Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Opensource pcs and dcap_artifact_retrieval #619

Merged
merged 4 commits into from
Sep 16, 2024
Merged

Opensource pcs and dcap_artifact_retrieval #619

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b2fa24d
dcap-artifact-retrieval tool
raoulstrackx Sep 11, 2024
97ee9b2
fix chrono issue
raoulstrackx Sep 12, 2024
6192cba
Fix dcap-artifact-retrieval CI issues
raoulstrackx Sep 12, 2024
8de59c2
- fixed http links
nshyrei Sep 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ jobs:
name: Build+Test
runs-on: ubuntu-20.04

env:
PCS_API_KEY: ${{ secrets.PCS_API_KEY }}

steps:
- uses: actions/checkout@v4

Expand Down Expand Up @@ -53,6 +56,9 @@ jobs:
- name: cargo test -p async-usercalls --target x86_64-fortanix-unknown-sgx --no-run
run: cargo +nightly test --verbose --locked -p async-usercalls --target x86_64-fortanix-unknown-sgx --no-run

- name: Nightly test -p dcap-artifact-retrieval --target x86_64-fortanix-unknown-sgx --no-default-features --no-run
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If dcap-artifact-retrieval or pcs crates are only test-able on nightly or they need special features to be compiled and run correctly, you need to disable them in test Cargo test --all --exclude sgxs-loaders at line 51.

Copy link
Contributor

@nshyrei nshyrei Jul 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand what has to be changed on line 51. Running the line gives me the following compilation error in 3rd party crate:

error: field must have #[serde(default)] because previous field 2 has #[serde(default)]
   --> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-nitro-enclaves-cose-0.1.0/src/sign.rs:129:5
    |
129 |     ByteBuf,
    |     ^^^^^^^

error: field must have #[serde(default)] because previous field 2 has #[serde(default)]
   --> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-nitro-enclaves-cose-0.1.0/src/sign.rs:131:5
    |
131 |     ByteBuf,
    |     ^^^^^^^

error[E0277]: the trait bound `SigStructure: sign::_::_serde::Serialize` is not satisfied
   --> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-nitro-enclaves-cose-0.1.0/src/sign.rs:167:28
    |
167 |         serde_cbor::to_vec(self)
    |         ------------------ ^^^^ the trait `sign::_::_serde::Serialize` is not implemented for `SigStructure`
    |         |
    |         required by a bound introduced by this call
    |
    = help: the following other types implement trait `sign::_::_serde::Serialize`:
              &'a T
              &'a mut T
              ()
              (T0, T1)
              (T0, T1, T2)
              (T0, T1, T2, T3)
              (T0, T1, T2, T3, T4)
              (T0, T1, T2, T3, T4, T5)
            and 136 others
note: required by a bound in `to_vec`
   --> /home/nikitashyrei/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde_cbor-0.11.2/src/ser.rs:22:8
    |
20  | pub fn to_vec<T>(value: &T) -> Result<Vec<u8>>
    |        ------ required by a bound in this function
21  | where
22  |     T: ser::Serialize,
    |        ^^^^^^^^^^^^^^ required by this bound in `to_vec`

For more information about this error, try `rustc --explain E0277`.
error: could not compile `aws-nitro-enclaves-cose` (lib) due to 3 previous errors

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you try just cargo test the pcs and dcap-artifact-retrieval locally?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this maybe a dependency issue.
Some old crates have version upgraded when adding new dependencies, the new versions are not compatible with some code or some other dependency.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed the Cargo.lock there are now two version of serde. This maybe the reason

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Taowyoo Can you give me a link to a discrepancy you you think is the culprit here? I don't understand what the issue is.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, pcs and dcap-artifact-retrieval works locally. But new dependencies they introduced breaks the other crates in this workspace.

The error msg above means that the type definition of SigStructure in aws-nitro-enclaves-cose-0.1.0 is not compatible with newer serde.

There are some complex dependency issues here.

  • We have a lot of old dependencies which may be not compatible with even latest stable.
  • Those old dependencies may also be not compatible with new dependencies needed by pcs and dcap-artifact-retrieval.
  • One main reason is we have some patch/fork of some core crates: serde libc.

Copy link
Collaborator

@Taowyoo Taowyoo Aug 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to fix them by change version of some crates, but failed.
So I would suggest to put pcs and dcap-artifact-retrieval to separate GitHub repo instead.
There are too much tech debts about dependency in this repo.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the CI of new repo.
You could use https://github.com/fortanix/rustls-mbedtls-provider/ as example.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Splitting the repos is a question to @raoulstrackx , I am not sure that this is an intended way to do it. @Taowyoo

run: cargo +nightly test --verbose --locked -p dcap-artifact-retrieval --target x86_64-fortanix-unknown-sgx --no-default-features --no-run

- name: Cargo test -p dcap-ql --features link
run: cargo test --verbose --locked -p dcap-ql --features link

Expand All @@ -76,6 +82,12 @@ jobs:
- name: Nightly test -p sgx-isa --features sgxstd --target x86_64-fortanix-unknown-sgx --no-run
run: cargo +nightly test --verbose --locked -p sgx-isa --features sgxstd --target x86_64-fortanix-unknown-sgx --no-run

- name: Nightly test -p pcs --target x86_64-fortanix-unknown-sgx
run: cargo +nightly test --verbose --locked -p pcs --target x86_64-fortanix-unknown-sgx --no-run

- name: Nightly test -p pcs --features verify
run: cargo +nightly test --verbose --locked -p pcs --features verify

# Unfortunately running `faketime '2021-09-10 11:00:00 GMT' cargo test -p nitro-attestation-verify` causes a segmentation
# fault while compiling. We only execute `faketime` during the tests
#- run: cargo test --locked -p nitro-attestation-verify --no-run && faketime '2021-09-08 11:00:00 GMT' cargo test --locked -p nitro-attestation-verify --lib
Expand Down
Loading