-
Notifications
You must be signed in to change notification settings - Fork 8
/
Makefile
259 lines (222 loc) · 8.53 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
# Build Geth as follows:
#
# - make -- create non-SGX no-debug-log manifest
# - make SGX=1 -- create SGX no-debug-log manifest
# - make SGX=1 DEBUG=1 -- create SGX debug-log manifest
#
# Any of these invocations clones Geth' git repository and builds Geth in
# default configuration.
#
# Use `make clean` to remove Gramine-generated files and `make distclean` to
# additionally remove the cloned Geth git repository.
.ONESHELL:
SHELL := /bin/bash
################################# CONSTANTS ###################################
# directory with arch-specific libraries, used by Geth
# the below path works for Debian/Ubuntu; for CentOS/RHEL/Fedora, you should
# overwrite this default like this: `ARCH_LIBDIR=/lib64 make`
ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine)
ENCLAVE_SIZE ?= 1024G
GETH_BRANCH ?= main
GETH_REPO ?= https://github.com/flashbots/builder
MBEDTLS_PATH = https://github.com/ARMmbed/mbedtls/archive/mbedtls-3.3.0.tar.gz
GPP = g++ -std=c++17
GORUN = env GO111MODULE=on ego-go run
SRCDIR = go-ethereum
GOMODCACHE = $(shell ego-go env GOMODCACHE)
PATCHED_GOLEVELDB = goleveldb
ifeq ($(DEBUG),1)
GRAMINE_LOG_LEVEL = debug
else
GRAMINE_LOG_LEVEL = error
endif
.PHONY: all
all: geth geth.manifest
ifeq ($(SGX),1)
all: geth_init geth.manifest.sgx geth.sig
endif
############################## GETH ARGUMENTS #################################
ifeq ($(MAINNET),1)
geth.args:
gramine-argv-serializer \
./geth_init \
--vmodule='miner=4' \
--metrics \
--metrics.addr=127.0.0.1 \
--metrics.builder \
--metrics.expensive \
--http \
--http.api=engine,eth,web3,net,debug,flashbots,builder \
--http.corsdomain=* \
--http.addr=0.0.0.0 \
--http.port=8545 \
--http.vhosts=* \
--ws \
--ws.api=engine,eth,web3,net,debug \
--ws.addr=0.0.0.0 \
--ws.port=8546 \
--ws.origins=* \
--graphql \
--graphql.corsdomain=* \
--graphql.vhosts=* \
--authrpc.jwtsecret=/etc/jwt.hex \
--authrpc.vhosts=* \
--authrpc.addr=0.0.0.0 \
--builder \
--builder.beacon_endpoints=http://127.0.0.1:3500,http://prysm:3500 \
--builder.genesis_fork_version=0x00000000 \
--builder.bellatrix_fork_version=0x02000000 \
--builder.genesis_validators_root=0x0000000000000000000000000000000000000000000000000000000000000000 \
--builder.remote_relay_endpoint=https://boost-relay.flashbots.net \
--miner.extradata='Illuminate Dmocrtz Dstrib Prtct' \
--datadir.ancient=/data/ancient \
> $@
endif
ifeq ($(SEPOLIA),1)
geth.args:
gramine-argv-serializer \
./geth_init \
--sepolia \
--http \
--http.api=engine,eth,web3,net,debug,flashbots \
--http.corsdomain=* \
--http.addr=0.0.0.0 \
--ws \
--ws.api=engine,eth,web3,net,debug \
--authrpc.jwtsecret=/etc/jwt.hex \
--authrpc.vhosts=* \
--authrpc.addr=0.0.0.0 \
--builder \
--builder.beacon_endpoints=http://127.0.0.1:3500,http://prysm:3500 \
--builder.genesis_fork_version=0x90000069 \
--builder.bellatrix_fork_version=0x90000071 \
--builder.genesis_validators_root=0xd8ea171f3c94aea21ebc42a1ed61052acf3f9209c00e4efbaaddac09ed9b8078 \
--builder.remote_relay_endpoint=https://boost-relay-sepolia.flashbots.net \
--miner.extradata='Illuminate Dmocrtz Dstrib Prtct' \
--override.shanghai 1677557088 \
--bootnodes=enode://9246d00bc8fd1742e5ad2428b80fc4dc45d786283e05ef6edbd9002cbc335d40998444732fbe921cb88e1d2c73d1b1de53bae6a2237996e9bfe14f871baf7066@18.168.182.86:30303,enode://ec66ddcf1a974950bd4c782789a7e04f8aa7110a72569b6e65fcd51e937e74eed303b1ea734e4d19cfaec9fbff9b6ee65bf31dcb50ba79acce9dd63a6aca61c7@52.14.151.177:30303 \
--datadir.ancient=/data/ancient \
> $@
endif
ifeq ($(HOLESKY),1)
geth.args:
gramine-argv-serializer \
./geth_init \
--holesky \
--http \
--http.api=engine,eth,web3,net,debug,flashbots \
--http.corsdomain=* \
--http.addr=0.0.0.0 \
--authrpc.jwtsecret=/etc/jwt.hex \
--authrpc.vhosts=* \
--authrpc.addr=0.0.0.0 \
--builder \
--builder.algotype=greedy \
--builder.beacon_endpoints=http://127.0.0.1:3500,http://prysm:3500 \
--builder.remote_relay_endpoint=https://boost-relay-holesky.flashbots.net \
--miner.extradata='Illuminate Dmocrtz Dstrib Prtct' \
--datadir.ancient=/data/ancient \
> $@
endif
############################## GETH EXECUTABLE ###############################
# Clone Geth and fetch dependencies
$(SRCDIR)/Makefile:
git clone -b $(GETH_BRANCH) $(GETH_REPO) $(SRCDIR)
cd $(SRCDIR) && ego-go mod download
# patch Geth
$(SRCDIR)/PATCHED: $(SRCDIR)/Makefile
if patch --dry-run -d $(SRCDIR) -p1 < geth-patches/0001-go-ethereum.patch &> /dev/null; then
patch -d $(SRCDIR) -p1 < geth-patches/0001-go-ethereum.patch
elif patch --dry-run -d $(SRCDIR) -p1 < geth-patches/0001a-go-ethereum.patch &> /dev/null; then
patch -d $(SRCDIR) -p1 < geth-patches/0001a-go-ethereum.patch
elif patch --dry-run -d $(SRCDIR) -p1 < geth-patches/0001b-go-ethereum.patch &> /dev/null; then
patch -d $(SRCDIR) -p1 < geth-patches/0001b-go-ethereum.patch
else
echo "Error: Flock patch cannot be applied.";
exit -1;
fi
ifeq ($(TLS),1)
patch -d $(SRCDIR) -p1 < geth-patches/0003-go-ethereum-tls.patch
endif
ifeq ($(PROTECT),1)
patch -d $(SRCDIR) -p1 < geth-patches/0004-protect.patch
endif
touch $(SRCDIR)/PATCHED
# Create a local copy of goleveldb mod and patch it
$(PATCHED_GOLEVELDB): GOLEVELDB_SRCDIR=$(shell cat $(SRCDIR)/go.mod | awk -v pattern="goleveldb" '$$1 ~ pattern { print $$1 "@" $$2}')
$(PATCHED_GOLEVELDB): $(SRCDIR)/PATCHED
cp -r --no-preserve=mode $(GOMODCACHE)/$(GOLEVELDB_SRCDIR) .
mv $(PATCHED_GOLEVELDB)* $(PATCHED_GOLEVELDB)
patch -d $(PATCHED_GOLEVELDB) -p1 < geth-patches/0002-goleveldb.patch
# Build Geth
$(SRCDIR)/build/bin/geth: $(PATCHED_GOLEVELDB)
cd $(SRCDIR) && \
ego-go build -ldflags "-extldflags '-Wl,-z,stack-size=0x800000,-fuse-ld=gold'" -tags urfave_cli_no_docs -trimpath -v -o $(PWD)/$(SRCDIR)/build/bin/geth ./cmd/geth
################################## GETH INIT #################################
CFLAGS += $(shell pkg-config --cflags mbedtls_gramine)
LDFLAGS += -ldl -Wl,--enable-new-dtags $(shell pkg-config --libs mbedtls_gramine)
geth_init: geth_init.cpp
$(GPP) $< $(CFLAGS) $(LDFLAGS) -o $@
##################### REMOTE ATTESTATION CLIENT ##############################
mbedtls:
wget $(MBEDTLS_PATH) -O mbedtls.tgz
mkdir mbedtls
tar -xvzf mbedtls.tgz -C mbedtls --strip-components 1
rm mbedtls.tgz
attest: attest.c mbedtls
C_INCLUDE_PATH=mbedtls/include $(CC) $< $(CFLAGS) $(LDFLAGS) -o $@
################################ GETH MANIFEST ###############################
# The template file is a Jinja2 template and contains almost all necessary
# information to run Geth under Gramine / Gramine-SGX. We create
# geth.manifest (to be run under non-SGX Gramine) by replacing variables
# in the template file using the "gramine-manifest" script.
RA_TYPE ?= dcap
ISVPRODID ?= 0
ISVSVN ?= 0
geth.manifest: geth.manifest.template geth.args
gramine-manifest \
-Dlog_level=$(GRAMINE_LOG_LEVEL) \
-Darch_libdir=$(ARCH_LIBDIR) \
-Dentrypoint="./geth_init" \
-Dgeth_bin="./geth" \
-Dra_type=$(RA_TYPE) \
-Disvprodid=$(ISVPRODID) \
-Disvsvn=$(ISVSVN) \
-Denclave_size=$(ENCLAVE_SIZE) \
$< >$@
# Manifest for Gramine-SGX requires special "gramine-sgx-sign" procedure. This
# procedure measures all Geth trusted files, adds the measurement to the
# resulting manifest.sgx file (among other, less important SGX options) and
# creates geth.sig (SIGSTRUCT object).
# Make on Ubuntu <= 20.04 doesn't support "Rules with Grouped Targets" (`&:`),
# see the gramine helloworld example for details on this workaround.
geth.manifest.sgx geth.sig: sgx_sign
@:
.INTERMEDIATE: sgx_sign
sgx_sign: geth.manifest
gramine-sgx-sign \
--manifest $< \
--output $<.sgx
########################### COPIES OF EXECUTABLES #############################
# Geth build process creates the final executable as build/bin/geth. For
# simplicity, copy it into our root directory.
geth: $(SRCDIR)/build/bin/geth geth_init
cp $< $@
############################## RUNNING TESTS ##################################
.PHONY: check
check: all
./run-tests.sh > TEST_STDOUT 2> TEST_STDERR
@grep -q "Success 1/4" TEST_STDOUT
@grep -q "Success 2/4" TEST_STDOUT
@grep -q "Success 3/4" TEST_STDOUT
@grep -q "Success 4/4" TEST_STDOUT
ifeq ($(SGX),1)
@grep -q "Success SGX quote" TEST_STDOUT
endif
################################## CLEANUP ####################################
.PHONY: clean
clean:
$(RM) *.manifest *.manifest.sgx *.sig *.args OUTPUT* *.PID TEST_STDOUT TEST_STDERR
.PHONY: distclean
distclean: clean
$(RM) -rf $(SRCDIR) $(PATCHED_GOLEVELDB) geth geth_init mbedtls attest