diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index d961435ce7..714f64fe10 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -177,6 +177,8 @@ jobs: WORKER_IMAGE_TAG: integritee-worker:dev CLIENT_IMAGE_TAG: integritee-cli:dev COINMARKETCAP_KEY: ${{ secrets.COINMARKETCAP_KEY }} + IAS_EPID_SPID: ${{ secrets.IAS_SPID }} + IAS_EPID_KEY: ${{ secrets.IAS_PRIMARY_KEY }} TEERACLE_INTERVAL_SECONDS: 10 strategy: diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs index eed94ec250..5ebe7aab31 100644 --- a/core-primitives/attestation-handler/src/attestation_handler.rs +++ b/core-primitives/attestation-handler/src/attestation_handler.rs @@ -54,7 +54,7 @@ use sgx_types::{ use sp_core::Pair; use std::{ borrow::ToOwned, - format, + env, format, io::{Read, Write}, net::TcpStream, prelude::v1::*, @@ -629,8 +629,9 @@ where } fn load_spid(filename: &str) -> SgxResult { - match io::read_to_string(filename).map(|contents| decode_spid(&contents)) { - Ok(r) => r, + // Check if set as enviromental variable + match env::var("IAS_EPID_SPID").or_else(|_| io::read_to_string(filename)) { + Ok(spid) => decode_spid(&spid), Err(e) => { error!("Failed to load SPID: {:?}", e); Err(sgx_status_t::SGX_ERROR_UNEXPECTED) @@ -639,7 +640,9 @@ where } fn get_ias_api_key() -> EnclaveResult { - io::read_to_string(RA_API_KEY_FILE) + // Check if set as enviromental variable + env::var("IAS_EPID_KEY") + .or_else(|_| io::read_to_string(RA_API_KEY_FILE)) .map(|key| key.trim_end().to_owned()) .map_err(|e| EnclaveError::Other(e.into())) } diff --git a/docker/demo-teeracle-generic.yml b/docker/demo-teeracle-generic.yml index 43a65d8411..bb642eeabb 100644 --- a/docker/demo-teeracle-generic.yml +++ b/docker/demo-teeracle-generic.yml @@ -2,6 +2,8 @@ # # The demo is parameterized with the interval that the teeracle uses to query its sources. # Set the `TEERACLE_INTERVAL_SECONDS` variable when invoking, e.g. `TEERACLE_INTERVAL_SECONDS=4 docker compose -f docker-compose.yml -f demo-teeracle-generic.yml up --exit-code-from demo-teeracle-generic` +# Set the `ADDITIONAL_RUNTIME_FLAGS` variable to for additional flags. +# To skip remote attestation: `export ADDITIONAL_RUNTIME_FLAG="--skip-ra"` services: integritee-teeracle-worker-${VERSION}: image: integritee-worker:${VERSION:-dev} @@ -30,7 +32,7 @@ services: entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --skip-ra --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" + run --dev ${ADDITIONAL_RUNTIME_FLAGS} --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" restart: always demo-teeracle-generic: image: integritee-cli:${VERSION:-dev} @@ -61,4 +63,4 @@ services: restart: "no" networks: integritee-test-network: - driver: bridge \ No newline at end of file + driver: bridge diff --git a/docker/demo-teeracle.yml b/docker/demo-teeracle.yml index 580281c483..0bba221469 100644 --- a/docker/demo-teeracle.yml +++ b/docker/demo-teeracle.yml @@ -4,7 +4,8 @@ # Set the `TEERACLE_INTERVAL_SECONDS` variable when invoking, e.g. `TEERACLE_INTERVAL_SECONDS=4 docker compose -f docker-compose.yml -f demo-teeracle.yml up --exit-code-from demo-teeracle` # This setup requires an API key for CoinMarketCap # Add the API key to the environment variable `COINMARKETCAP_KEY`, with `export COINMARKETCAP_KEY=` -services: +# Set the `ADDITIONAL_RUNTIME_FLAGS` variable to for additional flags. +# To skip remote attestation: `export ADDITIONAL_RUNTIME_FLAG="--skip-ra"` integritee-teeracle-worker-${VERSION}: image: integritee-worker:${VERSION:-dev} hostname: integritee-teeracle-worker @@ -33,7 +34,7 @@ services: entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-teeracle-worker -T wss://integritee-teeracle-worker -u ws://integritee-node -U ws://integritee-teeracle-worker -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --skip-ra --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" + run --dev ${ADDITIONAL_RUNTIME_FLAGS} --teeracle-interval ${TEERACLE_INTERVAL_SECONDS}s" restart: always demo-teeracle: image: integritee-cli:${VERSION:-dev} @@ -64,4 +65,4 @@ services: restart: "no" networks: integritee-test-network: - driver: bridge \ No newline at end of file + driver: bridge diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 01e9d59aa7..7d5a61b2a7 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,5 +1,5 @@ services: - integritee-node-${VERSION}: + "integritee-node-${VERSION}": image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev:1.0.33}" hostname: integritee-node devices: @@ -10,14 +10,14 @@ services: networks: - integritee-test-network healthcheck: - test: ["CMD", "nc", "-z", "integritee-node", "9912"] + test: [ "CMD", "nc", "-z", "integritee-node", "9912" ] interval: 10s timeout: 10s retries: 6 command: --dev --rpc-methods unsafe --ws-external --rpc-external --ws-port 9912 #logging: - #driver: local - integritee-worker-1-${VERSION}: + #driver: local + "integritee-worker-1-${VERSION}": image: integritee-worker:${VERSION:-dev} hostname: integritee-worker-1 build: @@ -25,7 +25,7 @@ services: dockerfile: build.Dockerfile target: deployed-worker depends_on: - integritee-node-${VERSION}: + "integritee-node-${VERSION}": condition: service_healthy devices: - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision" @@ -34,6 +34,8 @@ services: - "${AESMD:-/dev/null}:/var/run/aesmd" environment: - RUST_LOG=warn,ws=warn,sp_io=warn,substrate_api_client=warn,jsonrpsee_ws_client=warn,jsonrpsee_ws_server=warn,enclave_runtime=warn,integritee_service=warn,ita_stf=warn + - IAS_EPID_SPID + - IAS_EPID_KEY networks: - integritee-test-network healthcheck: @@ -41,12 +43,9 @@ services: interval: 10s timeout: 10s retries: 25 - entrypoint: - "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-1 -T wss://integritee-worker-1 - -u ws://integritee-node -U ws://integritee-worker-1 -P 2011 -w 2101 -p 9912 -h 4645 - run --dev --skip-ra" + entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-1 -T wss://integritee-worker-1 -u ws://integritee-node -U ws://integritee-worker-1 -P 2011 -w 2101 -p 9912 -h 4645 run --dev" restart: "no" - integritee-worker-2-${VERSION}: + "integritee-worker-2-${VERSION}": image: integritee-worker:${VERSION:-dev} hostname: integritee-worker-2 build: @@ -54,9 +53,9 @@ services: dockerfile: build.Dockerfile target: deployed-worker depends_on: - integritee-node-${VERSION}: + "integritee-node-${VERSION}": condition: service_healthy - integritee-worker-1-${VERSION}: + "integritee-worker-1-${VERSION}": condition: service_healthy devices: - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision" @@ -72,11 +71,8 @@ services: interval: 10s timeout: 10s retries: 25 - entrypoint: - "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-2 -T wss://integritee-worker-2 - -u ws://integritee-node -U ws://integritee-worker-2 -P 2012 -w 2102 -p 9912 -h 4646 - run --dev --skip-ra --request-state" + entrypoint: "/usr/local/bin/integritee-service --clean-reset --ws-external -M integritee-worker-2 -T wss://integritee-worker-2 -u ws://integritee-node -U ws://integritee-worker-2 -P 2012 -w 2102 -p 9912 -h 4646 run --dev --request-state" restart: "no" networks: integritee-test-network: - driver: bridge \ No newline at end of file + driver: bridge