diff --git a/doc/build_apps/js_app_bundle.rst b/doc/build_apps/js_app_bundle.rst index f4ba215e07b9..7100ac80f3b4 100644 --- a/doc/build_apps/js_app_bundle.rst +++ b/doc/build_apps/js_app_bundle.rst @@ -373,7 +373,7 @@ Note that this removes the sandboxing protections described above. If the conten This behaviour is controlled in ``app.json``, with the ``"interpreter_reuse"`` property on each endpoint. The default behaviour, taken when the field is omitted, is to avoid any interpreter reuse, providing strict sandboxing safety. To reuse an interpreter, set ``"interpreter_reuse"`` to an object of the form ``{"key": "foo"}``, where ``foo`` is an arbitrary, app-defined string. Interpreters will be shared between endpoints where this string matches. For instance: -.. code-block:: json +.. code-block:: yaml { "endpoints": { diff --git a/getting_started/setup_vm/roles/az_dcap/tasks/install.yml b/getting_started/setup_vm/roles/az_dcap/tasks/install.yml deleted file mode 100644 index 14b1d5ead421..000000000000 --- a/getting_started/setup_vm/roles/az_dcap/tasks/install.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: Add Microsoft repository key - apt_key: - url: "https://packages.microsoft.com/keys/microsoft.asc" - state: present - become: true - -- name: Add Microsoft sources list - apt_repository: - repo: "deb [arch=amd64] https://packages.microsoft.com/ubuntu/{{ ansible_distribution_version }}/prod {{ ansible_distribution_release }} main" - state: present - become: true - -- name: Install the Azure DCAP Client - apt: - name: az-dcap-client - state: present - force: true - become: true diff --git a/getting_started/setup_vm/roles/intel/tasks/sgx-group.yml b/getting_started/setup_vm/roles/intel/tasks/sgx-group.yml deleted file mode 100644 index 7a3949ff1fcf..000000000000 --- a/getting_started/setup_vm/roles/intel/tasks/sgx-group.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: Include vars - include_vars: - file: common.yml - -- name: Determine available groups - getent: - database: group - -# Required from Linux kernel 5.11 for in-process quote generation -# Note: This may require a VM reboot -- name: Add current user to sgx_prv group - user: - name: "{{ lookup('env', 'USER') }}" - groups: "{{ sgx_group_name }}" - append: true - become: true - when: - - item in ansible_facts.getent_group - with_items: - - "{{ sgx_group_name }}" diff --git a/getting_started/setup_vm/roles/intel/tasks/sgx-psw.yml b/getting_started/setup_vm/roles/intel/tasks/sgx-psw.yml deleted file mode 100644 index 919866a0268c..000000000000 --- a/getting_started/setup_vm/roles/intel/tasks/sgx-psw.yml +++ /dev/null @@ -1,39 +0,0 @@ -- name: Include distribution vars - include_vars: - file: common.yml - -- name: Install apt-transport-https APT package - apt: - name: apt-transport-https - state: latest - become: true - -- name: Add APT repository key - apt_key: - url: "https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key" - state: present - become: true - -- name: Add APT repository - apt_repository: - repo: "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu {{ ansible_distribution_release }} main" - state: present - update_cache: yes - become: true - -- name: Install the Intel libsgx packages - apt: - name: "{{ intel_sgx_packages }}" - state: latest - update_cache: yes - install_recommends: no - become: true - -- name: Install the Intel DCAP packages - apt: - name: "{{ intel_dcap_packages }}" - state: latest - update_cache: yes - install_recommends: no - when: flc_enabled|bool - become: true diff --git a/getting_started/setup_vm/roles/intel/vars/common.yml b/getting_started/setup_vm/roles/intel/vars/common.yml deleted file mode 100644 index caa2b9b9e1da..000000000000 --- a/getting_started/setup_vm/roles/intel/vars/common.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) Open Enclave SDK contributors. -# Licensed under the MIT License. - -flc_enabled: true - -sgx_group_name: "sgx_prv" - -intel_sgx_packages: - - "libsgx-enclave-common" - - "libsgx-ae-qve" - - "libsgx-ae-pce" - - "libsgx-ae-qe3" - - "libsgx-qe3-logic" - - "libsgx-pce-logic" - -intel_dcap_packages: - - "libsgx-dcap-ql" - - "libsgx-urts" - - "libsgx-quote-ex" - # Note: libsgx-dcap-ql-dev used to be automatically pulled by the - # open-enclave deb package until 0.18.4. This is only necessary - # to run <= 2.x CCF nodes that are built against OE <= 0.18.2. - - "libsgx-dcap-ql-dev" diff --git a/getting_started/setup_vm/roles/openenclave/tasks/binary_install.yml b/getting_started/setup_vm/roles/openenclave/tasks/binary_install.yml deleted file mode 100644 index 0612b8932a84..000000000000 --- a/getting_started/setup_vm/roles/openenclave/tasks/binary_install.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Include vars - include_vars: common.yml - -- name: Install Open Enclave - apt: - deb: "{{ oe_deb }}" - become: yes diff --git a/getting_started/setup_vm/roles/openenclave/tasks/src_install.yml b/getting_started/setup_vm/roles/openenclave/tasks/src_install.yml deleted file mode 100644 index 0a397976d6a6..000000000000 --- a/getting_started/setup_vm/roles/openenclave/tasks/src_install.yml +++ /dev/null @@ -1,69 +0,0 @@ -- name: Include vars - include_vars: common.yml - -- name: Install git - apt: - name: git - become: true - -- name: Remove Pre-existing Open Enclave source on the remote - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}" - state: absent - -- name: Create directory for Open Enclave source - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}" - state: directory - -- name: Check out Open Enclave source - git: - repo: "{{ oe_repo }}" - dest: "{{ workspace }}/openenclave-{{ oe_ver }}" - version: "{{ oe_ver }}" - -- name: Make Open Enclave build dir - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - state: directory - -- name: Install Open Enclave dependencies - shell: | - scripts/ansible/install-ansible.sh - ansible-playbook "{{ oe_playbook }}" - args: - chdir: "{{ workspace }}/openenclave-{{ oe_ver }}" - become: true - async: 600 - poll: 5 - -- name: Install ninja - apt: - name: ninja-build - become: true - -- name: Make Open Enclave build dir - file: - path: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - state: directory - -- name: Build Open Enclave - shell: | - cmake -GNinja -DCMAKE_INSTALL_PREFIX:PATH={{ oe_prefix }} -DCMAKE_BUILD_TYPE=RelWithDebInfo {{ oe_build_opts }} .. - ninja - args: - chdir: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - async: 600 - poll: 5 - -- name: Remove Pre-existing Open Enclave install - file: - path: "{{ oe_prefix }}" - state: absent - become: true - -- name: Install Open Enclave - command: ninja install - args: - chdir: "{{ workspace }}/openenclave-{{ oe_ver }}/build" - become: true diff --git a/getting_started/setup_vm/roles/openenclave/vars/common.yml b/getting_started/setup_vm/roles/openenclave/vars/common.yml deleted file mode 100644 index 4fb48f0ea7af..000000000000 --- a/getting_started/setup_vm/roles/openenclave/vars/common.yml +++ /dev/null @@ -1,14 +0,0 @@ -oe_ver: "0.19.7" -# Usually the same, except for rc, where ver is -rc and ver_ is _rc -oe_ver_: "0.19.7" - -# Source install -workspace: "/tmp/" -oe_src: "oe-{{ oe_ver }}.tar.gz" -oe_prefix: "/opt/openenclave" -oe_repo: "https://github.com/openenclave/openenclave.git" -oe_playbook: scripts/ansible/oe-contributors-acc-setup-no-driver.yml -oe_build_opts: "-DLVI_MITIGATION=ControlFlow-GNU" - -# Binary install -oe_deb: "https://github.com/openenclave/openenclave/releases/download/v{{ oe_ver }}/Ubuntu_2004_open-enclave_{{ oe_ver_ }}_amd64.deb"