Merge pull request #2 from mohamed-arm/mohamed_parsec_docker

gbryant-arm · web-flow · commit 1b48cea8c1b9 · 2024-02-07T17:04:55.000Z
Add Dockerfile to build parsec-tool
diff --git a/docker/1000-use-local-parsec-client.patch b/docker/1000-use-local-parsec-client.patch
@@ -0,0 +1,13 @@
+diff --git a/Cargo.toml b/Cargo.toml
+index 488b688..a8cec81 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -13,7 +13,7 @@ documentation = "https://docs.rs/crate/parsec-tool"
+ rust-version = "1.66.0"
+ 
+ [dependencies]
+-parsec-client = "0.16.0"
++parsec-client = { git = "https://github.com/mohamed-arm/parsec-client.git" }
+ structopt = { version = "0.3.17", default-features = false }
+ thiserror = "1.0.20"
+ env_logger = "0.10.0"
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -0,0 +1,90 @@
+# docker image for developing and testing DPU provisioning
+#
+# AUTHORS
+#
+# The Veracruz Development Team.
+from ${DOCKER_ARCH}golang:1.19 AS go_builder
+
+RUN set -eux; \
+    echo "iteration 0"; \
+    git clone https://github.com/veracruz-project/proxy_attestation_server.git --branch main --tags ; \
+    cd proxy_attestation_server; \
+    git checkout v0.2.1; \
+    go build -o ./vts/vts -ldflags "-X 'github.com/veraison/services/config.SchemeLoader=builtin'" github.com/veraison/services/vts/cmd/vts-service; \
+    go build -o ./provisioning/provisioning -ldflags "-X 'github.com/veraison/services/config.SchemeLoader=builtin'" github.com/veraison/services/provisioning/cmd/provisioning-service; \
+    go build .; \
+    ls
+
+from ${DOCKER_ARCH}golang:1.19 AS corim_builder
+
+RUN set -eux; \
+    go install github.com/veraison/corim/cocli@latest
+
+COPY MyComidPsaIak.json /go/
+COPY corimMini.json /go/
+RUN cocli comid create --template MyComidPsaIak.json
+RUN cocli corim create -m MyComidPsaIak.cbor -t corimMini.json -o psa_corim.cbor
+
+FROM ${DOCKER_ARCH}ubuntu:22.04
+
+ARG VERSION="latest"
+
+ARG USER=root
+
+# Update package lists and install necessary dependencies
+RUN apt-get update && \
+    apt-get install -y wget curl vim && \
+    apt-get clean
+
+
+ENV RUSTUP_HOME=/usr/local/rustup \
+     CARGO_HOME=/usr/local/cargo \
+     PATH=/usr/local/cargo/bin:$PATH \
+     RUST_VERSION=1.70.0
+
+ RUN set -eux; \
+     dpkgArch="$(dpkg --print-architecture)"; \
+     case "${dpkgArch##*-}" in \
+         amd64) rustArch='x86_64-unknown-linux-gnu'; rustupSha256='3dc5ef50861ee18657f9db2eeb7392f9c2a6c95c90ab41e45ab4ca71476b4338' ;; \
+         arm64) rustArch='aarch64-unknown-linux-gnu'; rustupSha256='32a1532f7cef072a667bac53f1a5542c99666c4071af0c9549795bbdb2069ec1' ;; \
+         *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
+     esac; \
+     url="https://static.rust-lang.org/rustup/archive/1.24.3/${rustArch}/rustup-init"; \
+     wget "$url"; \
+     echo "${rustupSha256} *rustup-init" | sha256sum -c -; \
+     chmod +x rustup-init; \
+     ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION --default-host ${rustArch}; \
+     rm rustup-init; \
+     rm -rf /usr/local/cargo/registry/*/github.com-* 
+
+
+COPY 1000-use-local-parsec-client.patch /
+
+USER root
+RUN mkdir -p ~/src ; \
+    git clone https://github.com/parallaxsecond/parsec-tool.git ~/src/parsec-tool; \
+    cd  ~/src/parsec-tool; \
+    git apply /1000-use-local-parsec-client.patch; \
+    rustup install stable; \
+    rustup default stable; \
+    cd ~/src/parsec-tool; \
+    cargo build; \
+    mkdir -p /tmp/dpu; \
+    cp ~/src/parsec-tool/target/debug/parsec-tool /tmp/dpu/parsec_app; \
+    rm -r ~/src/parsec-tool;
+
+RUN mkdir /opt/veraison/; \
+    mkdir /opt/veraison/vts; \
+    mkdir /opt/veraison/vts/plugins; \
+    mkdir /opt/veraison/provisioning; \
+    mkdir /opt/veraison/provisioning/plugins; \
+    mkdir ~/example/
+
+COPY --from=go_builder /go/proxy_attestation_server/vts /opt/veraison/vts/
+COPY --from=go_builder /go/proxy_attestation_server/provisioning /opt/veraison/provisioning/
+COPY --from=go_builder /go/proxy_attestation_server/proxy_attestation_server /opt/veraison/
+COPY --from=corim_builder /go/psa_corim.cbor /opt/veraison/
+
+COPY vts_config.yaml /opt/veraison/vts/config.yaml
+COPY --from=go_builder /go/proxy_attestation_server/vts/skey.jwk /opt/veraison/vts/
+COPY provisioning_config.yaml /opt/veraison/provisioning/config.yaml
diff --git a/docker/Makefile b/docker/Makefile
@@ -0,0 +1,14 @@
+
+VERSION = v1.0
+CONTAINER_NAME = dpu_build
+
+DOCKER_BUILD_CMD = DOCKER_BUILDKIT=1 docker build
+DOCKER_CREATE_CMD = docker create
+DOCKER_BUILD_ARGS = --build-arg ARCH=aarch64 --build-arg DOCKER_ARCH=arm64v8/ --build-arg VERSION=$(VERSION) 
+
+
+build: 
+	$(DOCKER_BUILD_CMD) $(DOCKER_BUILD_ARGS) -t $(CONTAINER_NAME):$(VERSION)  -f Dockerfile .
+ 
+exec:
+	docker run -ti -v `pwd`/..:/work $(CONTAINER_NAME):v1.0
diff --git a/docker/MyComidPsaIak.json b/docker/MyComidPsaIak.json
@@ -0,0 +1,43 @@
+{
+  "lang": "en-GB",
+  "tag-identity": {
+    "id": "366D0A0A-5988-45ED-8488-2F2A544F6242",
+    "version": 0
+  },
+  "entities": [
+    {
+      "name": "ACME Ltd.",
+      "regid": "https://acme.example",
+      "roles": [
+        "tagCreator",
+        "creator",
+        "maintainer"
+      ]
+    }
+  ],
+  "triples": {
+    "attester-verification-keys": [
+      {
+        "environment": {
+          "class": {
+            "id": {
+              "type": "psa.impl-id",
+              "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="
+            },
+            "vendor": "ACME",
+            "model": "RoadRunner"
+          },
+          "instance": {
+            "type": "ueid",
+            "value": "AUPrpZ0QYvwASGLQxlP3km/UKvWLBi5bSilQndDQphu7"
+          }
+        },
+        "verification-keys": [
+          {
+            "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXwVdOdmtYInxM35s+VcOb4QlXxb4zZzkoKKNek+35NNgNyqBTwfCWiSFv0e8hEdAxZv//9J2MoJNdk20UO6fIg==\n-----END PUBLIC KEY-----"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/docker/ca-cert.conf b/docker/ca-cert.conf
@@ -0,0 +1,21 @@
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+x509_extensions = v3_req
+distinguished_name = dn
+
+[dn]
+C = Mx
+ST = Veracruz
+L = Veracruz
+O = Zibble Zabble
+emailAddress = zibble@zabble.zibble
+CN = zibblezabble
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = zabble.zibble
+DNS.2 = www.zabble.zibble
diff --git a/docker/corimMini.json b/docker/corimMini.json
@@ -0,0 +1,6 @@
+{
+  "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc",
+  "profiles": [
+    "http://amazon.com"
+  ]
+}
diff --git a/docker/provisioning_config.yaml b/docker/provisioning_config.yaml
@@ -0,0 +1,10 @@
+provisioning:
+  listen-addr: 127.0.0.1:8888
+plugin:
+  backend: builtin
+  go-plugin:
+    dir: ./plugins/
+vts:
+  server-addr: 127.0.0.1:50051
+logging:
+  level: debug
diff --git a/docker/vts_config.yaml b/docker/vts_config.yaml
@@ -0,0 +1,19 @@
+plugin:
+  backend: go-plugin
+  go-plugin:
+    dir: ./plugins/
+ta-store:
+  backend: memory
+en-store:
+  backend: memory
+po-store:
+  backend: memory
+po-agent:
+  backend: opa
+vts:
+  server-addr: 127.0.0.1:50051
+ear-signer:
+  alg: ES256
+  key: ./skey.jwk
+logging:
+  level: debug
