This commit (1) adds the log/reason for switching to a single threade…

…d build (for later troubleshooting), (2) removes the dead Go code in the attestation lib, (3) it removes duplicate packages in the services dockerfile, (4) it add the reason for doing a double build of the DCAP primitives Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
bvavala · Oct 22, 2024 · f1039b1 · f1039b1
1 parent 4d68cb7
commit f1039b1
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 197 deletions.
diff --git a/build/__tools__/build.sh b/build/__tools__/build.sh
@@ -89,8 +89,16 @@ if [ ! -d build ]; then
 fi
 
 cd build
-#try cmake ${CMAKE_ARGS} ..
-#try make ${MAKE_ARGS}
+
+#In the following we use a single threaded build due to race conditions the arise with a multi-threaded one.
+#In the following we append the error log for multi-threaded (j4) build for troubleshooting in the future.
+#11 33.53  build.sh: ERROR: operation failed: cmake --build . -- -j4 BUILD_CLIENT=0
+#11 33.53 make[1]: *** [Makefile:98: build] Error 111
+#11 33.53 make[1]: Leaving directory '/project/pdo/src/build'
+#11 33.53 make: *** [Makefile:101: verified-build] Error 2
+#11 33.53 make: Leaving directory '/project/pdo/src/build'
+#11 33.53  build_services.sh: ERROR: operation failed: make -C /project/pdo/src/build verified-build
+#11 ERROR: process "/bin/sh -c /project/pdo/tools/build_services.sh" did not complete successfully: exit code: 111
 try cmake --build . -- ${MAKE_ARGS} -j1
 
 yell --------------- BIN ---------------

diff --git a/common/crypto/attestation-api/test/attested_evidence_test.sh b/common/crypto/attestation-api/test/attested_evidence_test.sh
@@ -56,43 +56,6 @@ function orchestrate()
     ./verify_evidence_app_enclave
 }
 
-#function orchestrate_with_go_conversion()
-#{
-#    #get attestation
-#    ./get_attestation_app
-#    define_to_variable "${DEFINES_FILEPATH}" "GET_ATTESTATION_OUTPUT"
-#    [ -f ${GET_ATTESTATION_OUTPUT} ] || die "no output from get_attestation"
-#
-#    #translate attestation (note: attestation_to_evidence defines the EVIDENCE variable)
-#    ATTESTATION=$(cat ${GET_ATTESTATION_OUTPUT})
-#    GO_CONVERSION_CMD="go run ${FPC_PATH}/common/crypto/attestation-api/test/conversion_app_go/main.go"
-#    EVIDENCE=$(${GO_CONVERSION_CMD} "${ATTESTATION}")
-#
-#    define_to_variable "${DEFINES_FILEPATH}" "EVIDENCE_FILE"
-#    echo ${EVIDENCE} > ${EVIDENCE_FILE}
-#
-#    #verify evidence
-#    ./verify_evidence_app
-#}
-#
-#function orchestrate_with_go_verification()
-#{
-#    #get attestation
-#    ./get_attestation_app
-#    define_to_variable "${DEFINES_FILEPATH}" "GET_ATTESTATION_OUTPUT"
-#    [ -f ${GET_ATTESTATION_OUTPUT} ] || die "no output from get_attestation"
-#
-#    #translate attestation (note: attestation_to_evidence defines the EVIDENCE variable)
-#    ATTESTATION=$(cat ${GET_ATTESTATION_OUTPUT})
-#    attestation_to_evidence "${ATTESTATION}"
-#
-#    define_to_variable "${DEFINES_FILEPATH}" "EVIDENCE_FILE"
-#    echo ${EVIDENCE} > ${EVIDENCE_FILE}
-#
-#    #verify evidence
-#    go run -tags WITH_PDO_CRYPTO ${FPC_PATH}/common/crypto/attestation-api/test/verify_evidence_app_go/main.go
-#}
-
 function check_collateral_epid()
 {
     if [[ -z "${COLLATERAL_FOLDER}" ]]; then
@@ -140,9 +103,6 @@ function epid_test()
     #run attestation generation/conversion/verification tests
     orchestrate
 
-    #run attestation generation/conversion/verification tests (same as before, though with Go-based conversion)
-    #orchestrate_with_go_conversion
-
     say "Test success"
 }
 
@@ -244,12 +204,6 @@ function simulated_test()
     #run attestation generation/conversion/verification tests
     orchestrate
 
-    #run attestation generation/conversion/verification tests (same as before, though with Go-based conversion)
-    #orchestrate_with_go_conversion
-
-    #run attestation generation/conversion/verification tests (same as before, though with Go-based verification)
-    #orchestrate_with_go_verification
-
     say "Test success"
 
 }

diff --git a/common/crypto/attestation-api/test/conversion_app_go/main.go b/common/crypto/attestation-api/test/conversion_app_go/main.go
diff --git a/common/crypto/attestation-api/test/verify_evidence_app_go/main.go b/common/crypto/attestation-api/test/verify_evidence_app_go/main.go
diff --git a/docker/pdo_services_base.dockerfile b/docker/pdo_services_base.dockerfile
@@ -101,14 +101,10 @@ RUN apt-get install -y -q \
 RUN apt-get install -y \
         basez \
         clang \
-        cmake \
-        curl \
         libsgx-dcap-default-qpl \
         #libsgx-dcap-default-qpl-dev adds libdcap_quoteprov.so and /usr/include/sgx_default_quote_provider.h
         libsgx-dcap-default-qpl-dev \
-        jq \
-        libssl-dev \
-        vim
+        jq
 
 ARG DCAP=1.19
 ENV DCAP_PRIMITIVES=/tmp/SGXDataCenterAttestationPrimitives
@@ -122,6 +118,9 @@ RUN cd ${DCAP_PRIMITIVES}/QuoteGeneration \
         && ./download_prebuilt.sh \
         && make GEN_STATIC=1
 
+# NOTE: below the build (./release) is run twice. Unfortunately, this is necessary because both builds fails
+# when run separately in a clean environment, but succeed if they run in sequence, and produce the expected result.
+# This issue has been communicated to the developers of the DCAP primitives.
 RUN cd ${DCAP_PRIMITIVES}/QuoteVerification/QVL/Src \
     && ./release -DBUILD_ENCLAVE=ON -DBUILD_TESTS=OFF ; ./release -DBUILD_ENCLAVE=ON -DBUILD_ATTESTATION_APP=OFF -DBUILD_TESTS=OFF