PSW Package Build on RHEL8.2 will not create all rpm's and second try will fail with compile error

[florianbecker]

Build: cd /tmp && \ git clone -b sgx_2.11 --depth 1 https://github.com/intel/linux-sgx.git linux-sgx-psw && \ cd linux-sgx-psw && \ ./download_prebuilt.sh && \ make preparation && \ \cp external/toolset/rhel8.2/{as,ld,ld.gold,objdump} /usr/local/bin && \ make -jnprocrpm_psw_pkg

Will result with aesmd rpm and nothing else - also exit the build with error code: `....

• /usr/lib/rpm/check-buildroot
• /usr/lib/rpm/redhat/brp-ldconfig /sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory
• /usr/lib/rpm/brp-compress
• /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
• /usr/lib/rpm/brp-python-bytecompile '' 1
• /usr/lib/rpm/brp-python-hardlink
• PYTHON3=/usr/libexec/platform-python
• /usr/lib/rpm/redhat/brp-mangle-shebangs Processing files: libsgx-dcap-ql-1.8.100.2-1.el8.x86_64 Provides: libsgx-dcap-ql = 1.8.100.2-1.el8 libsgx-dcap-ql(x86-64) = 1.8.100.2-1.el8 libsgx_dcap_ql.so.1()(64bit) Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.4)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libgcc_s.so.1()(64bit) libm.so.6()(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) libsgx_pce_logic.so()(64bit) libsgx_qe3_logic.so()(64bit) libstdc++.so.6()(64bit) rtld(GNU_HASH) Processing files: libsgx-dcap-ql-devel-1.8.100.2-1.el8.x86_64 Provides: libsgx-dcap-ql-devel = 1.8.100.2-1.el8 libsgx-dcap-ql-devel(x86-64) = 1.8.100.2-1.el8 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: libsgx_dcap_ql.so.1()(64bit) Processing files: libsgx-dcap-ql-debuginfo-1.8.100.2-1.el8.x86_64 Provides: debuginfo(build-id) = 1b2da67be2b8f7e7ecf85851a590435ef2877c0c libsgx-dcap-ql-debuginfo = 1.8.100.2-1.el8 libsgx-dcap-ql-debuginfo(x86-64) = 1.8.100.2-1.el8 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Checking for unpackaged file(s): /usr/lib/rpm/check-files /tmp/linux-sgx/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/BUILDROOT/libsgx-dcap-ql-1.8.100.2-1.el8.x86_64 Wrote: /tmp/linux-sgx/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/SRPMS/libsgx-dcap-ql-1.8.100.2-1.el8.src.rpm Wrote: /tmp/linux-sgx/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/RPMS/x86_64/libsgx-dcap-ql-1.8.100.2-1.el8.x86_64.rpm Wrote: /tmp/linux-sgx/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/RPMS/x86_64/libsgx-dcap-ql-devel-1.8.100.2-1.el8.x86_64.rpm Wrote: /tmp/linux-sgx/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/RPMS/x86_64/libsgx-dcap-ql-debuginfo-1.8.100.2-1.el8.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.AUp3Fn
• umask 022
• cd /tmp/linux-sgx/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/BUILD
• cd libsgx-dcap-ql-1.8.100.2
• /usr/bin/rm -rf /tmp/linux-sgx/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/BUILDROOT/libsgx-dcap-ql-1.8.100.2-1.el8.x86_64
• exit 0 /tmp/linux-sgx/external/dcap_source/QuoteGeneration make[1]: Leaving directory '/tmp/linux-sgx/external/dcap_source/QuoteGeneration' /bin/cp -f external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql*rpm ./linux/installer/rpm/sgx-aesm-service/ The command '/bin/sh -c cd /tmp && git clone -b sgx_2.11 --depth 1 https://github.com/intel/linux-sgx.git && cd linux-sgx && ./download_prebuilt.sh && make preparation && \cp external/toolset/rhel8.2/{as,ld,ld.gold,objdump} /usr/local/bin && make -jnprocrpm_sdk_pkg && rpm -i linux/installer/rpm/sdk/sgxsdk-2.11.100.2-1.el8.x86_64.rpm && make -jnproc` rpm_psw_pkg' returned a non-zero code: 2

If you run manually second try: make -jnprocrpm_psw_pkg You will receive this build error: `[ 56%] Building CXX object bundles/epid_quote_service_bundle/CMakeFiles/epid_quote_service_bundle.dir/epid_provision_msg1.cpp.o /tmp/linux-sgx-psw/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_provision_msg1.cpp: In Funktion »ae_error_t aesm_rsa_oaep_encrypt(const uint8_t, uint32_t, const void, uint8_t)«: /tmp/linux-sgx-psw/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_provision_msg1.cpp:122:51: Fehler: ungültige Umwandlung von »const void« in »void« [-fpermissive] sgx_status_t res = sgx_rsa_pub_encrypt_sha256(rsa, NULL, &dst_len, src, src_len); ^~~ In file included from /tmp/linux-sgx-psw/psw/ae/aesm_service/source/../../inc/internal/pce_cert.h:34, from /tmp/linux-sgx-psw/psw/ae/aesm_service/source/common/type_length_value.h:78, from /tmp/linux-sgx-psw/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_provision_msg1.cpp:33: /opt/intel/sgxsdk/include/sgx_tcrypto.h:828:51: Anmerkung: Argument 1 von »sgx_status_t sgx_rsa_pub_encrypt_sha256(void, unsigned char, size_t, const unsigned char, size_t)« wird initialisiert sgx_status_t sgx_rsa_pub_encrypt_sha256(void rsa_key, unsigned char pout_data, size_t pout_len, const unsigned char* pin_data, const size_t pin_len);

/tmp/linux-sgx-psw/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_provision_msg1.cpp:128:38: Fehler: ungültige Umwandlung von »const void*« in »void*« [-fpermissive]
     res = sgx_rsa_pub_encrypt_sha256(rsa, dst, &dst_len, src, src_len);
                                      ^~~
In file included from /tmp/linux-sgx-psw/psw/ae/aesm_service/source/../../inc/internal/pce_cert.h:34,
                 from /tmp/linux-sgx-psw/psw/ae/aesm_service/source/common/type_length_value.h:78,
                 from /tmp/linux-sgx-psw/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_provision_msg1.cpp:33:
/opt/intel/sgxsdk/include/sgx_tcrypto.h:828:51: Anmerkung:   Argument 1 von »sgx_status_t sgx_rsa_pub_encrypt_sha256(void*, unsigned char*, size_t*, const unsigned char*, size_t)« wird initialisiert
     sgx_status_t sgx_rsa_pub_encrypt_sha256(void* rsa_key, unsigned char* pout_data, size_t* pout_len, const unsigned char* pin_data, const size_t pin_len);
                                             ~~~~~~^~~~~~~
make[6]: *** [bundles/epid_quote_service_bundle/CMakeFiles/epid_quote_service_bundle.dir/build.make:172: bundles/epid_quote_service_bundle/CMakeFiles/epid_quote_service_bundle.dir/epid_provision_msg1.cpp.o] Fehler 1
make[6]: Verzeichnis „/tmp/linux-sgx-psw/psw/ae/aesm_service/source/build“ wird verlassen
make[5]: *** [CMakeFiles/Makefile2:434: bundles/epid_quote_service_bundle/CMakeFiles/epid_quote_service_bundle.dir/all] Fehler 2
make[5]: Verzeichnis „/tmp/linux-sgx-psw/psw/ae/aesm_service/source/build“ wird verlassen
make[4]: *** [Makefile:84: all] Fehler 2
make[4]: Verzeichnis „/tmp/linux-sgx-psw/psw/ae/aesm_service/source/build“ wird verlassen
make[3]: *** [Makefile:79: source/build/bin/aesm_service] Fehler 2
make[3]: *** Datei „source/build/bin/aesm_service“ wird gelöscht
make[3]: Verzeichnis „/tmp/linux-sgx-psw/psw/ae/aesm_service“ wird verlassen
make[2]: *** [Makefile:61: AESM] Fehler 2
make[2]: Verzeichnis „/tmp/linux-sgx-psw/psw/ae“ wird verlassen
make[1]: *** [Makefile:52: AE] Fehler 2
make[1]: Verzeichnis „/tmp/linux-sgx-psw/psw“ wird verlassen
make: *** [Makefile:61: psw] Fehler 2`

Building packages manually is possible, but i think this is not the way you preferred.

[lzha101]

What is the version of the SGXSDK under /opt/intel/sgxsdk? From the build log, it should be an old version. Could you please reinstall an updated SDK and then try PSW build?

[florianbecker]

You are right, the sgxsdk was 2.9 - so installing 2.11 fixes the build error, but not the needed second run of make rpm_psw_pkg to create all psw packages. Is there also a solution to fix this?

Real issue is, that my dockerfile will abort here. PSW 2.9 builded correctly and complete.

[lzha101]

but not the needed second run of make rpm_psw_pkg to create all psw packages. Is there also a solution to fix this?

Not very clear about this question. You can try to cleanup your repo and then build again.

[florianbecker]

This is a dockerfile for sgxsdk and psw build - you can see the build commands and the preinstall things. Dockerfile_rhel82.txt

This will result in: Ausführung(%clean): /bin/sh -e /var/tmp/rpm-tmp.B1ytp3

• umask 022
• cd /tmp/linux-sgx-psw/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/BUILD
• cd libsgx-dcap-ql-1.8.100.2
• /usr/bin/rm -rf /tmp/linux-sgx-psw/external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql-1.8.100.2/BUILDROOT/libsgx-dcap-ql-1.8.100.2-1.el8.x86_64
• exit 0 /tmp/linux-sgx-psw/external/dcap_source/QuoteGeneration make[1]: Verzeichnis „/tmp/linux-sgx-psw/external/dcap_source/QuoteGeneration“ wird verlassen /bin/cp -f external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/libsgx-dcap-ql*rpm ./linux/installer/rpm/sgx-aesm-service/

The container is not build correctly. Also, this happens, if you build it on a fresh RHEL8.2 installation. If you use the sgx_2.9 tag everything is fine. If you build it manually you can just rerun make rpm_psw_pkg and everything seems fine.