Пример #1
0
def build(source_code, *, docker_build_progress=False):
    """Build an enclave binary for the given source code.

    The source code is expected to contain a file :file:`.auditee.yml`,
    which instructs how to build the enclave. The supported builders
    are ``nix-build`` and ``docker``.

    Parameters
    ----------
    source_code: str
        Local file path to the source code where the enclave to be built
        is located.

    Raises
    ------
    IOError:
        If the ``.auditee.yml`` file is not found.

    Returns
    -------
    str
        File path to the enclave binary that was built.
    """
    source_code_path = pathlib.Path(source_code).resolve()
    auditee_file = source_code_path.joinpath(".auditee.yml")

    with open(auditee_file) as f:
        auditee_config = yaml.safe_load(f)

    enclave_build_config = auditee_config["enclaves"][0]

    # Get absolute path of enclave config
    # enclave_config = source_code_path.joinpath(enclave_build_config["enclave_config"])

    build_config = enclave_build_config["build"]
    builder = build_config["builder"]
    build_kwargs = build_config["build_kwargs"]
    os.chdir(source_code_path)
    if builder == "docker":
        docker.build(
            output={
                "type": "local",
                "dest": "/tmp/out"
            },
            progress=docker_build_progress,
            **build_kwargs,
        )
    elif builder == "nix-build":
        popenargs = [builder, build_kwargs.get("file", "default.nix")]
        returncode = subprocess.run(popenargs).returncode
        if returncode != 0:
            raise RuntimeError(f"Error building enclave with {builder}")
    os.chdir("..")
    return source_code_path.joinpath(build_config["output_dir"],
                                     build_config["enclave_file"])
Пример #2
0
def build_autobahn_testsuite() -> Generator[None, None, None]:

    try:
        docker.build(
            file="tests/autobahn/Dockerfile.autobahn",
            tags=["autobahn-testsuite"],
            context_path=".",
        )
    except DockerException:
        pytest.skip(msg="The docker daemon is not running.")

    try:
        yield
    finally:
        docker.image.remove(x="autobahn-testsuite")
Пример #3
0
def _verify_mrenclave(
    signed_enclave,
    enclave_config,
    *,
    ias_report=None,
    unsigned_enclave_filename="Enclave.so",
    docker_build_attrs,
):
    """Verifies if the MRENCLAVE of the provided signed enclave matches
    with the one obtained when rebuilding the enclave from source, and
    the one in the IAS report.

    Example
    -------
    docker_build_attrs = {'target': 'export-stage'}

    """
    context_path = docker_build_attrs.pop("context_path", ".")
    output = docker_build_attrs.pop("output", {"type": "local", "dest": "out"})
    # target="export-stage", output={"type": "local", "dest": "out"}
    docker.build(context_path, output=output, **docker_build_attrs)

    unsigned_enclave = pathlib.Path(
        output["dest"]).joinpath(unsigned_enclave_filename)
    signing_key = pathlib.Path(__file__).parent.resolve().joinpath(
        "signing_key.pem")
    dev_sigstruct = Sigstruct.from_enclave_file(signed_enclave)
    out = "/tmp/audit_enclave.signed.so"
    sgx_sign(unsigned_enclave, key=signing_key, out=out, config=enclave_config)
    auditor_sigstruct = Sigstruct.from_enclave_file(out)
    if not ias_report:
        print(
            f"\nsigned enclave MRENCLAVE: \t\t{term.bold}{dev_sigstruct.mrenclave.hex()}{term.normal}"
        )
        print(
            f"built-from-source enclave MRENCLAVE: \t\t{term.bold}{auditor_sigstruct.mrenclave.hex()}{term.normal}\n"
        )
        if auditor_sigstruct.mrenclave == dev_sigstruct.mrenclave:
            print(f"{term.green}MRENCLAVE match!{term.normal}")
        else:
            print(f"{term.red}MRENCLAVE do not match!{term.normal}")
        return auditor_sigstruct.mrenclave == dev_sigstruct.mrenclave

    raise NotImplementedError
Пример #4
0
def build_image_running(python_code) -> Image:
    with tempfile.TemporaryDirectory() as tmpdir:
        tmpdir = Path(tmpdir)
        (tmpdir / "file.py").write_text(python_code)
        (tmpdir / "Dockerfile").write_text(f"""
FROM python:{sys.version_info[0]}.{sys.version_info[1]}
COPY file.py /file.py
CMD python /file.py
        """)
        return docker.build(tmpdir, tags="some_image", load=True)
Пример #5
0
def test_buildx_build_aliases(tmp_path):
    (tmp_path / "Dockerfile").write_text(dockerfile_content1)
    docker.build(tmp_path)
    docker.image.build(tmp_path)