Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass enclave path as CLI argument rather than in configuration #5665

Merged
merged 14 commits into from
Sep 21, 2023
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 2 additions & 6 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [5.0.0-dev3]

[5.0.0-dev3]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.0-dev3

- Updated Intel SGX PSW from 2.17 to 2.20 (#5616)

## [5.0.0-dev2]

[5.0.0-dev2]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.0-dev2
Expand All @@ -20,6 +14,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- Updated QCBOR from `1.1` to `1.2`.
- Updated `nghttp2` from `1.51.0` to `1.55.1`.
- Converted SNP attestation UVM endorsements from integer to arbitrary string.
- Updated Intel SGX PSW from 2.17 to 2.20 (#5616)
- Path to the enclave file should now be passed as `--enclave-file` CLI argument to `cchost`, rather than `enclave.file` entry within configuration file. The configuration entry is deprecated, and will be removed in a future release.
eddyashton marked this conversation as resolved.
Show resolved Hide resolved

## [5.0.0-dev1]

Expand Down
4 changes: 2 additions & 2 deletions doc/host_config_schema/cchost_config.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
}
},
"description": "This section includes configuration for the enclave application launched by this node",
"required": ["file"],
"required": [],
"additionalProperties": false
},
"network": {
Expand Down Expand Up @@ -680,6 +680,6 @@
"minimum": 0
}
},
"required": ["enclave", "network", "command"],
"required": ["network", "command"],
"additionalProperties": false
}
9 changes: 6 additions & 3 deletions src/host/configuration.h
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ namespace host
std::string file;
EnclaveType type;
EnclavePlatform platform;

bool operator==(const Enclave&) const = default;
};
Enclave enclave = {};

Expand Down Expand Up @@ -166,8 +168,8 @@ namespace host
};

DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(CCHostConfig::Enclave);
DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig::Enclave, type, file);
DECLARE_JSON_OPTIONAL_FIELDS(CCHostConfig::Enclave, platform);
DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig::Enclave);
DECLARE_JSON_OPTIONAL_FIELDS(CCHostConfig::Enclave, file, type, platform);

DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(CCHostConfig::OutputFiles);
DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig::OutputFiles);
Expand Down Expand Up @@ -223,9 +225,10 @@ namespace host
CCHostConfig::Command, service_certificate_file, start, join, recover);

DECLARE_JSON_TYPE_WITH_BASE_AND_OPTIONAL_FIELDS(CCHostConfig, CCFConfig);
DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig, enclave, command);
DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig, command);
DECLARE_JSON_OPTIONAL_FIELDS(
CCHostConfig,
enclave,
tick_interval,
slow_io_logging_threshold,
node_client_interface,
Expand Down
22 changes: 21 additions & 1 deletion src/host/main.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,10 @@ int main(int argc, char** argv)
"Logging level for the enclave code")
->transform(CLI::CheckedTransformer(log_level_options, CLI::ignore_case));

std::string enclave_file_path;
app.add_option(
"--enclave-file", enclave_file_path, "Path to enclave application");
eddyashton marked this conversation as resolved.
Show resolved Hide resolved

try
{
app.parse(argc, argv);
Expand Down Expand Up @@ -262,8 +266,24 @@ int main(int argc, char** argv)
config.slow_io_logging_threshold;

// create the enclave
if (enclave_file_path.empty() && !config.enclave.file.empty())
{
LOG_FAIL_FMT(
"Enclave path was not passed on CLI! Using path specified in config "
"instead ({}). This fallback is deprecated and the CLI option will be "
"required in a future release.",
config.enclave.file);
enclave_file_path = config.enclave.file;
}

if (enclave_file_path.empty())
{
LOG_FATAL_FMT("No enclave file path specified");
return static_cast<int>(CLI::ExitCodes::ValidationError);
}
eddyashton marked this conversation as resolved.
Show resolved Hide resolved

host::Enclave enclave(
config.enclave.file, config.enclave.type, config.enclave.platform);
enclave_file_path, config.enclave.type, config.enclave.platform);

// messaging ring buffers
const auto buffer_size = config.memory.circuit_size;
Expand Down
1 change: 0 additions & 1 deletion tests/config.jinja
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
{
"enclave": {
"file": "{{ enclave_file }}",
"type": "{{ enclave_type }}",
"platform": "{{ enclave_platform }}"
},
Expand Down
11 changes: 5 additions & 6 deletions tests/e2e_operations.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@ def run_file_operations(args):
network.stop_all_nodes(skip_verification=True)

test_split_ledger_on_stopped_network(primary, args)
args.common_read_only_ledger_dir = None # Reset for future tests


def run_tls_san_checks(args):
Expand All @@ -306,7 +307,6 @@ def run_tls_san_checks(args):
args.perf_nodes,
pdb=args.pdb,
) as network:
args.common_read_only_ledger_dir = None # Reset from previous test
network.start_and_open(args)
network.verify_service_certificate_validity_period(
args.initial_service_cert_validity_days
Expand Down Expand Up @@ -366,13 +366,13 @@ def run_config_timeout_check(args):
args.perf_nodes,
pdb=args.pdb,
) as network:
args.common_read_only_ledger_dir = None # Reset from previous test
network.start_and_open(args)
# This is relatively direct test to make sure the config timeout feature
# works as intended. It is difficult to do with the existing framework
# as is because of the indirections and the fact that start() is a
# synchronous call.
start_node_path = network.nodes[0].remote.remote.root
node = network.nodes[0]
start_node_path = node.remote.remote.root
# Remove ledger and pid file to allow a restart
shutil.rmtree(os.path.join(start_node_path, "0.ledger"))
os.remove(os.path.join(start_node_path, "node.pid"))
Expand All @@ -398,6 +398,8 @@ def run_config_timeout_check(args):
"0.config.json",
"--config-timeout",
f"{config_timeout}s",
"--enclave-file",
node.remote.enclave_file,
],
cwd=start_node_path,
env=env,
Expand Down Expand Up @@ -432,7 +434,6 @@ def run_sighup_check(args):
args.perf_nodes,
pdb=args.pdb,
) as network:
args.common_read_only_ledger_dir = None # Reset from previous test
network.start_and_open(args)
network.nodes[0].remote.remote.hangup()
time.sleep(1)
Expand Down Expand Up @@ -473,7 +474,6 @@ def run_preopen_readiness_check(args):
args.perf_nodes,
pdb=args.pdb,
) as network:
args.common_read_only_ledger_dir = None # Reset from previous test
network.start(args)
primary, _ = network.find_primary()
with primary.client() as c:
Expand All @@ -497,7 +497,6 @@ def run_pid_file_check(args):
args.perf_nodes,
pdb=args.pdb,
) as network:
args.common_read_only_ledger_dir = None # Reset from previous test
network.start_and_open(args)
LOG.info("Check that pid file exists")
node = network.nodes[0]
Expand Down
8 changes: 7 additions & 1 deletion tests/infra/remote.py
Original file line number Diff line number Diff line change
Expand Up @@ -761,7 +761,7 @@ def __init__(
t = t_env.get_template(self.TEMPLATE_CONFIGURATION_FILE)
output = t.render(
start_type=start_type.name.title(),
enclave_file=self.enclave_file,
enclave_file=self.enclave_file, # Ignored by current jinja, but passed for LTS compat
enclave_type=enclave_type.title(),
enclave_platform=enclave_platform.title()
if enclave_platform == "virtual"
Expand Down Expand Up @@ -842,6 +842,12 @@ def __init__(
enclave_log_level,
]

if v is None or v >= Version("4.0.9"):
eddyashton marked this conversation as resolved.
Show resolved Hide resolved
cmd += [
"--enclave-file",
self.enclave_file,
]

if start_type == StartType.start:
members_info = kwargs.get("members_info")
if not members_info:
Expand Down
Loading