Enable GSC for Local CI

ci/gsc.jenkinsfile

@@ -0,0 +1,46 @@
+stage('Build') {
+    sh '''
+        cd Tools/gsc/test
+        # Jenkins may automatically merge master into submitted commit (but
+        # maybe not): choose the original submitted commit for GSC (third
+        # commit in below git-log output if merged or first commit if not
+        # merged)
+        export COMMIT=`git log --pretty="%H %P" -n 1 | awk '{if(!$3) \
+                                            {print $1} else {print $3}}'`
+        make TESTCASES='python3 python3-trusted-args base-python3' \
+                DISTRIBUTIONS='ubuntu18.04' \
+                IMAGE_SUFFIX=-${COMMIT} GRAPHENE_BRANCH=${COMMIT}
+    '''
+} 
+stage('Test') {
+    sh '''
+        cd Tools/gsc/test
+        # Jenkins may automatically merge master into submitted commit (but
+        # maybe not): choose the original submitted commit for GSC (third
+        # commit in below git-log output if merged or first commit if not merged)
+        export COMMIT=`git log --pretty="%H %P" -n 1 | awk '{if(!$3) \
+                                            {print $1} else {print $3}}'`
+        # Test Linux Pal
+        make test ENV_VARS='GSC_PAL=Linux' MAXTESTNUM=2 TESTCASES=python3 \
+                    DISTRIBUTIONS='ubuntu18.04' IMAGE_SUFFIX=-${COMMIT}
+        # Test Linux-SGX PAL
+        make test MAXTESTNUM=3 TESTCASES='python3 python3-trusted-args' \
+                    DISTRIBUTIONS='ubuntu18.04' IMAGE_SUFFIX=-${COMMIT}
+        # Test use of base Graphene Image
+        make test MAXTESTNUM=2 TESTCASES='python3' \
+                    DISTRIBUTIONS='ubuntu18.04-base' IMAGE_SUFFIX=-${COMMIT}
+    '''
+}
+stage('Docker images cleanup') {
+    sh '''
+        cd Tools/gsc/test
+        # Jenkins may automatically merge master into submitted commit (but
+        # maybe not): choose the original submitted commit for GSC (third
+        # commit in below git-log output if merged or first commit if not merged)
+        export COMMIT=`git log --pretty="%H %P" -n 1 | awk '{if(!$3) \
+                                            {print $1} else {print $3}}'`
+        make clean TESTCASES='python3 python3-trusted-args base-python3' \
+                    DISTRIBUTIONS='ubuntu18.04' IMAGE_SUFFIX=-${COMMIT}
+        docker image prune -f
+    '''
+}

ci/linux-gsc-ubuntu18.04-release.jenkinsfile

@@ -0,0 +1,33 @@
+node(node_label) {
+    env.ORIG_WKSP = env.WORKSPACE
+    def build_ok = true
+    try {
+        stage('checkout'){
+            dir ('./') {
+                git url: 'https://github.com/jinengandhi-intel/graphene_local_ci.git'
+            }
+
+            dir('graphene') {
+                git url: 'https://github.com/oscarlab/graphene.git'
+            }
+        }
+
+        dir ("graphene") {
+            sh 'cp -rf $WORKSPACE/gsc/* Tools/gsc/templates/'
+            env.WORKSPACE = env.WORKSPACE + "/graphene"
+
+            load '../ci/gsc.jenkinsfile'
+
+        }
+    } finally {
+        stage('Workspace cleanup'){
+            sh 'rm -rf $ORIG_WKSP/*'
+        }
+    }
+
+    if(build_ok) {
+        currentBuild.result = "SUCCESS"
+    } else {
+        currentBuild.result = "FAILURE"
+    }
+}

gsc/Dockerfile.ubuntu18.04.build.template

@@ -0,0 +1,69 @@
+# Include previously-prepared Docker image with Graphene (if any) or compile Graphene from sources
+{% if Graphene.Image %}
+FROM gsc-{{Graphene.Image}} AS graphene
+{% else %}
+{% include "Dockerfile.ubuntu18.04.compile.template" %}
+{% endif %}
+
+# Combine Graphene image with the original app image
+FROM {{app_image}}
+
+ENV http_proxy "http://proxy-dmz.intel.com:911"
+ENV https_proxy "http://proxy-dmz.intel.com:912"
+
+RUN echo 'Acquire::http::proxy "http://proxy-dmz.intel.com:911/"; Acquire::https::proxy "http://proxy-dmz.intel.com:912/"; Acquire::ftp::proxy "ftp://proxy-dmz.intel.com:911/";' >> /etc/apt/apt.conf.d/proxy.conf
+
+RUN apt-get update \
+    && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        binutils \
+        libprotobuf-c-dev \
+        locales \
+        locales-all \
+        openssl \
+        python3 \
+        python3-pip \
+        python3-protobuf \
+    && python3 -B -m pip install --proxy=http://proxy-dmz.intel.com:911 protobuf jinja2 toml>=0.10
+
+{% if debug %}
+RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y gdb less strace vim python3-pyelftools
+{% endif %}
+
+RUN locale-gen en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US.UTF-8
+
+# Copy Graphene runtime and signer tools to /graphene/meson_build_output
+RUN mkdir -p /graphene/Tools \
+    && mkdir -p /graphene/meson_build_output
+
+# TODO: remove this copy after argv_serializer becomes a part of Meson build
+COPY --from=graphene /graphene/Tools/argv_serializer /graphene/Tools
+COPY --from=graphene /graphene/meson_build_output /graphene/meson_build_output
+
+# Copy helper scripts and Graphene manifest
+COPY *.py /
+COPY apploader.sh /
+COPY entrypoint.manifest /
+
+# Generate trusted arguments if required
+{% if not insecure_args %}
+RUN /graphene/Tools/argv_serializer {{binary}} {{binary_arguments}} "{{"\" \"".join(cmd)}}" > /trusted_argv
+{% endif %}
+
+# Docker entrypoint/cmd typically contains only the basename of the executable so create a symlink
+RUN cd / \
+    && which {{binary}} | xargs ln -s || true
+
+# Include Meson build output directory in $PATH
+ENV PATH="/graphene/meson_build_output/bin:$PATH"
+
+# Mark apploader.sh executable, finalize manifest, and remove intermediate scripts
+RUN chmod u+x /apploader.sh \
+    && python3 -B /finalize_manifest.py \
+    && rm -f /finalize_manifest.py
+
+# Define default command
+ENTRYPOINT ["/bin/bash", "/apploader.sh"]
+CMD [{% if insecure_args %} "{{'", "'.join(cmd)}}" {% endif %}]

gsc/Dockerfile.ubuntu18.04.compile.template

@@ -0,0 +1,50 @@
+FROM ubuntu:18.04 AS graphene
+ENV http_proxy "http://proxy-dmz.intel.com:911"
+ENV https_proxy "http://proxy-dmz.intel.com:912"
+
+RUN echo 'Acquire::http::proxy "http://proxy-dmz.intel.com:911/"; Acquire::https::proxy "http://proxy-dmz.intel.com:912/"; Acquire::ftp::proxy "ftp://proxy-dmz.intel.com:911/";' >> /etc/apt/apt.conf.d/proxy.conf
+
+RUN env DEBIAN_FRONTEND=noninteractive apt-get update \
+    && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        autoconf \
+        bison \
+        build-essential \
+        coreutils \
+        gawk \
+        git \
+        libcurl4-openssl-dev \
+        libprotobuf-c-dev \
+        meson \
+        protobuf-c-compiler \
+        python3 \
+        python3-pip \
+        python3-protobuf \
+        wget \
+    && python3 -B -m pip install --proxy=http://proxy-dmz.intel.com:911 toml>=0.10
+
+RUN git config --global http.proxy http://proxy-dmz.intel.com:911
+
+RUN git clone {{Graphene.Repository}} /graphene
+
+RUN cd /graphene \
+    && git fetch origin {{Graphene.Branch}} \
+    && git checkout {{Graphene.Branch}}
+
+{% if SGXDriver.Repository %}
+RUN cd /graphene/Pal/src/host/Linux-SGX \
+    && git clone {{SGXDriver.Repository}} linux-sgx-driver \
+    && cd linux-sgx-driver \
+    && git checkout {{SGXDriver.Branch}}
+ENV ISGX_DRIVER_PATH "/graphene/Pal/src/host/Linux-SGX/linux-sgx-driver"
+{% else %}
+ENV ISGX_DRIVER_PATH ""
+{% endif %}
+
+RUN cd /graphene \
+    && make -s -j WERROR=1 SGX=1 {% if debug %} DEBUG=1 {% endif %} \
+    && make -s -j WERROR=1 {% if debug %} DEBUG=1 {% endif %} \
+    && meson build --prefix="/graphene/meson_build_output" \
+       --buildtype={% if debug %}debug{% else %}release{% endif %} \
+       -Ddirect=enabled -Dsgx=enabled \
+    && ninja -C build \
+    && ninja -C build install