Add BUILD file for crate oak_containers_hello_world_untrusted_app.

Bug: 349587497 Change-Id: I418fdaa5c98e2d9fb20a98e62b904fa33c0f9ab2
project-oak · Jul 4, 2024 · 2a69279 · 2a69279
1 parent d1553ba
commit 2a69279
Show file tree

Hide file tree

Showing 16 changed files with 165 additions and 71 deletions.
diff --git a/cc/containers/hello_world_trusted_app/BUILD b/cc/containers/hello_world_trusted_app/BUILD
@@ -29,8 +29,8 @@ cc_library(
         "//cc/containers/sdk:orchestrator_client",
         "//cc/crypto:common",
         "//cc/crypto:server_encryptor",
-        "//oak_containers_hello_world_trusted_app/proto:interface_cc_grpc",
-        "//oak_containers_hello_world_trusted_app/proto:interface_cc_proto",
+        "//proto/containers:hello_world_cc_grpc",
+        "//proto/containers:hello_world_cc_proto",
         "//proto/crypto:crypto_cc_proto",
         "@com_github_grpc_grpc//:grpc++",
         "@com_google_absl//absl/strings",

diff --git a/cc/containers/hello_world_trusted_app/app_service.cc b/cc/containers/hello_world_trusted_app/app_service.cc
@@ -23,8 +23,8 @@
 #include "cc/crypto/server_encryptor.h"
 #include "grpcpp/server_context.h"
 #include "grpcpp/support/status.h"
-#include "oak_containers_hello_world_trusted_app/proto/interface.grpc.pb.h"
-#include "oak_containers_hello_world_trusted_app/proto/interface.pb.h"
+#include "proto/containers/hello_world.grpc.pb.h"
+#include "proto/containers/hello_world.pb.h"
 #include "proto/crypto/crypto.pb.h"
 
 namespace oak::oak_containers_hello_world_trusted_app {

diff --git a/cc/containers/hello_world_trusted_app/app_service.h b/cc/containers/hello_world_trusted_app/app_service.h
@@ -23,8 +23,8 @@
 #include "cc/containers/sdk/encryption_key_handle.h"
 #include "grpcpp/server_context.h"
 #include "grpcpp/support/status.h"
-#include "oak_containers_hello_world_trusted_app/proto/interface.grpc.pb.h"
-#include "oak_containers_hello_world_trusted_app/proto/interface.pb.h"
+#include "proto/containers/hello_world.grpc.pb.h"
+#include "proto/containers/hello_world.pb.h"
 
 namespace oak::oak_containers_hello_world_trusted_app {
 

diff --git a/oak_attestation_verification/data/BUILD b/oak_attestation_verification/data/BUILD
@@ -27,7 +27,11 @@ package(
 # to verify the ARK -> ASK validity offline in a unit test.
 #
 # To verify ARK, redownload from https://www.amd.com/en/developer/sev.html and
-# convert and compare against the repository copies.
+# convert and compare against the repository copies. However, the mentioned
+# URL uses a custom AMD format - the files used here can be obtained directly
+# from https://kdsintf.amd.com/vcek/v1/${PRODUCT_NAME}/cert_chain, where
+# PRODUCT_NAME is `Genoa` or `Milan`.
+#
 exports_files([
     "ark_genoa.pem",
     "ask_genoa.pem",

diff --git a/oak_containers_hello_world_trusted_app/BUILD b/oak_containers_hello_world_trusted_app/BUILD
@@ -63,7 +63,7 @@ cargo_build_script(
         "PROTOC": "$(execpath @com_google_protobuf//:protoc)",
     },
     data = [
-        "//oak_containers_hello_world_trusted_app/proto:interface_proto",
+        "//proto/containers:hello_world_proto",
         "//proto/crypto:crypto_proto",
     ],
     tools = [

diff --git a/oak_containers_hello_world_trusted_app/build.rs b/oak_containers_hello_world_trusted_app/build.rs
@@ -17,10 +17,7 @@ use oak_grpc_utils::{generate_grpc_code, CodegenOptions};
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
     generate_grpc_code(
-        &[
-            "../oak_containers_hello_world_trusted_app/proto/interface.proto",
-            "../proto/crypto/crypto.proto",
-        ],
+        &["../proto/containers/hello_world.proto", "../proto/crypto/crypto.proto"],
         &[".."],
         CodegenOptions { build_server: true, ..Default::default() },
     )?;

diff --git a/oak_containers_hello_world_trusted_app/proto/BUILD b/oak_containers_hello_world_trusted_app/proto/BUILD
diff --git a/oak_containers_hello_world_trusted_app/src/lib.rs b/oak_containers_hello_world_trusted_app/src/lib.rs
@@ -23,5 +23,4 @@ mod proto {
         pub use oak_proto_rust::oak::crypto;
     }
 }
-
 pub mod app_service;
diff --git a/oak_containers_hello_world_untrusted_app/BUILD b/oak_containers_hello_world_untrusted_app/BUILD
@@ -0,0 +1,90 @@
+#
+# Copyright 2024 The Project Oak Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
+load("@rules_rust//rust:defs.bzl", "rust_binary", "rust_library", "rust_test")
+
+package(
+    default_visibility = ["//visibility:public"],
+    licenses = ["notice"],
+)
+
+rust_library(
+    name = "lib",
+    srcs = [
+        "src/app_client.rs",
+        "src/lib.rs",
+        "tests/integration_test.rs",
+    ],
+    crate_name = "oak_containers_hello_world_untrusted_app",
+    deps = [
+        ":build",
+        "//oak_client",
+        "//oak_containers_launcher:lib",
+        "//oak_crypto",
+        "//oak_proto_rust",
+        "@oak_crates_index//:anyhow",
+        "@oak_crates_index//:prost",
+        "@oak_crates_index//:tokio",
+        "@oak_crates_index//:tonic",
+    ],
+)
+
+rust_binary(
+    name = "oak_containers_hello_world_untrusted_app",
+    srcs = ["src/main.rs"],
+    deps = [
+        ":lib",
+        "//oak_client",
+        "//oak_containers_launcher:lib",
+        "//oak_crypto",
+        "@oak_crates_index//:anyhow",
+        "@oak_crates_index//:clap",
+        "@oak_crates_index//:env_logger",
+        "@oak_crates_index//:log",
+        "@oak_crates_index//:tokio",
+    ],
+)
+
+# TODO: b/349587497 - Remove build script. Depend on //oak_proto_rust insetad.
+cargo_build_script(
+    name = "build",
+    srcs = [
+        "build.rs",
+    ],
+    build_script_env = {
+        "PROTOC": "$(execpath @com_google_protobuf//:protoc)",
+    },
+    data = [
+        "//proto/containers:hello_world_proto",
+        "//proto/crypto:crypto_proto",
+    ],
+    tools = [
+        "@com_google_protobuf//:protoc",
+    ],
+    deps = [
+        "//oak_grpc_utils",
+        "@oak_crates_index//:prost-build",
+    ],
+)
+
+rust_test(
+    name = "tests",
+    crate = ":lib",
+    deps = [
+        "@oak_crates_index//:assertables",
+    ],
+)
diff --git a/oak_containers_hello_world_untrusted_app/build.rs b/oak_containers_hello_world_untrusted_app/build.rs
@@ -17,10 +17,7 @@ use oak_grpc_utils::{generate_grpc_code, CodegenOptions};
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
     generate_grpc_code(
-        &[
-            "../oak_containers_hello_world_trusted_app/proto/interface.proto",
-            "../proto/crypto/crypto.proto",
-        ],
+        &["../proto/containers/hello_world.proto", "../proto/crypto/crypto.proto"],
         &[".."],
         CodegenOptions { build_client: true, ..Default::default() },
     )?;

diff --git a/oak_proto_rust/BUILD b/oak_proto_rust/BUILD
@@ -71,6 +71,7 @@ cargo_build_script(
         "//proto/attestation:reference_value_proto",
         "//proto/attestation:tcb_version_proto",
         "//proto/attestation:verification_proto",
+        "//proto/containers:hello_world_proto",
         "//proto/containers:interfaces_proto",
         "//proto/crypto:crypto_proto",
         "//proto/oak_functions:abi_proto",

diff --git a/oak_proto_rust/build.rs b/oak_proto_rust/build.rs
@@ -31,6 +31,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         "../proto/attestation/reference_value.proto",
         "../proto/attestation/verification.proto",
         "../proto/containers/interfaces.proto",
+        "../proto/containers/hello_world.proto",
         "../proto/digest.proto",
         "../proto/oak_functions/abi.proto",
         "../proto/oak_functions/application_config.proto",

diff --git a/oak_proto_rust/generated/oak.containers.example.rs b/oak_proto_rust/generated/oak.containers.example.rs
@@ -0,0 +1,16 @@
+#[allow(clippy::derive_partial_eq_without_eq)]
+#[derive(Clone, PartialEq, ::prost_derive::Message)]
+pub struct HelloRequest {
+    #[prost(message, optional, tag = "1")]
+    pub encrypted_request: ::core::option::Option<
+        super::super::crypto::v1::EncryptedRequest,
+    >,
+}
+#[allow(clippy::derive_partial_eq_without_eq)]
+#[derive(Clone, PartialEq, ::prost_derive::Message)]
+pub struct HelloResponse {
+    #[prost(message, optional, tag = "1")]
+    pub encrypted_response: ::core::option::Option<
+        super::super::crypto::v1::EncryptedResponse,
+    >,
+}
diff --git a/oak_proto_rust/src/lib.rs b/oak_proto_rust/src/lib.rs
@@ -67,6 +67,13 @@ pub mod oak {
         }
     }
 
+    pub mod containers {
+        include_proto!("oak.containers");
+        pub mod example {
+            include_proto!("oak.containers.example");
+        }
+    }
+
     pub mod crypto {
         pub mod v1 {
             include_proto!("oak.crypto.v1");

diff --git a/proto/containers/BUILD b/proto/containers/BUILD
@@ -17,30 +17,31 @@
 load("@bazel_skylib//rules:build_test.bzl", "build_test")
 load("@com_github_grpc_grpc//bazel:cc_grpc_library.bzl", "cc_grpc_library")
 load("@rules_cc//cc:defs.bzl", "cc_proto_library")
+load("@rules_proto//proto:defs.bzl", "proto_library")
 
 package(
     default_visibility = ["//visibility:public"],
     licenses = ["notice"],
 )
 
 proto_library(
-    name = "orchestrator_crypto_proto",
-    srcs = ["orchestrator_crypto.proto"],
+    name = "hello_world_proto",
+    srcs = ["hello_world.proto"],
     deps = [
         "//proto/crypto:crypto_proto",
     ],
 )
 
 cc_proto_library(
-    name = "orchestrator_crypto_cc_proto",
-    deps = [":orchestrator_crypto_proto"],
+    name = "hello_world_cc_proto",
+    deps = [":hello_world_proto"],
 )
 
 cc_grpc_library(
-    name = "orchestrator_crypto_cc_grpc",
-    srcs = [":orchestrator_crypto_proto"],
+    name = "hello_world_cc_grpc",
+    srcs = [":hello_world_proto"],
     grpc_only = True,
-    deps = [":orchestrator_crypto_cc_proto"],
+    deps = [":hello_world_cc_proto"],
 )
 
 proto_library(
@@ -73,10 +74,38 @@ cc_grpc_library(
     deps = [":interfaces_cc_proto"],
 )
 
+proto_library(
+    name = "orchestrator_crypto_proto",
+    srcs = ["orchestrator_crypto.proto"],
+    deps = [
+        "//proto/crypto:crypto_proto",
+    ],
+)
+
+cc_proto_library(
+    name = "orchestrator_crypto_cc_proto",
+    deps = [":orchestrator_crypto_proto"],
+)
+
+cc_grpc_library(
+    name = "orchestrator_crypto_cc_grpc",
+    srcs = [":orchestrator_crypto_proto"],
+    grpc_only = True,
+    deps = [":orchestrator_crypto_cc_proto"],
+)
+
 build_test(
     name = "build_test",
     targets = [
+        ":hello_world_proto",
+        ":hello_world_cc_proto",
+        ":hello_world_cc_grpc",
         ":hostlib_key_provisioning_proto",
+        ":interfaces_proto",
+        ":interfaces_cc_proto",
+        ":interfaces_cc_grpc",
         ":orchestrator_crypto_proto",
+        ":orchestrator_crypto_cc_proto",
+        ":orchestrator_crypto_cc_grpc",
     ],
 )
diff --git a/...o_world_trusted_app/proto/interface.proto → proto/containers/hello_world.proto b/...o_world_trusted_app/proto/interface.proto → proto/containers/hello_world.proto