Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build failure on ubuntu #92

Open
jiazhang0 opened this issue Jul 30, 2022 · 2 comments
Open

Build failure on ubuntu #92

jiazhang0 opened this issue Jul 30, 2022 · 2 comments
Assignees

Comments

@jiazhang0
Copy link
Contributor

jiazhang0 commented Jul 30, 2022

docker run --name my_dev --workdir /root -it --rm --privileged --net host \
      -v $PWD/dev:/root -v /dev/sgx_enclave:/dev/sgx/enclave \
      -v /dev/sgx_provision:/dev/sgx/provision \
      -v /var/run/aesmd:/var/run/aesmd ubuntu:18.04 bash
apt-get update
apt-get install -y wget gnupg2 vim curl git build-essential \
  autoconf bison gawk nasm protobuf-c-compiler protobuf-compiler \
  pkg-config cmake libcurl4-openssl-dev libprotobuf-c-dev libssl-dev
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' | tee /etc/apt/sources.list.d/intel-sgx.list
curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -
apt-get update
apt-get install -y libsgx-dcap-quote-verify-dev libsgx-dcap-ql-dev
wget https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.17.100.3.bin
chmod +x sgx_linux_x64_sdk_2.17.100.3.bin
git clone https://github.com/inclavare-containers/rats-tls.git
cd rats-tls
cmake -DRATS_TLS_BUILD_MODE="sgx" -DBUILD_SAMPLES=on -H. -Bbuild
make

The failure is:

/root/rats-tls/src/include/rats-tls/api.h:14:10: fatal error: openssl/opensslv.h: No such file or directory
 #include <openssl/opensslv.h>

The root cause is:


[  4%] Performing build step for 'intel-sgx-ssl'
make[4]: Entering directory '/root/rats-tls/src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux'
Please follow the instruction at https://github.com/intel/linux-sgx/blob/master/README.md#build-the-intelr-sgx-sdk-and-intelr-sgx-psw-package to install "mitigation tools" first.
Makefile:41: recipe for target 'sgxssl' failed
make[4]: *** [sgxssl] Error 1
make[4]: Leaving directory '/root/rats-tls/src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux'
[  5%] Performing install step for 'intel-sgx-ssl'
install: cannot stat '/root/rats-tls/src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/lib64/libsgx_usgxssl.a': No such file or directory
install: cannot stat '/root/rats-tls/src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl.a': No such file or directory
install: cannot stat '/root/rats-tls/src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a': No such file or directory
install: cannot stat '/root/rats-tls/src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_ssl.a': No such file or directory
/root/rats-tls/src/external/sgx-ssl

The default gcc is old and does not support gcc -Wa,-mlfence-after-load=yes

@jiazhang0
Copy link
Contributor Author

Workaround:

vim /root/rats-tls/src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/Makefile

Change all: sgxssl to all: sgxssl_no_mitigation

@imlk0
Copy link
Collaborator

imlk0 commented Aug 8, 2022

It seems that the root error is covered by execute_process() at

set(_make_cmake "${SGX_SSL_PATCH_DIR}/make.cmake")
file(WRITE "${_make_cmake}"
"execute_process(COMMAND sh ${_make_script} WORKING_DIRECTORY ${SGX_SSL_PATCH_DIR})"
)

execute_process() will not throw out the failure of the command, we need to check RESULT_VARIABLE manually, so it can fail earlier.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants