Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
inclavare-containers
提交
e48e5529
I
inclavare-containers
项目概览
openanolis
/
inclavare-containers
通知
4
Star
7
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
5
列表
看板
标记
里程碑
合并请求
0
分析
仓库
DevOps
项目成员
Pages
I
inclavare-containers
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
5
Issue
5
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
e48e5529
编写于
7月 25, 2020
作者:
J
jiazhiguang
提交者:
jia zhang
9月 04, 2020
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
adjust the occlum enviorments to support jdk applications
上级
d93cfa18
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
4 addition
and
82 deletion
+4
-82
shim/runtime/carrier/constants/constants.go
shim/runtime/carrier/constants/constants.go
+2
-19
shim/runtime/carrier/occlum/occlum.go
shim/runtime/carrier/occlum/occlum.go
+2
-63
未找到文件。
shim/runtime/carrier/constants/constants.go
浏览文件 @
e48e5529
...
@@ -168,6 +168,8 @@ function buildUnsignedEnclave(){
...
@@ -168,6 +168,8 @@ function buildUnsignedEnclave(){
# build occlum image
# build occlum image
/bin/bash ${base_dir}/replace_occlum_image.sh ${rootfs} image
/bin/bash ${base_dir}/replace_occlum_image.sh ${rootfs} image
# occlum build
# occlum build
empty_sign_tool=$(mktemp sign_tool.XXXXXX)
#occlum build --sign-tool ${empty_sign_tool} || true
occlum build
occlum build
if [ ! -f ./build/lib/libocclum-libos.so ]; then
if [ ! -f ./build/lib/libocclum-libos.so ]; then
if [ -f ./build/lib/libocclum-libos.so.0 ]; then
if [ -f ./build/lib/libocclum-libos.so.0 ]; then
...
@@ -238,23 +240,4 @@ function doAction(){
...
@@ -238,23 +240,4 @@ function doAction(){
}
}
doAction`
doAction`
StartScript
=
`#!/bin/bash
function handle_TERM() {
echo "recevied signal SIGTERM, exit now"
exit 0
}
function handle_INT() {
echo "recevied signal SIGINT, exit now"
exit 0
}
trap 'handle_INT' SIGINT
trap 'handle_TERM' SIGTERM
while true
do
sleep 1
done`
)
)
shim/runtime/carrier/occlum/occlum.go
浏览文件 @
e48e5529
...
@@ -25,8 +25,6 @@ import (
...
@@ -25,8 +25,6 @@ import (
)
)
const
(
const
(
defaultNamespace
=
"k8s.io"
startScriptFileName
=
"start.sh"
replaceOcclumImageScript
=
"replace_occlum_image.sh"
replaceOcclumImageScript
=
"replace_occlum_image.sh"
carrierScriptFileName
=
"carrier.sh"
carrierScriptFileName
=
"carrier.sh"
rootfsDirName
=
"rootfs"
rootfsDirName
=
"rootfs"
...
@@ -99,7 +97,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
...
@@ -99,7 +97,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
// Execute the carrier script to generate the unsigned enclave.so in rootfs
// Execute the carrier script to generate the unsigned enclave.so in rootfs
cmdArgs
:=
[]
string
{
cmdArgs
:=
[]
string
{
"/bin/bash"
,
filepath
.
Join
(
dataDir
,
carrierScriptFileName
),
filepath
.
Join
(
dataDir
,
carrierScriptFileName
),
"--action"
,
"buildUnsignedEnclave"
,
"--action"
,
"buildUnsignedEnclave"
,
"--entry_point"
,
c
.
entryPoints
[
0
],
"--entry_point"
,
c
.
entryPoints
[
0
],
"--work_dir"
,
c
.
workDirectory
,
"--work_dir"
,
c
.
workDirectory
,
...
@@ -115,9 +113,9 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
...
@@ -115,9 +113,9 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
return
""
,
err
return
""
,
err
}
}
}
}
cmdArgs
=
append
(
cmdArgs
,
"--occlum_config_path"
,
occlumConfigPath
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: command: %v"
,
cmdArgs
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: command: %v"
,
cmdArgs
)
timeStart
=
time
.
Now
()
timeStart
=
time
.
Now
()
cmdArgs
=
append
(
cmdArgs
,
"--occlum_config_path"
,
occlumConfigPath
)
if
_
,
err
:=
utils
.
ExecCommand
(
"/bin/bash"
,
cmdArgs
...
);
err
!=
nil
{
if
_
,
err
:=
utils
.
ExecCommand
(
"/bin/bash"
,
cmdArgs
...
);
err
!=
nil
{
logrus
.
Errorf
(
"BuildUnsignedEnclave: execute command failed. error: %++v"
,
err
)
logrus
.
Errorf
(
"BuildUnsignedEnclave: execute command failed. error: %++v"
,
err
)
return
""
,
err
return
""
,
err
...
@@ -125,7 +123,6 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
...
@@ -125,7 +123,6 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
logrus
.
Debugf
(
"BuildUnsignedEnclave: init and build enclave time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: init and build enclave time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
enclavePath
:=
filepath
.
Join
(
rootfsDir
,
c
.
workDirectory
,
"./build/lib/libocclum-libos.so"
)
enclavePath
:=
filepath
.
Join
(
rootfsDir
,
c
.
workDirectory
,
"./build/lib/libocclum-libos.so"
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
ts
))
/
time
.
Second
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
ts
))
/
time
.
Second
)
return
enclavePath
,
nil
return
enclavePath
,
nil
}
}
...
@@ -145,8 +142,6 @@ func (c *occlum) GenerateSigningMaterial(req *task.CreateTaskRequest, args *carr
...
@@ -145,8 +142,6 @@ func (c *occlum) GenerateSigningMaterial(req *task.CreateTaskRequest, args *carr
"--unsigned_material_path"
,
signingMaterial
,
"--unsigned_material_path"
,
signingMaterial
,
}
}
logrus
.
Debugf
(
"GenerateSigningMaterial: sgx_sign gendata command: %v"
,
cmdArgs
)
logrus
.
Debugf
(
"GenerateSigningMaterial: sgx_sign gendata command: %v"
,
cmdArgs
)
//FIXME debug
time
.
Sleep
(
time
.
Minute
*
2
)
if
_
,
err
:=
utils
.
ExecCommand
(
"/bin/bash"
,
cmdArgs
...
);
err
!=
nil
{
if
_
,
err
:=
utils
.
ExecCommand
(
"/bin/bash"
,
cmdArgs
...
);
err
!=
nil
{
logrus
.
Errorf
(
"GenerateSigningMaterial: sgx_sign gendata failed. error: %++v"
,
err
)
logrus
.
Errorf
(
"GenerateSigningMaterial: sgx_sign gendata failed. error: %++v"
,
err
)
return
""
,
err
return
""
,
err
...
@@ -185,62 +180,6 @@ func (c *occlum) CascadeEnclaveSignature(req *task.CreateTaskRequest, args *carr
...
@@ -185,62 +180,6 @@ func (c *occlum) CascadeEnclaveSignature(req *task.CreateTaskRequest, args *carr
// Cleanup impl Carrier.
// Cleanup impl Carrier.
func
(
c
*
occlum
)
Cleanup
()
error
{
func
(
c
*
occlum
)
Cleanup
()
error
{
/*timeStart := time.Now()
ts := timeStart
defer func() {
if c.task.client != nil {
c.task.client.Close()
}
logrus.Debugf("Cleanup: total time cost: %d", (time.Now().Sub(ts))/time.Second)
}()
defer func() {
if c.task.container != nil {
timeStart = time.Now()
container := *c.task.container
if err := container.Delete(c.context, containerd.WithSnapshotCleanup); err != nil {
logrus.Errorf("Cleanup: delete container %s failed. err: %++v", container.ID(), err)
}
logrus.Debugf("Cleanup: delete container %s successfully.", container.ID())
logrus.Debugf("Cleanup: delete occlum SDK container time cost: %d", (time.Now().Sub(ts))/time.Second)
}
}()
if c.task.task == nil {
return nil
}
timeStart = time.Now()
t := *c.task.task
if err := t.Kill(c.context, syscall.SIGTERM); err != nil {
logrus.Errorf("Cleanup: kill task %s failed. err: %++v", t.ID(), err)
return err
}
for {
status, err := t.Status(c.context)
if err != nil {
logrus.Errorf("Cleanup: get task %s status failed. error: %++v", t.ID(), err)
return err
}
if status.ExitStatus != 0 {
logrus.Errorf("Cleanup: task %s exit abnormally. exit code: %d, task status: %s", t.ID(),
status.ExitStatus, status.Status)
return fmt.Errorf("task %s exit abnormally. exit code: %d, task status: %s",
t.ID(), status.ExitStatus, status.Status)
}
if status.Status != containerd.Stopped {
logrus.Debugf("Cleanup: task %s status: %s", t.ID(), status.Status)
time.Sleep(time.Second)
continue
}
break
}
logrus.Debugf("Cleanup: kill occlum SDK container task time cost: %d", (time.Now().Sub(timeStart))/time.Second)
timeStart = time.Now()
if _, err := t.Delete(c.context); err != nil {
logrus.Errorf("Cleanup: delete task %s failed. error: %++v", t.ID(), err)
return err
}
logrus.Debugf("Cleanup: delete occlum SDK container task time cost: %d", (time.Now().Sub(timeStart))/time.Second)
logrus.Debugf("Cleanup: clean occlum container and task successfully")*/
return
nil
return
nil
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录