Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sample/quote: Add Makefile and README #71

Merged
merged 1 commit into from
Dec 12, 2023
Merged

sample/quote: Add Makefile and README #71

merged 1 commit into from
Dec 12, 2023

Conversation

binxing
Copy link
Contributor

@binxing binxing commented Dec 7, 2023

No description provided.

@binxing binxing added this to the 0.1.x milestone Dec 7, 2023
@binxing binxing requested review from xxu36 and xiangquanliu December 7, 2023 07:32
@binxing binxing force-pushed the pr/bxing/sample_quote branch from 50e132d to 6b330e4 Compare December 7, 2023 07:36
xiangquanliu
xiangquanliu reviewed Dec 7, 2023
View reviewed changes
samples/quote/Makefile Outdated

server.json: server/Dockerfile signer.pem signer.cer | .acon/
$(DOCKER) build -t sampleserver -f $< $(PWD)/../..
$(ACONCLI) generate -i sampleserver $@
Copy link
Contributor

@xiangquanliu xiangquanliu Dec 7, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember that "writableFS" in the manifest needs to be changed to "true".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does quote_server need to write disk files? If no, then we don't need writable FS.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. Seems there is a bug of acond.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@binxing, is /run/user/0 a must directory for readonly file system?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/run is a separate tmpfs mount that shouldn't be affected by writableFS.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean /run/user/*, not /run.

xiangquanliu
xiangquanliu reviewed Dec 7, 2023
View reviewed changes
samples/quote/README.md Outdated
- The server must be started first, by

```sh
TCP_PORT=5555 ATD=1 ATD_KERNEL=/path/to/vmlinuz ATD_RD=/path/to/initrd.img aconcli run -ni -c:$TCP_PORT server.json
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it need a TCP port mapping between server and client?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right! Which port?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xxu36 and @xiangquanliu, I added ATD_TCPFWD=8080:8085. Let me know if I'm wrong.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's right.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, currently we are using this mapping

@binxing binxing force-pushed the pr/bxing/sample_quote branch 5 times, most recently from 5399f2f to 6ae42f0 Compare December 7, 2023 19:51
xiangquanliu
xiangquanliu reviewed Dec 12, 2023
View reviewed changes
samples/quote/Makefile Outdated
$(OPENSSL) req -x509 -sha384 -key $< -out $@ -outform der -subj /CN=self-signed-$<

client/sampleclient:
$(GO) -C $(@D) build -v
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it is better to build a static linked binary. For example, to build it in development environment and test in EMR environment - may cause link errors.

@binxing binxing force-pushed the pr/bxing/sample_quote branch from 6ae42f0 to d7f6407 Compare December 12, 2023 05:22
@binxing binxing merged commit 596c632 into intel:main Dec 12, 2023
5 checks passed
@binxing binxing deleted the pr/bxing/sample_quote branch January 18, 2024 05:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xiangquanliu xiangquanliu xiangquanliu left review comments

@xxu36 xxu36 xxu36 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.1.x
Development

Successfully merging this pull request may close these issues.
3 participants
@binxing @xxu36 @xiangquanliu