search

gramineproject / graphene

Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
https://grapheneproject.io
GNU Lesser General Public License v3.0
771 stars 261 forks source link

GSC throws runtime error during signing #2529

Closed dzygann closed 3 years ago

dzygann commented 3 years ago

Description of the problem

Hi, We are trying to run the mumble-server (murmur) in GSC. Unfortunately, the signing step runs into the following error:

 ---> d8747dcb17f0
Step 7/11 : RUN /graphene/python/graphene-sgx-sign         -libpal /graphene/Runtime/libpal-Linux-SGX.so         -key /gsc-signer-key.pem         -manifest /entrypoint.manifest         -output /entrypoint.manifest.sgx

 ---> Running in 0c7ad03d5551
Traceback (most recent call last):
  File "/graphene/python/graphene-sgx-sign", line 4, in <module>
    from graphenelibos.sgx_sign import main
  File "/graphene/python/graphenelibos/init.py", line 9, in <module>
    raise RuntimeError(
RuntimeError: You are attempting to run the tools from repo, without installing. Please install graphene before running Python tools. See https://graphene.readthedocs.io/en/latest/building.html.

Steps to reproduce

Expected results

The signing works as expected. We can sign the container if we go back to initial commit referenced in the config.yaml file.

dimakuv commented 3 years ago

This is a known current limitation of GSC. GSC only works with the specific (and rather old) commit of Graphene: 2e737e69f076c60918f87d6829bb769925e75fec. See the warning at the top of the page https://graphene.readthedocs.io/en/latest/manpages/gsc.html.

We have plans to update GSC to track a later commit of Graphene. However, there is always this caveat that GSC doesn't work with any commit of Graphene, only with some of them. And typically the newest commits/branches of Graphene do not work on GSC.

This is because currently Graphene is still in the middle of a transitioning phase. Once this phase is over (in August?), GSC will be able to again work with latest Graphene versions. Sorry.

dzygann commented 3 years ago

Hi @dimakuv, thanks for your input. We could solve the issue, by branching the last working commit and cherry-picking your commit.

For everyone who is interested: https://github.com/jefrww/graphene/tree/rollbackcherrypick

dimakuv commented 3 years ago

This is really cool :) I will close this issue since this is solved.