Skip to content

Build Services and packages

The below steps needs to be carried out on the Build and Deployment VM

Pre-requisites

  • The repos can be built only as root user

  • RHEL 8.3 Machine for building repos

  • Enable the following RHEL repos:

  • rhel-8-for-x86_64-appstream-rpms

  • rhel-8-for-x86_64-baseos-rpms

  • Install basic utilities for getting started

dnf install git wget tar python3 yum-utils
  • Create symlink for python3
ln -s /usr/bin/python3 /usr/bin/python
ln -s /usr/bin/pip3 /usr/bin/pip
  • Install repo tool
tmpdir=$(mktemp -d)
git clone https://gerrit.googlesource.com/git-repo $tmpdir
install -m 755 $tmpdir/repo /usr/local/bin
rm -rf $tmpdir
  • Golang installation
wget https://dl.google.com/go/go1.14.4.linux-amd64.tar.gz
tar -xzf go1.14.4.linux-amd64.tar.gz
sudo mv go /usr/local
export GOROOT=/usr/local/go
export PATH=$GOROOT/bin:$PATH
rm -rf go1.14.4.linux-amd64.tar.gz

Building

Foundational Security Usecase

  • Sync the repo
mkdir -p /root/intel-secl/build/fs && cd /root/intel-secl/build/fs
repo init -u https://github.com/intel-secl/build-manifest.git -b refs/tags/v4.0.0 -m manifest/fs.xml
repo sync
  • Run the pre-requisites setup script
cd utils/build/foundational-security/
chmod +x fs-prereq.sh
./fs-prereq.sh -s
  • Build all repos
cd /root/intel-secl/build/fs/
make binaries
  • Built Binaries
/root/intel-secl/build/fs/binaries

Workload Security Usecase

VM Confidentiality

  • Sync the repo
mkdir -p /root/intel-secl/build/vmc && cd /root/intel-secl/build/vmc
repo init -u https://github.com/intel-secl/build-manifest.git -b refs/tags/v4.0.0 -m manifest/vmc.xml
repo sync
  • Run the pre-req script
cd utils/build/workload-security
chmod +x ws-prereq.sh
./ws-prereq.sh -v
  • Build repo
cd /root/intel-secl/build/vmc/
make all
  • Built Binaries 
    /root/intel-secl/build/vmc/binaries/

Container Confidentiality with CRIO Runtime

  • Sync the repo
mkdir -p /root/intel-secl/build/cc-crio && cd /root/intel-secl/build/cc-crio
repo init -u https://github.com/intel-secl/build-manifest.git -b refs/tags/v4.0.0 -m manifest/cc-crio.xml
repo sync
  • Run the pre-requisites script
cd utils/build/workload-security
chmod +x ws-prereq.sh
./ws-prereq.sh -c
  • Enable and start the Docker daemon
systemctl enable docker
systemctl start docker
  • Ignore the below steps if not running behind a proxy
mkdir -p /etc/systemd/system/docker.service.d
touch /etc/systemd/system/docker.service.d/proxy.conf

#Add the below lines in proxy.conf
[Service]
Environment="HTTP_PROXY=<http_proxy>"
Environment="HTTPS_PROXY=<https_proxy>"
Environment="NO_PROXY=<no_proxy>"

#Reload docker
systemctl daemon-reload
systemctl restart docker
  • Download go dependencies
cd /root/
go get github.com/cpuguy83/go-md2man
mv /root/go/bin/go-md2man /usr/bin/
  • Build the repos
cd /root/intel-secl/build/cc-crio
make binaries
Note

The crio use case uses containerd that is bundled with docker-ce-19.03.13 during build time. As of this release , the version being used is containerd-1.4.4. If the remote docker-ce repo gets updated for newer containerd version, then the version of containerd might be incompatible for building crio use case. It is recommended to use the version 1.4.4 in that case.

  • Built binaries
/root/intel-secl/build/cc-crio/binaries/