Replace the reproducible script and README with 2.10 reproducible branch. (#618)

Signed-off-by: Zhang Lili Z <[email protected]>

Author: lzha101

linux/reproducibility/README.md

@@ -31,27 +31,21 @@ In order to reproduce the enclave build, there are three requirements:1. stable
     ```
     $ ./build_and_launch_docker.sh
     ```
-    c) Below command triggers the reproducible build for 'ae' using a specified reproducible SGX SDK installer and code repo. Of course, you need to prepare the SGX SDK installer and SGX source repo beforehand.
-    ```
-    $ ./build_and_launch_docker.sh --reproduce-type ae --code-dir ~/code_dir --sdk-installer {prepared_sdk_installer} --sgx-src-dir {prepared_sgx_src}
-    ```
 
 
 **Note**:
 To reproduce QVE, you need to apply below patch to the [build_and_launch_docker.sh](./build_and_launch_docker.sh) before start the reproducible build with the script.
 ```
 diff --git a/linux/reproducibility/build_and_launch_docker.sh b/linux/reproducibility/build_and_launch_docker.sh
-index b85eda85..f8bc6812 100755
+index c43c76af..bb49b48b 100755
 --- a/linux/reproducibility/build_and_launch_docker.sh
 +++ b/linux/reproducibility/build_and_launch_docker.sh
-@@ -188,6 +188,7 @@ prepare_sgx_src()
+@@ -136,6 +136,7 @@ prepare_dcap_src()
+         exit -1
      fi
-
-     cd "$sgx_repo" && make preparation
-+    mkdir dcap-trunk/ && mv external/dcap_source/ dcap-trunk/  && ln -sfr dcap-trunk/dcap_source external/dcap_source
-     popd
-
- }
+     cd ${sgx_repo} && make dcap_source && cd -
++    cd $sgx_repo && mkdir dcap-trunk/ && mv external/dcap_source/ dcap-trunk/  && ln -sfr dcap-trunk/dcap_source external/dcap_source && cd -
+     $sgx_repo/external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild
+ } 
 ```
-
-
+    

linux/reproducibility/build_and_launch_docker.sh

@@ -34,7 +34,7 @@
 # in the docker container.
 #
 # Usage:
-#     ./build_and_launch_docker.sh [ [ -d | --code-dir dir ] [ -t | --reproduce-type type ] | [ -i | --sdk-installer installer ] | [ -s | --sgx-src-dir src_dir ] [ -h | --help ] ]
+#     ./build_and_launch_docker.sh [ [ -d | --code-dir dir ] [ -t | --reproduce-type type ] | [ -h | --help ] ]
 #
 # Options:
 #     -d, --code-dir:
@@ -48,19 +48,8 @@
 #         If no type is provided, all the code will be prepared. And the build steps will
 #         be triggered in the container. Then you can choose to build what you want in the container.
 #
-#    -i, --sdk-installer:
-#         Specify the SDK installer used for AE reproducibility. If this option is not specified,
-#         script will download the default SDK installer.
-#
-#    -s, --sgx-src-dir:
-#         Specify the local sgx source path if you have pulled the sgx source code via `$git clone`
-#         or by other ways.
-#         If this option is specified, script will not clone sgx source but start the build based on
-#         the code base specified by this option.
-#
 #     -h, --help:
-#         Show this usage message.
-#
+#         Show this usage message.#
 #
 
 set -e
@@ -73,41 +62,23 @@ type="all"
 type_flag=0
 mount_dir="/linux-sgx"
 
-sdk_installer=""
-sgx_src=""
-
-default_sdk_installer=sgx_linux_x64_sdk_reproducible_2.11.100.1.bin
-default_sdk_installer_url=https://download.01.org/intel-sgx/sgx-linux/2.11/distro/nix_reproducibility/$default_sdk_installer
-
-
 usage()
 {
     echo "
     The script is to automatically prepare the reproducible code, build docker image and launch the build
     in the docker container.
-
     Usage:
-        $0 [ [ -d | --code-dir dir ] [ -t | --reproduce-type type ] | [ -i | --sdk-installer installer ] | [ -s | --sgx-src-dir src_dir ] [ -h | --help ] ]
-
+        $0 [ [ -d | --code-dir dir ] [ -t | --reproduce-type type ] | [ -h | --help ] ]
     Options:
         -d, --code-dir:
-            Specify the directory you want to prepare the code and share to the reproducible container.
-            If this option is not specified, will use the same directory as the script location.
+            Specify the directory you want to download the repo. If this option is
+            not specified, will use the same directory as the script location.
         -t, --reproduce-type:
             Specify the reproducibility type. Provided options: all|sdk|ae|ipp|binutils.
             If one type is provided, the corresponding code will be prepared. And the correponding
             build steps will also be executed in the container automatically.
             If no type is provided, all the code will be prepared. And the build steps will not
             be triggered in the container. Then you can choose to build what you want in the container.
-        -i, --sdk-installer:
-            Specify the SDK installer used for AE reproducibility.
-            If this option is not provided, script will choose the default SDK installer to build AEs.
-            Only valid when the reproduce type is 'ae'.
-        -s, --sgx-src-dir:
-            Specify the local sgx source path if you have pulled the sgx source code via \`\$git clone\`
-            or by other ways.
-            If this option is specified, script will not clone sgx source but start the build based on
-            the code base specified by this option.
         -h, --help:
             Show this usage message."
 }
@@ -131,35 +102,12 @@ parse_cmd()
                 usage
                 exit
                 ;;
-             -i | --sdk-installer ) shift
-                sdk_installer="$1"
-                if [ ! -f "$sdk_installer" ]; then
-                    echo "The $sdk_installer doesn't exist."
-                    usage
-                    exit 1
-                fi
-                sdk_installer="$(realpath $sdk_installer)"
-                ;;
-            -s | --sgx-src-dir) shift
-                sgx_src="$1"
-                if [ ! -d "$sgx_src" ]; then
-                    echo "The $sgx_src doesn't exist."
-                    usage
-                    exit 1
-                fi
-                sgx_src="$(realpath $sgx_src)"
-                ;;
             * )
                 usage
                 exit 1
         esac
         shift
     done
-    if [ "$type" != "ae" ] && [ $type_flag == 1 ] && [ "$sdk_installer" != "" ]; then
-        echo -e "\n   ERROR: Option '--sdk-installer' is valid only if '--reproduce-type' is 'ae'."
-        usage
-        exit 1
-    fi
     mkdir -p "$code_dir" | exit
     code_dir="$(realpath $code_dir)"
     sgx_repo="$code_dir/sgx"
@@ -168,29 +116,44 @@ parse_cmd()
 
 prepare_sgx_src()
 {
-    pushd .
     if [ -d $sgx_repo ]; then
         echo "Removing existing SGX code repo in $sgx_repo"
         rm -rf $sgx_repo
     fi
 
-    # If user prepares the sgx code repo in the host machine, copy the code to $sgx_repo
-    # Otherwise, pull the sgx source code.
-    if [ "$sgx_src" != "" ]; then
-        mkdir -p "$sgx_repo" && cp -a "$sgx_src/." "$sgx_repo"
-    else
-        git clone -b sgx_2.11_reproducible https://github.com/intel/linux-sgx.git $sgx_repo
-    fi
+    git clone -b sgx_2.10_reproducible https://github.com/intel/linux-sgx.git $sgx_repo
+    cd $sgx_repo && ./download_prebuilt.sh && cd -
+}
 
-    cd "$sgx_repo" && make preparation
-    popd
+prepare_dcap_src()
+{
+    if [ ! -f $sgx_repo/Makefile ]; then
+        echo "Please download the source repo firstly."
+        exit -1
+    fi
+    cd ${sgx_repo} && make dcap_source && cd -
+    $sgx_repo/external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild
+}
 
+prepare_openmp_src()
+{
+    openmp_dir="$sgx_repo/external/openmp/"
+    if [ ! -d $openmp_dir/openmp_code/final ]; then
+        cd $openmp_dir && git submodule update -f --init --recursive -- openmp_code && cd -
+    fi
+    if [ ! -f $openmp_dir/openmp_code/final/runtime/src/sgx_stub.h ]; then
+        cd $openmp_dir/openmp_code && git apply ../0001-Enable-OpenMP-in-SGX.patch && cd -
+    fi
 }
 
 prepare_ipp_src()
 {
     pushd .
     ipp_dir="$sgx_repo/external/ippcp_internal"
+    if [ -z "$(ls -A $ipp_dir/ipp-crypto)" ]; then
+        cd $ipp_dir && git submodule update -f --init --recursive -- ipp-crypto
+    fi
+
     patch_log="$( cd $ipp_dir/ipp-crypto && git log --oneline --grep='Add mitigation support to assembly code' | cut -d' ' -f 3)"
 
     if [  "$patch_log" != "mitigation" ]; then
@@ -215,25 +178,19 @@ prepare_binutils_src()
 prepare_sdk_installer()
 {
     # Used for 'ae' type repreducibility.
-    # If user prepares the sdk installer, we copy it to the right place
-    # Otherwise, we download one from 01.org
-    if [ "$sdk_installer" != "" ]; then
-        chmod +x "$sdk_installer" && cp "$sdk_installer" "$code_dir"
-    else
-        cd $code_dir && wget $default_sdk_installer_url && chmod +x $default_sdk_installer && cd -
-    fi
+    sdk_installer=sgx_linux_x64_sdk_reproducible_2.10.100.1.bin
+    sdk_url=https://download.01.org/intel-sgx/sgx-linux/2.10/distro/nix_reproducibility/$sdk_installer
+    cd $code_dir && wget $sdk_url && chmod +x $sdk_installer && cd -
 }
 
 generate_cmd_script()
 {
-    rm -f $code_dir/cmd.sh
+    rm -rf $code_dir/cmd.sh
 
     cat > $code_dir/cmd.sh << EOF
 #!/usr/bin/env bash
-
 . ~/.bash_profile
 nix-shell ~/shell.nix --run "$mount_dir/start_build.sh $type"
-
 EOF
 
     chmod +x $code_dir/cmd.sh
@@ -251,13 +208,18 @@ case $type in
     "all")
         prepare_binutils_src
         prepare_sgx_src
+        prepare_dcap_src
+        prepare_openmp_src
         prepare_ipp_src
         ;;
     "sdk")
         prepare_sgx_src
+        prepare_dcap_src
+        prepare_openmp_src
         ;;
     "ae")
         prepare_sgx_src
+        prepare_dcap_src
         prepare_sdk_installer
         ;;
     "ipp")
@@ -289,5 +251,3 @@ else
     docker run -v $code_dir:$mount_dir -it --network none --rm sgx.build.env /bin/bash -c $mount_dir/cmd.sh
 fi
 
-
-