Several cosmetic updates

This commit provides some cosmetic upgrade, and makes the sgx keys
a bit more usable by stripping/allowing white spaces.

Signed-off-by: Bruno Vavala <[email protected]>

docker/Makefile

@@ -75,10 +75,10 @@ build_% : repository
 
 sgx_build_services : $(IAS_CERTIFICATES) repository build_services_base
 	docker build $(DOCKER_ARGS) \
-        --build-arg PDO_VERSION=$(PDO_VERSION) \
-        --build-arg SGX_MODE=HW \
-        --tag pdo_services_sgx:$(PDO_VERSION) \
-        --file $(DOCKER_DIR)/pdo_services.dockerfile .
+		--build-arg PDO_VERSION=$(PDO_VERSION) \
+		--build-arg SGX_MODE=HW \
+		--tag pdo_services_sgx:$(PDO_VERSION) \
+		--file $(DOCKER_DIR)/pdo_services.dockerfile .
 
 # docker build dependencies
 build_client: build_base

docker/test-sgx.yaml

@@ -21,6 +21,9 @@ services:
 
   services_container:
     environment:
+      # the PDO_FORCE_IAS_PROXY is a small hack that is used to force IAS connections
+      # through a proxy when one such proxy must be used.
+      # If the variable is defined in the host environment, it is propagated to the containers.
       - PDO_FORCE_IAS_PROXY=${PDO_FORCE_IAS_PROXY:-false}
     image: pdo_services_sgx:${PDO_VERSION:-latest}
     volumes:

docker/tools/copy_enclave_signing_key.sh

@@ -43,12 +43,12 @@ KEY_REL_PATH="build/keys/sgx_mode_hw/enclave_code_sign.pem"
 if [ ! -z "${PDO_SGX_KEY_ROOT}" ] && [ -e "${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem" ]; then
     yell "Enclave signing key: using host-provided key: ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem"
     yell "Enclave signing key: copying it to ${PDO_DEST_ROOT}/${KEY_REL_PATH}"
-    try rsync ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem ${PDO_DEST_ROOT}/${KEY_REL_PATH}
+    try cp ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem ${PDO_DEST_ROOT}/${KEY_REL_PATH}
 else
     yell "Enclave signing key: none available, now checking default path ${PDO_SOURCE_ROOT}/${KEY_REL_PATH}"
     if [ -e "${PDO_SOURCE_ROOT}/${KEY_REL_PATH}" ]; then
         yell "Enclave signing key: key available, copying it to ${PDO_DEST_ROOT}/${KEY_REL_PATH}"
-        try rsync ${PDO_SOURCE_ROOT}/${KEY_REL_PATH} ${PDO_DEST_ROOT}/${KEY_REL_PATH}
+        try cp ${PDO_SOURCE_ROOT}/${KEY_REL_PATH} ${PDO_DEST_ROOT}/${KEY_REL_PATH}
     else
         yell "Enclave signing key: no default key, a new one will be generated"
     fi

docker/tools/copy_sgx_keys.sh

@@ -47,8 +47,9 @@ if [ ! -z "${PDO_SGX_KEY_ROOT}" ]; then
 
 else
     yell "SGX keys: PDO_SGX_KEY_ROOT undefined"
-    yell "SGX keys: rsyncing default folder ${PDO_SOURCE_ROOT}/build/keys/sgx_mode_hw/ to docker"
-    try rsync -r ${PDO_SOURCE_ROOT}/build/keys/sgx_mode_hw/ ${DOCKER_DIR}/xfer/services/keys/sgx/
+    yell "SGX keys: copying default folder ${PDO_SOURCE_ROOT}/build/keys/sgx_mode_hw/ to docker"
+    # copy anything in the default folder, and ignore errors if no keys exist
+    cp ${PDO_SOURCE_ROOT}/build/keys/sgx_mode_hw/* ${DOCKER_DIR}/xfer/services/keys/sgx/ > /dev/null 2&>1
 fi
 
 # test sgx keys availability in xfer

docker/tools/start_services.sh

@@ -85,8 +85,8 @@ export NO_PROXY=$PDO_HOSTNAME,$PDO_LEDGER_ADDRESS,$NO_PROXY
 # -----------------------------------------------------------------
 yell copy sgx keys
 # -----------------------------------------------------------------
-[ -z "$(ls -A ${XFER_DIR}/services/keys/sgx/)" ] ||\
-    cp ${XFER_DIR}/services/keys/sgx/* ${PDO_SGX_KEY_ROOT}
+# copy any keys in the SGX directory, ignore any errors if no keys exist
+cp ${XFER_DIR}/services/keys/sgx/* ${PDO_SGX_KEY_ROOT} /dev/null 2&>1
 
 # -----------------------------------------------------------------
 yell Register with ledger: ${F_REGISTER}

eservice/pdo/eservice/pdo_enclave.py

@@ -152,8 +152,8 @@ def initialize_with_configuration(config) :
     NumberOfEnclaves = int(config.get('NumberOfEnclaves', 1))
 
     try:
-        spid = Path(os.path.join(config['sgx_key_root'], "sgx_spid.txt")).read_text()
-        spid_api_key = Path(os.path.join(config['sgx_key_root'], "sgx_spid_api_key.txt")).read_text()
+        spid = Path(os.path.join(config['sgx_key_root'], "sgx_spid.txt")).read_text().strip()
+        spid_api_key = Path(os.path.join(config['sgx_key_root'], "sgx_spid_api_key.txt")).read_text().strip()
     except Exception as e :
         raise Exception("Unable to access SGX keys: {}".format(str(e)))
 

eservice/pdo/eservice/scripts/EServiceEnclaveInfoCLI.py

@@ -41,7 +41,7 @@ def GetBasename(save_path, config) :
         try :
             logger.debug('initialize the enclave')
             enclave_config = config.get('EnclaveModule')
-            spid = Path(os.path.join(enclave_config['sgx_key_root'], "sgx_spid.txt")).read_text()
+            spid = Path(os.path.join(enclave_config['sgx_key_root'], "sgx_spid.txt")).read_text().strip()
             info = pdo_enclave_helper.get_enclave_service_info(spid)
 
             logger.info('save MR_ENCLAVE and MR_BASENAME to %s', save_path)

pservice/pdo/pservice/pdo_enclave.py

@@ -145,8 +145,8 @@ def initialize_with_configuration(config) :
                     ', '.join(sorted(list(missing_keys)))))
 
     try:
-        spid = Path(os.path.join(config['sgx_key_root'], "sgx_spid.txt")).read_text()
-        spid_api_key = Path(os.path.join(config['sgx_key_root'], "sgx_spid_api_key.txt")).read_text()
+        spid = Path(os.path.join(config['sgx_key_root'], "sgx_spid.txt")).read_text().strip()
+        spid_api_key = Path(os.path.join(config['sgx_key_root'], "sgx_spid_api_key.txt")).read_text().strip()
     except Exception as e :
         raise Exception("Unable to access SGX keys: {}".format(str(e)))