feat(raiko): make raiko-zk docker image (#374)

* update sp1 to 2.0.0 Signed-off-by: smtmfft <[email protected]> * feat(raiko): zk docker image build Signed-off-by: smtmfft <[email protected]> * add dockerfile Signed-off-by: smtmfft <[email protected]> * let dockerfile.zk print vk/image_id Signed-off-by: smtmfft <[email protected]> * update docker compose file Signed-off-by: smtmfft <[email protected]> * fmt build.sh Signed-off-by: smtmfft <[email protected]> * docker build sgx only Signed-off-by: smtmfft <[email protected]> * remove dockerfile reportvk/ iage_id Signed-off-by: smtmfft <[email protected]> * print vk/image_id after build Signed-off-by: smtmfft <[email protected]> --------- Signed-off-by: smtmfft <[email protected]>
taikoxyz · Sep 16, 2024 · 65ff9a4 · 65ff9a4
1 parent a250edf
commit 65ff9a4
Show file tree

Hide file tree

Showing 14 changed files with 303 additions and 152 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -20,3 +20,5 @@
 !/kzg_settings_raw.bin
 !/core
 !/tasks
+!/makefile
+!/script
diff --git a/.github/workflows/ci-sgx-docker.yml b/.github/workflows/ci-sgx-docker.yml
@@ -19,8 +19,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - name: Setup and build
+      - name: Setup and build sgx docker
         run: |
           cd docker
-          docker compose build --no-cache
+          docker compose build raiko --no-cache
         shell: bash
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Dockerfile.zk b/Dockerfile.zk
@@ -0,0 +1,58 @@
+FROM rust:1.79.0 as builder
+
+ENV DEBIAN_FRONTEND=noninteractive
+ARG BUILD_FLAGS=""
+
+RUN apt-get update && \
+    apt-get install -y \
+    build-essential \
+    cracklib-runtime \
+    jq \
+    clang \
+    sudo && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt/raiko
+# build related files
+COPY Cargo.lock Cargo.lock
+COPY Cargo.toml Cargo.toml
+COPY lib lib
+COPY provers provers
+COPY host host
+COPY pipeline pipeline
+COPY harness harness
+COPY rust-toolchain rust-toolchain
+COPY kzg_settings_raw.bin kzg_settings_raw.bin
+COPY core core
+COPY tasks tasks
+COPY makefile makefile
+COPY script script
+RUN ls -al > /tmp/file_list.txt
+RUN cat /tmp/file_list.txt
+
+ENV TARGET=risc0
+RUN mkdir -p ~/.cargo/bin
+RUN echo "Building for risc0"
+RUN make install
+RUN make guest
+RUN echo "Building for sp1"
+ENV TARGET=sp1
+RUN make install
+RUN make guest
+RUN cargo build --release ${BUILD_FLAGS} --features "sp1,risc0,bonsai-auto-scaling" --features "docker_build"
+
+RUN mkdir -p \
+    ./bin \
+    /etc/raiko \
+    /var/log/raiko \
+    /tmp/risc0-cache
+
+# copy to /etc/raiko, but if self register mode, the mounted one will overwrite it.
+RUN cp /opt/raiko/host/config/config.sgx.json /etc/raiko/
+RUN cp /opt/raiko/host/config/chain_spec_list_default.json /etc/raiko/chain_spec_list.docker.json
+RUN cp /opt/raiko/target/release/raiko-host ./bin/
+
+WORKDIR /opt/raiko/bin
+COPY ./docker/entrypoint.sh /opt/raiko/bin/
+ENTRYPOINT [ "/opt/raiko/bin/entrypoint.sh" ]
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -13,6 +13,8 @@ services:
       - /var/log/raiko:/var/log/raiko
       - ${HOME}/.config/gramine:/root/.config/gramine
       - ${HOME}/.config/raiko:/root/.config/raiko
+    environment:
+      - SGX=true
     # environment:
       # you can use your own PCCS host
       #- PCCS_HOST=host.docker.internal:8081
@@ -36,6 +38,7 @@ services:
       - ${HOME}/.config/raiko:/root/.config/raiko
       - ${HOME}/.config/raiko/config/config.sgx.json:/etc/raiko/config.sgx.json
     environment:
+      - SGX=true
       - SENDER_PRIV_KEY=${SENDER_PRIV_KEY}
       - L1_RPC=${L1_RPC}
       - L1_CHAIN_ID=${L1_CHAIN_ID}
@@ -63,6 +66,7 @@ services:
     ports:
       - "8080:8080"
     environment:
+      - SGX=true
       # Set to 0 (which is the default) to run on real hardware; use 1 for testing
       - SGX_DIRECT=${SGX_DIRECT}
       - SGX_INSTANCE_ID=${SGX_INSTANCE_ID}
@@ -102,6 +106,7 @@ services:
     environment:
       # you can use your own PCCS host
       # - PCCS_HOST=host.docker.internal:8081
+      - SGX=true
       - ETHEREUM_RPC=${ETHEREUM_RPC}
       - ETHEREUM_BEACON_RPC=${ETHEREUM_BEACON_RPC}
       - HOLESKY_RPC=${HOLESKY_RPC}
@@ -115,6 +120,36 @@ services:
     #  - "host.docker.internal:host-gateway"
     depends_on:
       - pccs
+  raiko-zk:
+    build:
+      context: ..
+      dockerfile: Dockerfile.zk
+    image: us-docker.pkg.dev/evmchain/images/raiko-zk:latest
+    container_name: raiko-zk
+    command: --config-path=/etc/raiko/config.sgx.json --chain-spec-path=/etc/raiko/chain_spec_list.docker.json
+    volumes:
+      - /var/log/raiko:/var/log/raiko
+    ports:
+      - "8081:8080"
+    environment:
+      # you can use your own PCCS host
+      # - PCCS_HOST=host.docker.internal:8081
+      - ZK=true
+      - ETHEREUM_RPC=${ETHEREUM_RPC}
+      - ETHEREUM_BEACON_RPC=${ETHEREUM_BEACON_RPC}
+      - HOLESKY_RPC=${HOLESKY_RPC}
+      - HOLESKY_BEACON_RPC=${HOLESKY_BEACON_RPC}
+      - TAIKO_A7_RPC=${TAIKO_A7_RPC}
+      - TAIKO_MAINNET_RPC=${TAIKO_MAINNET_RPC}
+      - L1_NETWORK=${L1_NETWORK}
+      - NETWORK=${NETWORK}
+      - BONSAI_API_KEY=${BONSAI_API_KEY}
+      - BONSAI_API_URL=${BONSAI_API_URL}
+      - MAX_BONSAI_GPU_NUM=15
+      - GROTH16_VERIFIER_RPC_URL=${GROTH16_VERIFIER_RPC_URL}
+      - GROTH16_VERIFIER_ADDRESS=${GROTH16_VERIFIER_ADDRESS}
+      - SP1_PRIVATE_KEY=${SP1_PRIVATE_KEY}
+      - SKIP_SIMULATION=true
   pccs:
     build:
       context: ..

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -134,33 +134,53 @@ if [[ -n $TEST ]]; then
     return 0
 fi
 
-sed -i "s/https:\/\/localhost:8081/https:\/\/${MY_PCCS_HOST}/g" /etc/sgx_default_qcnl.conf
-/restart_aesm.sh
+# sgx mode
+if [[ -n $SGX ]]; then
+    sed -i "s/https:\/\/localhost:8081/https:\/\/${MY_PCCS_HOST}/g" /etc/sgx_default_qcnl.conf
+    /restart_aesm.sh
+fi
 
 echo $#
-if [[ $# -eq 1 && $1 == "--init" ]]; then
-    echo "start bootstrap"
-    bootstrap
-elif [[ $# -eq 1 && $1 == "--init-self-register" ]]; then
-    echo "start bootstrap with self register"
-    bootstrap_with_self_register
-else
-    echo "start proving"
-    if [[ ! -f "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH" ]]; then
-        echo "Application was not bootstrapped. " \
-            "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH is missing. Bootstrap it first." >&2
-        exit 1
+if [[ -n $SGX ]]; then
+    if [[ $# -eq 1 && $1 == "--init" ]]; then
+        echo "start bootstrap"
+        bootstrap
+    elif [[ $# -eq 1 && $1 == "--init-self-register" ]]; then
+        echo "start bootstrap with self register"
+        bootstrap_with_self_register
+    else
+        echo "start proving"
+        if [[ ! -f "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH" ]]; then
+            echo "Application was not bootstrapped. " \
+                "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH is missing. Bootstrap it first." >&2
+            exit 1
+        fi
+
+        if [ ! -f $RAIKO_CONF_BASE_CONFIG ]; then
+            echo "$RAIKO_CONF_BASE_CONFIG file not found."
+            exit 1
+        fi
+
+        #update raiko server config
+        update_raiko_network $RAIKO_CONF_BASE_CONFIG
+        update_raiko_sgx_instance_id $RAIKO_CONF_BASE_CONFIG
+        update_docker_chain_specs $RAIKO_CONF_CHAIN_SPECS
+
+        /opt/raiko/bin/raiko-host "$@"
     fi
+fi
 
-    if [ ! -f $RAIKO_CONF_BASE_CONFIG ]; then
-        echo "$RAIKO_CONF_BASE_CONFIG file not found."
-        exit 1
-    fi
+if [[ -n $ZK ]]; then
+    echo "running raiko in zk mode"
+        if [ ! -f $RAIKO_CONF_BASE_CONFIG ]; then
+            echo "$RAIKO_CONF_BASE_CONFIG file not found."
+            exit 1
+        fi
 
-    #update raiko server config
-    update_raiko_network $RAIKO_CONF_BASE_CONFIG
-    update_raiko_sgx_instance_id $RAIKO_CONF_BASE_CONFIG
-    update_docker_chain_specs $RAIKO_CONF_CHAIN_SPECS
+        #update raiko server config
+        update_raiko_network $RAIKO_CONF_BASE_CONFIG
+        update_raiko_sgx_instance_id $RAIKO_CONF_BASE_CONFIG
+        update_docker_chain_specs $RAIKO_CONF_CHAIN_SPECS
 
-    /opt/raiko/bin/raiko-host "$@"
-fi
+        RUST_LOG=debug /opt/raiko/bin/raiko-host "$@"
+fi
diff --git a/makefile b/makefile
@@ -2,6 +2,10 @@
 install:
 	./script/install.sh $(TARGET)
 
+ # build guest binary only
+guest:
+	GUEST=1 ./script/build.sh $(TARGET) 
+
 build:
 	./script/build.sh $(TARGET) 
 

diff --git a/pipeline/Cargo.toml b/pipeline/Cargo.toml
@@ -7,7 +7,7 @@ edition = "2021"
 
 
 [dependencies]
-cargo_metadata = { workspace = true}
+cargo_metadata = { workspace = true }
 chrono = { workspace = true }
 cfg-if = { workspace = true }
 regex = { workspace = true }
@@ -16,7 +16,9 @@ anyhow = { workspace = true }
 dirs = { workspace = true }
 risc0-binfmt = { workspace = true, optional = true }
 pathdiff = { workspace = true, optional = true }
+hex = { workspace = true, optional = true }
+sp1-sdk = { workspace = true, optional = true }
 
 [features]
-risc0 = ["dep:risc0-binfmt", "dep:pathdiff"]
-sp1 = []
+risc0 = ["dep:risc0-binfmt", "dep:pathdiff", "dep:hex"]
+sp1 = ["dep:sp1-sdk"]
diff --git a/pipeline/src/executor.rs b/pipeline/src/executor.rs
@@ -72,6 +72,7 @@ impl Executor {
 
     #[cfg(feature = "sp1")]
     pub fn sp1_placement(&self, dest: &str) -> anyhow::Result<()> {
+        use sp1_sdk::{CpuProver, HashableKey, Prover};
         use std::fs;
 
         let root = crate::ROOT_DIR.get().expect("No reference to ROOT_DIR");
@@ -96,6 +97,10 @@ impl Executor {
             )?;
 
             println!("Write elf from\n {src:?}\nto\n {dest:?}");
+            let elf = std::fs::read(&dest.join(&name.replace('_', "-")))?;
+            let prover = CpuProver::new();
+            let key_pair = prover.setup(&elf);
+            println!("sp1 elf vk is: {}", key_pair.1.bytes32());
         }
 
         Ok(())

diff --git a/pipeline/src/risc0_util.rs b/pipeline/src/risc0_util.rs
@@ -28,6 +28,7 @@ impl GuestListEntry {
         let elf = std::fs::read(elf_path)?;
         let image_id = risc0_binfmt::compute_image_id(&elf)?;
 
+        println!("risc0 elf image id: {}", hex::encode(image_id.as_bytes()));
         Ok(Self {
             name: Cow::Owned(name.to_owned()),
             elf: Cow::Owned(elf),

diff --git a/provers/risc0/driver/src/lib.rs b/provers/risc0/driver/src/lib.rs
@@ -130,6 +130,7 @@ impl Prover for Risc0Prover {
 #[cfg(test)]
 mod test {
     use super::*;
+    use methods::risc0_guest::RISC0_GUEST_ID;
     use methods::test_risc0_guest::{TEST_RISC0_GUEST_ELF, TEST_RISC0_GUEST_ID};
     use risc0_zkvm::{default_prover, ExecutorEnv};
 
@@ -141,4 +142,13 @@ mod test {
         let receipt = prover.prove(env, TEST_RISC0_GUEST_ELF).unwrap();
         receipt.receipt.verify(TEST_RISC0_GUEST_ID).unwrap();
     }
+
+    #[ignore = "only to print image id for docker image build"]
+    #[test]
+    fn test_show_risc0_image_id() {
+        let image_id = RISC0_GUEST_ID
+            .map(|limp| hex::encode(limp.to_le_bytes()))
+            .concat();
+        println!("RISC0 IMAGE_ID: {}", image_id);
+    }
 }
diff --git a/provers/sp1/driver/src/lib.rs b/provers/sp1/driver/src/lib.rs
@@ -337,4 +337,12 @@ mod test {
             .verify(&proof, &vk)
             .expect("Sp1: verification failed");
     }
+
+    #[ignore = "This is for docker image build only"]
+    #[test]
+    fn test_show_sp1_elf_vk() {
+        let client = ProverClient::new();
+        let (_pk, vk) = client.setup(ELF);
+        println!("SP1 ELF VK: {:?}", vk.bytes32());
+    }
 }
diff --git a/provers/sp1/guest/elf/sp1-guest b/provers/sp1/guest/elf/sp1-guest