diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000000..b5d0863fef --- /dev/null +++ b/Dockerfile @@ -0,0 +1,69 @@ +# Using Ubuntu 18.04 image +FROM ubuntu:18.04 + +USER root + +# Copy the current directory contents into the container +RUN mkdir -p /mc2/opaque-sql +COPY . /mc2/opaque-sql + +# Install wget +RUN apt-get update +RUN apt-get install -y wget sudo gnupg2 git +RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo + +# Install CMake +RUN cd /mc2 && \ + wget https://github.com/Kitware/CMake/releases/download/v3.15.6/cmake-3.15.6-Linux-x86_64.sh && \ + sudo bash cmake-3.15.6-Linux-x86_64.sh --skip-license --prefix=/usr/local + +# Configure Intel and Microsoft APT repos +RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list && \ + wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add - && \ + echo "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-7 main" | sudo tee /etc/apt/sources.list.d/llvm-toolchain-bionic-7.list && \ + wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - && \ + echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/18.04/prod bionic main" | sudo tee /etc/apt/sources.list.d/msprod.list && \ + wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - && \ + sudo apt update + +# Install Intel and Open Enclave packages and dependencies +RUN sudo apt -y install clang-8 libssl-dev gdb libsgx-enclave-common libsgx-quote-ex libprotobuf10 libsgx-dcap-ql libsgx-dcap-ql-dev az-dcap-client open-enclave=0.12.0 + +# Install SBT dependencies +RUN sudo apt -y install build-essential openjdk-8-jdk python libssl-dev libmbedtls-dev + +# Install Spark 3.1.1 +RUN wget https://downloads.apache.org/spark/spark-3.1.1/spark-3.1.1-bin-hadoop2.7.tgz && \ + tar xvf spark-3.1.1* && \ + sudo mkdir -p /opt/spark && \ + sudo mv spark-3.1.1*/* /opt/spark && \ + rm -rf spark-3.1.1* && \ + sudo mkdir -p /opt/spark/work && \ + sudo chmod -R a+wx /opt/spark/work + +# Set Spark environment variables in bashrc +RUN echo "" >> ~/.bashrc && \ + echo "# Spark settings" >> ~/.bashrc && \ + echo "export SPARK_HOME=/opt/spark" >> ~/.bashrc && \ + echo "export PATH=$PATH:/opt/spark/bin:/opt/spark/sbin" >> ~/.bashrc && \ + echo "" >> ~/.bashrc + +# Source Open Enclave on every login +RUN echo "source /opt/openenclave/share/openenclave/openenclaverc" >> ~/.bashrc + +# Set environment variables +ENV OPAQUE_HOME="/mc2/opaque-sql" +ENV OPAQUE_DATA_DIR=${OPAQUE_HOME}/data/ +ENV SPARK_SCALA_VERSION=2.12 +ENV SYMMETRIC_KEY_PATH=${OPAQUE_HOME}/symmetric_key.key +ENV PRIVATE_KEY_PATH=${OPAQUE_HOME}/private_key.pem +ENV MODE=SIMULATE +ENV OE_SDK_PATH=/opt/openenclave/ + +# Build Opaque SQL +SHELL ["/bin/bash", "-c"] +RUN cd /mc2/opaque-sql && source /opt/openenclave/share/openenclave/openenclaverc && build/sbt keys +RUN cd /mc2/opaque-sql && source /opt/openenclave/share/openenclave/openenclaverc && build/sbt package + +# Set the working directory to the Opaque SQL directory +WORKDIR /mc2/opaque-sql diff --git a/README.md b/README.md index c44929dd4b..18ffbe166d 100644 --- a/README.md +++ b/README.md @@ -7,23 +7,17 @@ Welcome to the landing page of Opaque SQL! Opaque SQL is a package for Apache Spark SQL that enables processing over encrypted DataFrames using the OpenEnclave framework. ### Quick start -To quickly get started with Opaque SQL, you can download our Docker image (also includes other open source projects in the MC2 project). +To quickly get started with Opaque SQL, you can build a Docker container from the provided [Dockerfile](Dockerfile). To do so, you must have [Docker](https://docs.docker.com/get-docker/) installed. We recommend giving Docker at least 2 CPUs, 6 GB of memory, and 2 GB of swap space (instructions for [Mac](https://docs.docker.com/docker-for-mac/#resources), [Windows](https://docs.docker.com/docker-for-windows/#resources)). The entire Docker build process should take about 5 minutes. ```sh -docker pull mc2project/mc2 -docker run -it -p 22:22 -p 50051-50055:50051-50055 -w /root mc2project/mc2 -``` - -Change into the Opaque directory and export the Opaque and OpenEnclave environment variables. +# In the project root directory, build a Docker image `opaquesql_img` from the Dockerfile +docker build -t opaquesql_img . -```sh -cd opaque -source opaqueenv -source /opt/openenclave/share/openenclave/openenclaverc -export MODE=SIMULATE +# Run a container with Opaque SQL pre-installed +docker run -it opaquesql_img /bin/bash ``` -You are now ready to run your first Opaque SQL query! First, start a Scala shell: +This will start a container with Opaque SQL pre-installed and built in simulation mode. You are now ready to run your first Opaque SQL query! First, start a Scala shell: ```sh build/sbt console diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index 3bde628672..0000000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -FROM ubuntu:xenial - -RUN apt-get update && \ - apt-get install -y git wget build-essential openjdk-8-jdk-headless python cmake libssl-dev && \ - rm -rf /var/lib/apt/lists/* - -RUN wget -O sgx_installer.bin https://download.01.org/intel-sgx/linux-2.3.1/ubuntu16.04/sgx_linux_x64_sdk_2.3.101.46683.bin && \ - chmod +x ./sgx_installer.bin && \ - echo $'no\n/usr/local' | ./sgx_installer.bin && \ - rm ./sgx_installer.bin - -ENV SGX_SDK="/usr/local/sgxsdk" -ENV PATH="${PATH}:$SGX_SDK/bin:$SGX_SDK/bin/x64" -ENV PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:$SGX_SDK/pkgconfig" -# Setting LD_LIBRARY_PATH seems not to work, so we instead just link each -# library into /usr/lib and run ldconfig. See -# https://stackoverflow.com/questions/51670836/saving-dockerfile-env-variables-for-future-use -RUN find $SGX_SDK/sdk_libs -name '*.so' -exec ln -s {} /usr/lib/ \; && ldconfig -# ENV LD_LIBRARY_PATH="${SGX_SDK}/sdk_libs" - -RUN useradd -ms /bin/bash opaque -USER opaque -WORKDIR /home/opaque - -RUN openssl ecparam -name prime256v1 -genkey -noout -out private_key.pem - -RUN git clone https://github.com/ucbrise/opaque.git -WORKDIR /home/opaque/opaque - -ENV OPAQUE_DATA_DIR="/home/opaque/opaque/data" -ENV PRIVATE_KEY_PATH="/home/opaque/private_key.pem" - -RUN build/sbt test:compile diff --git a/docker/README.md b/docker/README.md deleted file mode 100644 index 9a7072840b..0000000000 --- a/docker/README.md +++ /dev/null @@ -1,20 +0,0 @@ -Docker configuration for testing and development of Opaque. - -To run the Opaque tests, use: - -```shell -docker run -it -m 4g -w /home/opaque/opaque ankurdave/opaque build/sbt test -``` - -To launch an interactive console with Opaque, use: - -```shell -docker run -it -m 4g -w /home/opaque/opaque ankurdave/opaque build/sbt console -``` - -For development, mount your local Opaque source directory and launch continuously-running tests against it: - -```shell -docker run -it -m 4g -v $OPAQUE_HOME:/home/opaque/opaque -w /home/opaque/opaque \ - ankurdave/opaque build/sbt ~test -```