hu6360567 commented on issue #437:
URL:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/437#issuecomment-1798296271
Hi, I'm trying to replace the long Makefile with a building crate for v2
branch, so that I can maintain my TEE code in cargo workspace with a large code
base.
The ideal workflow is to use build.rs to generate/compile edl files and link
into the rust crate, and finally, use a separate script to sign the dynamic so
(since cargo not support post-build script), just like below,
1. declare metadata in Cargo.toml
2. build.rs parse metadata, generate, compile and link edl wrapper codes
into the rust crate for both trusted and untrusted
3. sign the enclave.
Cargo build with profile once can build all rust code and an additional
operation to sign the enclave.
But the progress seems not so well.
Current progress:
1. use a template Makefile to dump variables generated from `buildenv.mk`
and other general variables in sample code.
5. parse metadata of intel/teaclave sgx sdk; edl path; build_std options
and sgx_mode/debug based on the profile
6. `compile_untrusted` is used to generated and compile edl untrusted
sources, and declare rust link args, so that the edl can be linked into the
crate.
7. `compile_trust` works like `compile_trusted` but for enclave, which is
different from current Makefile.
- the normal workflow of Makefile is compiling the trusted "entry" code
into a static lib with its dependencies, and use g++ to link `enclave_t.o` with
it into a dynamic lib.
- my solution is to use `compile_trust` in a build.rs for a 'cdylib'
crate, so that it can be directly linked into an dynamic library to be signed.
So far so good, but the problem came out with "BUILD_STD": `build.rs` cannot
set sysroot and target. Specifying sysroot and target needs to be done out of
build.rs (although I can compile sysroot inside of build.rs).
It is said, before building "trusted" codes, sysroot needs to be compiled
first, and push the flags into cargo commands. "cargo build" once is not able
to generate all output of rust code.
it needs some other scripting system to do that, then not much different
from current Makefile.
TODO:
I may try with cargo-make, hope it can simplify the building workflow and
make it more easy to extend.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org
For additional commands, e-mail: notifications-h...@teaclave.apache.org
