consolidate sgx targets/dependencies and use the sgx_ prefix consiste…

…ntly; check definitions of PDO_ENCLAVE_CODE_SIGN_PEM and PDO_SGX_KEY_ROOT at build time; add user-friendly logs and error logs Signed-off-by: Bruno Vavala <[email protected]>
hyperledger-labs · Mar 25, 2024 · 496a400 · 496a400
1 parent 257d7d0
commit 496a400
Showing 1 changed file with 22 additions and 10 deletions.
diff --git a/docker/Makefile b/docker/Makefile
@@ -71,7 +71,7 @@ build_% : repository
 		--tag pdo_$*:$(PDO_VERSION) \
 		--file '$(DOCKER_DIR)'/pdo_$*.dockerfile .
 
-build_sgx_services : repository
+sgx_build_services : repository build_services_base
 	docker build $(DOCKER_ARGS) \
         --build-arg PDO_VERSION=$(PDO_VERSION) \
         --build-arg SGX_MODE=HW \
@@ -84,8 +84,6 @@ build_services: build_services_base
 build_services_base: build_base
 build_ccf: build_ccf_base
 
-build_sgx_services: build_services_base
-
 clean_% :
 	docker rmi -f pdo_$*:$(PDO_VERSION)
 
@@ -123,9 +121,20 @@ stop_client :
 repository :
 	# if an enclave signing key is available on the host, copy that under build/keys in the repo
 	# Note: the docker build (see PDO_ENCLAVE_CODE_SIGN_PEM in environment.sh) expects the key there
-	[ ! -e ${PDO_ENCLAVE_CODE_SIGN_PEM} ] ||\
-		(test ${PDO_ENCLAVE_CODE_SIGN_PEM} -ef ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem || \
-		cp ${PDO_ENCLAVE_CODE_SIGN_PEM} ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem)
+	if [ ! -z "${PDO_ENCLAVE_CODE_SIGN_PEM}" ]; then \
+		if [ -z "${PDO_SGX_KEY_ROOT}" ]; then \
+			echo "Error: PDO_SGX_KEY_ROOT not defined; check environment variables"; exit 1; \
+		fi ;\
+		if [ -e ${PDO_ENCLAVE_CODE_SIGN_PEM} ]; then \
+			echo "Enclave code signing key: using ${PDO_ENCLAVE_CODE_SIGN_PEM}"; \
+			(test ${PDO_ENCLAVE_CODE_SIGN_PEM} -ef ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem || \
+			cp ${PDO_ENCLAVE_CODE_SIGN_PEM} ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem); \
+		else \
+			echo "Enclave code signing key: unavailable, a new one will be generated"; \
+		fi \
+	else \
+		echo "Enclave code signing key: PDO_ENCLAVE_CODE_SIGN_PEM undefined, a new one will be generated"; \
+	fi
 	# clone the repo
 	git clone --single-branch --branch $(PDO_BRANCH) --recurse-submodules '$(PDO_REPO)' repository
 
@@ -163,13 +172,16 @@ test : clean_config clean_repository build_test stop_all
 	PDO_VERSION=$(PDO_VERSION) docker-compose $(TEST_FILES) up --abort-on-container-exit
 	PDO_VERSION=$(PDO_VERSION) docker-compose $(TEST_FILES) down
 
-sgx_build_test : repository build_sgx_services build_ccf build_client
+sgx_build_test : repository sgx_build_services build_ccf build_client
 
 sgx_keys :
 	# test for key availability and make keys available to the container through xfer
-	test -f ${PDO_SGX_KEY_ROOT}/sgx_spid_api_key.txt
-	test -f ${PDO_SGX_KEY_ROOT}/sgx_spid.txt
-	test -f ${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem
+	if [ -z "${PDO_SGX_KEY_ROOT}" ]; then \
+		echo "Error: PDO_SGX_KEY_ROOT not defined; check environment variables"; exit 1; \
+	fi
+	test -f ${PDO_SGX_KEY_ROOT}/sgx_spid_api_key.txt || (echo "Error: check SGX collateral"; exit 1)
+	test -f ${PDO_SGX_KEY_ROOT}/sgx_spid.txt || (echo "Error: check SGX collateral"; exit 1)
+	test -f ${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem || (echo "Error: check SGX collateral"; exit 1)
 	cp ${PDO_SGX_KEY_ROOT}/* '$(DOCKER_DIR)'/xfer/services/keys/sgx/
 
 sgx_test : clean_config clean_repository sgx_build_test stop_all sgx_keys