search

aws / aws-nitro-enclaves-sdk-c

This repo provides a C API for AWS Nitro Enclaves, including a KMS SDK that integrates it with attestation.
Apache License 2.0
99 stars 74 forks source link

Dockerfile containers/Dockerfile.al2 has wrong dependecy order and generates crash on build #26

Closed giulianopietoso-apheris closed 3 years ago

giulianopietoso-apheris commented 3 years ago

Running 

docker build --target kmstool-instance -t kmstool-instance -f containers/Dockerfile.al2 .

Gets this error:

[ec2-user - aws-nitro-enclaves-sdk-c]$ docker build --target kmstool-instance -t kmstool-instance -f containers/Dockerfile.al2 .
Sending build context to Docker daemon  337.9kB
Step 1/57 : FROM amazonlinux as builder
 ---> ba2cc467a2bc
Step 2/57 : RUN yum upgrade -y
 ---> Using cache
 ---> 00026e004f6d
Step 3/57 : RUN amazon-linux-extras enable epel
 ---> Using cache
 ---> 6ff5b77d1a6b
Step 4/57 : RUN yum clean -y metadata && yum install -y epel-release
 ---> Using cache
 ---> c728708e52fa
Step 5/57 : RUN yum install -y cmake3 gcc git tar make
 ---> Using cache
 ---> ae26c45f37a2
Step 6/57 : RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal
 ---> Using cache
 ---> a302c6f3003d
Step 7/57 : RUN yum install -y gcc-c++
 ---> Using cache
 ---> 36ce7cb3d532
Step 8/57 : RUN yum install -y go
 ---> Using cache
 ---> 1707b0b92c49
Step 9/57 : RUN yum install -y ninja-build
 ---> Using cache
 ---> cb55c5eb893e
Step 10/57 : RUN yum install -y quilt
 ---> Using cache
 ---> 70ab1e24049d
Step 11/57 : WORKDIR /tmp/crt-builder
 ---> Using cache
 ---> 0767f8bf7f26
Step 12/57 : RUN git clone https://github.com/awslabs/aws-lc.git aws-lc #
 ---> Using cache
 ---> 217bdfc9e9fe
Step 13/57 : RUN cmake3 -DCMAKE_PREFIX_PATH=/usr -DCMAKE_INSTALL_PREFIX=/usr -GNinja -S aws-lc -B aws-lc/build .
 ---> Using cache
 ---> c2ed8059cf09
Step 14/57 : RUN cmake3 --build aws-lc/build --target install
 ---> Using cache
 ---> 475f9289df6e
Step 15/57 : RUN git clone -b v0.10.15 https://github.com/awslabs/s2n.git
 ---> Using cache
 ---> a040c8554d1a
Step 16/57 : RUN cmake3 -DCMAKE_PREFIX_PATH=/usr -DCMAKE_INSTALL_PREFIX=/usr -S s2n -B s2n/build
 ---> Using cache
 ---> 0214c9ba968d
Step 17/57 : RUN cmake3 --build s2n/build --target install
 ---> Using cache
 ---> 704756dfb60b
Step 18/57 : RUN git clone -b v0.4.56 https://github.com/awslabs/aws-c-common.git
 ---> Using cache
 ---> e09003b05d0b
Step 19/57 : RUN cmake3 -DCMAKE_PREFIX_PATH=/usr -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug -GNinja -S aws-c-common -B aws-c-common/build
 ---> Using cache
 ---> 91b2e8cc77b4
Step 20/57 : RUN cmake3 --build aws-c-common/build --target install
 ---> Using cache
 ---> 742ded761684
Step 21/57 : RUN git clone -b main https://github.com/awslabs/aws-c-io.git # No tag yet
 ---> Using cache
 ---> 71077a4010f3
Step 22/57 : RUN cmake3 -DUSE_VSOCK=1 -DCMAKE_PREFIX_PATH=/usr -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug -GNinja -S aws-c-io -B aws-c-io/build
 ---> Running in 26c742dddbcb
-- The C compiler identification is GNU 7.3.1
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Looking for pthread_create
-- Looking for pthread_create - not found
-- Check if compiler accepts -pthread
-- Check if compiler accepts -pthread - yes
-- Found Threads: TRUE  
-- Found LibCrypto: /usr/lib64/libcrypto.a  
-- LibCrypto Include Dir: /usr/include
-- LibCrypto Shared Lib:  LibCrypto_SHARED_LIBRARY-NOTFOUND
-- LibCrypto Static Lib:  /usr/lib64/libcrypto.a
-- Performing Test HAS_MOUTLINE_ATOMICS
-- Performing Test HAS_MOUTLINE_ATOMICS - Failed
-- Looking for stdint.h
-- Looking for stdint.h - found
-- Looking for stdbool.h
-- Looking for stdbool.h - found
-- Performing Test HAS_WGNU
-- Performing Test HAS_WGNU - Failed
-- Performing Test HAVE_SYSCONF
-- Performing Test HAVE_SYSCONF - Success
-- Performing Test HAS_SANITIZERS
-- Performing Test HAS_SANITIZERS - Failed
CMake Error at /usr/lib64/cmake/AwsFindPackage.cmake:19 (find_package):
  By not providing "Findaws-c-cal.cmake" in CMAKE_MODULE_PATH this project
  has asked CMake to find a package configuration file provided by
  "aws-c-cal", but CMake did not find one.

  Could not find a package configuration file provided by "aws-c-cal" with
  any of the following names:

    aws-c-calConfig.cmake
    aws-c-cal-config.cmake

  Add the installation prefix of "aws-c-cal" to CMAKE_PREFIX_PATH or set
  "aws-c-cal_DIR" to a directory containing one of the above files.  If
  "aws-c-cal" provides a separate development package or SDK, be sure it has
  been installed.
Call Stack (most recent call first):
  CMakeLists.txt:204 (aws_use_package)

-- Configuring incomplete, errors occurred!
See also "/tmp/crt-builder/aws-c-io/build/CMakeFiles/CMakeOutput.log".
See also "/tmp/crt-builder/aws-c-io/build/CMakeFiles/CMakeError.log".
The command '/bin/sh -c cmake3 -DUSE_VSOCK=1 -DCMAKE_PREFIX_PATH=/usr -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug -GNinja -S aws-c-io -B aws-c-io/build' returned a non-zero code: 1

Running https://github.com/aws/aws-nitro-enclaves-sdk-c/blob/dc455165c90b473c802161fe55c59e6b2a9f84e5/containers/Dockerfile.al2#L41

before

https://github.com/aws/aws-nitro-enclaves-sdk-c/blob/dc455165c90b473c802161fe55c59e6b2a9f84e5/containers/Dockerfile.al2#L29

fixed the issue.

petreeftime commented 3 years ago

Was actually working on a fix for this and was doing tests. aws-c-io didn't depend on aws-c-cal in a previous version, but since this pulls in the main branch instead of a specific version, this has changed and is now failing. I will pin the aws-c-io version to a specific version to prevent this as well as changing order of build to fix the issue.

petreeftime commented 3 years ago

Should be fixed by #27.