feat(cmd/rofl): Add TDX container build support

oasisprotocol · Dec 12, 2024 · d7d3aac · d7d3aac
1 parent e2942ed
commit d7d3aac
Show file tree

Hide file tree

Showing 3 changed files with 328 additions and 102 deletions.
diff --git a/cmd/rofl/build/artifacts.go b/cmd/rofl/build/artifacts.go
@@ -38,8 +38,10 @@ func maybeDownloadArtifact(kind, uri, knownHash string) string {
 		cobra.CheckErr(fmt.Errorf("failed to parse %s artifact URL: %w", kind, err))
 	}
 
-	// In case the URI represents a local file, just return it.
+	// In case the URI represents a local file, check that it exists and return it.
 	if url.Host == "" {
+		_, err = os.Stat(url.Path)
+		cobra.CheckErr(err)
 		return url.Path
 	}
 
@@ -192,6 +194,11 @@ FILES:
 
 // copyFile copies the file at path src to a file at path dst using the given mode.
 func copyFile(src, dst string, mode os.FileMode) error {
+	err := os.MkdirAll(filepath.Dir(dst), 0o755)
+	if err != nil {
+		return fmt.Errorf("failed to create destination directory for '%s': %w", dst, err)
+	}
+
 	sf, err := os.Open(src)
 	if err != nil {
 		return fmt.Errorf("failed to open '%s': %w", src, err)

diff --git a/cmd/rofl/build/container.go b/cmd/rofl/build/container.go
@@ -0,0 +1,114 @@
+package build
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+	flag "github.com/spf13/pflag"
+
+	"github.com/oasisprotocol/oasis-core/go/common/version"
+	"github.com/oasisprotocol/oasis-core/go/runtime/bundle"
+
+	"github.com/oasisprotocol/cli/cmd/common"
+	cliConfig "github.com/oasisprotocol/cli/config"
+)
+
+const (
+	artifactContainerRuntime = "rofl-container runtime"
+	artifactContainerCompose = "docker-compose.yaml"
+
+	defaultContainerStage2TemplateURI = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.0/stage2-podman.tar.bz2"
+
+	defaultContainerRuntimeURI = "https://github.com/oasisprotocol/oasis-sdk/releases/download/rofl-containers/v0.1.0/runtime"
+)
+
+var (
+	tdxContainerRuntimeURI  string
+	tdxContainerRuntimeHash string
+	tdxContainerComposeURI  string
+	tdxContainerComposeHash string
+
+	tdxContainerCmd = &cobra.Command{
+		Use:   "container",
+		Short: "Build a container-based TDX ROFL application",
+		Args:  cobra.NoArgs,
+		Run: func(_ *cobra.Command, _ []string) {
+			cfg := cliConfig.Global()
+			npa := common.GetNPASelection(cfg)
+
+			if npa.ParaTime == nil {
+				cobra.CheckErr("no ParaTime selected")
+			}
+
+			wantedArtifacts := tdxGetDefaultArtifacts()
+			wantedArtifacts = append(wantedArtifacts,
+				&artifact{
+					kind:      artifactContainerRuntime,
+					uri:       tdxContainerRuntimeURI,
+					knownHash: tdxContainerRuntimeHash,
+				},
+				&artifact{
+					kind:      artifactContainerCompose,
+					uri:       tdxContainerComposeURI,
+					knownHash: tdxContainerComposeHash,
+				},
+			)
+			artifacts := tdxFetchArtifacts(wantedArtifacts)
+
+			fmt.Println("Building a container-based TDX ROFL application...")
+
+			detectBuildMode(npa)
+
+			// Start creating the bundle early so we can fail before building anything.
+			bnd := &bundle.Bundle{
+				Manifest: &bundle.Manifest{
+					Name: "my-container-app",
+					ID:   npa.ParaTime.Namespace(),
+				},
+			}
+			var err error
+			bnd.Manifest.Version, err = version.FromString("0.0.0")
+			if err != nil {
+				cobra.CheckErr(fmt.Errorf("unsupported package version format: %w", err))
+			}
+
+			fmt.Printf("Name:    %s\n", bnd.Manifest.Name)
+			fmt.Printf("Version: %s\n", bnd.Manifest.Version)
+
+			// Use the pre-built container runtime.
+			initPath := artifacts[artifactContainerRuntime]
+
+			stage2, err := tdxPrepareStage2(artifacts, initPath, map[string]string{
+				artifacts[artifactContainerCompose]: "etc/oasis/containers/docker-compose.yaml",
+			})
+			if err != nil {
+				cobra.CheckErr(err)
+			}
+			defer os.RemoveAll(stage2.tmpDir)
+
+			fmt.Println("Creating ORC bundle...")
+
+			// TODO: Get consensus trust root and add it as ROFL_CONSENSUS_TRUST_ROOT to cmdline.
+			// TODO: Get ROFL app id and add it as ROFL_APP_ID to cmdline.
+
+			outFn, err := tdxBundleComponent(artifacts, bnd, stage2)
+			if err != nil {
+				_ = os.RemoveAll(stage2.tmpDir)
+				cobra.CheckErr(err)
+			}
+
+			fmt.Printf("ROFL app built and bundle written to '%s'.\n", outFn)
+		},
+	}
+)
+
+func init() {
+	tdxContainerFlags := flag.NewFlagSet("", flag.ContinueOnError)
+	tdxContainerFlags.StringVar(&tdxContainerRuntimeURI, "runtime", defaultContainerRuntimeURI, "URL or path to runtime binary")
+	tdxContainerFlags.StringVar(&tdxContainerRuntimeHash, "runtime-hash", "", "optional SHA256 hash of runtime binary")
+	tdxContainerFlags.StringVar(&tdxContainerComposeURI, "compose", "docker-compose.yaml", "URL or path to docker-compose.yaml")
+	tdxContainerFlags.StringVar(&tdxContainerComposeHash, "compose-hash", "", "optional SHA256 hash of docker-compose.yaml")
+
+	tdxContainerCmd.Flags().AddFlagSet(tdxContainerFlags)
+}