Fix: use pre-package version of Gramine for Ubuntu

Cosmian · Apr 3, 2024 · 47f80e1 · 47f80e1
1 parent 4766a8d
commit 47f80e1
Showing 1 changed file with 8 additions and 65 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,52 +1,3 @@
-FROM ubuntu:22.04 as gramine-build
-USER root
-ENV DEBIAN_FRONTEND=noninteractive
-ENV TS=Etc/UTC
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
-
-WORKDIR /root
-RUN echo 'APT::Install-Suggests "0";' >> /etc/apt/apt.conf.d/00-docker
-RUN echo 'APT::Install-Recommends "0";' >> /etc/apt/apt.conf.d/00-docker
-
-ARG KERNEL_VERSION=6.2.0-39-generic
-
-RUN apt-get update && apt-get upgrade -y && apt-get install -y \
-    git \
-    build-essential \
-    protobuf-compiler \
-    libprotobuf-dev \
-    libprotobuf-c-dev \
-    protobuf-c-compiler \
-    autoconf \
-    bison \
-    gawk \
-    nasm \
-    ninja-build \
-    meson \
-    pkg-config \
-    python3 \
-    python3-pip \
-    python3-cryptography \
-    python3-click \
-    python3-jinja2 \
-    python3-protobuf \
-    python3-pyelftools \
-    python3-tomli \
-    python3-tomli-w \
-    wget \
-    linux-headers-$KERNEL_VERSION && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-RUN git clone https://github.com/gramineproject/gramine
-RUN cd gramine/ && git checkout 0bea67b7b7c00ce351d8f308268c6a6979996d8c && \
-    meson setup build/ --buildtype=release \
-        -Ddirect=enabled \
-        -Dsgx=enabled \
-        -Dsgx_driver_include_path=/usr/src/linux-headers-$KERNEL_VERSION/arch/x86/include/uapi && \
-    ninja -C build/ && \
-    ninja -C build/ install
-
 FROM ubuntu:22.04
 
 USER root
@@ -60,38 +11,29 @@ ENV PYTHONUNBUFFERED 1
 
 RUN echo 'APT::Install-Suggests "0";' >> /etc/apt/apt.conf.d/00-docker
 RUN echo 'APT::Install-Recommends "0";' >> /etc/apt/apt.conf.d/00-docker
-RUN apt-get update && apt-get upgrade -y && apt-get install -y \
+RUN apt-get update && apt-get install -y \
     git \
     build-essential \
     pkg-config \
     curl \
-    libprotobuf-dev \
-    libprotobuf-c-dev \
-    protobuf-c-compiler \
     python3 \
     python3-pip \
     python3-venv \
-    python3-cryptography \
-    python3-click \
-    python3-jinja2 \
-    python3-protobuf \
-    python3-pyelftools \
-    python3-tomli \
-    python3-tomli-w \
     gnupg \
     ca-certificates \
     curl \
     tzdata \
     wget && \
     rm -rf /var/lib/apt/lists/*
 
-COPY --from=gramine-build /usr/local/bin/gramine-* /usr/local/bin/
-COPY --from=gramine-build /usr/local/lib/python3.10/dist-packages/graminelibos  /usr/local/lib/python3.10/dist-packages/graminelibos
-COPY --from=gramine-build /usr/local/lib/x86_64-linux-gnu/gramine/ /usr/local/lib/x86_64-linux-gnu/gramine/
-
 # Ubuntu focal-security repository
 RUN echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list.d/focal-security.list
 
+# Gramine APT repository
+RUN curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg && \
+    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ jammy main" \
+    | tee /etc/apt/sources.list.d/gramine.list
+
 # Intel SGX APT repository
 RUN curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key && \
     echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
@@ -113,7 +55,8 @@ RUN apt-get update && apt-get install -y \
     libssl1.1 \
     az-dcap-client \
     sgx-aesm-service \
-    libsgx-aesm-quote-ex-plugin && \
+    libsgx-aesm-quote-ex-plugin \
+    gramine && \
     rm -rf /var/lib/apt/lists/*
 
 WORKDIR /opt/intel