Dockerfile-sgx

# Build Chainlink with SGX
FROM smartcontract/builder:1.0.15 as builder

# Have to reintroduce ENV vars from builder image
ENV PATH /root/.cargo/bin:/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/sgxsdk/bin:/opt/sgxsdk/bin/x64
ENV LD_LIBRARY_PATH /opt/sgxsdk/sdk_libs
ENV SGX_SDK /opt/sgxsdk

ARG COMMIT_SHA
ARG ENVIRONMENT
ENV SGX_ENABLED yes
ARG SGX_SIMULATION

WORKDIR /go/src/github.com/smartcontractkit/chainlink
ADD . ./
RUN make install

# Final layer: ubuntu with aesm and chainlink binaries (executable + enclave)
FROM ubuntu:18.04

# Install AESM
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && \
  apt-get install -y \
    ca-certificates \
    curl \
    kmod \
    libcurl4-openssl-dev \
    libprotobuf-c0-dev \
    libprotobuf-dev \
    libssl-dev \
    libssl1.0.0 \
    libxml2-dev

RUN /usr/sbin/useradd aesmd 2>/dev/null

RUN mkdir -p /var/opt/aesmd && chown aesmd.aesmd /var/opt/aesmd
RUN mkdir -p /var/run/aesmd && chown aesmd.aesmd /var/run/aesmd

COPY --from=builder /opt/sgxsdk/lib64/libsgx*.so /usr/lib/
COPY --from=builder /opt/intel/ /opt/intel/

# Copy chainlink enclave+stub from build image
ARG ENVIRONMENT
COPY --from=builder /go/bin/chainlink /usr/local/bin/
COPY --from=builder \
  /go/src/github.com/smartcontractkit/chainlink/sgx/target/$ENVIRONMENT/libadapters.so \
  /usr/lib/
COPY --from=builder \
  /go/src/github.com/smartcontractkit/chainlink/sgx/target/$ENVIRONMENT/enclave.signed.so \
  /root/

# Launch chainlink via a small script that watches AESM + Chainlink
ARG SGX_SIMULATION
ENV SGX_SIMULATION $SGX_SIMULATION
WORKDIR /root
COPY ./chainlink-launcher-sgx.sh /root
RUN chmod +x ./chainlink-launcher-sgx.sh

EXPOSE 6688
ENTRYPOINT ["./chainlink-launcher-sgx.sh"]
CMD ["node"]