Merge crypto-com#873

873: Problem(Fix crypto-com#869): Duplicate enclave makefiles r=tomtau a=yihuang

Other related problems:
- (Fix crypto-com#868) compiled enclave file names collide
- (Fix crypto-com#870) enclave code not covered by cargo tools
- (Fix crypto-com#871) debug/release build result files conflict

Solution:
- Move compile steps into `build.rs`, only link and sign of enclave so
  are handled by `make`.
  So on Linux with sgx sdk setup, all the rust codes are built with cargo.
- Don't exclude enclave crates from workspace anymore,
  but not included in default-members, to keep default `cargo build` runnable on mac.
  After this,
- share makefile between tx-validation and tx-query.
- use the enclave crate package name as enclave file name.
- build directory separated for debug/release by cargo automatically
- `Cargo.lock` and build directory are shared between enclave crates and other crates.

> The enclave crate name directly determines the library output file name, and if enclave crate name is changed, there are other places need to keep in sync:
>    - enclave makefile
>    - enclave app loader code

> It's good to use `nightly-2019-11-25` on Linux(the toolchain rust-sgx-sdk requires), you can build all the stuff with it.

> Following command can build everything for you, the results are all inside `target/debug`.
```
cargo build
cargo build -p tx-validation-app
cargo build -p tx-query-app
make -C chain-tx-enclave/tx-validation
make -C chain-tx-enclave/tx-query
```

Build release version:
```
cargo build --release
cargo build -p tx-validation-app --release
cargo build -p tx-query-app --release
make -C chain-tx-enclave/tx-validation SGX_DEBUG=0
make -C chain-tx-enclave/tx-query SGX_DEBUG=0
```
The result are inside `target/release`

Co-authored-by: yihuang <[email protected]>

Cargo.toml

@@ -13,12 +13,23 @@ members = [
     "test-common",
     "dev-utils",
     "enclave-protocol",
-]
-
-exclude = [
-    # currently only work on nightly + have a different build process
     "chain-tx-enclave/tx-validation/app",
     "chain-tx-enclave/tx-validation/enclave",
     "chain-tx-enclave/tx-query/app",
-    "chain-tx-enclave/tx-query/enclave"
+    "chain-tx-enclave/tx-query/enclave",
+]
+
+default-members = [
+    "chain-abci",
+    "chain-core",
+    "chain-tx-filter",
+    "chain-tx-validation",
+    "client-cli",
+    "client-common",
+    "client-core",
+    "client-network",
+    "client-rpc",
+    "test-common",
+    "dev-utils",
+    "enclave-protocol",
 ]

chain-tx-enclave/.gitignore

@@ -1,20 +1,5 @@
-**/target/
-**/*.rs.bk
-.vscode
-.DS_Store
-
-**/lib/libEnclave_u.*
-**/lib/libcompiler-rt-patch.a
-**/lib/libenclave.a
-**/bin/tx-validation-app
-**/bin/enclave.signed.so
-**/bin/tx-query-app
 **/enclave/Enclave_t.*
-**/enclave/enclave.so
 **/app/Enclave_u.*
-**/app/libEnclave_u.*
 
 rust-sgx-sdk/compiler-rt/libcompiler-rt-patch.a
 rust-sgx-sdk/compiler-rt/muloti4.o
-
-enclave-u-common/Cargo.lock

chain-tx-enclave/common.mk

@@ -0,0 +1,120 @@
+# Copyright (C) 2017-2019 Baidu, Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#  * Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#  * Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#  * Neither the name of Baidu, Inc., nor the names of its
+#    contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+# Modifications Copyright 2019 Foris Limited (licensed under the Apache License, Version 2.0)
+
+######## Update SGX SDK ########
+# include ../UpdateRustSGXSDK.mk
+######## SGX SDK Settings ########
+
+SGX_SDK ?= /opt/intel/sgxsdk
+SGX_MODE ?= SW
+SGX_ARCH ?= x64
+SGX_DEBUG ?= 1
+
+ifeq ($(shell getconf LONG_BIT), 32)
+	SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+	SGX_ARCH := x86
+endif
+
+ifeq ($(SGX_ARCH), x86)
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+else
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+endif
+
+CARGO_FLAGS :=
+ifeq ($(SGX_DEBUG), 1)
+	OUTPUT_PATH := debug
+else
+	OUTPUT_PATH := release
+	CARGO_FLAGS += --release
+endif
+
+ifeq ($(SGX_TEST), 1)
+	CARGO_FLAGS += --features "sgx-test"
+endif
+
+######## Enclave Files ############
+CARGO_TARGET_DIR ?= ../../target
+Enclave_Static_Lib := $(CARGO_TARGET_DIR)/$(OUTPUT_PATH)/lib$(Enclave_Name).a
+Enclave_Shared_Lib := $(CARGO_TARGET_DIR)/$(OUTPUT_PATH)/lib$(Enclave_Name).so
+Enclave_Signed_Lib := $(CARGO_TARGET_DIR)/$(OUTPUT_PATH)/$(Enclave_Name).signed.so
+
+######## Compiler Flags ########
+
+ifneq ($(SGX_MODE), HW)
+	Trts_Library_Name := sgx_trts_sim
+	Service_Library_Name := sgx_tservice_sim
+else
+	Trts_Library_Name := sgx_trts
+	Service_Library_Name := sgx_tservice
+endif
+Crypto_Library_Name := sgx_tcrypto
+KeyExchange_Library_Name := sgx_tkey_exchange
+ProtectedFs_Library_Name := sgx_tprotected_fs
+
+Compiler_RT_Lib := ../rust-sgx-sdk/compiler-rt/libcompiler-rt-patch.a
+RustEnclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -lsgx_tcxx -lsgx_tstdc -l$(Service_Library_Name) -l$(Crypto_Library_Name) \
+   	$(Compiler_RT_Lib) $(Enclave_Static_Lib) -Wl,--end-group \
+	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+	-Wl,--defsym,__ImageBase=0 \
+	-Wl,--gc-sections \
+	-Wl,--version-script=enclave/Enclave.lds
+
+.PHONY: all
+all: $(Enclave_Signed_Lib)
+
+$(Enclave_Shared_Lib): $(Enclave_Static_Lib) $(Compiler_RT_Lib)
+	@$(CXX) -o $@ $(RustEnclave_Link_Flags)
+	@echo "LINK =>  $@"
+
+$(Enclave_Signed_Lib): $(Enclave_Shared_Lib)
+	@$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $< -out $@ -config enclave/Enclave.config.xml
+	@echo "SIGN => $@"
+
+$(Enclave_Static_Lib): FORCE
+	@cd ./enclave/ && cargo build ${CARGO_FLAGS}
+	@echo "CARGO => $@"
+
+$(Compiler_RT_Lib):
+	$(MAKE) -C ../rust-sgx-sdk/compiler-rt
+
+.PHONY: clean
+clean:
+	@rm -f $(Enclave_Shared_Lib) $(Enclave_Signed_Lib)
+	$(MAKE) -C ../rust-sgx-sdk/compiler-rt clean
+
+FORCE:

chain-tx-enclave/enclave-macro/src/lib.rs

@@ -1,5 +1,5 @@
 extern crate proc_macro;
-	
+
 use proc_macro::TokenStream;
 #[proc_macro]
 pub fn get_network_id(_input: TokenStream) -> TokenStream {
@@ -10,4 +10,4 @@ pub fn get_network_id(_input: TokenStream) -> TokenStream {
 pub fn mock_key(_input: TokenStream) -> TokenStream {
     let random_bytes: [u8; 16] = rand::random();
     format!("{:?}", random_bytes).parse().unwrap()
-}
+}

chain-tx-enclave/enclave-u-common/src/enclave_u/mod.rs

@@ -31,10 +31,8 @@
 use sgx_types::*;
 use sgx_urts::SgxEnclave;
 
-static ENCLAVE_FILE: &'static str = "enclave.signed.so";
-
 /// returns the initialized enclave
-pub fn init_enclave(debug: bool) -> SgxResult<SgxEnclave> {
+pub fn init_enclave(name: &str, debug: bool) -> SgxResult<SgxEnclave> {
     // call sgx_create_enclave to initialize an enclave instance
     // Debug Support: set 2nd parameter to 1
     let debug = if debug { 1 } else { 0 };
@@ -43,11 +41,5 @@ pub fn init_enclave(debug: bool) -> SgxResult<SgxEnclave> {
         misc_select: 0,
     };
     // TODO: remove the launch token-related args when they are removed from SDK
-    SgxEnclave::create(
-        ENCLAVE_FILE,
-        debug,
-        &mut [0; 1024],
-        &mut 0,
-        &mut misc_attr,
-    )
+    SgxEnclave::create(name, debug, &mut [0; 1024], &mut 0, &mut misc_attr)
 }

chain-tx-enclave/tx-query/Dockerfile

@@ -18,8 +18,8 @@ ENV APP_PORT=25944
 
 COPY . .
 
-RUN ./chain-tx-enclave/tx-query/make.sh
+RUN ./chain-tx-enclave/tx-query/make.sh && cp ./chain-tx-enclave/tx-query/entrypoint.sh ./target/debug/
 
-WORKDIR /root/chain-tx-enclave/tx-query/bin
+WORKDIR ./target/debug
 
-CMD ["../entrypoint.sh"]
+CMD ["./entrypoint.sh"]