Sgx sdk 1.1.5, update sdk version (#1221)

Added rust-sgx-sdk as a submodule Updated rust-sgx-sdk to 1.1.5 Updated rust version Updated CI/CD to compile with these versions
scrtlabs · Oct 25, 2022 · 6e476c0 · 6e476c0
1 parent dc962d5
commit 6e476c0
Show file tree

Hide file tree

Showing 67 changed files with 933 additions and 3,229 deletions.
diff --git a/.env.local b/.env.local
@@ -0,0 +1,2 @@
+API_KEY=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+SPID=00000000000000000000000000000000
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -19,4 +19,8 @@ updates:
     directory: "/cosmwasm"
     schedule:
       interval: daily
-
+
+  - package-ecosystem: gitsubmodule
+    schedule:
+      interval: "daily"
+    directory: "/"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -7,12 +7,15 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+        name: Pull git submodules
       - name: Install Intel's SGX SDK
         run: |
           mkdir -p "$HOME/.sgxsdk"
           cd "$HOME/.sgxsdk"
-          SDK_BIN=sgx_linux_x64_sdk_2.9.101.2.bin
-          wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/"$SDK_BIN"
+          SDK_BIN=sgx_linux_x64_sdk_2.17.101.1.bin
+          wget https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/"$SDK_BIN"
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Cache cargo registry
@@ -48,7 +51,6 @@ jobs:
       - name: Test enclave
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"
-          make vendor
           export SGX_MODE=SW
           RUSTC_WRAPPER="$HOME/sccache" make enclave-tests
           make clean-enclave
@@ -105,15 +107,17 @@ jobs:
     needs: [Build-Contracts, Build-LocalSecret]
     steps:
       - uses: actions/checkout@v2
+        with:
+          submodules: recursive
       - uses: actions/setup-go@v3
         with:
           go-version: 1.19 # The Go version to download (if necessary) and use.
       - name: Install Intel's SGX SDK
         run: |
           mkdir -p "$HOME/.sgxsdk"
           cd "$HOME/.sgxsdk"
-          SDK_BIN=sgx_linux_x64_sdk_2.9.101.2.bin
-          wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/"$SDK_BIN"
+          SDK_BIN=sgx_linux_x64_sdk_2.17.101.1.bin
+          wget https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/"$SDK_BIN"
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Download LocalSecret
@@ -178,12 +182,14 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
+        with:
+          submodules: recursive
       - name: Install Intel's SGX SDK
         run: |
           mkdir -p "$HOME/.sgxsdk"
           cd "$HOME/.sgxsdk"
-          SDK_BIN=sgx_linux_x64_sdk_2.9.101.2.bin
-          wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/"$SDK_BIN"
+          SDK_BIN=sgx_linux_x64_sdk_2.17.101.1.bin
+          wget https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/"$SDK_BIN"
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Cache cargo registry
@@ -220,7 +226,6 @@ jobs:
       - name: Clippy
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"
-          make vendor
           cd cosmwasm/enclaves/execute/
           SGX_MODE=SW make clippy
           SGX_MODE=HW make clippy
@@ -229,6 +234,8 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
+        with:
+          submodules: recursive
       - uses: actions/setup-go@v3
         with:
           go-version: 1.19 # The Go version to download (if necessary) and use.
@@ -252,6 +259,8 @@ jobs:
         with:
           driver-opts: network=host
       - uses: actions/checkout@v2
+        with:
+          submodules: recursive
       - name: Build LocalSecret Base
         uses: docker/build-push-action@v3
         with:
@@ -322,6 +331,8 @@ jobs:
     needs: [Build-LocalSecret, Build-Hermes]
     steps:
       - uses: actions/checkout@v2
+        with:
+          submodules: recursive
       - name: Download Hermes
         uses: actions/download-artifact@v3
         with:
@@ -353,6 +364,10 @@ jobs:
           yarn
           yarn test
           docker rm -f localsecret # next step needs the localsecret ports
+      - name: Install Requirements
+        run: |
+          chmod +x ./scripts/install-wasm-tools.sh
+          ./scripts/install-wasm-tools.sh
       - name: Run cw20-ics20 tests
         run: |
           git clone --depth 1 --branch secret https://github.com/scrtlabs/cw-plus

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -35,6 +35,9 @@ jobs:
       - name: Get the version
         id: get_version
         run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/}
+      - run: |
+          echo ${{ secrets.SPID_MAINNET }} > spid.txt; echo ${{ secrets.API_KEY_MAINNET }} > api_key.txt
+        name: "Save api keys"
       - name: Build testnet
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"
@@ -61,9 +64,9 @@ jobs:
       - name: Get the version
         id: get_version
         run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/}
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.19 # The Go version to download (if necessary) and use.
+      - run: |
+          echo ${{ secrets.SPID_MAINNET }} > spid.txt; echo ${{ secrets.API_KEY_MAINNET }} > api_key.txt
+        name: "Save api keys"
       - name: Build
         run: |
           VERSION=${{ steps.get_version.outputs.VERSION }} DB_BACKEND=${{ matrix.db_backend }} FEATURES=production FEATURES_U=production, make build-mainnet-upgrade

diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+.env
 sgx_sk.pem
 *.a
 *.deb
@@ -11,7 +12,6 @@ Enclave_u.o
 /enigmacli*
 /enigmad*
 secretcli*
-incubator-teaclave-sgx-sdk
 libenclave.a
 libEnclave_u.a
 librust_cosmwasm_enclave.signed.so

diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,4 @@
+[submodule "third_party/incubator-teaclave-sgx-sdk"]
+	path = third_party/incubator-teaclave-sgx-sdk
+	url = https://github.com/scrtlabs/incubator-teaclave-sgx-sdk
+	branch = secret-1.1.5
diff --git a/Makefile b/Makefile
@@ -4,6 +4,9 @@ COMMIT := $(shell git log -1 --format='%H')
 DOCKER := $(shell which docker)
 DOCKER_BUF := $(DOCKER) run --rm -v $(CURDIR):/workspace --workdir /workspace bufbuild/buf
 
+SPID ?= 00000000000000000000000000000000
+API_KEY ?= FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+
 LEDGER_ENABLED ?= true
 BINDIR ?= $(GOPATH)/bin
 BUILD_PROFILE ?= release
@@ -228,7 +231,7 @@ clean:
 	$(MAKE) -C cosmwasm/enclaves/test clean
 
 build-rocksdb-image:
-	docker build --build-arg BUILD_VERSION=${VERSION} -f deployment/dockerfiles/db-compile.Dockerfile -t enigmampc/rocksdb:${VERSION} .
+	docker build --build-arg BUILD_VERSION=${VERSION} -f deployment/dockerfiles/db-compile.Dockerfile -t enigmampc/rocksdb:${VERSION}-1.1.5 .
 
 localsecret: _localsecret-compile
 	docker build --build-arg SGX_MODE=SW --build-arg SECRET_NODE_TYPE=BOOTSTRAP --build-arg CHAIN_ID=secretdev-1 -f deployment/dockerfiles/release.Dockerfile -t build-release .
@@ -239,6 +242,8 @@ _localsecret-compile:
 				--build-arg BUILD_VERSION=${VERSION} \
 				--build-arg FEATURES="${FEATURES},debug-print" \
 				--build-arg FEATURES_U=${FEATURES_U} \
+				--secret id=API_KEY,src=.env.local \
+				--secret id=SPID,src=.env.local \
 				--build-arg SGX_MODE=SW \
 				-f deployment/dockerfiles/base.Dockerfile \
 				-t rust-go-base-image \
@@ -258,7 +263,7 @@ build-custom-dev-image:
 
 build-testnet: _docker_base
 	@mkdir build 2>&3 || true
-	docker build --secret API_KEY=${API_KEY} --secret SPID=${SPID} --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-bootstrap:v$(VERSION)-testnet .
+	docker build --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-bootstrap:v$(VERSION)-testnet .
 	docker build --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=NODE -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-node:v$(VERSION)-testnet .
 	docker build --build-arg SGX_MODE=HW -f deployment/dockerfiles/build-deb.Dockerfile -t deb_build .
 	docker run -e VERSION=${VERSION} -v $(CUR_DIR)/build:/build deb_build
@@ -296,6 +301,8 @@ _docker_base:
 				--build-arg FEATURES=${FEATURES} \
 				--build-arg FEATURES_U=${FEATURES_U} \
 				--build-arg SGX_MODE=${SGX_MODE} \
+				--secret id=API_KEY,src=api_key.txt \
+				--secret id=SPID,src=spid.txt \
 				-f deployment/dockerfiles/base.Dockerfile \
 				-t rust-go-base-image \
 				.

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -25,6 +25,9 @@ variables:
   DOCKER_BUILDKIT: 1
 
 steps:
+  - checkout: "self"
+    submodules: true
+    displayName: "Checkout Repository and Submodules"
   - script: echo $(spid) > spid.txt; echo $(api-key-dev) > api_key.txt
     displayName: "Save api keys"
 
@@ -64,7 +67,7 @@ steps:
       repository: rust-enclave-test
       tags: latest
       buildContext: .
-      arguments: --build-arg SGX_MODE=HW
+      arguments: --secret id=API_KEY,src=api_key.txt --secret id=SPID,src=spid.txt --build-arg SGX_MODE=HW
       Dockerfile: deployment/dockerfiles/enclave-test.Dockerfile
 
   - task: Docker@2

diff --git a/cosmwasm/Cargo.lock b/cosmwasm/Cargo.lock
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		API_KEY=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
		SPID=00000000000000000000000000000000