diff --git a/.ci/check-python-platlib-debian12.dockerfile b/.ci/check-python-platlib-debian12.dockerfile new file mode 100644 index 0000000000..2b85dd2d34 --- /dev/null +++ b/.ci/check-python-platlib-debian12.dockerfile @@ -0,0 +1,11 @@ +FROM debian:bookworm + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && apt-get install -y \ + python3 \ + python3-distutils \ + python3-setuptools + +COPY scripts/get-python-platlib.py /get-python-platlib.py +RUN mkdir -p "$(python3 /get-python-platlib.py /usr/local)" diff --git a/.ci/check-python-platlib-ubuntu24.04.dockerfile b/.ci/check-python-platlib-ubuntu24.04.dockerfile new file mode 100644 index 0000000000..9301690ab1 --- /dev/null +++ b/.ci/check-python-platlib-ubuntu24.04.dockerfile @@ -0,0 +1,10 @@ +FROM ubuntu:24.04 + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && apt-get install -y \ + python3 \ + python3-setuptools + +COPY scripts/get-python-platlib.py /get-python-platlib.py +RUN mkdir -p "$(python3 /get-python-platlib.py /usr/local)" diff --git a/.ci/check-python-platlib.jenkinsfile b/.ci/check-python-platlib.jenkinsfile index d7a52a6a44..e648508425 100644 --- a/.ci/check-python-platlib.jenkinsfile +++ b/.ci/check-python-platlib.jenkinsfile @@ -2,7 +2,9 @@ node() { checkout scm [ + 'debian12', 'debian11', + 'ubuntu24.04', 'ubuntu22.04', 'ubuntu20.04', 'almalinux9', diff --git a/.ci/lib/config.jenkinsfile b/.ci/lib/config.jenkinsfile index 2d0ccd0aac..e002b1a991 100644 --- a/.ci/lib/config.jenkinsfile +++ b/.ci/lib/config.jenkinsfile @@ -12,5 +12,9 @@ env.RA_TLS_ALLOW_HW_CONFIG_NEEDED = '1' env.RA_TLS_ALLOW_SW_HARDENING_NEEDED = '1' env.RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE = '1' +if (env.RA_TYPE == null) { + env.RA_TYPE = 'dcap' +} + env.LC_ALL = 'C.UTF-8' env.LANG = env.LC_ALL diff --git a/.ci/lib/stage-build-nosgx.jenkinsfile b/.ci/lib/stage-build-nosgx.jenkinsfile index 141efccef8..a1f6ed8479 100644 --- a/.ci/lib/stage-build-nosgx.jenkinsfile +++ b/.ci/lib/stage-build-nosgx.jenkinsfile @@ -52,6 +52,7 @@ stage('build') { // In CI we install to non-standard --prefix (see above). This makes sure the libraries are // available anyway. + env.LD_LIBRARY_PATH = libdir env.PKG_CONFIG_PATH = libdir + '/pkgconfig' // prevent cheating and testing from repo diff --git a/.ci/lib/stage-build-sgx-vm.jenkinsfile b/.ci/lib/stage-build-sgx-vm.jenkinsfile index bed7701eac..d328690bc9 100644 --- a/.ci/lib/stage-build-sgx-vm.jenkinsfile +++ b/.ci/lib/stage-build-sgx-vm.jenkinsfile @@ -90,6 +90,7 @@ stage('build') { // In CI we install to non-standard --prefix (see above). This makes sure the libraries are // available anyway (e.g. gramine-sgx-pf-crypt needs libsgx_util.so). + env.LD_LIBRARY_PATH = libdir env.PKG_CONFIG_PATH = libdir + '/pkgconfig' // prevent cheating and testing from repo diff --git a/.ci/lib/stage-build-sgx.jenkinsfile b/.ci/lib/stage-build-sgx.jenkinsfile index 18979e1d59..381748e8ff 100644 --- a/.ci/lib/stage-build-sgx.jenkinsfile +++ b/.ci/lib/stage-build-sgx.jenkinsfile @@ -73,6 +73,7 @@ stage('build') { // In CI we install to non-standard --prefix (see above). This makes sure the libraries are // available anyway. + env.LD_LIBRARY_PATH = libdir env.PKG_CONFIG_PATH = libdir + '/pkgconfig' // prevent cheating and testing from repo diff --git a/.ci/lib/stage-test-direct.jenkinsfile b/.ci/lib/stage-test-direct.jenkinsfile index 36a56c4f38..d705d6c18b 100644 --- a/.ci/lib/stage-test-direct.jenkinsfile +++ b/.ci/lib/stage-test-direct.jenkinsfile @@ -60,7 +60,7 @@ stage('test-direct') { # memcslap populates server but doesn't report errors, use # memcached-tool for this (must return two lines of stats) memcslap --servers=127.0.0.1 --concurrency=8 - src/scripts/memcached-tool 127.0.0.1 | wc -l | grep -w "2" + test "$(src/scripts/memcached-tool 127.0.0.1 | wc -l)" -ge 2 ''' } timeout(time: 10, unit: 'MINUTES') { diff --git a/.ci/lib/stage-test-sgx.jenkinsfile b/.ci/lib/stage-test-sgx.jenkinsfile index 24c31ac54f..4154a637cf 100644 --- a/.ci/lib/stage-test-sgx.jenkinsfile +++ b/.ci/lib/stage-test-sgx.jenkinsfile @@ -14,10 +14,6 @@ stage('test-sgx') { fi ''' - if (env.RA_TYPE == null) { - env.RA_TYPE = 'epid' - } - timeout(time: 5, unit: 'MINUTES') { sh ''' cd CI-Examples/helloworld @@ -25,7 +21,7 @@ stage('test-sgx') { make ${MAKEOPTS} check ''' } - timeout(time: 5, unit: 'MINUTES') { + timeout(time: 10, unit: 'MINUTES') { sh ''' cd CI-Examples/python make ${MAKEOPTS} RA_TYPE=$RA_TYPE RA_CLIENT_SPID=${ra_client_spid} @@ -55,7 +51,7 @@ stage('test-sgx') { # memcslap populates server but doesn't report errors, use # memcached-tool for this (must return two lines of stats) memcslap --servers=127.0.0.1 --concurrency=8 - src/scripts/memcached-tool 127.0.0.1 | wc -l | grep -w "2" + test "$(src/scripts/memcached-tool 127.0.0.1 | wc -l)" -ge 2 ''' } timeout(time: 15, unit: 'MINUTES') { diff --git a/.ci/lib/stage-test.jenkinsfile b/.ci/lib/stage-test.jenkinsfile index a09db4ad2d..c533338fa4 100644 --- a/.ci/lib/stage-test.jenkinsfile +++ b/.ci/lib/stage-test.jenkinsfile @@ -1,8 +1,4 @@ stage('test') { - if (env.RA_TYPE == null) { - env.RA_TYPE = 'epid' - } - timeout(time: 15, unit: 'MINUTES') { try { sh ''' diff --git a/.ci/linux-direct-sanitizers.jenkinsfile b/.ci/linux-direct-sanitizers.jenkinsfile deleted file mode 100644 index 7457d4d5f8..0000000000 --- a/.ci/linux-direct-sanitizers.jenkinsfile +++ /dev/null @@ -1,22 +0,0 @@ -node('nonsgx_slave && aesni') { - checkout scm - - load '.ci/lib/config-docker.jenkinsfile' - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_mar_2021.json") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-clang.jenkinsfile' - load '.ci/lib/config-debug.jenkinsfile' - load '.ci/lib/config-ubsan.jenkinsfile' - load '.ci/lib/config-asan.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-nosgx.jenkinsfile' - load '.ci/lib/stage-test.jenkinsfile' - load '.ci/lib/stage-test-direct.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' - } -} diff --git a/.ci/linux-direct-sanitizers.jenkinsfile b/.ci/linux-direct-sanitizers.jenkinsfile new file mode 120000 index 0000000000..cf533c4673 --- /dev/null +++ b/.ci/linux-direct-sanitizers.jenkinsfile @@ -0,0 +1 @@ +linux-sgx-ubuntu20.04-gcc-release.jenkinsfile \ No newline at end of file diff --git a/.ci/linux-direct-ubuntu20.04-gcc-debug.jenkinsfile b/.ci/linux-direct-ubuntu20.04-gcc-debug.jenkinsfile deleted file mode 100644 index f6cb2492f5..0000000000 --- a/.ci/linux-direct-ubuntu20.04-gcc-debug.jenkinsfile +++ /dev/null @@ -1,19 +0,0 @@ -node('nonsgx_slave && aesni') { - checkout scm - - load '.ci/lib/config-docker.jenkinsfile' - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_mar_2021.json") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-debug.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-nosgx.jenkinsfile' - load '.ci/lib/stage-test.jenkinsfile' - load '.ci/lib/stage-test-direct.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' - } -} diff --git a/.ci/linux-direct-ubuntu20.04-gcc-debug.jenkinsfile b/.ci/linux-direct-ubuntu20.04-gcc-debug.jenkinsfile new file mode 120000 index 0000000000..cf533c4673 --- /dev/null +++ b/.ci/linux-direct-ubuntu20.04-gcc-debug.jenkinsfile @@ -0,0 +1 @@ +linux-sgx-ubuntu20.04-gcc-release.jenkinsfile \ No newline at end of file diff --git a/.ci/linux-direct-ubuntu20.04-gcc-release.jenkinsfile b/.ci/linux-direct-ubuntu20.04-gcc-release.jenkinsfile deleted file mode 100644 index badad2a020..0000000000 --- a/.ci/linux-direct-ubuntu20.04-gcc-release.jenkinsfile +++ /dev/null @@ -1,19 +0,0 @@ -node('nonsgx_slave && aesni') { - checkout scm - - load '.ci/lib/config-docker.jenkinsfile' - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_mar_2021.json") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-release.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-nosgx.jenkinsfile' - load '.ci/lib/stage-test.jenkinsfile' - load '.ci/lib/stage-test-direct.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' - } -} diff --git a/.ci/linux-direct-ubuntu20.04-gcc-release.jenkinsfile b/.ci/linux-direct-ubuntu20.04-gcc-release.jenkinsfile new file mode 120000 index 0000000000..cf533c4673 --- /dev/null +++ b/.ci/linux-direct-ubuntu20.04-gcc-release.jenkinsfile @@ -0,0 +1 @@ +linux-sgx-ubuntu20.04-gcc-release.jenkinsfile \ No newline at end of file diff --git a/.ci/linux-direct-ubuntu22.04-gcc-debug.jenkinsfile b/.ci/linux-direct-ubuntu22.04-gcc-debug.jenkinsfile new file mode 100644 index 0000000000..54539f5c2b --- /dev/null +++ b/.ci/linux-direct-ubuntu22.04-gcc-debug.jenkinsfile @@ -0,0 +1,19 @@ +node('plain && jammy') { + checkout scm + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu22.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-debug.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-nosgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-direct.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-direct-ubuntu22.04-gcc-release.jenkinsfile b/.ci/linux-direct-ubuntu22.04-gcc-release.jenkinsfile new file mode 100644 index 0000000000..df3ba680af --- /dev/null +++ b/.ci/linux-direct-ubuntu22.04-gcc-release.jenkinsfile @@ -0,0 +1,19 @@ +node('plain && jammy') { + checkout scm + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu22.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-nosgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-direct.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-direct-ubuntu22.04-sanitizers.jenkinsfile b/.ci/linux-direct-ubuntu22.04-sanitizers.jenkinsfile new file mode 100644 index 0000000000..a9f0dc3aa4 --- /dev/null +++ b/.ci/linux-direct-ubuntu22.04-sanitizers.jenkinsfile @@ -0,0 +1,22 @@ +node('plain && jammy') { + checkout scm + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu22.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-clang.jenkinsfile' + load '.ci/lib/config-debug.jenkinsfile' + load '.ci/lib/config-ubsan.jenkinsfile' + load '.ci/lib/config-asan.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-nosgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-direct.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-direct-ubuntu24.04-gcc-debug.jenkinsfile b/.ci/linux-direct-ubuntu24.04-gcc-debug.jenkinsfile new file mode 100644 index 0000000000..ce9af13597 --- /dev/null +++ b/.ci/linux-direct-ubuntu24.04-gcc-debug.jenkinsfile @@ -0,0 +1,19 @@ +node('plain && noble') { + checkout scm + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu24.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-debug.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-nosgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-direct.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-direct-ubuntu24.04-gcc-release.jenkinsfile b/.ci/linux-direct-ubuntu24.04-gcc-release.jenkinsfile new file mode 100644 index 0000000000..cba634cdbe --- /dev/null +++ b/.ci/linux-direct-ubuntu24.04-gcc-release.jenkinsfile @@ -0,0 +1,19 @@ +node('plain && noble') { + checkout scm + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu24.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-nosgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-direct.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-direct-ubuntu24.04-sanitizers.jenkinsfile b/.ci/linux-direct-ubuntu24.04-sanitizers.jenkinsfile new file mode 100644 index 0000000000..0cd78fb83b --- /dev/null +++ b/.ci/linux-direct-ubuntu24.04-sanitizers.jenkinsfile @@ -0,0 +1,22 @@ +node('plain && noble') { + checkout scm + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu24.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-clang.jenkinsfile' + load '.ci/lib/config-debug.jenkinsfile' + load '.ci/lib/config-ubsan.jenkinsfile' + load '.ci/lib/config-asan.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-nosgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-direct.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-edmm.jenkinsfile b/.ci/linux-sgx-edmm.jenkinsfile deleted file mode 100644 index 5e1ca3087b..0000000000 --- a/.ci/linux-sgx-edmm.jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -node('sgx-edmm && aesni') { - checkout scm - - env.AVX = '1' // EDMM-capable machines in our CI always have AVX - env.SGX = '1' - env.EDMM = '1' - env.RA_TYPE = 'dcap' - - load '.ci/lib/config-docker.jenkinsfile' - - env.DOCKER_ARGS_SGX += ''' - --volume=/usr/include/x86_64-linux-gnu/asm/sgx.h:/usr/include/asm/sgx.h:ro - --add-host host.docker.internal:host-gateway - ''' - - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-release.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-sgx.jenkinsfile' - load '.ci/lib/stage-test.jenkinsfile' - load '.ci/lib/stage-test-sgx.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' - } -} diff --git a/.ci/linux-sgx-edmm.jenkinsfile b/.ci/linux-sgx-edmm.jenkinsfile new file mode 120000 index 0000000000..cf533c4673 --- /dev/null +++ b/.ci/linux-sgx-edmm.jenkinsfile @@ -0,0 +1 @@ +linux-sgx-ubuntu20.04-gcc-release.jenkinsfile \ No newline at end of file diff --git a/.ci/linux-sgx-sanitizers.jenkinsfile b/.ci/linux-sgx-sanitizers.jenkinsfile deleted file mode 100644 index 7e8d852563..0000000000 --- a/.ci/linux-sgx-sanitizers.jenkinsfile +++ /dev/null @@ -1,25 +0,0 @@ -node('sgx_slave_2.6 && aesni') { - checkout scm - - env.SGX = '1' - env.SGX_DRIVER = 'oot' - - load '.ci/lib/config-docker.jenkinsfile' - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-clang.jenkinsfile' - load '.ci/lib/config-debug.jenkinsfile' - load '.ci/lib/config-ubsan.jenkinsfile' - load '.ci/lib/config-asan.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-sgx.jenkinsfile' - load '.ci/lib/stage-test.jenkinsfile' - load '.ci/lib/stage-test-sgx.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' - } -} diff --git a/.ci/linux-sgx-sanitizers.jenkinsfile b/.ci/linux-sgx-sanitizers.jenkinsfile new file mode 120000 index 0000000000..cf533c4673 --- /dev/null +++ b/.ci/linux-sgx-sanitizers.jenkinsfile @@ -0,0 +1 @@ +linux-sgx-ubuntu20.04-gcc-release.jenkinsfile \ No newline at end of file diff --git a/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile deleted file mode 100644 index 80063dd7f7..0000000000 --- a/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile +++ /dev/null @@ -1,21 +0,0 @@ -node('sgx_slave_2.6 && aesni') { - checkout scm - - env.SGX = '1' - env.SGX_DRIVER = 'oot' - - load '.ci/lib/config-docker.jenkinsfile' - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-release.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-sgx.jenkinsfile' - load '.ci/lib/stage-test-sgx.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' - } -} diff --git a/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile new file mode 120000 index 0000000000..cf533c4673 --- /dev/null +++ b/.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile @@ -0,0 +1 @@ +linux-sgx-ubuntu20.04-gcc-release.jenkinsfile \ No newline at end of file diff --git a/.ci/linux-sgx-ubuntu20.04-gcc-release.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-gcc-release.jenkinsfile index 5346964ad0..d2b9a12d77 100644 --- a/.ci/linux-sgx-ubuntu20.04-gcc-release.jenkinsfile +++ b/.ci/linux-sgx-ubuntu20.04-gcc-release.jenkinsfile @@ -1,21 +1,14 @@ -node('sgx_slave_2.6 && aesni') { - checkout scm - - env.SGX = '1' - env.SGX_DRIVER = 'oot' - - load '.ci/lib/config-docker.jenkinsfile' - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-release.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-sgx.jenkinsfile' - load '.ci/lib/stage-test.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' +pipeline { + agent any + stages { + stage('info') { + steps { + echo ''' + EPID was deprecated on 1.10.2024, and our key is no longer valid. See + https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/sgx-ias-using-epid-eol-timeline.html + for more info. + ''' + } + } } } diff --git a/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile deleted file mode 100644 index 23dfd7091a..0000000000 --- a/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile +++ /dev/null @@ -1,22 +0,0 @@ -node('sgx_slave_2.6 && aesni') { - checkout scm - - env.SGX = '1' - env.SGX_DRIVER = 'oot' - env.GRAMINE_MUSL = '1' - - load '.ci/lib/config-docker.jenkinsfile' - docker.build( - "local:${env.BUILD_TAG}", - '-f .ci/ubuntu20.04.dockerfile .' - ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { - load '.ci/lib/config.jenkinsfile' - load '.ci/lib/config-release.jenkinsfile' - - load '.ci/lib/stage-lint.jenkinsfile' - load '.ci/lib/stage-clean-check-prepare.jenkinsfile' - load '.ci/lib/stage-build-sgx.jenkinsfile' - load '.ci/lib/stage-test.jenkinsfile' - load '.ci/lib/stage-clean-check.jenkinsfile' - } -} diff --git a/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile b/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile new file mode 120000 index 0000000000..cf533c4673 --- /dev/null +++ b/.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile @@ -0,0 +1 @@ +linux-sgx-ubuntu20.04-gcc-release.jenkinsfile \ No newline at end of file diff --git a/.ci/linux-sgx-ubuntu22.04-edmm.jenkinsfile b/.ci/linux-sgx-ubuntu22.04-edmm.jenkinsfile new file mode 100644 index 0000000000..4920e46124 --- /dev/null +++ b/.ci/linux-sgx-ubuntu22.04-edmm.jenkinsfile @@ -0,0 +1,24 @@ +node('sgx-edmm && aesni') { + checkout scm + + env.AVX = '1' // EDMM-capable machines in our CI always have AVX + env.SGX = '1' + env.EDMM = '1' + + load '.ci/lib/config-docker.jenkinsfile' + + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu22.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-sgx.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-ubuntu22.04-gcc-release-apps.jenkinsfile b/.ci/linux-sgx-ubuntu22.04-gcc-release-apps.jenkinsfile new file mode 100644 index 0000000000..eb33f693b5 --- /dev/null +++ b/.ci/linux-sgx-ubuntu22.04-gcc-release-apps.jenkinsfile @@ -0,0 +1,20 @@ +node('sgx && jammy') { + checkout scm + + env.SGX = '1' + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu22.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test-sgx.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-ubuntu22.04-gcc-release.jenkinsfile b/.ci/linux-sgx-ubuntu22.04-gcc-release.jenkinsfile index d231533de4..b80f01fee5 100644 --- a/.ci/linux-sgx-ubuntu22.04-gcc-release.jenkinsfile +++ b/.ci/linux-sgx-ubuntu22.04-gcc-release.jenkinsfile @@ -1,4 +1,4 @@ -node('sgx') { +node('sgx && jammy') { checkout scm env.SGX = '1' diff --git a/.ci/linux-sgx-ubuntu22.04-musl.jenkinsfile b/.ci/linux-sgx-ubuntu22.04-musl.jenkinsfile new file mode 100644 index 0000000000..42bac382f4 --- /dev/null +++ b/.ci/linux-sgx-ubuntu22.04-musl.jenkinsfile @@ -0,0 +1,21 @@ +node('sgx && jammy') { + checkout scm + + env.SGX = '1' + env.GRAMINE_MUSL = '1' + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu22.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-ubuntu22.04-sanitizers.jenkinsfile b/.ci/linux-sgx-ubuntu22.04-sanitizers.jenkinsfile new file mode 100644 index 0000000000..70955f0357 --- /dev/null +++ b/.ci/linux-sgx-ubuntu22.04-sanitizers.jenkinsfile @@ -0,0 +1,24 @@ +node('sgx && jammy') { + checkout scm + + env.SGX = '1' + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu22.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-clang.jenkinsfile' + load '.ci/lib/config-debug.jenkinsfile' + load '.ci/lib/config-ubsan.jenkinsfile' + load '.ci/lib/config-asan.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-sgx.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-ubuntu24.04-edmm.jenkinsfile b/.ci/linux-sgx-ubuntu24.04-edmm.jenkinsfile new file mode 100644 index 0000000000..8b0475b50d --- /dev/null +++ b/.ci/linux-sgx-ubuntu24.04-edmm.jenkinsfile @@ -0,0 +1,24 @@ +node('sgx-edmm && aesni') { + checkout scm + + env.AVX = '1' // EDMM-capable machines in our CI always have AVX + env.SGX = '1' + env.EDMM = '1' + + load '.ci/lib/config-docker.jenkinsfile' + + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu24.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-sgx.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-ubuntu24.04-gcc-release-apps.jenkinsfile b/.ci/linux-sgx-ubuntu24.04-gcc-release-apps.jenkinsfile new file mode 100644 index 0000000000..c8485976b2 --- /dev/null +++ b/.ci/linux-sgx-ubuntu24.04-gcc-release-apps.jenkinsfile @@ -0,0 +1,20 @@ +node('sgx && noble') { + checkout scm + + env.SGX = '1' + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu24.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test-sgx.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile b/.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile index c8a821633c..da291548c4 100644 --- a/.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile +++ b/.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile @@ -1,4 +1,4 @@ -node('sgx') { +node('sgx && noble') { checkout scm env.SGX = '1' diff --git a/.ci/linux-sgx-ubuntu24.04-musl.jenkinsfile b/.ci/linux-sgx-ubuntu24.04-musl.jenkinsfile new file mode 100644 index 0000000000..7a2294a4c5 --- /dev/null +++ b/.ci/linux-sgx-ubuntu24.04-musl.jenkinsfile @@ -0,0 +1,21 @@ +node('sgx && noble') { + checkout scm + + env.SGX = '1' + env.GRAMINE_MUSL = '1' + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu24.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-release.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/linux-sgx-ubuntu24.04-sanitizers.jenkinsfile b/.ci/linux-sgx-ubuntu24.04-sanitizers.jenkinsfile new file mode 100644 index 0000000000..19280db022 --- /dev/null +++ b/.ci/linux-sgx-ubuntu24.04-sanitizers.jenkinsfile @@ -0,0 +1,24 @@ +node('sgx && noble') { + checkout scm + + env.SGX = '1' + + load '.ci/lib/config-docker.jenkinsfile' + docker.build( + "local:${env.BUILD_TAG}", + '-f .ci/ubuntu24.04.dockerfile .' + ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") { + load '.ci/lib/config.jenkinsfile' + load '.ci/lib/config-clang.jenkinsfile' + load '.ci/lib/config-debug.jenkinsfile' + load '.ci/lib/config-ubsan.jenkinsfile' + load '.ci/lib/config-asan.jenkinsfile' + + load '.ci/lib/stage-lint.jenkinsfile' + load '.ci/lib/stage-clean-check-prepare.jenkinsfile' + load '.ci/lib/stage-build-sgx.jenkinsfile' + load '.ci/lib/stage-test.jenkinsfile' + load '.ci/lib/stage-test-sgx.jenkinsfile' + load '.ci/lib/stage-clean-check.jenkinsfile' + } +} diff --git a/.ci/sgx_default_qcnl.conf b/.ci/sgx_default_qcnl.conf new file mode 100644 index 0000000000..ff0827e65d --- /dev/null +++ b/.ci/sgx_default_qcnl.conf @@ -0,0 +1,10 @@ +{ + "local_cache_only": true, + "pccs_url": "https://frackles.telenet.unc.edu:8081/sgx/certification/v4/", + "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/", + "pck_cache_expire_hours": 168, + "retry_delay": 10, + "retry_times": 6, + "use_secure_cert": false, + "verify_collateral_cache_expire_hours": 168 +} diff --git a/.ci/ubuntu20.04.dockerfile b/.ci/ubuntu20.04.dockerfile index 8c79823ddb..ab6062a0aa 100644 --- a/.ci/ubuntu20.04.dockerfile +++ b/.ci/ubuntu20.04.dockerfile @@ -5,6 +5,7 @@ RUN apt-get update && env DEBIAN_FRONTEND=noninteractive apt-get install -y \ bc \ bison \ build-essential \ + busybox \ cargo \ clang \ cmake \ @@ -96,6 +97,8 @@ RUN git clone https://github.com/giltene/wrk2.git \ && cd .. \ && rm -rf wrk2 +ENV REQUESTS=10000 + # NOTE about meson version: we support "0.56 or newer", so in CI we pin to latest patch version of # the earliest supported minor version (pip implicitly installs latest version satisfying the # specification) diff --git a/.ci/ubuntu22.04.dockerfile b/.ci/ubuntu22.04.dockerfile index 0c265be1b0..dd800a7c28 100644 --- a/.ci/ubuntu22.04.dockerfile +++ b/.ci/ubuntu22.04.dockerfile @@ -36,30 +36,64 @@ RUN apt-get update && apt-get satisfy -y \ # dependencies for various tests, CI-Examples, etc. # git: scripts/gitignore-test (among others) # libunwind8: libos/test/regression/bootstrap_cpp.manifest.template +# musl-tools: for compilation with musl (not done in deb/rpm) # nginx: CI-Examples/ra-tls-nginx # shellcheck: .ci/run-shellcheck +# busybox: CI-Examples/busybox # cargo: CI-Examples/rust # clang: asan and ubsan builds # jq: used in jenkinsfiles # cpio dwarves gcc/g++-12 kmod qemu-kvm: for building kernel modules and running VMs # wget: scripts/download +# python3-pytest: for running tests +# python3-pytest-xdist: for pytest -n option, to run in parallel +# python3-numpy python3-scipy: imported by script in CI-Examples/python +# gdb: tested in libos suite +# ncat: used in scripts/wait_for_server +# linux-libc-dev: among others, needed to compile busybox (CI-Examples/busybox) +# libomp-dev: needed for libos/test/regression/openmp.c +# libevent-dev: CI-Examples/memcached +# libmemcached-tools: CI-Examples/memcache +# zlib1g-dev: CI-Examples/lighttpd +# libssl-dev: CI-Examples/nginx +# sqlite3: CI-Examples/sqlite +# libsgx-*: CI-Examples/ra-tls-* +# curl: CI-Examples/ra-tls-secret-prov RUN apt-get update && apt-get install -y \ + busybox \ cargo \ clang \ cmake \ cpio \ + curl \ dwarves \ g++-12 \ gcc-12 \ + gdb \ git \ jq \ kmod \ + libevent-dev \ + libmemcached-tools \ + libomp-dev \ + libsgx-dcap-default-qpl \ + libsgx-dcap-quote-verify-dev \ + libsgx-urts \ + libssl-dev \ libunwind8 \ + linux-libc-dev \ + musl-tools \ + ncat \ nginx \ + python3-numpy \ python3-pytest \ + python3-pytest-xdist \ + python3-scipy \ qemu-kvm \ shellcheck \ - wget + sqlite3 \ + wget \ + zlib1g-dev # Kernel on the host machine is built with GCC-12, so we need to set it as default in Docker RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 10 && \ @@ -67,4 +101,17 @@ RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 10 && \ update-alternatives --set gcc /usr/bin/gcc-12 && \ update-alternatives --set g++ /usr/bin/g++-12 +# Install wrk2 benchmark. This benchmark is used in `benchmark-http.sh`. +RUN git clone https://github.com/giltene/wrk2.git \ + && cd wrk2 \ + && git checkout 44a94c17d8e6a0bac8559b53da76848e430cb7a7 \ + && make \ + && cp wrk /usr/local/bin \ + && cd .. \ + && rm -rf wrk2 + +ENV REQUESTS=10000 + +COPY .ci/sgx_default_qcnl.conf /etc/sgx_default_qcnl.conf + CMD ["bash"] diff --git a/.ci/ubuntu24.04.dockerfile b/.ci/ubuntu24.04.dockerfile index 5fe84ea2ed..d6cf927939 100644 --- a/.ci/ubuntu24.04.dockerfile +++ b/.ci/ubuntu24.04.dockerfile @@ -37,14 +37,65 @@ RUN apt-get update && apt-get satisfy -y \ # dependencies for various tests, CI-Examples, etc. # git: scripts/gitignore-test (among others) # libunwind8: libos/test/regression/bootstrap_cpp.manifest.template +# musl-tools: for compilation with musl (not done in deb/rpm) # nginx: CI-Examples/ra-tls-nginx # shellcheck: .ci/run-shellcheck +# busybox: CI-Examples/busybox +# cargo: CI-Examples/rust +# clang: asan and ubsan builds +# jq: used in jenkinsfiles +# cpio dwarves kmod qemu-kvm: for building kernel modules and running VMs +# wget: scripts/download +# python3-pytest: for running tests +# python3-pytest-xdist: for pytest -n option, to run in parallel +# python3-numpy python3-scipy: imported by script in CI-Examples/python +# gdb: tested in libos suite +# ncat: used in scripts/wait_for_server +# linux-libc-dev: among others, needed to compile busybox (CI-Examples/busybox) +# libomp-dev: needed for libos/test/regression/openmp.c +# libevent-dev: CI-Examples/memcached +# libmemcached-tools: CI-Examples/memcache +# zlib1g-dev: CI-Examples/lighttpd +# wrk: used by CI-Examples/common_tools/benchmark-http.sh +# libssl-dev: CI-Examples/nginx +# sqlite3: CI-Examples/sqlite +# libsgx-*: CI-Examples/ra-tls-* +# curl: CI-Examples/ra-tls-secret-prov RUN apt-get update && apt-get install -y \ + busybox \ + cargo \ + clang \ cmake \ + cpio \ + curl \ + dwarves \ + gdb \ git \ + jq \ + kmod \ + libevent-dev \ + libmemcached-tools \ + libomp-dev \ + libsgx-dcap-default-qpl \ + libsgx-dcap-quote-verify-dev \ + libsgx-urts \ + libssl-dev \ libunwind8 \ + linux-libc-dev \ + musl-tools \ + ncat \ nginx \ + python3-numpy \ python3-pytest \ - shellcheck + python3-pytest-xdist \ + python3-scipy \ + qemu-kvm \ + shellcheck \ + sqlite3 \ + wget \ + wrk \ + zlib1g-dev + +COPY .ci/sgx_default_qcnl.conf /etc/sgx_default_qcnl.conf CMD ["bash"] diff --git a/CI-Examples/bash/manifest.template b/CI-Examples/bash/manifest.template index 11ebd8b15b..e4c6fed530 100644 --- a/CI-Examples/bash/manifest.template +++ b/CI-Examples/bash/manifest.template @@ -23,7 +23,7 @@ fs.mounts = [ sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} sgx.enclave_size = "512M" -sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '4' }} +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.trusted_files = [ "file:{{ execdir }}/", diff --git a/CI-Examples/busybox/Makefile b/CI-Examples/busybox/Makefile index 865df78386..d920e8ece6 100644 --- a/CI-Examples/busybox/Makefile +++ b/CI-Examples/busybox/Makefile @@ -1,14 +1,7 @@ # Copyright (C) 2023 Gramine contributors # SPDX-License-Identifier: BSD-3-Clause -ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine) - -SRCDIR = src -BUSYBOX_SHA256 ?= c35d87f1d04b2b153d33c275c2632e40d388a88f19a9e71727e0bbbff51fe689 -BUSYBOX_SRC ?= busybox-1.32.0.tar.bz2 -BUSYBOX_MIRRORS ?= \ - https://busybox.net/downloads \ - https://packages.gramineproject.io/distfiles +BUSYBOX ?= $(shell sh -c 'command -v busybox') ifeq ($(DEBUG),1) GRAMINE_LOG_LEVEL = debug @@ -21,31 +14,15 @@ RA_CLIENT_SPID ?= RA_CLIENT_LINKABLE ?= 0 .PHONY: all -all: busybox busybox.manifest +all: busybox.manifest ifeq ($(SGX),1) all: busybox.manifest.sgx busybox.sig endif -$(SRCDIR)/Makefile: - ../common_tools/download --output busybox.tar.bz2 --sha256 $(BUSYBOX_SHA256) \ - $(foreach mirror,$(BUSYBOX_MIRRORS),--url $(mirror)/$(BUSYBOX_SRC)) - mkdir $(SRCDIR) - tar -C $(SRCDIR) --strip-components=1 -xf busybox.tar.bz2 - -$(SRCDIR)/.config: $(SRCDIR)/Makefile - $(MAKE) -C $(SRCDIR) clean - $(MAKE) -C $(SRCDIR) defconfig - # Enable usage of Busybox's built-in applets - sed -e 's/.*CONFIG_FEATURE_SH_STANDALONE.*/CONFIG_FEATURE_SH_STANDALONE=y/' \ - -i $(SRCDIR)/.config - -$(SRCDIR)/busybox: $(SRCDIR)/.config - $(MAKE) -C $(SRCDIR) - -busybox.manifest: busybox.manifest.template busybox +busybox.manifest: busybox.manifest.template gramine-manifest \ + -Dbusybox=$(BUSYBOX) \ -Dlog_level=$(GRAMINE_LOG_LEVEL) \ - -Darch_libdir=$(ARCH_LIBDIR) \ -Dra_type=$(RA_TYPE) \ -Dra_client_spid=$(RA_CLIENT_SPID) \ -Dra_client_linkable=$(RA_CLIENT_LINKABLE) \ @@ -62,10 +39,6 @@ sgx_sign: busybox.manifest --manifest $< \ --output $<.sgx -# Copy Busybox binary to our root directory for simplicity. -busybox: $(SRCDIR)/busybox - cp $(SRCDIR)/busybox busybox - ifeq ($(SGX),) GRAMINE = gramine-direct else @@ -80,8 +53,7 @@ check: all .PHONY: clean clean: - $(RM) *.token *.sig *.manifest.sgx *.manifest busybox OUTPUT + $(RM) *.token *.sig *.manifest.sgx *.manifest OUTPUT .PHONY: distclean distclean: clean - $(RM) -r $(SRCDIR) busybox.tar.bz2 diff --git a/CI-Examples/busybox/busybox.manifest.template b/CI-Examples/busybox/busybox.manifest.template index 2f2ba14c3c..3063fb8c5a 100644 --- a/CI-Examples/busybox/busybox.manifest.template +++ b/CI-Examples/busybox/busybox.manifest.template @@ -12,7 +12,7 @@ loader.env.LD_LIBRARY_PATH = "/lib" loader.insecure__use_cmdline_argv = true fs.mounts = [ - { path = "/busybox", uri = "file:busybox" }, + { path = "/busybox", uri = "file:{{ busybox }}" }, { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" }, # hardcoded mappings of local hostnames to IP addresses, required by e.g. `hostname` applet @@ -30,6 +30,6 @@ sgx.ra_client_spid = "{{ ra_client_spid }}" sgx.ra_client_linkable = {{ 'true' if ra_client_linkable == '1' else 'false' }} sgx.trusted_files = [ - "file:busybox", + "file:{{ busybox }}", "file:{{ gramine.runtimedir() }}/", ] diff --git a/CI-Examples/common_tools/benchmark-http.sh b/CI-Examples/common_tools/benchmark-http.sh index d5ab90250b..eb2c2d23a3 100755 --- a/CI-Examples/common_tools/benchmark-http.sh +++ b/CI-Examples/common_tools/benchmark-http.sh @@ -3,8 +3,6 @@ # Copyright (C) 2023 Gramine contributors # SPDX-License-Identifier: BSD-3-Clause -# On Ubuntu, this script requires wrk2 tool installed for the wrk binary. -# # Run like: ./benchmark-http.sh host:port # # It also works with HTTPS, e.g., ./benchmark-http.sh https://localhost:8443 @@ -15,11 +13,13 @@ LOOP=${LOOP:-1} DOWNLOAD_HOST=$1 DOWNLOAD_FILE=${DOWNLOAD_FILE:-random/10K.1.html} CONNECTIONS=${CONNECTIONS:-300} -REQUESTS=${REQUESTS:-10000} DURATION=${DURATION:-30} CONCURRENCY_LIST=${CONCURRENCY_LIST:-"1 2 4 8 16 32 64 128 256"} RESULT=result-$(date +%y%m%d-%H%M%S) +# This parameter requires wrk2 tool installed for the wrk binary. +REQUESTS_OPT="${REQUESTS:+-R"$REQUESTS"}" + touch "$RESULT" convert_throughput() { local THROUGHPUT_VAL=0 @@ -32,11 +32,11 @@ convert_throughput() { if [ -z "$THROUGHPUT_UNIT" ]; then THROUGHPUT=$THROUGHPUT_VAL elif [ "$THROUGHPUT_UNIT" = "k" ]; then - THROUGHPUT=$(bc <<< "$THROUGHPUT_VAL*1000") + THROUGHPUT=$(python3 -c "print($THROUGHPUT_VAL * 1000)") elif [ "$THROUGHPUT_UNIT" = "M" ]; then - THROUGHPUT=$(bc <<< "$THROUGHPUT_VAL*1000000") + THROUGHPUT=$(python3 -c "print($THROUGHPUT_VAL * 1000000)") elif [ "$THROUGHPUT_UNIT" = "G" ]; then - THROUGHPUT=$(bc <<< "$THROUGHPUT_VAL*1000000000") + THROUGHPUT=$(python3 -c "print($THROUGHPUT_VAL * 1000000000)") else THROUGHPUT=0 fi @@ -55,13 +55,13 @@ latency_in_milliseconds() { if [ -z "$LATENCY_UNIT" ] || [ "$LATENCY_UNIT" = "ms" ]; then LATENCY=$LATENCY_VAL elif [ "$LATENCY_UNIT" = "us" ]; then - LATENCY=$(bc <<< "scale=3; $LATENCY_VAL/1000") + LATENCY=$(python3 -c "print($LATENCY_VAL / 1000)") elif [ "$LATENCY_UNIT" = "s" ]; then - LATENCY=$(bc <<< "$LATENCY_VAL*1000") + LATENCY=$(python3 -c "print($LATENCY_VAL * 1000)") elif [ "$LATENCY_UNIT" = "m" ]; then - LATENCY=$(bc <<< "$LATENCY_VAL*1000*60") + LATENCY=$(python3 -c "print($LATENCY_VAL * 1000 * 60)") elif [ "$LATENCY_UNIT" = "h" ]; then - LATENCY=$(bc <<< "$LATENCY_VAL*1000*3600") + LATENCY=$(python3 -c "print($LATENCY_VAL * 1000 * 3600)") else LATENCY=0 fi @@ -75,8 +75,9 @@ do for CONCURRENCY in $CONCURRENCY_LIST do rm -f OUTPUT - echo "wrk -c $CONNECTIONS -d $DURATION -t $CONCURRENCY -R $REQUESTS $DOWNLOAD_HOST/$DOWNLOAD_FILE" - wrk -c "$CONNECTIONS" -d "$DURATION" -t "$CONCURRENCY" -R "$REQUESTS" "$DOWNLOAD_HOST/$DOWNLOAD_FILE" > OUTPUT || exit $? + echo "wrk -c $CONNECTIONS -d $DURATION -t $CONCURRENCY $REQUESTS_OPT $DOWNLOAD_HOST/$DOWNLOAD_FILE" + # shellcheck disable=SC2086 + wrk -c "$CONNECTIONS" -d "$DURATION" -t "$CONCURRENCY" $REQUESTS_OPT "$DOWNLOAD_HOST/$DOWNLOAD_FILE" > OUTPUT || exit $? THROUGHPUT_STR=$(grep -m1 "Req/Sec" OUTPUT | awk '{ print $2 }') THROUGHPUT=$(convert_throughput "$THROUGHPUT_STR") diff --git a/CI-Examples/lighttpd/lighttpd.manifest.template b/CI-Examples/lighttpd/lighttpd.manifest.template index 481f0fe429..3022274ebe 100644 --- a/CI-Examples/lighttpd/lighttpd.manifest.template +++ b/CI-Examples/lighttpd/lighttpd.manifest.template @@ -24,7 +24,7 @@ fs.mounts = [ sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} sgx.enclave_size = "256M" -sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '3' }} +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.trusted_files = [ "file:{{ gramine.runtimedir() }}/", diff --git a/CI-Examples/ra-tls-mbedtls/Makefile b/CI-Examples/ra-tls-mbedtls/Makefile index db7b7f5d2b..d5f0d0b22f 100644 --- a/CI-Examples/ra-tls-mbedtls/Makefile +++ b/CI-Examples/ra-tls-mbedtls/Makefile @@ -116,8 +116,8 @@ sgx_sign_client_epid: client_epid.manifest check_epid: app epid gramine-sgx server & SERVER_ID=$$!; \ ../../scripts/wait_for_server 60 127.0.0.1 4433; \ - ./client epid > OUTPUT; \ - ./client epid 0 0 0 0 >> OUTPUT; \ + ./client epid | tee OUTPUT; \ + ./client epid 0 0 0 0 | tee -a OUTPUT; \ kill -9 $$SERVER_ID @grep -q "using default SGX-measurement verification callback" OUTPUT && echo "[ Success 1/4 ]" @grep -q "using our own SGX-measurement verification callback" OUTPUT && echo "[ Success 2/4 ]" @@ -136,8 +136,8 @@ check_epid_fail: app epid check_dcap: app dcap gramine-sgx server >/dev/null & SERVER_ID=$$!; \ ../../scripts/wait_for_server 60 127.0.0.1 4433; \ - ./client dcap > OUTPUT; \ - ./client dcap 0 0 0 0 >> OUTPUT; \ + ./client dcap | tee OUTPUT; \ + ./client dcap 0 0 0 0 | tee -a OUTPUT; \ kill -9 $$SERVER_ID @grep -q "using default SGX-measurement verification callback" OUTPUT && echo "[ Success 1/4 ]" @grep -q "using our own SGX-measurement verification callback" OUTPUT && echo "[ Success 2/4 ]" diff --git a/CI-Examples/ra-tls-nginx/nginx.manifest.template b/CI-Examples/ra-tls-nginx/nginx.manifest.template index c496b5e597..183c2a2bbf 100644 --- a/CI-Examples/ra-tls-nginx/nginx.manifest.template +++ b/CI-Examples/ra-tls-nginx/nginx.manifest.template @@ -47,6 +47,7 @@ sgx.ra_client_linkable = {{ 'true' if ra_client_linkable else 'false' }} sgx.edmm_enable = {{ "true" if env.get("EDMM", "0") | int > 0 else "false" }} sys.enable_sigterm_injection = true +sgx.max_threads = {{ 1 if env.get("EDMM", "0") | int > 0 else 8 }} sgx.debug = true sgx.trusted_files = [ diff --git a/libos/test/ltp/ltp.cfg b/libos/test/ltp/ltp.cfg index 353bd9c94b..268a2231d4 100644 --- a/libos/test/ltp/ltp.cfg +++ b/libos/test/ltp/ltp.cfg @@ -157,6 +157,16 @@ skip = yes [clock_gettime03] skip = yes +# test #1 calls __vdso__clock_gettime(CLOCK_REALTIME) and checks if the +# difference is <= 5 ms, which it might not be on a VM +[clock_gettime04] +must-pass = + 2 + 3 + 4 + 5 + 6 + # test 10: EOPNOTSUPP expected on CLOCK_THREAD_CPUTIME_ID [clock_nanosleep01] timeout = 40 @@ -247,9 +257,9 @@ skip = yes [dirtyc0w] skip = yes -# very long test, does thousands of forks +# very long test, does thousands of forks, unreliable [epoll01] -timeout = 600 +skip = yes # tries to open /proc/1/stat, which is not implemented in Gramine [epoll_pwait01] @@ -1373,6 +1383,9 @@ skip = yes [pipe03] skip = yes +[pipe04] +timeout = 60 + [pipe07] skip = yes diff --git a/libos/test/regression/argv_from_file.manifest.template b/libos/test/regression/argv_from_file.manifest.template index bc086bd4ec..9739bdde5b 100644 --- a/libos/test/regression/argv_from_file.manifest.template +++ b/libos/test/regression/argv_from_file.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/argv_from_manifest.manifest.template b/libos/test/regression/argv_from_manifest.manifest.template index 147ba14946..81a2107f2c 100644 --- a/libos/test/regression/argv_from_manifest.manifest.template +++ b/libos/test/regression/argv_from_manifest.manifest.template @@ -17,6 +17,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/attestation.manifest.template b/libos/test/regression/attestation.manifest.template index 54c86c1ef3..8c950b332d 100644 --- a/libos/test/regression/attestation.manifest.template +++ b/libos/test/regression/attestation.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100" +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/debug_log_file.manifest.template b/libos/test/regression/debug_log_file.manifest.template index af4976c2ed..5ede40df3c 100644 --- a/libos/test/regression/debug_log_file.manifest.template +++ b/libos/test/regression/debug_log_file.manifest.template @@ -12,6 +12,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/debug_log_inline.manifest.template b/libos/test/regression/debug_log_inline.manifest.template index 44ed734dc9..e91976b61d 100644 --- a/libos/test/regression/debug_log_inline.manifest.template +++ b/libos/test/regression/debug_log_inline.manifest.template @@ -11,6 +11,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/device_ioctl.manifest.template b/libos/test/regression/device_ioctl.manifest.template index e37dc43d74..f6a79efb33 100644 --- a/libos/test/regression/device_ioctl.manifest.template +++ b/libos/test/regression/device_ioctl.manifest.template @@ -8,6 +8,7 @@ fs.mounts = [ { path = "/dev/gramine_test_dev", uri = "dev:/dev/gramine_test_dev" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.trusted_files = [ diff --git a/libos/test/regression/device_ioctl_fail.manifest.template b/libos/test/regression/device_ioctl_fail.manifest.template index 4da8cb9863..4aae2c3a9d 100644 --- a/libos/test/regression/device_ioctl_fail.manifest.template +++ b/libos/test/regression/device_ioctl_fail.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ { path = "/dev/gramine_test_dev", uri = "dev:/dev/gramine_test_dev" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.trusted_files = [ diff --git a/libos/test/regression/device_ioctl_parse_fail.manifest.template b/libos/test/regression/device_ioctl_parse_fail.manifest.template index 906f657664..60037bbc4f 100644 --- a/libos/test/regression/device_ioctl_parse_fail.manifest.template +++ b/libos/test/regression/device_ioctl_parse_fail.manifest.template @@ -8,6 +8,7 @@ fs.mounts = [ { path = "/dev/gramine_test_dev", uri = "dev:/dev/gramine_test_dev" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.trusted_files = [ diff --git a/libos/test/regression/device_passthrough.manifest.template b/libos/test/regression/device_passthrough.manifest.template index 2c056bccac..50bbe276b9 100644 --- a/libos/test/regression/device_passthrough.manifest.template +++ b/libos/test/regression/device_passthrough.manifest.template @@ -8,6 +8,7 @@ fs.mounts = [ { path = "/dev/host-zero", uri = "dev:/dev/zero" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/env_from_file.manifest.template b/libos/test/regression/env_from_file.manifest.template index dbb9eb3da7..66c624225d 100644 --- a/libos/test/regression/env_from_file.manifest.template +++ b/libos/test/regression/env_from_file.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/env_from_host.manifest.template b/libos/test/regression/env_from_host.manifest.template index ba450019af..5020055c70 100644 --- a/libos/test/regression/env_from_host.manifest.template +++ b/libos/test/regression/env_from_host.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/env_passthrough.manifest.template b/libos/test/regression/env_passthrough.manifest.template index 95d054f186..29d9df8051 100644 --- a/libos/test/regression/env_passthrough.manifest.template +++ b/libos/test/regression/env_passthrough.manifest.template @@ -15,6 +15,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/eventfd_fork.manifest.template b/libos/test/regression/eventfd_fork.manifest.template index 6c9887e436..da5dbd81fb 100644 --- a/libos/test/regression/eventfd_fork.manifest.template +++ b/libos/test/regression/eventfd_fork.manifest.template @@ -9,6 +9,7 @@ fs.mounts = [ sys.insecure__allow_eventfd = true +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/eventfd_fork_allowed_failing.manifest.template b/libos/test/regression/eventfd_fork_allowed_failing.manifest.template index ba50648401..d4886916cf 100644 --- a/libos/test/regression/eventfd_fork_allowed_failing.manifest.template +++ b/libos/test/regression/eventfd_fork_allowed_failing.manifest.template @@ -15,6 +15,7 @@ fs.mounts = [ # because eventfd is in a secure single-process mode (due to commented-out line) #sys.insecure__allow_eventfd = true +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/fcntl_lock_child_only.manifest.template b/libos/test/regression/fcntl_lock_child_only.manifest.template index 202bfe59ed..da56373055 100644 --- a/libos/test/regression/fcntl_lock_child_only.manifest.template +++ b/libos/test/regression/fcntl_lock_child_only.manifest.template @@ -11,6 +11,7 @@ fs.mounts = [ fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100" +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/file_check_policy_allow_all_but_log.manifest.template b/libos/test/regression/file_check_policy_allow_all_but_log.manifest.template index c2639b80e7..c569c2b26d 100644 --- a/libos/test/regression/file_check_policy_allow_all_but_log.manifest.template +++ b/libos/test/regression/file_check_policy_allow_all_but_log.manifest.template @@ -12,6 +12,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/file_check_policy_strict.manifest.template b/libos/test/regression/file_check_policy_strict.manifest.template index 927c148671..04907cae76 100644 --- a/libos/test/regression/file_check_policy_strict.manifest.template +++ b/libos/test/regression/file_check_policy_strict.manifest.template @@ -12,6 +12,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/fork_disallowed.manifest.template b/libos/test/regression/fork_disallowed.manifest.template index 6cdb30edb3..2408e58606 100644 --- a/libos/test/regression/fork_disallowed.manifest.template +++ b/libos/test/regression/fork_disallowed.manifest.template @@ -13,6 +13,7 @@ fs.mounts = [ # must print a warning: "The app tried to create a subprocess, but this is disabled" sys.disallow_subprocesses = true +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/host_root_fs.manifest.template b/libos/test/regression/host_root_fs.manifest.template index 12f4f9442f..3e2c0e6956 100644 --- a/libos/test/regression/host_root_fs.manifest.template +++ b/libos/test/regression/host_root_fs.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ { type = "tmpfs", path = "/etc" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/hostname_extra_runtime_conf.manifest.template b/libos/test/regression/hostname_extra_runtime_conf.manifest.template index 2cdb1c9aa4..8b9eb66514 100644 --- a/libos/test/regression/hostname_extra_runtime_conf.manifest.template +++ b/libos/test/regression/hostname_extra_runtime_conf.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ sys.enable_extra_runtime_domain_names_conf = true +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/init_fail.manifest.template b/libos/test/regression/init_fail.manifest.template index 755f8b1c0a..f58d8f38bc 100644 --- a/libos/test/regression/init_fail.manifest.template +++ b/libos/test/regression/init_fail.manifest.template @@ -9,6 +9,7 @@ fs.mounts = [ { path = "/test", uri = "file:I_DONT_EXIST" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/init_fail2.manifest.template b/libos/test/regression/init_fail2.manifest.template index 2222af6dbd..a225a2dba0 100644 --- a/libos/test/regression/init_fail2.manifest.template +++ b/libos/test/regression/init_fail2.manifest.template @@ -9,6 +9,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/large_mmap.manifest.template b/libos/test/regression/large_mmap.manifest.template index 324b5a0097..28641fc504 100644 --- a/libos/test/regression/large_mmap.manifest.template +++ b/libos/test/regression/large_mmap.manifest.template @@ -12,6 +12,7 @@ fs.mounts = [ ] sgx.enclave_size = "8G" +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/mock_syscalls.manifest.template b/libos/test/regression/mock_syscalls.manifest.template index a6b042f19d..08edf98ec9 100644 --- a/libos/test/regression/mock_syscalls.manifest.template +++ b/libos/test/regression/mock_syscalls.manifest.template @@ -31,6 +31,7 @@ sys.debug__mock_syscalls = [ { name = "clone3", return = -38 }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/openmp.manifest.template b/libos/test/regression/openmp.manifest.template index cfcc63bb41..a723a31f56 100644 --- a/libos/test/regression/openmp.manifest.template +++ b/libos/test/regression/openmp.manifest.template @@ -19,6 +19,7 @@ fs.mounts = [ { path = "/lib", uri = "file:{{ gramine.runtimedir(libc) }}" }, { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" }, + { path = "/dev/shm", type = "tmpfs" }, ] sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '32' }} diff --git a/libos/test/regression/shadow_pseudo_fs.manifest.template b/libos/test/regression/shadow_pseudo_fs.manifest.template index b0ab21ac02..a501166c3f 100644 --- a/libos/test/regression/shadow_pseudo_fs.manifest.template +++ b/libos/test/regression/shadow_pseudo_fs.manifest.template @@ -13,6 +13,7 @@ fs.mounts = [ { path = "/proc/test/nested/dirs/exec", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/shm.manifest.template b/libos/test/regression/shm.manifest.template index 0d980681d0..11dcea23cc 100644 --- a/libos/test/regression/shm.manifest.template +++ b/libos/test/regression/shm.manifest.template @@ -8,6 +8,7 @@ fs.mounts = [ { type = "untrusted_shm", path = "/dev/shm", uri = "dev:/dev/shm" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/sysfs_common.manifest.template b/libos/test/regression/sysfs_common.manifest.template index 6850246587..bfd1e2c835 100644 --- a/libos/test/regression/sysfs_common.manifest.template +++ b/libos/test/regression/sysfs_common.manifest.template @@ -7,6 +7,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/test_libos.py b/libos/test/regression/test_libos.py index 73a5f5f300..84a14f9ce3 100644 --- a/libos/test/regression/test_libos.py +++ b/libos/test/regression/test_libos.py @@ -10,6 +10,7 @@ import tomli from graminelibos.regression import ( + GDB_VERSION, HAS_AVX, HAS_EDMM, HAS_SGX, @@ -63,7 +64,7 @@ def test_023_asan_stack(self): def _test_asan(self, case, desc): expected_list = [f'asan: {desc}'] if self.has_debug(): - expected_list.append(f'asan: location: run_test_asan_{case} at libos_call.c') + expected_list.append(f'asan: location: run_test_asan_{case} at ') self._test_abort(f'asan_{case}', expected_list) def _test_abort(self, test_name, expected_list): @@ -1458,6 +1459,14 @@ def test_010_regs_x86_64(self): xmm0_result = self.find('XMM0 result', stdout) self.assertEqual(xmm0_result, '$4 = 0x4000400040004000') + # There's a bug in gdb introduced somewhere between versions 12 and 13 (and + # still present in 15.x at the time of this writing): When using set + # detach-on-fork off and set schedule-multiple on (which our gramine.gdb + # uses) non-main threads in the parent process get stuck in "tracing stop" + # state after vfork+execve. This test uses gdb and unfortunately triggers + # the bug. + @unittest.skipUnless(GDB_VERSION is not None and GDB_VERSION < (13,), + f'missing or known buggy GDB ({GDB_VERSION=})') def test_020_gdb_fork_and_access_file_bug(self): # To run this test manually, use: # GDB=1 GDB_SCRIPT=fork_and_access_file.gdb gramine-sgx fork_and_access_file diff --git a/libos/test/regression/toml_parsing.manifest.template b/libos/test/regression/toml_parsing.manifest.template index a8d99e77d2..c63440736e 100644 --- a/libos/test/regression/toml_parsing.manifest.template +++ b/libos/test/regression/toml_parsing.manifest.template @@ -17,6 +17,7 @@ fs.mounts = [ # the manifest option below added only so that this feature has any test coverage libos.check_invalid_pointers = false +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/libos/test/regression/uid_gid.manifest.template b/libos/test/regression/uid_gid.manifest.template index be1afc1a00..e1c48f34e5 100644 --- a/libos/test/regression/uid_gid.manifest.template +++ b/libos/test/regression/uid_gid.manifest.template @@ -10,6 +10,7 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, ] +sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '8' }} sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} diff --git a/python/graminelibos/regression.py b/python/graminelibos/regression.py index 5a966dbd6b..65b3c832a9 100644 --- a/python/graminelibos/regression.py +++ b/python/graminelibos/regression.py @@ -22,6 +22,12 @@ IS_VM = os.environ.get('IS_VM') == '1' ON_X86 = os.uname().machine in ['x86_64'] USES_MUSL = os.environ.get('GRAMINE_MUSL') == '1' +try: + GDB_VERSION = tuple(int(i) if i.isdigit() else i for i in subprocess.check_output( + ['gdb', '-q', '-ex', 'python print(gdb.VERSION)', '-ex', 'q'] + ).strip().decode('ascii').split('.')) +except (subprocess.SubprocessError, OSError): + GDB_VERSION = None def expectedFailureIf(predicate): if predicate: diff --git a/scripts/get-python-platlib.py b/scripts/get-python-platlib.py index 66b7890a32..c7dba4786e 100755 --- a/scripts/get-python-platlib.py +++ b/scripts/get-python-platlib.py @@ -40,7 +40,8 @@ sure to ``mkdir -p`` all suspected paths; that's also why we can't ``assert`` that result is in ``sys.path``. - PEP-632 deprecates ``distutils`` package (3.10-3.11 ``DeprecationWarning``, - not installed in 3.12). + not installed in 3.12). UPDATE 26.09.2024: Ubuntu 24.04 has Python 3.12 with + no ``distutils``, but setuptools ships vendored copy for now. References ========== @@ -53,37 +54,46 @@ ''' import argparse -import distutils.command.install -import distutils.sysconfig -import distutils.util import pathlib import sys import sysconfig +try: + import distutils.command.install as distutils_command_install + import distutils.sysconfig as distutils_sysconfig + import distutils.util as distutils_util +except ImportError: + import setuptools._distutils.command.install as distutils_command_install + import setuptools._distutils.sysconfig as distutils_sysconfig + import setuptools._distutils.util as distutils_util def get_platlib(prefix): is_debian = ( 'deb_system' in sysconfig.get_scheme_names() or - 'deb_system' in distutils.command.install.INSTALL_SCHEMES) + 'deb_system' in distutils_command_install.INSTALL_SCHEMES) # this takes care of `/` at the end, though not `/usr/../usr/local` is_usr_local = pathlib.PurePosixPath(prefix).as_posix() == '/usr/local' if is_debian and is_usr_local: # 1) try sysconfig; it works on bookworm and jammy - platlib1 = sysconfig.get_path('platlib') + try: + platlib1 = sysconfig.get_path('platlib', 'deb_system') + except KeyError: + platlib1 = None + if platlib1 in sys.path: return platlib1 # 2) if system is too old for sysconfig, then distutils should work - return distutils.util.subst_vars( - distutils.command.install.INSTALL_SCHEMES['unix_local']['platlib'], + return distutils_util.subst_vars( + distutils_command_install.INSTALL_SCHEMES['unix_local']['platlib'], { 'platbase': '/usr', 'py_version_short': '.'.join(map(str, sys.version_info[:2])), }) - return distutils.sysconfig.get_python_lib(plat_specific=True, prefix=prefix) + return distutils_sysconfig.get_python_lib(plat_specific=True, prefix=prefix) argparser = argparse.ArgumentParser()