Closed clangenb closed 1 year ago
With the current state of the worker, we need a patch, which is nasty, but it should work. If we want to streamline this by introducing a feature flag as discussed in https://github.com/integritee-network/worker/issues/1167#issuecomment-1589080872, this needs some work, which would be invoiced by integritee.
I tried the patch, but get an error (using linux):
Compiling sgx_crypto_helper v1.1.6 (/home/xxx/incubator-teaclave-sgx-sdk/sgx_crypto_helper)
warning: unused import: `sgx_types::sgx_status_t`
--> /home/xxx/incubator-teaclave-sgx-sdk/sgx_crypto_helper/src/rsa3072.rs:6:5
|
6 | use sgx_types::sgx_status_t;
| ^^^^^^^^^^^^^^^^^^^^^^^
|
= note: `#[warn(unused_imports)]` on by default
Compiling itp-sgx-externalities v0.9.0 (/home/xxx/worker/core-primitives/substrate-sgx/externalities)
error[E0599]: no method named `to_pubkey` found for struct `Rsa3072PubKey` in the current scope
--> /home/xxx/incubator-teaclave-sgx-sdk/sgx_crypto_helper/src/rsa3072.rs:298:27
|
253 | pub struct Rsa3072PubKey {
| ------------------------ method `to_pubkey` not found for this struct
...
298 | let pubkey = self.to_pubkey()?;
| ^^^^^^^^^ method not found in `Rsa3072PubKey`
warning: unused import: `crate::RsaKeyPair`
--> /home/xxx/incubator-teaclave-sgx-sdk/sgx_crypto_helper/src/rsa3072.rs:17:5
|
17 | use crate::RsaKeyPair;
| ^^^^^^^^^^^^^^^^^
For more information about this error, try `rustc --explain E0599`.
warning: `sgx_crypto_helper` (lib) generated 2 warnings
error: could not compile `sgx_crypto_helper` due to previous error; 2 warnings emitted
warning: build failed, waiting for other jobs to finish...
Which is weird as the patch-code at the stated /home/xxx/incubator-teaclave-sgx-sdk/sgx_crypto_helper/src/rsa3072.rs
from 283 to 296 clearly implements to_pubkey.
My tree is
sgx_crypto_helper v1.1.6 (/home/xxx/incubator-teaclave-sgx-sdk/sgx_crypto_helper)
├── integritee-cli v0.9.0 (/home/xxx/worker/cli)
│ └── integritee_cli_py v0.1.0 (/home/xxx/integritee_cli_py)
├── itc-rpc-client v0.9.0 (/home/xxx/worker/core/rpc-client)
│ └── integritee-cli v0.9.0 (/home/xxx/worker/cli) (*)
└── itp-sgx-crypto v0.9.0 (/home/xxx/worker/core-primitives/sgx/crypto)
└── integritee-cli v0.9.0 (/home/xxx/worker/cli) (*)
It does, but it is behind a feature.
You need at least sgx_crypto_helper ... features = ["crypto_direct"]
somewhere.
Thank you for the hint however, when adding it to the my Cargo.toml I still get the same error for some reason.
@n-prat before the error appears, I get warnings of skipped duplicate packages of teaclave-sgx-sdk despite the patch. Maybe this is messing up the dependencies, did I use the incubator-teaclave repo correctly as patch for the teaclave dependency?
Even if I remove the duplicate manually, cargo build loads teaclave from another source also. I currently use the integritee worker at ea00ebea9f2df900fcb389d51eb00c710e3e0fc9 with the updated client lib. Is there another worker client branch that I could/should test it with?
Error and duplicate-package-warning persist also when patch is added to https://github.com/olisystems/BEST-Energy/blob/ea00ebea9f2df900fcb389d51eb00c710e3e0fc9/cli/Cargo.toml
Ah we seem to have a different use cases:
integritee-cli
in this repo directly for non-sgx right?integritee-cli
as a dependency in some Android library
That being said, the patch(es) should still work.The relevant part of my workspace Cargo.toml
:
[patch."https://github.com/apache/teaclave-sgx-sdk.git"]
# itc-rpc-client = { path = "../integritee-worker/core/rpc-client/" }
# TODO ideally we would directly use this patched version from `integritee-cli`
# but it is quite a mess to make it work both from repo `integritee-worker` and here
sgx_crypto_helper = { path = "./shared/rust/deps/teaclave-sgx-sdk/sgx_crypto_helper/" }
[patch.crates-io]
# TODO re-add for bevy 0.9? or not needed anymore
# NOTE: patch DOES NOT work except at the Workspace level??
# bevy_render = { path = './shared/rustrenderer/patch/bevy_render-0.7.0' }
# wasmtime-runtime: we MUST patch to make it compatible with Android Emulator
# error: unsupported platform
# --> /home/XXX/.cargo/registry/src/github.com-1ecc6299db9ec823/wasmtime-runtime-6.0.2/src/traphandlers/unix.rs:235:13
# |
# 235 | compile_error!("unsupported platform");
# SHOULD match https://github.com/paritytech/substrate/blob/master/primitives/wasm-interface/Cargo.toml
# NOTE: we NEED to patch "wasmtime-runtime" but to avoid error like "note: perhaps two different versions of crate `wasmtime_environ` are being used?"
# the easiest thing to do is patch the "main lib"
# NOTE: for the PATCH the work, it MUST be a the correct version(= git tag)
# wasmtime-runtime = { path = "../wasmtime/crates/runtime/" }
# wasmtime-environ = { path = "../wasmtime/crates/environ/" }
# MUST ALSO SET "[workspace.dependencies]" below
# because this is a workspace and all versions are inherited...
wasmtime-runtime = { path = "./shared/rust/deps/wasmtime/crates/runtime/" }
[patch."https://github.com/integritee-network/pallets.git"]
sgx-verify = { path = "./shared/rust/deps/integritee-pallets/teerex/sgx-verify/" }
# 161 | Enclave::new(
# | ------------ arguments to this function are incorrect
# ...
# 166 | report.build_mode,
# | ^^^^^^^^^^^^^^^^^ expected enum `teerex_primitives::SgxBuildMode`, found a different enum `teerex_primitives::SgxBuildMod
teerex-primitives = { path = "./shared/rust/deps/integritee-pallets/primitives/teerex/" }
################################################################################
# only needed because "wastime" is using workspace inheritance
# copy-pasted from: https://github.com/bytecodealliance/wasmtime/blob/00fd7bc4d1ce64feb3ca82161216721b740ec571/Cargo.toml#L112
[workspace.dependencies]
...
and then in the Android lib crate:
# default-features to disable all std related code?
# "you can basically only use the compose_extrinsic_offline macro."
# maybe see https://github.com/scs/substrate-api-client/issues/166 ?
# substrate-api-client = { git = "https://github.com/scs/substrate-api-client.git", default-features = false, branch = "polkadot-v0.9.36" }
# [windows] error: failed to run custom build command for `openssl-sys v0.9.73
# Still fails even with Perl(strawberry) cf README
# So for now install Android Studio inside WSL2...
# ALSO "vendored" COULD BE needed b/c "/bin/sh: line 1: aarch64-linux-android-ranlib: command not found" https://github.com/sfackler/rust-openssl/issues/1830
openssl = { version = '0.10', features = ["vendored"] }
# those are for the examples cf https://github.com/scs/substrate-api-client/blob/master/Cargo.toml
# but here need them as part of our public API
# TODO cleanup eg MAYBE we need sp-core NOT the full node-template-runtime
# env_logger = "0.9.0"
# node-template-runtime = { git = "https://github.com/paritytech/substrate.git", branch = "master" }
sp-keyring = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.39" }
# clap = { version = "2.33", features = ["yaml"] }
# wabt = "0.10.0"
sp-std = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.39" }
sp-core = { default-features = false, features = ["full_crypto"], git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.39" }
# local
common = { path = "../common" }
integritee-cli = { git = "https://github.com/Interstellar-Network/integritee-worker.git", branch = "interstellar", features = ["sidechain"] }
# FIX: force correct features for this dep
sgx_crypto_helper = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", features = ["crypto_direct"] }
Can you push your WIP to a public branch? And give the commands you're trying to use to compile your project?
What is the result of cargo tree -i sgx_crypto_helper -e all
? Are you sure you only have one set of teaclave dependencies?
[...]
warning: skipping duplicate package `PCKIDRetrievalTool` found at `/home/pratn/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/f1776a7/samplecode/dcap-pckretrieval/enclave`
sgx_crypto_helper v1.1.6 (/home/pratn/workspace/interstellar/wallet-app/shared/rust/deps/teaclave-sgx-sdk/sgx_crypto_helper)
└── itp-sgx-crypto v0.9.0 (/home/pratn/workspace/interstellar/integritee-worker/core-primitives/sgx/crypto)
├── itp-sgx-crypto feature "default"
│ └── integritee-cli v0.9.0 (/home/pratn/workspace/interstellar/integritee-worker/cli)
│ ├── integritee-cli feature "default"
│ │ └── substrate-client v0.1.0 (/home/pratn/workspace/interstellar/wallet-app/shared/rust/substrate-client)
│ │ ├── substrate-client feature "default" (command-line)
│ │ │ [dev-dependencies]
│ │ │ └── renderer v0.1.0 (/home/pratn/workspace/interstellar/wallet-app/shared/rust/renderer)
│ │ │ └── renderer feature "default" (command-line)
│ │ └── substrate-client feature "std"
│ │ └── substrate-client feature "default" (command-line) (*)
│ └── integritee-cli feature "sidechain"
│ └── substrate-client v0.1.0 (/home/pratn/workspace/interstellar/wallet-app/shared/rust/substrate-client) (*)
├── itp-sgx-crypto feature "serde"
│ └── itp-sgx-crypto feature "std"
│ └── itp-sgx-crypto feature "default" (*)
├── itp-sgx-crypto feature "serde_json"
│ └── itp-sgx-crypto feature "std" (*)
└── itp-sgx-crypto feature "std" (*)
├── sgx_crypto_helper feature "crypto_direct"
│ └── substrate-client v0.1.0 (/home/pratn/workspace/interstellar/wallet-app/shared/rust/substrate-client) (*)
├── sgx_crypto_helper feature "default"
│ ├── integritee-cli v0.9.0 (/home/pratn/workspace/interstellar/integritee-worker/cli) (*)
│ ├── itc-rpc-client v0.9.0 (/home/pratn/workspace/interstellar/integritee-worker/core/rpc-client)
│ │ └── itc-rpc-client feature "default"
│ │ └── integritee-cli v0.9.0 (/home/pratn/workspace/interstellar/integritee-worker/cli) (*)
│ └── substrate-client v0.1.0 (/home/pratn/workspace/interstellar/wallet-app/shared/rust/substrate-client) (*)
│ └── itp-sgx-crypto feature "std" (*)
├── sgx_crypto_helper feature "libc"
│ └── sgx_crypto_helper feature "ucrypto_help"
│ └── sgx_crypto_helper feature "default" (*)
├── sgx_crypto_helper feature "num-bigint"
│ └── sgx_crypto_helper feature "crypto_direct" (*)
├── sgx_crypto_helper feature "rand"
│ └── sgx_crypto_helper feature "crypto_direct" (*)
├── sgx_crypto_helper feature "rsa"
│ └── sgx_crypto_helper feature "crypto_direct" (*)
├── sgx_crypto_helper feature "serde"
│ └── sgx_crypto_helper feature "ucrypto_help" (*)
├── sgx_crypto_helper feature "serde-big-array"
│ └── sgx_crypto_helper feature "ucrypto_help" (*)
├── sgx_crypto_helper feature "serde_derive"
│ └── sgx_crypto_helper feature "ucrypto_help" (*)
├── sgx_crypto_helper feature "sha2"
│ └── sgx_crypto_helper feature "crypto_direct" (*)
└── sgx_crypto_helper feature "ucrypto_help" (*)
Thank you, I tried both, I am also using integritee-cli as dependency. So as it seems I am not having one set of teaclave dependency, but do not know how to resolve it, if necessary. That is why I just tried, if specifying the patch in the dependency itself rather than the projects Cargo.toml only.
cargo tree -i sgx_crypto_helper -e all
:
[...]
warning: skipping duplicate package `Helloworldsampleenclave` found at `/home/timo/.cargo/git/checkouts/teaclave-sgx-sdk-be25c2ad2f03718d/a6a172e/samplecode/prost-protobuf/enclave`
sgx_crypto_helper v1.1.6 (/home/timo/dev/tee/incubator-teaclave-sgx-sdk/sgx_crypto_helper)
└── itp-sgx-crypto v0.9.0 (/home/timo/dev/tee/worker/core-primitives/sgx/crypto)
├── itp-sgx-crypto feature "default"
│ └── integritee-cli v0.9.0 (/home/timo/dev/tee/worker/cli)
│ └── integritee-cli feature "default"
│ └── integritee_cli_py v0.0.1 (/home/timo/dev/tee/integritee_cli_py)
│ └── integritee_cli_py feature "default" (command-line)
├── itp-sgx-crypto feature "serde"
│ └── itp-sgx-crypto feature "std"
│ └── itp-sgx-crypto feature "default" (*)
├── itp-sgx-crypto feature "serde_json"
│ └── itp-sgx-crypto feature "std" (*)
└── itp-sgx-crypto feature "std" (*)
├── sgx_crypto_helper feature "default"
│ ├── integritee-cli v0.9.0 (/home/timo/dev/tee/worker/cli) (*)
│ └── itc-rpc-client v0.9.0 (/home/timo/dev/tee/worker/core/rpc-client)
│ └── itc-rpc-client feature "default"
│ └── integritee-cli v0.9.0 (/home/timo/dev/tee/worker/cli) (*)
│ └── itp-sgx-crypto feature "std" (*)
├── sgx_crypto_helper feature "libc"
│ └── sgx_crypto_helper feature "ucrypto_help"
│ └── sgx_crypto_helper feature "default" (*)
├── sgx_crypto_helper feature "serde"
│ └── sgx_crypto_helper feature "ucrypto_help" (*)
├── sgx_crypto_helper feature "serde-big-array"
│ └── sgx_crypto_helper feature "ucrypto_help" (*)
├── sgx_crypto_helper feature "serde_derive"
│ └── sgx_crypto_helper feature "ucrypto_help" (*)
└── sgx_crypto_helper feature "ucrypto_help" (*)
I uploaded some minimal code here, which should just showcase that the the integritee-cli can be wrapped in a python library: git@github.com:BESTenergytrade/integritee-cli-py.git
I currently cloned the worker at commit https://github.com/olisystems/BEST-Energy/commit/ea00ebea9f2df900fcb389d51eb00c710e3e0fc9 and the incubator-teaclave-sgx-sdk at branch interstellar-direct-client-android in folders parallel to the integritee-cli-py repo
I run the commands as described in the README, with maturin develop
, but also cargo build
fails in the same manner.
Ah I think the issue is with the features
, clearly the wrong one(ucrypto_help
) is active. You CAN NOT use it on patch
, this is ignored.
This is why I have added a "fake dependency" in my Android lib:
# FIX: force correct features for this dep
sgx_crypto_helper = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", features = ["crypto_direct"] }
Thank you @n-prat, it solved my issue!
I also had the wasmtime issue, maybe similar to what you mentioned here:
NOTE: previously I had an issue with
wasmtime
but since I rebased on a recent branch this is not needed anymore.
I did not fully understand what source you rebased to remove the issue, but for me rust rustup target add --toolchain nightly wasm32-unknown-unknown
solved the error[E0463]: can't find crate for std
.
After https://github.com/integritee-network/worker/pull/1183 has been merged, we can now wrap the rust-cli lib with python. however, there are still some issues left, as the lib needs some sgx-crypto c-libraires:
For this, we'd actually need to remove the sgx-crypto entirely. We have discussed this in https://github.com/integritee-network/worker/issues/1167. I will follow up over there.
Blocked by
45