Docker related changes

g2flyer · mbrandenburger · commit ee471b61cd65 · 2020-03-03T18:21:53.000-07:00
* enable containers (and related scripts) to be optionally SGX_MODE aware and run in HW mode iff SGX_MODE=HW
* also some dockerfile cleanup

Signed-off-by: michael steiner &lt;michael.steiner@intel.com&gt;
diff --git a/.travis.yml b/.travis.yml
@@ -23,7 +23,7 @@ env:
     - SGX_MODE=SIM
     - SGX_SDK=/opt/intel/sgxsdk
     # SGX SSL
-    - OPENSSL=1.1.0j
+    - OPENSSL_VERSION=1.1.0j
     - SGXSSL_VERSION=v2.4.1
     - SGXSSL=/opt/intel/sgxssl
     # NANOPB
@@ -51,8 +51,8 @@ before_install:
   - chmod +x ${SGX_SDK_BIN}
   - sudo sh -c "echo 'yes' | ./${SGX_SDK_BIN}"; popd
   # SGX SSL
-  - pushd $HOME; git clone --branch $SGXSSL_VERSION https://github.com/intel/intel-sgx-ssl.git
-  - wget https://www.openssl.org/source/openssl-$OPENSSL.tar.gz; mv openssl-$OPENSSL.tar.gz intel-sgx-ssl/openssl_source
+  - pushd $HOME; git clone --branch ${SGXSSL_VERSION} https://github.com/intel/intel-sgx-ssl.git
+  - wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz; mv openssl-${OPENSSL_VERSION}.tar.gz intel-sgx-ssl/openssl_source
   - cd intel-sgx-ssl/Linux; make SGX_MODE=SIM DESTDIR=$SGXSSL all test
   - cd intel-sgx-ssl/Linux; make install; popd
   # NANOPB
diff --git a/demo/README.md b/demo/README.md
@@ -53,15 +53,20 @@ Below is the script's help text.
 ```
 startFPCAuctionNetwork.sh [options]
 
-   This script, by default, will teardown possible previous iterations of this demo, generate new
-   crypto material for the network, start an FPC network as defined in $FPC_PATH/utils/docker-compose,
-   install the mock golang auction chaincode($FPC_PATH/demo/chaincode/golang), install the FPC
-   compliant auction chaincode($FPC_PATH/demo/chaincode/fpc), register auction users, and bring up
-   both the fabric-gatway & frontend UI. If the fabric-gateway and frontend UI docker images have
-   not previously been built it will build them, otherwise the script will reuse the images already
-   existing. The FPC chaincode will not be built unless specified by the flag --build-cc.  
-   By calling the script with both build options, you will be able to run the demo without having
-   to build the whole FPC project (e.g., by calling `make` in $FPC_PATH).
+   This script, by default, will teardown possible previous iterations of this
+   demo, generate new crypto material for the network, start an FPC network as
+   defined in \$FPC_PATH/utils/docker-compose, install the mock golang auction
+   chaincode(\$FPC_PATH/demo/chaincode/golang), install the FPC compliant
+   auction chaincode(\$FPC_PATH/demo/chaincode/fpc), register auction users,
+   and bring up both the fabric-gatway & frontend UI.
+
+   If the fabric-gateway and frontend UI docker images have not previously been
+   built it will build them, otherwise the script will reuse the images already
+   existing.  You can force a rebuild, though, by specifying the flag
+   --build-client.  The FPC chaincode will not be built unless specified by the
+   flag --build-cc.  By calling the script with both build options, you will be
+   able to run the demo without having to build the whole FPC project (e.g., by
+   calling `make` in $FPC_PATH).
 
    options:
        --build-cc:
@@ -95,8 +100,10 @@ will delete all the unused volumes and chaincode images.
 
 ### Scripting
 
-To facilitate  demonstrations and also to help in testing, you can specify a scenario script defining the
-actions of the different parties and execute it using the command [scenario-run.sh](client/scripting/scenario-run.sh).  
+To facilitate demonstrations and also to help in testing, you can specify with a simple
+[DSL](client/scripting/lib/dsl.sh) a scenario script defining the
+actions of the different parties and execute it using the command
+[scenario-run.sh](client/scripting/scenario-run.sh).  
 Below is the script's help text.
 ```
 scenario-run.sh [--help|-h|-?] [--bootstrap|-b] [--dry-run|-d] [--non-interactive|-n] [--skip-delay|-s] [--mock-reset|-r] <script-file>
diff --git a/demo/chaincode/fpc/Makefile b/demo/chaincode/fpc/Makefile
@@ -28,9 +28,21 @@ build: $(BUILD_DIR)
 clean:
 	-rm -rf $(BUILD_DIR)
 
+
+HW_EXTENSION=$(shell if [ "${SGX_MODE}" = "HW" ]; then echo "-hw"; fi)
+
+FPC_DOCKER_NAMESPACE := hyperledger/fabric-private-chaincode
+FPC_DOCKER_CC_BUILDER_NAME = $(FPC_DOCKER_NAMESPACE)-cc-builder$(HW_EXTENSION)
+
 docker-build: clean
-	$(DOCKER) image inspect hyperledger/fabric-private-chaincode-cc-builder > /dev/null 2>&1 || { cd $(TOP)/utils/docker && make cc-builder; }
-	$(DOCKER) run -u $$(id -u):$$(id -g) -v ${PWD}:/project/src/github.com/hyperledger-labs/fabric-private-chaincode/demo/chaincode/fpc -w /project/src/github.com/hyperledger-labs/fabric-private-chaincode/demo/chaincode/fpc hyperledger/fabric-private-chaincode-cc-builder sh -c 'make build'
+	$(DOCKER) image inspect $(FPC_DOCKER_CC_BUILDER_NAME) > /dev/null 2>&1 \
+		|| { cd $(TOP)/utils/docker && make cc-builder; }
+	$(DOCKER) run \
+		-u $$(id -u):$$(id -g)\
+		-v ${PWD}:/project/src/github.com/hyperledger-labs/fabric-private-chaincode/demo/chaincode/fpc\
+		-w /project/src/github.com/hyperledger-labs/fabric-private-chaincode/demo/chaincode/fpc\
+		$(FPC_DOCKER_CC_BUILDER_NAME)\
+		sh -c 'make build'
 
 test: build
 	./test.sh
diff --git a/demo/client/frontend/Makefile b/demo/client/frontend/Makefile
@@ -66,7 +66,9 @@ public/img/users/c-mobile.svg:
 
 
 clobber:
+	RUNNING_IMAGE=$$(${DOCKER} ps -q --filter ancestor=${DOCKER_IMAGE}); \
+	if [ ! -z "$${RUNNING_IMAGE}" ]; then ${DOCKER} kill $${RUNNING_IMAGE}; fi
 	IMAGE=$$(${DOCKER} images ${DOCKER_IMAGE} -q); \
-	if [ ! -z "$${IMAGE}" ]; then ${DOCKER} rmi ${IMAGE}; fi
+	if [ ! -z "$${IMAGE}" ]; then ${DOCKER} rmi -f $${IMAGE}; fi
 	# make clobber in demo/ also would take care but better safe than sorry
 	-$(RM) $(AVATAR_FILES)
diff --git a/demo/client/scripting/Makefile b/demo/client/scripting/Makefile
@@ -14,7 +14,7 @@ ${GO_CMDS}: ${GO_CMDS:=.go}
 	$(GO) build $@.go
 
 test: build
-	./scenario-run.sh	--bootstrap --non-interactive ../../scenario/script
+	./scenario-run.sh --bootstrap --non-interactive ../../scenario/script
 
 clean: 
 	$(GO) $@
diff --git a/demo/scripts/startFPCAuctionNetwork.sh b/demo/scripts/startFPCAuctionNetwork.sh
@@ -11,24 +11,32 @@ set -e
 help(){
    echo "$(basename $0) [options]
 
-   This script, by default, will teardown possible previous iterations of this demo, generate new
-   crypto material for the network, start an FPC network as defined in \$FPC_PATH/utils/docker-compose,
-   install the mock golang auction chaincode(\$FPC_PATH/demo/chaincode/golang), install the FPC
-   compliant auction chaincode(\$FPC_PATH/demo/chaincode/fpc), register auction users, and bring up
-   both the fabric-gatway & frontend UI. If the fabric-gateway and frontend UI docker images have
-   not previously been built it will build them, otherwise the script will reuse the images already
-   existing. The FPC chaincode will not be built unless specified by the flag --build-cc.
+   This script, by default, will teardown possible previous iterations of this
+   demo, generate new crypto material for the network, start an FPC network as
+   defined in \$FPC_PATH/utils/docker-compose, install the mock golang auction
+   chaincode(\$FPC_PATH/demo/chaincode/golang), install the FPC compliant
+   auction chaincode(\$FPC_PATH/demo/chaincode/fpc), register auction users,
+   and bring up both the fabric-gatway & frontend UI.
+
+   If the fabric-gateway and frontend UI docker images have not previously been
+   built it will build them, otherwise the script will reuse the images already
+   existing.  You can force a rebuild, though, by specifying the flag
+   --build-client.  The FPC chaincode will not be built unless specified by the
+   flag --build-cc.  By calling the script with both build options, you will be
+   able to run the demo without having to build the whole FPC project (e.g., by
+   calling 'make' in \$FPC_PATH).
 
    options:
        --build-cc:
-           As part of bringing up the demo components, the auction cc in demo/chaincode/fpc will
-           be rebuilt using the docker-build make target.
+           As part of bringing up the demo components, the auction cc in
+           demo/chaincode/fpc will be rebuilt using the docker-build make target.
        --build-client:
-           As part of bringing up the demo components, the Fabric Gateway and the UI docker images
-           will be built or rebuilt using current source code.
+           As part of bringing up the demo components, the Fabric Gateway and
+           the UI docker images will be built or rebuilt using current source
+           code.
        --help,-h:
            Print this help screen.
-    "
+"
 }
 
 
@@ -75,7 +83,7 @@ if $BUILD_CHAINCODE; then
     echo ""
     echo "Building FPC Auction Chaincode"
     pushd ${DEMO_ROOT}/chaincode/fpc
-        make docker-build
+        make SGX_MODE=${SGX_MODE} docker-build
     popd
 fi
 
diff --git a/ecc/Dockerfile.boilerplate-ecc b/ecc/Dockerfile.boilerplate-ecc
@@ -8,6 +8,14 @@ ARG CC_NAME="ecc"
 ARG CC_PATH="/usr/local/bin"
 ARG CC_LIB_PATH=${CC_PATH}"/enclave/lib"
 
+ARG SGX_MODE
+ENV SGX_MODE=${SGX_MODE}
+# Note: the library copied below is SGX_MODE dependent, so we
+# define here a env which makes it easy recognizable which mode
+# the container is. No default, though, as we do not control
+# the build and rely on a proper value provided from outside.
+
+
 RUN mkdir -p ${CC_LIB_PATH}
 
 ENV SGX_SDK=/opt/intel/sgxsdk
diff --git a/ecc/Dockerfile.fpc-app b/ecc/Dockerfile.fpc-app
@@ -2,7 +2,9 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-FROM hyperledger/fabric-private-chaincode-boilerplate-ecc
+ARG BOILERPLATE_EXTENSION
+
+FROM hyperledger/fabric-private-chaincode-boilerplate-ecc${BOILERPLATE_EXTENSION}
 
 ARG enclave_so_path
 ARG CC_PATH="/usr/local/bin"
diff --git a/ecc/Makefile b/ecc/Makefile
@@ -16,7 +16,8 @@ VSCC_OUT = ecc-vscc.so
 DOCKER_CONTAINER_ID?=$$(docker ps | grep -- ${NET_ID}-${PEER_ID}-$(CC_NAME)- | awk '{print $$1;}')
 # the following are the required docker build parameters
 DOCKER_IMAGE ?= $$(docker images | grep -- ${NET_ID}-${PEER_ID}-$(CC_NAME)- | awk '{print $$1;}')
-DOCKER_BOILERPLATE_ECC_IMAGE ?= hyperledger/$(PROJECT_NAME)-boilerplate-ecc
+BOILERPLATE_EXTENSION=$(shell if [ "${SGX_MODE}" = "HW" ]; then echo "-hw"; fi)
+DOCKER_BOILERPLATE_ECC_IMAGE ?= hyperledger/$(PROJECT_NAME)-boilerplate-ecc$(BOILERPLATE_EXTENSION)
 INSTALLED_DOCKER_BOILERPLATE_ECC_IMAGE ?= $$(docker images | grep -- ${DOCKER_BOILERPLATE_ECC_IMAGE} | awk '{print $$1;}')
 DOCKER_ENCLAVE_SO_PATH ?= $(ENCLAVE_SO_PATH)
 
@@ -71,21 +72,29 @@ ifdef FORCE_REBUILD
 endif
 
 docker-boilerplate-ecc: ecc
-	$(DOCKER) build $(DOCKER_BUILD_OPTS) -t $(DOCKER_BOILERPLATE_ECC_IMAGE) -f Dockerfile.boilerplate-ecc ..
+	$(DOCKER) build $(DOCKER_BUILD_OPTS) -t $(DOCKER_BOILERPLATE_ECC_IMAGE) -f Dockerfile.boilerplate-ecc\
+		--build-arg SGX_MODE=$(SGX_MODE)\
+		..
 
 docker-fpc-app: docker-boilerplate-ecc
 	if [ -z "$(DOCKER_IMAGE)" ]; then\
 		echo "\033[0;31mERROR: cannot override $(CC_NAME) docker image - not found\033[0m";\
 		exit 1;\
 	fi
 	echo "\033[1;33mWARNING: overriding $(DOCKER_IMAGE) docker image\033[0m"
-	$(DOCKER) build $(DOCKER_BUILD_OPTS) -t $(DOCKER_IMAGE) -f Dockerfile.fpc-app --build-arg enclave_so_path=$(DOCKER_ENCLAVE_SO_PATH) ..
+	$(DOCKER) build $(DOCKER_BUILD_OPTS) -t $(DOCKER_IMAGE) -f Dockerfile.fpc-app \
+		--build-arg BOILERPLATE_EXTENSION=$(BOILERPLATE_EXTENSION)\
+		--build-arg enclave_so_path=$(DOCKER_ENCLAVE_SO_PATH)\
+		..
 
 docker-run:
+	if [ "$(SGX_MODE)" = "HW" ]; then \
+		SGX_DEVICE_PATH=$(if [ -e "/dev/isgx" ]; then echo "/dev/isgx"; elif [ -e "/dev/sgx" ]; then echo "/dev/sgx"; else echo "ERROR: NO SGX DEVICE FOUND"; fi);\
+		DOCKER_SGX_ARGS="--device $${SGX_DEVICE_PATH} -v /var/run/aesmd:/var/run/aesmd";\
+	fi;\
 	$(DOCKER) run \
 		-it \
-		--device /dev/isgx \
-		-v /var/run/aesmd:/var/run/aesmd \
+		$${DOCKER_SGX_ARGS} \	
 		--name $(CC_NAME) \
 		-e "CORE_CHAINCODE_LOGGING_LEVEL=DEBUG" \
 		-e "CORE_CHAINCODE_LOGGING_SHIM=INFO" \
diff --git a/fabric/bin/peer.sh b/fabric/bin/peer.sh
@@ -10,6 +10,7 @@ FPC_TOP_DIR="${SCRIPTDIR}/../../"
 FABRIC_SCRIPTDIR="${FPC_TOP_DIR}/fabric/bin/"
 
 : ${FABRIC_CFG_PATH:=$(pwd)}
+: ${SGX_MODE:=SIM}
 
 . ${FABRIC_SCRIPTDIR}/lib/common_utils.sh
 . ${FABRIC_SCRIPTDIR}/lib/common_ledger.sh
@@ -69,7 +70,7 @@ handle_chaincode_install() {
 	DOCKER_IMAGE_NAME=$(${FPC_DOCKER_NAME_CMD} --cc-name ${FPC_NAME} --cc-version ${CC_VERSION} --net-id ${NET_ID} --peer-id ${PEER_ID}) || die "could not get docker image name"
 
 	# install docker
-	try make ENCLAVE_SO_PATH=${CC_ENCLAVESOPATH} DOCKER_IMAGE=${DOCKER_IMAGE_NAME} -C ${FPC_TOP_DIR}/ecc docker-fpc-app
+	try make SGX_MODE=${SGX_MODE} ENCLAVE_SO_PATH=${CC_ENCLAVESOPATH} DOCKER_IMAGE=${DOCKER_IMAGE_NAME} -C ${FPC_TOP_DIR}/ecc docker-fpc-app
 
 	# eplace path and lang arg with dummy go chaincode
 	ARGS_EXEC=( 'chaincode' 'install' '-n' "${FPC_NAME}" '-v' "${CC_VERSION}" '-p' 'github.com/hyperledger/fabric/examples/chaincode/go/example02/cmd' "${OTHER_ARGS[@]}" )
diff --git a/utils/docker-compose/README.md b/utils/docker-compose/README.md
@@ -33,6 +33,8 @@ is used. Otherwise it will use `core.yaml` and the regular peer image.
    ```
    This will create all necessary installation artifacts and start the
    network. 
+   If your environment variable `SGX_MODE` is set to hardware, the network will run
+   the peer also with SGX hardware mode enabled, otherwise it will run in SGX simulation mode.
    If you set the environment variable `USE_EXPLORER` to `true`, the network will include
    and start the [Hyperledger Explorer](https://www.hyperledger.org/projects/explorer) on 
    [port 8090](http://localhost:8090). This will enable you to inspect the networks, 
diff --git a/utils/docker-compose/network-config/base/base.yaml b/utils/docker-compose/network-config/base/base.yaml
@@ -16,7 +16,7 @@
 #                          `/project/src/github.com/hyperledger-labs/fabric-private-chaincode/fabric/bin/peer.sh`
 
 #
-version: '2'
+version: '2.1'
 
 services:
   peer-base:
diff --git a/utils/docker-compose/network-config/docker-compose-couchdb.yml b/utils/docker-compose/network-config/docker-compose-couchdb.yml
@@ -4,7 +4,7 @@
 #
 # docker-compose-"delta" to docker-compose.yaml to run peer with couchdb
 
-version: '2'
+version: '2.1'
 
 services:
   couchdb0.org1.example.com:
diff --git a/utils/docker-compose/network-config/docker-compose-explorer.yml b/utils/docker-compose/network-config/docker-compose-explorer.yml
@@ -4,7 +4,7 @@
 # Note: this is a tweaked version of './docker-compose.yaml' in hyperledger/blockchain-explorer.git
 
 # SPDX-License-Identifier: Apache-2.0
-version: '2'
+version: '2.1'
 
 volumes:
   pgdata:
diff --git a/utils/docker-compose/network-config/docker-compose-sgx-hw.yml b/utils/docker-compose/network-config/docker-compose-sgx-hw.yml
@@ -0,0 +1,24 @@
+# Copyright Intel Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# docker-compose-"delta" to docker-compose.yaml to run peer with SGX in HW Mode
+
+version: '2.1'
+
+services:
+  peer0.org1.example.com:
+  # ideally we would extend the definition of 'peer-base:' but alas docker-compose
+  # doesn't propagate this to services which 'extend' from peer-base :-(
+    image: hyperledger/fabric-peer-fpc-hw
+    # build:
+    #   args:
+    #     SGX_MODE: HW
+    volumes:
+      - ${SGX_CONFIG_ROOT:-../../../config/ias/}:/project/src/github.com/hyperledger-labs/fabric-private-chaincode/config/ias/
+      - /var/run/aesmd:/var/run/aesmd
+    devices:
+      - ${SGX_DEVICE_PATH:-/dev/isgx}:${SGX_DEVICE_PATH:-/dev/isgx}
+    environment:
+      - SGX_MODE=HW
+
diff --git a/utils/docker-compose/network-config/docker-compose.yml b/utils/docker-compose/network-config/docker-compose.yml
@@ -20,7 +20,7 @@
 #
 #
 #
-version: '2'
+version: '2.1'
 
 networks:
   basic:
diff --git a/utils/docker-compose/scripts/lib/common.sh b/utils/docker-compose/scripts/lib/common.sh
@@ -10,6 +10,10 @@ export PATH=${SCRIPT_DIR}/../bin:${PWD}:$PATH
 export FABRIC_CFG_PATH=${SCRIPT_DIR}/../network-config
 export FPC_PATH="${FPC_PATH:-${SCRIPT_DIR}/../../..}"
 
+# SGX mode: make sure it is set so we consistently use the same value also when we call make
+# Note: make might define in config*.mk its own value without necessarily it being an env variable
+export SGX_MODE=${SGX_MODE:=SIM}
+
 # Variables which we allow the caller override ..
 export FABRIC_VERSION=${FABRIC_VERSION:=1.4.3}
 export CHANNEL_NAME=${CHANNEL_NAME:=mychannel}
@@ -21,6 +25,7 @@ export MSYS_NO_PATHCONV=1
 
 # defaults for services used
 export USE_FPC=${USE_FPC:=true} 
+export USE_SGX_HW=$(if [ "${SGX_MODE}" = "HW" ]; then echo true; else echo false; fi)
 export USE_COUCHDB=${USE_COUCHDB:=false} 
 export USE_EXPLORER=${USE_EXPLORER:=false} 
 
@@ -40,10 +45,15 @@ export COMPOSE_PROJECT_NAME="fabric$(echo ${FPC_CONFIG} | sed 's/[^a-zA-Z0-9]//g
 
 export DOCKER_COMPOSE_CMD="docker-compose"
 export DOCKER_COMPOSE_OPTS="${DOCKER_COMPOSE_OPTS:+${DOCKER_COMPOSE_OPTS} }-f ${NETWORK_CONFIG}/docker-compose.yml"
-if $USE_COUCHDB; then
+if ${USE_COUCHDB}; then
 	export DOCKER_COMPOSE_OPTS="${DOCKER_COMPOSE_OPTS} -f ${NETWORK_CONFIG}/docker-compose-couchdb.yml"
 fi
-if $USE_EXPLORER; then
+if ${USE_EXPLORER}; then
 	export DOCKER_COMPOSE_OPTS="${DOCKER_COMPOSE_OPTS} -f ${NETWORK_CONFIG}/docker-compose-explorer.yml"
 fi
+if ${USE_SGX_HW}; then
+	SGX_DEVICE_PATH=$(if [ -e "/dev/isgx" ]; then echo "/dev/isgx"; elif [ -e "/dev/sgx" ]; then echo "/dev/sgx"; else echo "ERROR: NO SGX DEVICE FOUND"; fi)
+	export DOCKER_COMPOSE_CMD="env SGX_DEVICE_PATH=${SGX_DEVICE_PATH} SGX_CONFIG_ROOT="${FPC_PATH}/config/ias" ${DOCKER_COMPOSE_CMD}"
+	export DOCKER_COMPOSE_OPTS="${DOCKER_COMPOSE_OPTS} -f ${NETWORK_CONFIG}/docker-compose-sgx-hw.yml"
+fi
 export DOCKER_COMPOSE="${DOCKER_COMPOSE_CMD} ${DOCKER_COMPOSE_OPTS}"
diff --git a/utils/docker-compose/scripts/start.sh b/utils/docker-compose/scripts/start.sh
@@ -16,26 +16,26 @@ export SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && p
 #
 if [[ ! $USE_FPC = false ]]; then
     # - existance of FPC peer
-    FPC_PEER_NAME="hyperledger/fabric-peer-fpc"
+    FPC_PEER_NAME="hyperledger/fabric-peer-fpc$(if [ "${SGX_MODE}" = "HW" ]; then echo "-hw"; fi)" 
     if [ -z "$(docker images | grep ${FPC_PEER_NAME})" ]; then
 	echo "FPC peer container image '${FPC_PEER_NAME}' does not exist, try to build it ..."
 	# if it doesn't exist, build it: note this can take quite some time!!
 	pushd "${FPC_PATH}/utils/docker" || die "can't go to peer build location"
-	make peer || die "can't build peer"
+	make SGX_MODE=${SGX_MODE} peer || die "can't build peer"
 	popd
     fi
     # - existance of boilerplate
-    BOILERPLATE_NAME="hyperledger/fabric-private-chaincode-boilerplate-ecc"
+    BOILERPLATE_NAME="hyperledger/fabric-private-chaincode-boilerplate-ecc$(if [ "${SGX_MODE}" = "HW" ]; then echo "-hw"; fi)"
     if [ -z "$(docker images | grep ${BOILERPLATE_NAME})" ]; then
 	echo "FPC boilerplate container image '${BOILERPLATE_NAME}' does not exist, try to build it ..."
 	pushd "${FPC_PATH}/" || die "can't go to fpc-sdk and boilerplate build location"
-	make fpc-sdk || die "can't build fpc sdk"
+	make SGX_MODE=${SGX_MODE} fpc-sdk || die "can't build fpc sdk"
 	popd
 	pushd "${FPC_PATH}/utils/docker" || die "can't go to docker build location"
-	make || die "can't build docker base images"
+	make SGX_MODE=${SGX_MODE} || die "can't build docker base images"
 	popd
 	pushd "${FPC_PATH}/ecc" || die "can't go to fpc-sdk and boilerplate build location"
-	make docker-boilerplate-ecc || die "can't build boilerplate"
+	make SGX_MODE=${SGX_MODE} docker-boilerplate-ecc || die "can't build boilerplate"
 	popd
     fi
 fi
diff --git a/utils/docker/Makefile b/utils/docker/Makefile
diff --git a/utils/docker/base/Dockerfile b/utils/docker/base/Dockerfile
diff --git a/utils/docker/cc-builder/Dockerfile b/utils/docker/cc-builder/Dockerfile
diff --git a/utils/docker/dev/Dockerfile b/utils/docker/dev/Dockerfile
diff --git a/utils/docker/peer/Dockerfile b/utils/docker/peer/Dockerfile

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,9 @@`
`2`	`2`	`#`
`3`	`3`	`# SPDX-License-Identifier: Apache-2.0`
`4`	`4`
`5`		`-FROM hyperledger/fabric-private-chaincode-boilerplate-ecc`
	`5`	`+ARG BOILERPLATE_EXTENSION`
	`6`	`+`
	`7`	`+FROM hyperledger/fabric-private-chaincode-boilerplate-ecc${BOILERPLATE_EXTENSION}`
`6`	`8`
`7`	`9`	`ARG enclave_so_path`
`8`	`10`	`ARG CC_PATH="/usr/local/bin"`