dimakuv
commented
1 month ago The bug is real, but the proposed fix is wrong.
You need a proper dependency: the target "building the .manifest" must depend on "testdata". The fix should be applied here: https://github.com/gramineproject/gramine/blob/988e6b8c82c5e317758f16034199eb13fdc9c2b3/CI-Examples/nginx/Makefile#L53
I think like this:
- nginx.manifest: nginx.manifest.template $(INSTALL_DIR)/sbin/nginx \
+ nginx.manifest: nginx.manifest.template $(INSTALL_DIR)/sbin/nginx testdata \(But I haven't tested my proposal.)
Anyway, feel free to submit a PR fixing this.
mkow
Description of the problem
As part of trusted files commit [LibOS] Move trusted and allowed files logic to LibOS, Nginx
Makefilewas modified after which we are noticing that all the test data files (install/html/random) are not added assgx.trusted_filesin manifest.sgx file.The order of components being built within the
Makefileseems to be causing the issue, where the test data files are being generated after the manifest is generated. Updating theMakefileto generate the test data before manifest is generated is as shown in the below git diff screenshot. Also, attached are theMakefileoutputs with the current master and after applying the below fix where test data is generated before calling the manifest PHONY.Make_Output_After_Fix.txt Make_Output_Current_Master.txt
Steps to reproduce
git clone https://github.com/gramineproject/gramine.git.CI-Examples/nginxfolder.make SGX=1command.Expected results
After issuing
make SGX=1command, the measurements of the test data files are added as part of resulting manifest file.Actual results
After issuing
make SGX=1command, the measurements of the test data files are not getting added as part of resulting manifest file.Gramine commit hash
aef087f9c844fbab176333cb76f9fc5d6e04c039