Added offchain-python

iExecBlockchainComputing · Jun 8, 2020 · bd995c8 · bd995c8
1 parent a319c0a
commit bd995c8
Show file tree

Hide file tree

Showing 18 changed files with 200 additions and 15 deletions.
diff --git a/v5/offchain-python-hello-world/Readme.md b/v5/offchain-python-hello-world/Readme.md
@@ -0,0 +1,20 @@
+
+
+* Basic
+
+Build:
+`./basic/build`
+
+Run locally:
+`./basic/run`
+`./basic/run Alice`
+
+
+* Tee
+
+Build:
+`./tee/build`
+
+Run locally:
+`./tee/run`
+`./tee/run Alice`
diff --git a/v5/offchain-python-hello-world/basic/Dockerfile b/v5/offchain-python-hello-world/basic/Dockerfile
@@ -0,0 +1,8 @@
+FROM python:3.7.3
+
+### install some python3 dependencies
+RUN pip3 install eth_abi
+
+COPY ./src /app
+
+ENTRYPOINT ["python", "/app/app.py"]
diff --git a/v5/offchain-python-hello-world/basic/build b/v5/offchain-python-hello-world/basic/build
@@ -0,0 +1,4 @@
+#!/bin/sh
+cd $(dirname $0)
+
+docker image build -f ../basic/Dockerfile -t offchain-python-hello-world:1.0.0 .. $@
diff --git a/v5/offchain-python-hello-world/basic/run b/v5/offchain-python-hello-world/basic/run
@@ -0,0 +1,12 @@
+#!/bin/sh
+cd $(dirname $0)
+
+IEXEC_OUT=/tmp/iexec_out
+
+rm -rf $IEXEC_OUT
+mkdir -p $IEXEC_OUT
+
+docker run --rm -e IEXEC_OUT=/iexec_out -e IEXEC_IN=/iexec_in -v $IEXEC_OUT:/iexec_out offchain-python-hello-world:1.0.0 $@
+
+echo
+find $IEXEC_OUT
diff --git a/v5/offchain-python-hello-world/src/app.py b/v5/offchain-python-hello-world/src/app.py
@@ -0,0 +1,31 @@
+import os
+import sys
+import json
+import eth_abi
+
+iexec_out = os.environ['IEXEC_OUT']
+iexec_in = os.environ['IEXEC_IN']
+
+# Do whatever you want
+data = "Hello, World!"
+if len(sys.argv) > 1:
+    data = 'Hello, {}!'.format(sys.argv[1])
+
+# Eventually use some confidential assets
+if os.path.exists(iexec_in + '/dataset.txt'):
+    with open(iexec_in + '/dataset.txt', 'r') as dataset:
+        print('Confidential dataset: ' + dataset.read())
+
+# Send callback data to smart-contract
+callback_data = eth_abi.encode_abi([ 'string'], [ data ]).hex()
+print('Offchain computing for Smart-Contracts [data:{}, callback_data:{}]'.format(data, callback_data))
+with open(iexec_out + '/computed.json', 'w+') as f:
+    json.dump({ "callback-data" : callback_data}, f)
+
+
+## Try:
+# Basic:
+# mkdir -p /tmp/iexec_out && IEXEC_OUT=/tmp/iexec_out IEXEC_IN=/tmp/iexec_in python3 app.py Alice
+#
+# Tee:
+# mkdir -p /tmp/iexec_out && IEXEC_OUT=/tmp/iexec_out IEXEC_IN=../tee/confidential-assets python3 app.py Alice
diff --git a/v5/offchain-python-hello-world/tee/Dockerfile b/v5/offchain-python-hello-world/tee/Dockerfile
@@ -0,0 +1,14 @@
+FROM sconecuratedimages/apps:python-3.7.3-alpine3.10-scone3.0
+
+### install some python3 dependencies
+RUN apk add gcc
+RUN SCONE_MODE=sim pip3 install eth_abi
+
+### copy the code inside the image
+COPY ./src /app
+
+###  protect file system with Scone
+COPY ./tee/protect-fs.sh ./tee/Dockerfile /build/
+RUN sh /build/protect-fs.sh /app
+
+ENTRYPOINT ["python", "/app/app.py"]
diff --git a/v5/offchain-python-hello-world/tee/build b/v5/offchain-python-hello-world/tee/build
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd $(dirname $0)
+docker image build -f ../tee/Dockerfile -t offchain-tee-python-hello-world:1.0.0 .. $@
diff --git a/v5/offchain-python-hello-world/tee/confidential-assets/dataset.txt b/v5/offchain-python-hello-world/tee/confidential-assets/dataset.txt
@@ -0,0 +1 @@
+dummy dataset file
diff --git a/v5/offchain-python-hello-world/tee/protect-fs.sh b/v5/offchain-python-hello-world/tee/protect-fs.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+cd $(dirname $0)
+
+if [ ! -e Dockerfile ]
+then
+    printf "\nFailed to parse Dockerfile ENTRYPOINT\n"
+    printf "Did you forget to add your Dockerfile in your build?\n"
+    printf "COPY ./tee/Dockerfile /build/\n\n"
+    exit 1
+fi
+
+ENTRYPOINT_ARSG=$(grep ENTRYPOINT ./Dockerfile | tail -1 |  grep -o '"[^"]\+"' | tr -d '"')
+echo $ENTRYPOINT_ARSG > ./entrypoint
+
+if [ -z "$ENTRYPOINT_ARSG" ]
+then
+    printf "\nFailed to parse Dockerfile ENTRYPOINT\n"
+    printf "Did you forget to add an ENTRYPOINT to your Dockerfile?\n"
+    printf "ENTRYPOINT [\"executable\", \"param1\", \"param2\"]\n\n"
+    exit 1
+fi
+
+INTERPRETER=$(awk '{print $1}' ./entrypoint) # python
+ENTRYPOINT=$(cat ./entrypoint) # /python /app/app.py
+
+export SCONE_MODE=sim
+export SCONE_HEAP=1G
+
+APP_FOLDER=$1
+
+printf "\n### Starting file system protection ...\n\n"
+
+scone fspf create /fspf.pb
+scone fspf addr /fspf.pb /          --not-protected --kernel /
+scone fspf addr /fspf.pb /usr       --authenticated --kernel /usr
+scone fspf addf /fspf.pb /usr       /usr
+scone fspf addr /fspf.pb /bin       --authenticated --kernel /bin
+scone fspf addf /fspf.pb /bin       /bin
+scone fspf addr /fspf.pb /lib       --authenticated --kernel /lib
+scone fspf addf /fspf.pb /lib       /lib
+scone fspf addr /fspf.pb /etc/ssl   --authenticated --kernel /etc/ssl
+scone fspf addf /fspf.pb /etc/ssl   /etc/ssl
+scone fspf addr /fspf.pb /sbin      --authenticated --kernel /sbin
+scone fspf addf /fspf.pb /sbin      /sbin
+printf "\n### Protecting code found in folder \"$APP_FOLDER\"\n\n"
+scone fspf addr /fspf.pb $APP_FOLDER --authenticated --kernel $APP_FOLDER
+scone fspf addf /fspf.pb $APP_FOLDER $APP_FOLDER
+
+scone fspf encrypt /fspf.pb > ./keytag
+
+MRENCLAVE="$(SCONE_HASH=1 $INTERPRETER)"
+FSPF_TAG=$(cat ./keytag | awk '{print $9}')
+FSPF_KEY=$(cat ./keytag | awk '{print $11}')
+FINGERPRINT="$FSPF_KEY|$FSPF_TAG|$MRENCLAVE|$ENTRYPOINT"
+echo $FINGERPRINT > ./fingerprint
+
+printf "\n\n"
+printf "Your application fingerprint (mrenclave) is ready:\n"
+printf "#####################################################################\n"
+printf "iexec.json:\n\n"
+printf "%s\n" "\"app\": { " " \"owner\" : ... " " \"name\": ... " "  ..." " \"mrenclave\": \"$FINGERPRINT\"" "}"
+printf "#####################################################################\n"
+printf "Hint: Replace 'mrenclave' before doing 'iexec app deploy' step.\n"
+printf "\n\n"
diff --git a/v5/offchain-python-hello-world/tee/run b/v5/offchain-python-hello-world/tee/run
@@ -0,0 +1,12 @@
+#!/bin/sh
+cd $(dirname $0)
+
+IEXEC_OUT=/tmp/iexec_out
+
+rm -rf $IEXEC_OUT
+mkdir -p $IEXEC_OUT
+
+docker run --rm -e IEXEC_OUT=/iexec_out -e IEXEC_IN=/iexec_in -v $IEXEC_OUT:/iexec_out -v $(pwd)/confidential-assets:/iexec_in --device /dev/isgx offchain-tee-python-hello-world:1.0.0 $@
+
+echo
+find $IEXEC_OUT
diff --git a/v5/python-hello-world/basic/Dockerfile b/v5/python-hello-world/basic/Dockerfile
@@ -1,6 +1,6 @@
 FROM python:3.7.3
 
-### install some python3 dependencies
+### install python3 dependencies you need
 RUN pip3 install pyfiglet
 
 COPY ./src /app

diff --git a/v5/python-hello-world/basic/build b/v5/python-hello-world/basic/build
@@ -1,4 +1,4 @@
 #!/bin/sh
 cd $(dirname $0)
 
-docker image build -f ../basic/Dockerfile -t python-hello-world:4.0.0 .. $@
+docker image build -f ../basic/Dockerfile -t python-hello-world:1.0.0 .. $@
diff --git a/v5/python-hello-world/basic/run b/v5/python-hello-world/basic/run
@@ -1,10 +1,12 @@
 #!/bin/sh
 cd $(dirname $0)
 
-rm -rf /tmp/iexec_out
-mkdir -p /tmp/iexec_out
+IEXEC_OUT=/tmp/iexec_out
 
-docker run --rm -e IEXEC_OUT=/iexec_out -v /tmp/iexec_out:/iexec_out python-hello-world:4.0.0 $@
+rm -rf $IEXEC_OUT
+mkdir -p $IEXEC_OUT
+
+docker run --rm -e IEXEC_OUT=/iexec_out -e IEXEC_IN=/iexec_in -v /tmp/iexec_out:/iexec_out python-hello-world:1.0.0 $@
 
 echo
-find /tmp/iexec_out/
+find $IEXEC_OUT
diff --git a/v5/python-hello-world/src/app.py b/v5/python-hello-world/src/app.py
@@ -4,14 +4,20 @@
 from pyfiglet import Figlet
 
 iexec_out = os.environ['IEXEC_OUT']
+iexec_in = os.environ['IEXEC_IN']
 
 # Do whatever you want
 text = "Hello, World!"
 if len(sys.argv) > 1:
     text = 'Hello, {}!'.format(sys.argv[1])
+text = Figlet().renderText(text) + text # Let's add some art for e.g.
 
-text = Figlet().renderText(text) + text # Let's add some art
+# Eventually use some confidential assets
+if os.path.exists(iexec_in + '/dataset.txt'):
+    with open(iexec_in + '/dataset.txt', 'r') as dataset:
+        text = text + '\nConfidential dataset: ' + dataset.read()
 
+# Append some results
 with open(iexec_out + '/result.txt', 'w+') as fout:
     fout.write(text)
     print(text)
@@ -20,4 +26,9 @@
 with open(iexec_out + '/computed.json', 'w+') as f:
     json.dump({ "deterministic-output-path" : iexec_out + '/result.txt' }, f)
 
-# Try: mkdir -p /tmp/iexec_out && IEXEC_OUT=/tmp/iexec_out python3 app.py Alice
+## Try:
+# Basic:
+# mkdir -p /tmp/iexec_out && IEXEC_OUT=/tmp/iexec_out IEXEC_IN=/tmp/iexec_in python3 app.py Alice
+#
+# Tee:
+# mkdir -p /tmp/iexec_out && IEXEC_OUT=/tmp/iexec_out IEXEC_IN=../tee/confidential-assets python3 app.py Alice
diff --git a/v5/python-hello-world/tee/Dockerfile b/v5/python-hello-world/tee/Dockerfile
@@ -1,9 +1,8 @@
 FROM sconecuratedimages/apps:python-3.7.3-alpine3.10-scone3.0
 
-### install some python3 dependencies
+### install python3 dependencies you need
 RUN SCONE_MODE=sim pip3 install pyfiglet
 
-### copy the code inside the image
 COPY ./src /app
 
 ###  protect file system with Scone

diff --git a/v5/python-hello-world/tee/build b/v5/python-hello-world/tee/build
@@ -1,3 +1,3 @@
 #!/bin/sh
 cd $(dirname $0)
-docker image build -f ../tee/Dockerfile -t tee-python-hello-world:4.0.0 .. $@
+docker image build -f ../tee/Dockerfile -t tee-python-hello-world:1.0.0 .. $@
diff --git a/v5/python-hello-world/tee/confidential-assets/dataset.txt b/v5/python-hello-world/tee/confidential-assets/dataset.txt
@@ -0,0 +1 @@
+dummy dataset file
diff --git a/v5/python-hello-world/tee/run b/v5/python-hello-world/tee/run
@@ -1,10 +1,12 @@
 #!/bin/sh
 cd $(dirname $0)
 
-rm -rf /tmp/iexec_out
-mkdir -p /tmp/iexec_out
+IEXEC_OUT=/tmp/iexec_out
 
-docker run --rm -e IEXEC_OUT=/iexec_out -v /tmp/iexec_out:/iexec_out --device /dev/isgx tee-python-hello-world:4.0.0 $@
+rm -rf $IEXEC_OUT
+mkdir -p $IEXEC_OUT
+
+docker run --rm -e IEXEC_OUT=/iexec_out -e IEXEC_IN=/iexec_in -v $IEXEC_OUT:/iexec_out -v $(pwd)/confidential-assets:/iexec_in --device /dev/isgx tee-python-hello-world:1.0.0 $@
 
 echo
-find /tmp/iexec_out/
+find $IEXEC_OUT