Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into sp1-contract-verify
Browse files Browse the repository at this point in the history
  • Loading branch information
smtmfft committed Oct 8, 2024
2 parents c68f073 + 7e10837 commit c0d242d
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 8 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ WORKDIR /opt/raiko
COPY . .
RUN cargo build --release ${BUILD_FLAGS} --features "sgx" --features "docker_build"

FROM gramineproject/gramine:1.6-jammy AS runtime
FROM gramineproject/gramine:1.7-jammy AS runtime
ENV DEBIAN_FRONTEND=noninteractive
WORKDIR /opt/raiko

Expand Down
14 changes: 8 additions & 6 deletions docs/README_Docker_and_RA.md
Original file line number Diff line number Diff line change
Expand Up @@ -274,19 +274,21 @@ mkdir ~/.config/raiko/secrets
```
git clone https://github.com/taikoxyz/raiko.git
cd raiko/docker
docker compose build
docker compose build raiko
```

> **_NOTE:_** This step will take some time, sometimes ~5 minutes.
> **_NOTE:_** This step will take some time, sometimes ~5 minutes. Do NOT do `docker compose build` alone, this will build the zk image which will take >30mins and will not be used!
**Currently, it is not possible to build the image locally due to a dependency being privated. Please pull the docker images needed to run raiko as follows:**
If you do not wish to build the image locally, you can optionally pull them from our registry.

```
docker pull us-docker.pkg.dev/evmchain/images/raiko:latest
docker pull us-docker.pkg.dev/evmchain/images/raiko:1.2.0
docker pull us-docker.pkg.dev/evmchain/images/pccs:latest
```

You can continue on with the following steps as usual after this. Do not do `docker compose build`.
If you do this step, you need to change your raiko docker-compose.yml to use this image. Navigate to `raiko/docker` and search for `raiko:latest` and change all instances to `raiko:1.2.0`.

You can continue on with the following steps as usual after this.

6. Check that the images have been built

Expand Down Expand Up @@ -380,7 +382,7 @@ You can find it with `cat ~/.config/raiko/config/bootstrap.json` as shown above.

Copy your quote and use in the following step.

> **_NOTE:_** If you are on `protocol-v1.9.0`, the script is located at `script/layer1/config_dcap_sgx_verifier.sh`. Use this for the following steps.
> **_NOTE:_** If you are on `protocol-v1.9.0`, the script is located at `script/layer1/config_dcap_sgx_verifier.sh`. Use this for the following steps. The script is also bugged in this release (has been fixed on main), you will need to change [L150](https://github.com/taikoxyz/taiko-mono/blob/bf45889e18e97f1186cd60fd55e1b2664dc4bf43/packages/protocol/script/layer1/config_dcap_sgx_verifier.sh#L150) to `forge script script/layer1/SetDcapParams.s.sol:SetDcapParams`.
6. In the `script/config_dcap_sgx_verifier.sh` script, replace `--fork-url https://any-holesky-rpc-url/` with the RPC URL of the respective network. Alternatively, export it like so: `export FORK_URL="https://any-holesky-rpc-url/"`.

Expand Down
8 changes: 7 additions & 1 deletion provers/sgx/config/sgx-guest.docker.manifest.template
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,16 @@ fs.mounts = [
{ path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
{ path = "/usr/lib/ssl/certs/", uri = "file:/usr/lib/ssl/certs/" },
{ path = "/root/.config/raiko/config", uri = "file:/root/.config/raiko/config" },
{ path = "/proc/self/mountinfo", uri = "file:/proc/self/mountinfo" },
{ path = "/proc/self/cgroup", uri = "file:/proc/self/cgroup" },
{ path = "/sys/fs/cgroup/", uri = "file:/sys/fs/cgroup/" },
{ path = "/root/.config/raiko/secrets", uri = "file:/root/.config/raiko/secrets", type = "encrypted", key_name = "_sgx_mrenclave" },
]
sgx.allowed_files = [
"file:/root/.config/raiko/config",
"file:/proc/self/mountinfo",
"file:/proc/self/cgroup",
"file:/sys/fs/cgroup/",
]
sgx.debug = false
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '1') == '1' else 'false' }}
Expand All @@ -34,7 +40,7 @@ sgx.trusted_files = [
"file:/usr/lib/ssl/certs/",
"file:sgx-guest",
]
sgx.max_threads = 32
sgx.max_threads = 512
sgx.remote_attestation = "dcap"
sys.enable_extra_runtime_domain_names_conf = true
sys.insecure__allow_eventfd = true
Expand Down

0 comments on commit c0d242d

Please sign in to comment.