opt/sgx_debian_local_repo.tgz \ + -fSL https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu22.04-server/sgx_debian_local_repo.tgz + +RUN tar -xzf /opt/sgx_debian_local_repo.tgz -C /opt +RUN echo 'deb [arch=amd64 trusted=yes] file:/opt/sgx_debian_local_repo/ jammy main' > /etc/apt/sources.list.d/intel-sgx.list +RUN apt-get update -y +RUN apt install -y \ + libsgx-enclave-common \ + libsgx-enclave-common-dbgsym \ + libsgx-urts \ + libsgx-urts-dbgsym \ + libsgx-epid \ + libsgx-uae-service + +# AESM Service +COPY aesmd /etc/init.d/aesmd +RUN chmod 755 /etc/init.d/aesmd + +# SGX SDK +RUN curl \ + -o /opt/sgx_linux_x64_sdk_2.20.100.4.bin \ + -fSL https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.20.100.4.bin +RUN chmod 755 /opt/sgx_linux_x64_sdk_2.20.100.4.bin +RUN /opt/sgx_linux_x64_sdk_2.20.100.4.bin --prefix /opt/intel + +# APT clean up +RUN apt-get autoremove -y +RUN apt-get clean all +################################################################################ + +ENV DEBIAN_FRONTEND= + +ENV LANG=C.UTF-8 + +# entrypoint +COPY sgx-init /bin/sgx-init +RUN chmod 755 /bin/sgx-init + +ENTRYPOINT [ "/bin/sgx-init", "/bin/bash" ] diff --git a/SGXDev/aesmd b/SGXDev/aesmd new file mode 100755 index 0000000..9e67af5 --- /dev/null +++ b/SGXDev/aesmd @@ -0,0 +1,82 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: aesmd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Intel(R) Architectural Enclave Service Manager +### END INIT INFO + +set -e + +export NAME="aesm_service" +export AESM_PATH="/opt/intel/sgx-aesm-service/aesm" +export LD_LIBRARY_PATH="/opt/intel/sgx-aesm-service/aesm" + +test -x /opt/intel/sgx-aesm-service/aesm/aesm_service || exit 1 + +. /lib/lsb/init-functions + +link_sgx() { + /opt/intel/sgx-aesm-service/aesm/linksgx.sh +} + +check_dirs() { + mkdir -p /var/run/aesmd/ + chown -R aesmd:aesmd /var/run/aesmd/ + chmod 0755 /var/run/aesmd/ + + mkdir -p /var/opt/aesmd/ + chown -R aesmd:aesmd /var/opt/aesmd/ + chmod 0750 /var/opt/aesmd/ +} + +case "$1" in + start) + check_dirs + log_daemon_msg "Starting Intel(R) Architectural Enclave Service Manager" $NAME || true + link_sgx + if start-stop-daemon --start --quiet --oknodo --background --chuid aesmd:aesmd --chdir $AESM_PATH --pidfile /run/aesmd.pid --make-pidfile --exec $AESM_PATH/$NAME -- --no-daemon; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + + + stop) + log_daemon_msg "Stopping Intel(R) Architectural Enclave Service Manager" $NAME || true + if start-stop-daemon --stop --pidfile /run/aesmd.pid --remove-pidfile; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + + + restart) + check_dirs + log_daemon_msg "Restarting Intel(R) Architectural Enclave Service Manager" $NAME || true + start-stop-daemon --stop --pidfile /run/aesmd.pid --remove-pidfile + link_sgx + if start-stop-daemon --start --quiet --oknodo --background --chuid aesmd:aesmd --chdir $AESM_PATH --pidfile /run/aesmd.pid --make-pidfile --exec $AESM_PATH/$NAME -- --no-daemon; then + log_end_msg 0 || true + else + log_end_msg 1 || true + fi + ;; + + + status) + status_of_proc -p /run/aesmd.pid $AESM_PATH/$NAME $NAME && exit 0 || exit $? + ;; + + + *) + log_action_msg "Usage: /etc/init.d/aesmd {start|stop|restart|status}" || true + exit 1 +esac + +exit 0 diff --git a/SGXDev/sgx-init b/SGXDev/sgx-init new file mode 100755 index 0000000..9b1ca17 --- /dev/null +++ b/SGXDev/sgx-init @@ -0,0 +1,22 @@ +#! /bin/bash + +# Copyright (c) 2023 Haofan Zheng +# Use of this source code is governed by an MIT-style +# license that can be found in the LICENSE file or at +# https://opensource.org/licenses/MIT. + +set -e + +# initialize ssh host keys +if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then + ssh-keygen -A +fi + +# start necessary services +service aesmd start + +# set environment variables +source /opt/intel/sgxsdk/environment + +# initialization finished, hand over to bash +exec $@ diff --git a/SGXSolDev/Dockerfile b/SGXSolDev/Dockerfile new file mode 100644 index 0000000..3038c61 --- /dev/null +++ b/SGXSolDev/Dockerfile @@ -0,0 +1,49 @@ +# Copyright (c) 2023 Haofan Zheng +# Use of this source code is governed by an MIT-style +# license that can be found in the LICENSE file or at +# https://opensource.org/licenses/MIT. + +ARG BASE_IMG_TAG +FROM ghcr.io/lsd-ucsc/decent-sgxdev:$BASE_IMG_TAG + +ENV DEBIAN_FRONTEND=noninteractive + +############################### Install packages ############################### +RUN apt-get update -y && \ + apt-get install -y \ + python3 \ + python3-pip \ + golang + +# Python packages +RUN python3 -m pip install --upgrade pip +RUN python3 -m pip install \ + web3==6.2.0 \ + requests==2.28.2 \ + numpy==1.24.3 \ + matplotlib==3.7.1 \ + plotly==5.14.1 \ + kaleido==0.2.1 \ + pandas==2.0.1 \ + cryptography==41.0.3 + +# Node.js +RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nodesource.gpg +RUN echo "deb https://deb.nodesource.com/node_18.x jammy main" >> /etc/apt/sources.list.d/nodesource.list +RUN echo "deb-src https://deb.nodesource.com/node_18.x jammy main" >> /etc/apt/sources.list.d/nodesource.list +RUN apt update -y +RUN apt install -y nodejs + +# Node.js packages +RUN npm install -g ganache@7.8.0 + +# Solc compiler +RUN curl -fsSL -o /bin/solc https://github.com/ethereum/solidity/releases/download/v0.8.20/solc-static-linux +RUN chmod 755 /bin/solc + +RUN apt-get clean all +################################################################################ + +ENV DEBIAN_FRONTEND= + +ENV LANG=C.UTF-8