Scaffolding for Gramine
First, you need to install latest release of Gramine (at least 1.6) from
upstream package repositories. In this example, codename is e.g., bookworm
for Debian 12, but for Ubuntu this might be written as $(lsb_release -sc)
substitution in the Gramine's instructions.
For example, when installing on Debian 12, add repositories like this:
.. code-block:: sh
sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ bookworm main" \
| sudo tee /etc/apt/sources.list.d/gramine.list
sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
| sudo tee /etc/apt/sources.list.d/intel-sgx.list
Then you install Gramine as usual:
.. code-block:: sh
apt-get update
apt-get install gramine
.. code-block:: sh
# sudo apt-get update && sudo apt-get install devscripts # if you didn't already
sudo apt-get build-dep .
debuild
sudo apt-get install ../gramine-scaffolding_*.deb
# gramine-sgx-gen-private-key # if you didn't already
scag-quickstart
.. code-block:: sh
# sudo apt-get update && sudo apt-get install devscripts # if you didn't already
sudo apt-get build-dep . -t bullseye-backports
debuild
sudo apt-get install ../gramine-scaffolding_*.deb
# gramine-sgx-gen-private-key # if you didn't already
scag-quickstart
Unlike previous instructions, which build and install Scaffolding for all users in the system, this stanza installs the project into python's virtual environment. Those work only for single user, and either:
activate
script
again; or.venv/bin/scag-build
); orbin/
directory to $PATH
environment variable.First, install gramine as described in https://gramine.rtfd.io/en/stable/installation.html#install-gramine-packages . If you haven't generated an SGX signing key, you may want to consider executing the following command
.. code-block:: sh
gramine-sgx-gen-private-key
Then:
.. code-block:: sh
sudo apt-get install docker.io python3-pip mmdebstrap
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install .
scag-quickstart
.. code-block:: sh
sudo apt-get install gramine docker.io python3-venv
python3 -m venv --system-site-packages .venv
source .venv/bin/activate
pip install --editable .
scag-quickstart