fix the proxy handling mechanism for the scripts that contact IAS in …

…HW mode; this involves: the register-with-ledger script which registers the policy; the eservice script which runs and registers enclaves; the test scripts that will perform enclave registration (or just initialize enclaves, including their attestation), and which should be all called under unit-tests.sh Signed-off-by: Bruno Vavala <[email protected]>
hyperledger-labs · Apr 6, 2024 · 57ecc18 · 57ecc18
1 parent 5aef4e8
commit 57ecc18
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 8 deletions.
diff --git a/build/Makefile b/build/Makefile
@@ -132,7 +132,7 @@ force-config :
 
 ifeq ($(SGX_MODE),HW)
 register : $(PYTHON_DIR)
-	@ echo registering enclave and IAS public key on the ledger
+	@ echo Register the enclave registration policy on the ledger
 	. $(abspath $(DSTDIR)/bin/activate) && $(SRCDIR)/eservice/bin/register-with-ledger.sh
 
 else

diff --git a/docker/test-sgx.yaml b/docker/test-sgx.yaml
@@ -20,6 +20,8 @@ services:
       - SGX_MODE=HW
 
   services_container:
+    environment:
+      - PDO_FORCE_IAS_PROXY=${PDO_FORCE_IAS_PROXY:-false}
     image: pdo_services_sgx:${PDO_VERSION:-latest}
     volumes:
       - /var/run/aesmd:/var/run/aesmd

diff --git a/eservice/bin/register-with-ledger.sh b/eservice/bin/register-with-ledger.sh
@@ -50,13 +50,24 @@ function DeriveIasPublicKey {
 function Store {
     try test -e ${ETCDIR}/${ESERVICE_TOML}
     yell Download IAS certificates and Compute the enclave information
-    try eservice-enclave-info \
-        --save ${eservice_enclave_info_file} \
-        --loglevel warn \
-        --logfile __screen__ \
-        --identity ${ESERVICE_IDENTITY} \
-        --config ${ESERVICE_TOML} \
-        --config-dir ${ETCDIR}
+    if [ "${PDO_FORCE_IAS_PROXY}" == "true" ]; then
+        yell PDO_FORCE_IAS_PROXY is true
+        NO_PROXY='' no_proxy='' try eservice-enclave-info \
+            --save ${eservice_enclave_info_file} \
+            --loglevel info \
+            --logfile __screen__ \
+            --identity ${ESERVICE_IDENTITY} \
+            --config ${ESERVICE_TOML} \
+            --config-dir ${ETCDIR}
+    else
+        try eservice-enclave-info \
+            --save ${eservice_enclave_info_file} \
+            --loglevel info \
+            --logfile __screen__ \
+            --identity ${ESERVICE_IDENTITY} \
+            --config ${ESERVICE_TOML} \
+            --config-dir ${ETCDIR}
+    fi
     yell Enclave info are ready
 }