From 382151f8dc4a5bd61d19a673542c7795486d2e5f Mon Sep 17 00:00:00 2001 From: "Shah, Karan" Date: Wed, 13 Nov 2024 20:33:15 +0530 Subject: [PATCH] Simplify variables and constants Signed-off-by: Shah, Karan --- openfl-docker/gramine_app/Makefile | 14 +++----- .../gramine_app/fx.manifest.template | 35 ++++++++----------- 2 files changed, 20 insertions(+), 29 deletions(-) diff --git a/openfl-docker/gramine_app/Makefile b/openfl-docker/gramine_app/Makefile index 5d92ca3666..dbe4d1ce66 100644 --- a/openfl-docker/gramine_app/Makefile +++ b/openfl-docker/gramine_app/Makefile @@ -1,11 +1,9 @@ # Copyright (C) 2024 Intel Corporation # SPDX-License-Identifier: Apache-2.0 - +VENV_ROOT ?= /opt/venv +WORKSPACE_ROOT ?= /workspace ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine) -# This is a signer key on the BUILDING machine -SGX_SIGNER_KEY ?= /key.pem - ifeq ($(DEBUG),1) GRAMINE_LOG_LEVEL = debug else @@ -20,14 +18,12 @@ endif fx.manifest: fx.manifest.template @echo "Making fx.manifest file" -# disable checks temp - until gramine is pegged to proper release gramine-manifest \ -Dlog_level=$(GRAMINE_LOG_LEVEL) \ -Darch_libdir=$(ARCH_LIBDIR) \ - -Dno_proxy=$(no_proxy) \ - -Dhttp_proxy=$(http_proxy) \ - -Dhttps_proxy=$(https_proxy) \ - -Dentrypoint=$(shell which fx) \ + -Dvenv_root=$(VENV_ROOT) \ + -Dentrypoint=$(VENV_ROOT)/bin/fx \ + -Dworkspace_root=$(WORKSPACE_ROOT) \ $< >$@ fx.manifest.sgx: fx.manifest diff --git a/openfl-docker/gramine_app/fx.manifest.template b/openfl-docker/gramine_app/fx.manifest.template index da9b3c7c7b..276a8d1268 100755 --- a/openfl-docker/gramine_app/fx.manifest.template +++ b/openfl-docker/gramine_app/fx.manifest.template @@ -5,30 +5,25 @@ # ================================== libos.entrypoint = "{{ entrypoint }}" -loader.entrypoint.uri = "file:{{ gramine.libos }}" - +loader.entrypoint = "file:{{ gramine.libos }}" loader.log_level = "{{ log_level }}" -loader.env.OMP_NUM_THREADS = "16" -loader.env.LD_LIBRARY_PATH = "{{ arch_libdir }}:/usr/{{ arch_libdir }}:/lib:/usr/lib" -loader.env.SSL_CERT_DIR = "/etc/ssl/certs" -# loader.env.no_proxy = "{{ no_proxy }}" -# loader.env.https_proxy = "{{ https_proxy }}" -# loader.env.http_proxy = "{{ http_proxy }}" - loader.insecure__use_cmdline_argv = true loader.insecure__use_host_env = true +loader.env.LD_LIBRARY_PATH = "{{ venv_root }}:{{ arch_libdir }}:/usr/{{ arch_libdir }}:/lib:/usr/lib" +loader.env.SSL_CERT_DIR = "/etc/ssl/certs" # URI - path on host # PATH - pointer inside gramine -fs.start_dir = "/workspace" +fs.start_dir = "{{ workspace_root }}" fs.mounts = [ { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" }, { uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" }, { uri = "file:/usr", path = "/usr" }, { uri = "file:/etc/ssl/certs", path = "/etc/ssl/certs" }, - { uri = "file:/workspace", path = "/workspace" }, + { uri = "file:{{ workspace_root }}", path = "{{ workspace_root }}" }, + { uri = "file:{{ venv_root }}", path = "{{ venv_root }}" }, { type = "tmpfs", path = "/tmp" }, ] @@ -53,18 +48,18 @@ sgx.trusted_files = [ {% for path in python.get_sys_path('python') %} "file:{{ path }}{{ '/' if path.is_dir() else '' }}", {% endfor %} - "file:/workspace/src/", + "file:{{ venv_root }}/", + "file:{{ workspace_root }}/src/", ] sgx.allowed_files = [ - "file:/workspace/save", - "file:/workspace/plan/", - "file:/workspace/logs", - "file:/workspace/cert", - "file:/workspace/data", - "file:/workspace/plan/cols.yaml", - "file:/workspace/plan/data.yaml", - "file:/workspace/plan/plan.yaml", + "file:{{ workspace_root }}/save", + "file:{{ workspace_root }}/logs", + "file:{{ workspace_root }}/cert", + "file:{{ workspace_root }}/data", + "file:{{ workspace_root }}/plan/cols.yaml", + "file:{{ workspace_root }}/plan/data.yaml", + "file:{{ workspace_root }}/plan/plan.yaml", ] sgx.remote_attestation = "dcap" sgx.max_threads = 512