Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GSC workloads are failing during the signing process with the error unknown loader.entrypoint. #224

Open
anjalirai-intel opened this issue Nov 13, 2024 · 2 comments

Comments

@anjalirai-intel
Copy link
Contributor

Description of the problem

As part of latest commit 87c752f3a61d578b8e2c600e2305aca99c44d812 loader.entrypoint has been removed, This change has not been backported to GSC, causing all workloads to fail during the signing process.

Steps to reproduce

docker build --tag ubuntu20.04-bash --file test/ubuntu20.04-bash.dockerfile .

./gsc build --insecure-args ubuntu20.04-bash test/ubuntu20.04-bash.manifest
./gsc sign-image ubuntu20.04-bash enclave-key.pem

Expected results

GSC signing build should be successful

Actual results

./gsc sign-image --remove-gramine-deps bash-test enclave-key.pem
Signing graminized Docker image `gsc-bash-test-unsigned` -> `gsc-bash-test`...
Step 1/12 : FROM gsc-bash-test-unsigned as unsigned_image

 ---> 72a80de071dc
Step 2/12 : ARG BUILD_ID

 ---> Running in 2890a1a7d571
Removing intermediate container 2890a1a7d571
 ---> e8b372551d8a
Step 3/12 : LABEL build_id=$BUILD_ID

 ---> Running in 6eb0aaa7c61f
Removing intermediate container 6eb0aaa7c61f
 ---> 3feec5ba6ac7
Step 4/12 : COPY gsc-signer-key.pem /gramine/app_files/gsc-signer-key.pem

 ---> 28254e568bf3
Step 5/12 : ARG passphrase

 ---> Running in 76a6610bf14c
Removing intermediate container 76a6610bf14c
 ---> 4b507cbeb027
Step 6/12 : RUN export PYTHONPATH="${PYTHONPATH}:$(find /gramine/meson_build_output/lib -type d -path '*/site-packages')" && gramine-sgx-sign       --key /gramine/app_files/gsc-signer-key.pem       --manifest /gramine/app_files/entrypoint.manifest       --output /gramine/app_files/entrypoint.manifest.sgx       ${passphrase:+--passphrase "$passphrase"}

 ---> Running in 0f4e73cf1f12
�[91mTraceback (most recent call last):
  File "/gramine/meson_build_output/bin/gramine-sgx-sign", line 174, in <module>
    main() # pylint: disable=no-value-for-parameter
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1434, in invoke
�[0m
�[91m    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 783, in invoke
�[0m
�[91m    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/gramine/meson_build_output/bin/gramine-sgx-sign", line 130, in main
�[0m
�[91m    manifest = Manifest.load(manifest_file)
  File "/gramine/meson_build_output/lib/python3.10/site-packages/graminelibos/manifest.py", line 388, in load
�[0m
�[91m    return cls.loads(f.read())
  File "/gramine/meson_build_output/lib/python3.10/site-packages/graminelibos/manifest.py", line 384, in loads
    return cls(s)
  File "/gramine/meson_build_output/lib/python3.10/site-packages/graminelibos/manifest.py", line 348, in __init__
    raise ManifestError('Unknown loader.entrypoint format (not a TOML table)')
graminelibos.manifest.ManifestError: Unknown loader.entrypoint format (not a TOML table)
�[0m
Removing intermediate container 0f4e73cf1f12
Failed to build a signed graminized Docker image `gsc-bash-test`.
@kailun-qin
Copy link
Contributor

kailun-qin commented Nov 13, 2024

@anjalirai-intel: Would you pls help double check if #225 resolves the issue? Thanks!

@anjalirai-intel
Copy link
Contributor Author

@kailun-qin I tested the PR #225 with Ubuntu 22.04 distro. No issue to report, gsc signing was successful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants