Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
inclavare-containers
提交
90cc8932
I
inclavare-containers
项目概览
openanolis
/
inclavare-containers
通知
4
Star
7
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
5
列表
看板
标记
里程碑
合并请求
0
分析
仓库
DevOps
项目成员
Pages
I
inclavare-containers
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
5
Issue
5
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
90cc8932
编写于
8月 31, 2020
作者:
J
jiazhiguang
提交者:
GitHub
8月 31, 2020
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
shim-rune: adapts to occlum 0.15.1
Signed-off-by:
N
Zhiguang Jia
<
Zhiguang.Jia@linux.alibaba.com
>
上级
f68b8466
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
18 addition
and
16 deletion
+18
-16
shim/runtime/carrier/constants/constants.go
shim/runtime/carrier/constants/constants.go
+8
-9
shim/runtime/carrier/occlum/occlum.go
shim/runtime/carrier/occlum/occlum.go
+2
-2
shim/runtime/v2/rune/v2/service.go
shim/runtime/v2/rune/v2/service.go
+8
-5
未找到文件。
shim/runtime/carrier/constants/constants.go
浏览文件 @
90cc8932
...
@@ -10,7 +10,7 @@ const (
...
@@ -10,7 +10,7 @@ const (
EnclaveTypeKeyName
=
"ENCLAVE_TYPE"
EnclaveTypeKeyName
=
"ENCLAVE_TYPE"
EnclaveRuntimePathKeyName
=
"ENCLAVE_RUNTIME_PATH"
EnclaveRuntimePathKeyName
=
"ENCLAVE_RUNTIME_PATH"
EnclaveRuntimeArgsKeyName
=
"ENCLAVE_RUNTIME_ARGS"
EnclaveRuntimeArgsKeyName
=
"ENCLAVE_RUNTIME_ARGS"
DefaultEnclaveRuntimeArgs
=
".
occlum
"
DefaultEnclaveRuntimeArgs
=
".
/
"
)
)
const
(
const
(
...
@@ -140,8 +140,8 @@ function copyOcclumLiberaries() {
...
@@ -140,8 +140,8 @@ function copyOcclumLiberaries() {
/bin/cp -f /usr/lib/libsgx_u*.so* ${lib_dir}
/bin/cp -f /usr/lib/libsgx_u*.so* ${lib_dir}
/bin/cp -f /usr/lib/libsgx_enclave_common.so.1 ${lib_dir}
/bin/cp -f /usr/lib/libsgx_enclave_common.so.1 ${lib_dir}
/bin/cp -f /usr/lib/libsgx_launch.so.1 ${lib_dir}
/bin/cp -f /usr/lib/libsgx_launch.so.1 ${lib_dir}
#/bin/cp -f .
occlum
/build/lib/libocclum-pal.so ${lib_dir}/liberpal-occlum.so
#/bin/cp -f ./build/lib/libocclum-pal.so ${lib_dir}/liberpal-occlum.so
#ln -sfn .
occlum
/build/lib/libocclum-pal.so liberpal-occlum.so
#ln -sfn ./build/lib/libocclum-pal.so liberpal-occlum.so
#chroot ${rootfs} /sbin/ldconfig
#chroot ${rootfs} /sbin/ldconfig
popd
popd
}
}
...
@@ -169,17 +169,16 @@ function buildUnsignedEnclave(){
...
@@ -169,17 +169,16 @@ function buildUnsignedEnclave(){
/bin/bash ${base_dir}/replace_occlum_image.sh ${rootfs} image
/bin/bash ${base_dir}/replace_occlum_image.sh ${rootfs} image
# occlum build
# occlum build
occlum build
occlum build
if [ ! -f .
occlum
/build/lib/libocclum-libos.so ]; then
if [ ! -f ./build/lib/libocclum-libos.so ]; then
if [ -f .
occlum
/build/lib/libocclum-libos.so.0 ]; then
if [ -f ./build/lib/libocclum-libos.so.0 ]; then
pushd .
occlum
/build/lib/
pushd ./build/lib/
ln -s libocclum-libos.so.0 libocclum-libos.so
ln -s libocclum-libos.so.0 libocclum-libos.so
popd
popd
fi
fi
fi
fi
mkdir -p ${rootfs}/${work_dir} || true
mkdir -p ${rootfs}/${work_dir} || true
/bin/cp -fr .occlum ${rootfs}/${work_dir}
rm -fr image
/bin/cp -f Enclave.xml ${rootfs}/${work_dir}
/bin/cp -fr . ${rootfs}/${work_dir}
/bin/cp -f Occlum.json ${rootfs}/${work_dir}
popd
popd
}
}
...
...
shim/runtime/carrier/occlum/occlum.go
浏览文件 @
90cc8932
...
@@ -217,7 +217,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
...
@@ -217,7 +217,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
logrus
.
Errorf
(
"BuildUnsignedEnclave: exec failed. error: %++v"
,
err
)
logrus
.
Errorf
(
"BuildUnsignedEnclave: exec failed. error: %++v"
,
err
)
return
""
,
err
return
""
,
err
}
}
enclavePath
:=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
".
occlum
/build/lib/libocclum-libos.so"
)
enclavePath
:=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
"./build/lib/libocclum-libos.so"
)
return
enclavePath
,
nil
return
enclavePath
,
nil
}
}
...
@@ -246,7 +246,7 @@ func (c *occlum) GenerateSigningMaterial(req *task.CreateTaskRequest, args *carr
...
@@ -246,7 +246,7 @@ func (c *occlum) GenerateSigningMaterial(req *task.CreateTaskRequest, args *carr
func
(
c
*
occlum
)
CascadeEnclaveSignature
(
req
*
task
.
CreateTaskRequest
,
args
*
carrier
.
CascadeEnclaveSignatureArgs
)
(
func
(
c
*
occlum
)
CascadeEnclaveSignature
(
req
*
task
.
CreateTaskRequest
,
args
*
carrier
.
CascadeEnclaveSignatureArgs
)
(
signedEnclave
string
,
err
error
)
{
signedEnclave
string
,
err
error
)
{
var
bufferSize
int64
=
1024
*
4
var
bufferSize
int64
=
1024
*
4
signedEnclave
=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
".
occlum
/build/lib/libocclum-libos.signed.so"
)
signedEnclave
=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
"./build/lib/libocclum-libos.signed.so"
)
publicKey
:=
filepath
.
Join
(
"/"
,
enclaveDataDir
,
"public_key.pem"
)
publicKey
:=
filepath
.
Join
(
"/"
,
enclaveDataDir
,
"public_key.pem"
)
signature
:=
filepath
.
Join
(
"/"
,
enclaveDataDir
,
"signature.dat"
)
signature
:=
filepath
.
Join
(
"/"
,
enclaveDataDir
,
"signature.dat"
)
if
err
:=
utils
.
CopyFile
(
args
.
Key
,
filepath
.
Join
(
req
.
Bundle
,
publicKey
),
bufferSize
);
err
!=
nil
{
if
err
:=
utils
.
CopyFile
(
args
.
Key
,
filepath
.
Join
(
req
.
Bundle
,
publicKey
),
bufferSize
);
err
!=
nil
{
...
...
shim/runtime/v2/rune/v2/service.go
浏览文件 @
90cc8932
...
@@ -324,9 +324,11 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
...
@@ -324,9 +324,11 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
logrus
.
Infof
(
"CreateTaskRequest: %s"
,
string
(
data
))
logrus
.
Infof
(
"CreateTaskRequest: %s"
,
string
(
data
))
container
,
err
:=
runc
.
NewContainer
(
ctx
,
s
.
platform
,
r
)
container
,
err
:=
runc
.
NewContainer
(
ctx
,
s
.
platform
,
r
)
if
err
!=
nil
{
logrus
.
Errorf
(
"rune Create NewContainer error: %++v"
,
err
)
/*if carr.Name() == "occlum" {
/*//FIXME debug
//if err != nil {
// logrus.Errorf("rune Create NewContainer error: %++v", err)
//FIXME debug
if _, err := os.Stat(r.Bundle); err == nil {
if _, err := os.Stat(r.Bundle); err == nil {
path := "/tmp/rune-container-test/runc-rootfs"
path := "/tmp/rune-container-test/runc-rootfs"
os.RemoveAll(path)
os.RemoveAll(path)
...
@@ -341,9 +343,10 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
...
@@ -341,9 +343,10 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
time.Sleep(time.Minute)
time.Sleep(time.Minute)
} else {
} else {
logrus.Infof("bundle dir is not exist.", r.Bundle)
logrus.Infof("bundle dir is not exist.", r.Bundle)
}*/
return
nil
,
err
}
}
return nil, err
//}
}*/
data
,
_
=
json
.
Marshal
(
container
)
data
,
_
=
json
.
Marshal
(
container
)
logrus
.
Infof
(
"rune.NewContainer success: %s %s"
,
r
.
ID
,
string
(
data
))
logrus
.
Infof
(
"rune.NewContainer success: %s %s"
,
r
.
ID
,
string
(
data
))
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录