This directory contains source for the contract enclave, a Python wrapper for managing it, and a service that translates HTTP requests into invocations of the contract enclave.
This service depends on the common python libraries/imports, which depend on the PDO common C++ library. Build these components first using the build instructions here and here.
It is highly recommended that you build a Python virtual environment where you can install the common Python modules. The rest of these instructions assume that you have set up a virtual environment for Python3 and have activated it.
The environment variable CONTRACTHOME should be set to the directory
where you expect to configure and run the enclave service. Generally the
variable is set to the path to your virtual environment root plus
opt/pdo.
For example:
prompt> export CONTRACTHOME=$VIRTUAL_ENV/opt/pdoFor production deployment, CONTRACTHOME should be set to /opt/pdo.
Note: EService has to be compiled in SGX hardware-mode before compiling and running PService in hardware-mode. Any changes to the EService will require the PService to be recompiled.
You may have to install some additional python packages with pip before this will run, including:
prompt> pip install colorlog
prompt> pip install requests
prompt> pip install toml
prompt> pip install twisted
Make sure the environment variables are defined (see the top level PREREQUISITES document), then run:
prompt> make build_all && make installFirst, the contract enclave must be built:
prompt> mkdir build
prompt> cd build
prompt> cmake .. -G "Unix Makefiles"
prompt> makeThe contract enclave extension modules must be built next:
prompt> python setup.up build_extNext, build the installable egg file:
prompt> python setup.py bdist_eggIf you want to remove files created during the build process, just use
make clean.
Assuming that you have activated a virtual environment, the modules can
be installed with easy_install.
prompt> easy_install dist/pdo_eservice-0.0.1.dev1-py3.6-linux-x86_64.eggNote that the name of the egg file will depend on the version of Python you are using.
If everything is set up correctly, you should be able to run the secret
and request tests in the tests directory. These invoke the contract
enclave wrapper scripts directly.
prompt> cd ./tests
prompt> python test-secrets.py
prompt> python test-request.pyThe enclave service can started with the eservice script. The
enclave service will search the current directory for a subdirectory
called etc in which you can place the configuration file
eservice.toml. If the configuration file does not exist in the
current directory tree, the script will attempt to load it from the
installed home directory (i.e. the value of the CONTRACTHOME
environment variable).
An example configuration file, sample_config.toml will be installed in
$CONTRACTHOME/etc. That file should provide a starting point for creating your eservice.toml
file.
Similarly, the enclave service requires a log and data
directory. Again, by default, these can be located in the current
directory hierarchy or placed in the installed tree. Additionally, the
configuration file can override any defaults.
The simplest method is to use the default configuration in the installed directory.
Assuming correct configuration, the enclave service can be started this way:
prompt> eservice --identity test-serviceThe identity parameter is a string used to identify logs and data files associated with the
service. For example, the logs for the above command will be called logs/test-service.log.
Logging can be sent to the screen by adding a parameter for the logfile:
prompt> eservice --identity test-service --logfile __screen__Once the enclave service is running, you can run the enclave test script. The test script requires a
URL for connecting to the enclave service. The default configuration uses http://localhost:7100.
prompt> cd ./tests
prompt> python test-eservice.py --url http://localhost:7100