Add support for a Quickstart Docker image

This change adds support for generating a valid Docker image containing the Parsec service and client tool which can be used for introductory quickstart operations. It also refactors the construction of the quickstart tarball to take advantage of a Docker-based build environment. Signed-off-by: Dennis Gove <[email protected]>
parallaxsecond · Jan 11, 2023 · 26a08c4 · 26a08c4
1 parent 199285b
commit 26a08c4
Show file tree

Hide file tree

Showing 8 changed files with 292 additions and 131 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,17 @@
+quickstart/quickstart.Dockerfile
+quickstart/package.sh
+quickstart/*.tar.gz
+.idea/
+
+# Copied from .gitignore
+/target
+*.psa_its
+*.swp
+tags
+*DS_Store
+*vscode
+*.patch
+mappings/
+kim-mappings/
+NVChip
+.devcontainer
diff --git a/.gitignore b/.gitignore
@@ -26,3 +26,9 @@ kim-mappings/
 # TPM simulator state file
 NVChip
 .devcontainer
+
+# Quickstart tarball
+quickstart/*.tar.gz
+
+# IDE settings files
+.idea
diff --git a/packaging_assets/package.sh b/packaging_assets/package.sh
diff --git a/packaging_assets/quickstart_config.toml → quickstart/config.toml b/packaging_assets/quickstart_config.toml → quickstart/config.toml
diff --git a/quickstart/docker_README.md b/quickstart/docker_README.md
@@ -0,0 +1,112 @@
+# Parsec Quickstart - Docker
+
+This Docker container is constructed specifically as an introductory quickstart for the Parsec service and client tool. It is not intended for use in any production system.
+
+The container is started with the following command
+
+```bash
+$> docker run --rm --name parsec -it parsec-quickstart bash
+qs@319b139eb85e:/parsec/quickstart$ 
+```
+
+## Directory Layout & Environment Settings
+
+```
+parsec
+├── bin
+│   ├── parsec                 # The parsec binary
+│   └── parsec-tool            # The parsec client tool
+└── quickstart
+    ├── README.md              # This README
+    ├── config.toml            # The config file used by parsec
+    └── parsec-cli-tests.sh    # Standard parsec-tool tests
+```
+
+```
+PWD=/parsec/quickstart
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/parsec/bin
+PARSEC_SERVICE_ENDPOINT=unix:/parsec/quickstart/parsec.sock
+```
+
+## Usage
+
+The following describe standard quickstart usage examples.
+
+### Start the PARSEC service
+
+```bash
+# This will execute the parsec binary found in /parsec/bin using the config file
+# found at /parsec/quickstart/config.toml.
+# The socket path will be placed at /parsec/quickstart/parsec.sock
+qs@319b139eb85e:/parsec/quickstart$ parsec &
+[INFO  parsec] Parsec started. Configuring the service...
+[INFO  parsec_service::key_info_managers::sqlite_manager] SQLiteKeyInfoManager - Found 0 key info mapping records
+[INFO  parsec_service::utils::service_builder] Creating a Mbed Crypto Provider.
+[INFO  parsec] Parsec is ready.
+
+qs@319b139eb85e:/parsec/quickstart$ 
+```
+
+### Ping Parsec
+
+```bash
+# This will execute a ping command using the parsec-tool binary.
+# The container has already configured the environment variable
+#  PARSEC_SERVICE_ENDPOINT=unix:/parsec/quickstart/parsec.sock
+# which will allow all parsec-tool commands to successfully find
+# the necessary socket. 
+qs@319b139eb85e:/parsec/quickstart$ parsec-tool ping
+[INFO ] Service wire protocol version
+1.0
+```
+
+### Parsec Tool Examples
+
+```bash
+# List Providers
+qs@319b139eb85e:/parsec/quickstart$ parsec-tool list-providers
+[INFO ] Available providers:
+ID: 0x01 (Mbed Crypto provider)
+Description: User space software provider, based on Mbed Crypto - the reference implementation of the PSA crypto API
+Version: 0.1.0
+Vendor: Arm
+UUID: 1c1139dc-ad7c-47dc-ad6b-db6fdb466552
+
+ID: 0x00 (Core provider)
+Description: Software provider that implements only administrative (i.e. no cryptographic) operations
+Version: 1.1.0
+Vendor: Unspecified
+UUID: 47049873-2a43-4845-9d72-831eab668784
+
+# Create RSA Key
+qs@319b139eb85e:/parsec/quickstart$ parsec-tool create-rsa-key --key-name demo1
+[INFO ] Creating RSA encryption key...
+[INFO ] Key "demo1" created.
+
+# Encrypt data using the RSA Key
+qs@319b139eb85e:/parsec/quickstart$ parsec-tool encrypt --key-name demo1 "Super secret data"
+[INFO ] Encrypting data with RsaPkcs1v15Crypt...
+RuPgZld6....brHqQd7xJg== 
+
+# Decrypt ciphertext using the RSA Key
+qs@319b139eb85e:/parsec/quickstart$ parsec-tool decrypt --key-name demo1 RuPgZld6....brHqQd7xJg==
+[INFO ] Decrypting data with RsaPkcs1v15Crypt...
+Super secret data 
+```
+
+### Run the Test Script
+
+```bash
+qs@319b139eb85e:/parsec/quickstart$ ./parsec-cli-tests.sh
+Checking Parsec service...
+[INFO ] Service wire protocol version
+1.0
+
+Testing Mbed Crypto provider
+
+- Test random number generation
+[INFO ] Generating 10 random bytes...
+[INFO ] Random bytes:
+24 A1 19 DB 3F 3C A0 82 FE 63
+....
+```
diff --git a/quickstart/package.sh b/quickstart/package.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Copyright 2022 Contributors to the Parsec project.
+# SPDX-License-Identifier: Apache-2.0
+
+# Create a quickstart package
+
+# Avoid silent failures
+set -euf -o pipefail
+
+PACKAGE_PATH=$(pwd)
+ASSETS_DIR=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
+PARSEC_DIR=$(dirname $ASSETS_DIR)
+
+# Usage
+USAGE_STR=\
+"Usage:\n"\
+"package.sh [Options]\n"\
+"Options:\n"\
+" -o {path}: Output absolute path, the default path is the current directory i.e. $(pwd)\n"\
+" -h : Display this help menu\n"
+
+# Flags
+while getopts v:o:j:h flag
+do
+    case "${flag}" in
+        o) PACKAGE_PATH=${OPTARG};;
+        h) echo -e $USAGE_STR; exit 0;;
+    esac
+done
+
+check_release_tag() {
+    CURRENT_TAG=$(git name-rev --tags HEAD | cut -d "/" -f 2)
+    LATTEST_TAG=$(git tag --sort=committerdate | tail -1)
+    if [ -z "$LATTEST_TAG" ];then
+        echo "Warning:No tags"
+    fi
+    if [ "$LATTEST_TAG" == "$CURRENT_TAG" ]; then
+        echo "Packaging release tag: $LATTEST_TAG"
+    else
+        echo "Warning: The current HEAD does't match the latest tagged"
+        echo "Warning: Please checkout the latest tag : $LATTEST_TAG"
+        read  -n 1 -p "Do you want to continue anyway [y/n]?" choice
+        if [ "$choice" != "y" ]; then
+            exit 1
+        fi
+    fi
+}
+
+build_runnable_image() {
+  docker build --target runnable_image --tag parsec-quickstart -f quickstart.Dockerfile ${PARSEC_DIR}
+}
+
+build_extract_tarball() {
+  docker build --target tarball_builder --tag parsec-quickstart-tarball -f quickstart.Dockerfile ${PARSEC_DIR}
+
+  # Extract the tarball out of the image used to construct it and place it in ${PACKAGE_PATH}
+  docker run -v ${PACKAGE_PATH}:/opt/mount --rm parsec-quickstart-tarball bash -c 'cp /parsec-tar/*.tar.gz /opt/mount/'
+}
+
+echo "Packaging started..."
+
+trap EXIT
+
+check_release_tag
+build_runnable_image
+build_extract_tarball
+
+echo "Finalizing packages"