diff --git a/Makefile b/Makefile index 8318ab349..e97875434 100644 --- a/Makefile +++ b/Makefile @@ -235,8 +235,29 @@ clean: $(MAKE) -C cosmwasm/enclaves/test clean $(MAKE) -C check-hw clean +compile-enclave: + DOCKER_BUILDKIT=1 docker build \ + $(DOCKER_BUILD_ARGS) \ + --build-arg BUILD_VERSION=1.6.1 \ + --build-arg SGX_MODE=HW \ + --file deployment/dockerfiles/Dockerfile \ + --target compile-enclave \ + --tag scrt-enclave \ + . + +compile-libgo-cosmwasm: + DOCKER_BUILDKIT=1 docker build \ + $(DOCKER_BUILD_ARGS) \ + --build-arg BUILD_VERSION=1.6.1 \ + --build-arg SGX_MODE=HW \ + --file deployment/dockerfiles/Dockerfile \ + --target compile-libgo-cosmwasm \ + --tag scrt-libgo-cosmwasm \ + . + compile-secretd: DOCKER_BUILDKIT=1 docker build \ + $(DOCKER_BUILD_ARGS) \ --build-arg SECRET_NODE_TYPE=NODE \ --build-arg DB_BACKEND=goleveldb \ --build-arg CGO_LDFLAGS= \ @@ -251,13 +272,14 @@ compile-secretd: artifacts: DOCKER_BUILDKIT=1 docker build \ + $(DOCKER_BUILD_ARGS) \ --build-arg FEATURES=production \ --build-arg FEATURES_U=production \ --build-arg SECRET_NODE_TYPE=NODE \ --build-arg DB_BACKEND=goleveldb \ --build-arg BUILD_VERSION=1.6.1 \ --build-arg SGX_MODE=HW \ - --file deployment/dockerfiles/Dockerfile \ + --file deployment/dockerfiles/artifacts.Dockerfile \ --secret id=API_KEY,src=ias_keys/api_key.txt \ --secret id=SPID,src=ias_keys/sw_dummy/spid.txt \ --target secret-artifacts \ diff --git a/deployment/dockerfiles/Dockerfile b/deployment/dockerfiles/Dockerfile index 6340c5582..59ffd3430 100644 --- a/deployment/dockerfiles/Dockerfile +++ b/deployment/dockerfiles/Dockerfile @@ -55,8 +55,14 @@ ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm -RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env \ - && MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust +RUN --mount=type=cache,target=/root/.cargo/registry \ + . /opt/sgxsdk/environment && env && \ + MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + FEATURES_U=${FEATURES_U} \ + SGX_MODE=${SGX_MODE} \ + make build-rust ENTRYPOINT ["/bin/bash"] @@ -69,7 +75,8 @@ ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz -RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version +RUN --mount=type=cache,target=/root/.cache/go-build \ + go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version # Set working directory for the build WORKDIR /go/src/github.com/enigmampc/SecretNetwork @@ -104,6 +111,8 @@ COPY Makefile . RUN true COPY client client +RUN go mod graph | awk '$1 !~ /@/ { print $2 }' | xargs -r go get + RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/ @@ -124,8 +133,20 @@ RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/api_key.txt RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/api_key.txt -RUN --mount=type=cache,target=/root/.cache/go-build . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust -RUN --mount=type=cache,target=/root/.cache/go-build . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli +RUN --mount=type=cache,target=/root/.cache/go-build \ + . /opt/sgxsdk/environment && env && \ + CGO_LDFLAGS=${CGO_LDFLAGS} \ + DB_BACKEND=${DB_BACKEND} \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + SGX_MODE=${SGX_MODE} \ + make build_local_no_rust +RUN --mount=type=cache,target=/root/.cache/go-build \ + . /opt/sgxsdk/environment && env && \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + SGX_MODE=${SGX_MODE} \ + make build_cli #RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust #RUN . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli @@ -328,4 +349,4 @@ COPY deployment/docker/localsecret/faucet/faucet_server.js . HEALTHCHECK --interval=5s --timeout=1s --retries=120 CMD bash -c 'curl -sfm1 http://localhost:26657/status && curl -s http://localhost:26657/status | jq -e "(.result.sync_info.latest_block_height | tonumber) > 0"' -ENTRYPOINT ["./bootstrap_init.sh"] \ No newline at end of file +ENTRYPOINT ["./bootstrap_init.sh"] diff --git a/deployment/dockerfiles/artifacts.Dockerfile b/deployment/dockerfiles/artifacts.Dockerfile index cbf55ef31..110cbbe39 100644 --- a/deployment/dockerfiles/artifacts.Dockerfile +++ b/deployment/dockerfiles/artifacts.Dockerfile @@ -7,7 +7,6 @@ # `--target build-deb-mainnet` - the image used to generate deb package for mainnet (will pull precompiled enclave) # `--target compile-secretd` - image with compiled enclave and secretd -ARG SCRT_BASE_IMAGE_SECRETD=enigmampc/rocksdb:v6.24.2-1.1.5 ARG TEST=enigmampc/rocksdb:v6.24.2 ARG SCRT_BASE_IMAGE_ENCLAVE=enigmampc/rocksdb:v6.24.2-1.1.5 ARG SCRT_RELEASE_BASE_IMAGE=enigmampc/enigma-sgx-base:2004-1.1.5 @@ -34,9 +33,15 @@ RUN --mount=type=cache,target=/root/.cargo/registry cargo install xargo --versio COPY third_party third_party # Add source files -COPY go-cosmwasm go-cosmwasm/ +#COPY go-cosmwasm go-cosmwasm/ COPY cosmwasm cosmwasm/ +# build header enclave-ffi-types.h needed by both librust_cosmwasm and libgo_cosmwasm +WORKDIR /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/enclaves/ffi-types +RUN --mount=type=cache,target=/root/.cargo/registry \ + cargo check --features "build_headers" + + # ***************** COMPILE ENCLAVE ************** # FROM prepare-compile-enclave AS compile-enclave @@ -53,60 +58,47 @@ ENV FEATURES=${FEATURES} ENV FEATURES_U=${FEATURES_U} ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} -WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm +WORKDIR /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/enclaves/execute -#RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env \ -# && MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust -RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env && \ - MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \ - VERSION=${VERSION} \ - FEATURES=${FEATURES} \ - FEATURES_U=${FEATURES_U} \ - SGX_MODE=${SGX_MODE} \ - make build-enclave - -#FROM compile-enclave as compile-libgo-cosmwasm -#RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env && \ -#RUN . /opt/sgxsdk/environment && \ -# FEATURES_U=${FEATURES_U} \ -# make build-libgo-cosmwasm +RUN --mount=type=cache,target=/root/.cargo/registry \ + cp ../target/headers/enclave-ffi-types.h ./ && \ + . /opt/sgxsdk/environment && env && \ + MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + SGX_MODE=${SGX_MODE} \ + make librust_cosmwasm_enclave.signed.so ENTRYPOINT ["/bin/bash"] -# ***************** COMPILE libgo_cosmwasm.so ************** # +FROM prepare-compile-enclave AS compile-libgo-cosmwasm -#FROM prepare-compile-enclave AS compile-libgo-cosmwasm -FROM compile-enclave AS compile-libgo-cosmwasm - -#ARG BUILD_VERSION="v0.0.0" -#ARG SGX_MODE=SW -#ARG FEATURES -#ARG FEATURES_U -#ARG MITIGATION_CVE_2020_0551=LOAD -# -#ENV VERSION=${BUILD_VERSION} -#ENV SGX_MODE=${SGX_MODE} -#ENV FEATURES=${FEATURES} -#ENV FEATURES_U=${FEATURES_U} -#ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} -# -#WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm +ARG BUILD_VERSION="v0.0.0" +ARG SGX_MODE=SW +ARG FEATURES +ARG FEATURES_U +ARG MITIGATION_CVE_2020_0551=LOAD -#COPY --from=compile-enclave \ -# /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so . -#COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/lib . -#RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env && \ -RUN . /opt/sgxsdk/environment && \ - FEATURES_U=${FEATURES_U} \ - make build-libgo-cosmwasm +ENV VERSION=${BUILD_VERSION} +ENV SGX_MODE=${SGX_MODE} +ENV FEATURES=${FEATURES} +ENV FEATURES_U=${FEATURES_U} +ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} -ENTRYPOINT ["/bin/bash"] +WORKDIR /go/src/github.com/enigmampc/SecretNetwork +COPY go-cosmwasm go-cosmwasm +WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm -FROM scratch AS libgo_cosmwasm -COPY --from=compile-libgo-cosmwasm /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so . -#COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /usr/lib/ -#COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/secretd /usr/bin/secretd +RUN --mount=type=cache,target=/root/.cargo/registry \ + . /opt/sgxsdk/environment && env && \ + MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + FEATURES_U=${FEATURES_U} \ + SGX_MODE=${SGX_MODE} \ + make build-libgo-cosmwasm +ENTRYPOINT ["/bin/bash"] # ***************** COMPILE SECRETD ************** # FROM $TEST AS compile-secretd @@ -117,7 +109,8 @@ ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz -RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version +RUN --mount=type=cache,target=/root/.cache/go-build \ + go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version # Set working directory for the build WORKDIR /go/src/github.com/enigmampc/SecretNetwork @@ -137,6 +130,7 @@ ENV CGO_LDFLAGS=${CGO_LDFLAGS} # Add source files COPY go-cosmwasm go-cosmwasm + # This is due to some esoteric docker bug with the underlying filesystem, so until I figure out a better way, this should be a workaround RUN true COPY x x @@ -151,12 +145,18 @@ COPY Makefile . RUN true COPY client client +RUN go mod graph | awk '$1 !~ /@/ { print $2 }' | xargs -r go get + RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/ -COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so -COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so +COPY --from=compile-enclave \ + /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/enclaves/execute/librust_cosmwasm_enclave.signed.so \ + /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so +COPY --from=compile-libgo-cosmwasm \ + /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so \ + /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so # COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop @@ -171,13 +171,28 @@ RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/api_key.txt RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/api_key.txt -RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust -RUN . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli - +RUN --mount=type=cache,target=/root/.cache/go-build \ + . /opt/sgxsdk/environment && env && \ + CGO_LDFLAGS=${CGO_LDFLAGS} \ + DB_BACKEND=${DB_BACKEND} \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + SGX_MODE=${SGX_MODE} \ + make build_local_no_rust +RUN --mount=type=cache,target=/root/.cache/go-build \ + . /opt/sgxsdk/environment && env && \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + SGX_MODE=${SGX_MODE} \ + make build_cli +#RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust +#RUN . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli + +# ******************* BUILD ARTIFACTS ******************** # FROM scratch as secret-artifacts -COPY --from=compile-libgo-cosmwasm /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so . -COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /usr/lib/ -COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/secretd /usr/bin/secretd +COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so . +COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so . +COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/secretd . # ******************* RELEASE IMAGE ******************** # FROM $SCRT_RELEASE_BASE_IMAGE as release-image diff --git a/go-cosmwasm/Makefile b/go-cosmwasm/Makefile index 813d831d0..4157c2c06 100644 --- a/go-cosmwasm/Makefile +++ b/go-cosmwasm/Makefile @@ -69,7 +69,7 @@ build-rust: build-enclave @ #this pulls out ELF symbols, 80% size reduction! .PHONY: build-libgo-cosmwasm -build-libgo-cosmwasm: +build-libgo-cosmwasm: lib/libEnclave_u.a cargo build -Z unstable-options --profile $(BUILD_PROFILE) --features "$(FEATURES_U)" cp target/$(BUILD_PROFILE)/libgo_cosmwasm.$(DLL_EXT) api @ #this pulls out ELF symbols, 80% size reduction! diff --git a/hacking/Dockerfile b/hacking/Dockerfile index 48da0a45d..b73bdfd99 100644 --- a/hacking/Dockerfile +++ b/hacking/Dockerfile @@ -1,7 +1,5 @@ -ARG SCRT_BASE_IMAGE_SECRETD=enigmampc/rocksdb:v6.24.2-1.1.5 ARG TEST=enigmampc/rocksdb:v6.24.2 ARG SCRT_BASE_IMAGE_ENCLAVE=enigmampc/rocksdb:v6.24.2-1.1.5 -ARG SCRT_RELEASE_BASE_IMAGE=enigmampc/enigma-sgx-base:2004-1.1.5 # ***************** PREPARE COMPILE ENCLAVE ************** # @@ -46,14 +44,40 @@ ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm -RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env \ - && MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust +RUN --mount=type=cache,target=/root/.cargo/registry \ + . /opt/sgxsdk/environment && env && \ + MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + FEATURES_U=${FEATURES_U} \ + SGX_MODE=${SGX_MODE} \ + make build-rust ENTRYPOINT ["/bin/bash"] # ***************** COMPILE SECRETD ************** # -FROM $TEST AS compile-secretd +FROM $TEST as base +# Base dependencies needed to run localsecret node +# wasmi-sgx-test script requirements +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + #### Base utilities #### +# openssl \ +# curl \ +# wget \ +# libgflags-dev \ + bash-completion \ + jq + +RUN echo "source /etc/profile.d/bash_completion.sh" >> ~/.bashrc + +RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - && \ + apt-get install -y nodejs && \ + rm -rf /var/lib/apt/lists/* && \ + npm i -g local-cors-proxy + +FROM base AS compile-secretd ENV GOROOT=/usr/local/go ENV GOPATH=/go/ @@ -65,6 +89,18 @@ RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -v # Set working directory for the build WORKDIR /go/src/github.com/enigmampc/SecretNetwork +RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop +RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy +RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production + +RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/spid.txt +RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/spid.txt +RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/spid.txt + +RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/api_key.txt +RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/api_key.txt +RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/api_key.txt + ARG BUILD_VERSION="v0.0.0" ARG SGX_MODE=SW @@ -82,7 +118,8 @@ ENV CGO_LDFLAGS=${CGO_LDFLAGS} # Add source files COPY go-cosmwasm go-cosmwasm -# This is due to some esoteric docker bug with the underlying filesystem, so until I figure out a better way, this should be a workaround +# This is due to some esoteric docker bug with the underlying filesystem, +# so until I figure out a better way, this should be a workaround RUN true COPY x x RUN true @@ -96,30 +133,30 @@ COPY Makefile . RUN true COPY client client -RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so +RUN go mod graph | awk '$1 !~ /@/ { print $2 }' | xargs -r go get + +RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && \ + ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/ COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so -RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop -RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy -RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production - -RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/spid.txt -RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/spid.txt -RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/spid.txt - -RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/api_key.txt -RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/api_key.txt -RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/api_key.txt -RUN go mod tidy - -#RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust -#RUN . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli -RUN --mount=type=cache,target=/root/.cache/go-build . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust -#RUN --mount=type=cache,target=/root/.cache/go-build . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli +RUN --mount=type=cache,target=/root/.cache/go-build \ + . /opt/sgxsdk/environment && env && \ + CGO_LDFLAGS=${CGO_LDFLAGS} \ + DB_BACKEND=${DB_BACKEND} \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + SGX_MODE=${SGX_MODE} \ + make build_local_no_rust +RUN --mount=type=cache,target=/root/.cache/go-build \ + . /opt/sgxsdk/environment && env && \ + VERSION=${VERSION} \ + FEATURES=${FEATURES} \ + SGX_MODE=${SGX_MODE} \ + make build_cli FROM scratch as secret-artifacts COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so . @@ -129,25 +166,6 @@ COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/secretd . # ******************* RELEASE IMAGE ******************** # FROM compile-secretd as release-image -# wasmi-sgx-test script requirements -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - #### Base utilities #### - jq \ - openssl \ - curl \ - wget \ - libsnappy-dev \ - libgflags-dev \ - bash-completion - -RUN echo "source /etc/profile.d/bash_completion.sh" >> ~/.bashrc - -RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - && \ - apt-get install -y nodejs && \ - rm -rf /var/lib/apt/lists/* && \ - npm i -g local-cors-proxy - ARG SGX_MODE=SW ENV SGX_MODE=${SGX_MODE} @@ -201,20 +219,19 @@ FROM rust as compile-contract COPY hacking/contract-simple /root/contract-simple COPY hacking/contract-toy-swap /root/contract-toy-swap WORKDIR /root/contract-toy-swap -RUN make +RUN --mount=type=cache,target=/root/.cargo/registry make WORKDIR /root/contract-simple -RUN make +RUN --mount=type=cache,target=/root/.cargo/registry make FROM enigmampc/secret-contract-optimizer:1.0.4 as compile-sscrt-contract COPY hacking/secretSCRT /contract -RUN RUSTFLAGS='-C link-arg=-s' \ - cargo build --release --target wasm32-unknown-unknown --locked && \ - wasm-opt -Oz ./target/wasm32-unknown-unknown/release/*.wasm -o ./contract.wasm && \ - cat ./contract.wasm | gzip -n -9 > ./contract.wasm.gz && \ - rm -f ./contract.wasm -#--mount type=volume,source="$$(basename "$$(pwd)")_cache",target=/code/target \ -#--mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \ +RUN --mount=type=cache,target=/root/.cargo/registry \ + RUSTFLAGS='-C link-arg=-s' \ + cargo build --release --target wasm32-unknown-unknown --locked && \ + wasm-opt -Oz ./target/wasm32-unknown-unknown/release/*.wasm -o ./contract.wasm && \ + cat ./contract.wasm | gzip -n -9 > ./contract.wasm.gz && \ + rm -f ./contract.wasm # ***************** LOCALSECRET ************** # FROM release-image as build-localsecret diff --git a/hacking/docker-compose.yml b/hacking/docker-compose.yml index 974a88a3d..9126aa8e9 100644 --- a/hacking/docker-compose.yml +++ b/hacking/docker-compose.yml @@ -26,7 +26,7 @@ services: - "5000:5000" environment: LOG_LEVEL: "TRACE" - #SECRET_NODE_TYPE: BOOTSTRAP + SECRET_NODE_TYPE: BOOTSTRAP SNIP20_ATTACK_DIR: ${SNIP20_ATTACK_DIR} # NOTE: mount source code that may be changed and rebuilt in a container volumes: @@ -67,7 +67,7 @@ services: environment: CHAINID: "secretdev-1" LOG_LEVEL: "TRACE" - #SECRET_NODE_TYPE: NODE + SECRET_NODE_TYPE: NODE SNIP20_ATTACK_DIR: ${SNIP20_ATTACK_DIR} # NOTE: mount source code that may be changed and rebuilt in a container volumes: