From 2c867c3810282e6cf99c8a82028d0757383affcf Mon Sep 17 00:00:00 2001 From: Shellz Bt Date: Tue, 10 Dec 2024 01:54:41 -0500 Subject: [PATCH] feat: intel proofs --- .github/workflows/build-and-release.yml | 154 +++++++----------- Dockerfile | 7 +- config.yaml | 55 ------- {sixgpt_proof => my_proof}/__init__.py | 0 {sixgpt_proof => my_proof}/__main__.py | 7 +- .../extract/__init__.py | 0 .../models/proof_response.py | 0 {sixgpt_proof => my_proof}/proof.py | 8 +- {sixgpt_proof => my_proof}/sixgpt/__init__.py | 0 .../wikipedia/verify_content.py | 0 requirements.txt | 1 + sixgpt-proof.manifest.template | 33 ---- 12 files changed, 66 insertions(+), 199 deletions(-) delete mode 100644 config.yaml rename {sixgpt_proof => my_proof}/__init__.py (100%) rename {sixgpt_proof => my_proof}/__main__.py (89%) rename {sixgpt_proof => my_proof}/extract/__init__.py (100%) rename {sixgpt_proof => my_proof}/models/proof_response.py (100%) rename {sixgpt_proof => my_proof}/proof.py (93%) rename {sixgpt_proof => my_proof}/sixgpt/__init__.py (100%) rename {sixgpt_proof => my_proof}/wikipedia/verify_content.py (100%) delete mode 100644 sixgpt-proof.manifest.template diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 85e18f1..650ad80 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -13,100 +13,60 @@ jobs: build-and-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.11' - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Build Docker image - uses: docker/build-push-action@v4 - with: - context: . - load: true - tags: | - sixgpt-proof:${{ github.run_number }} - sixgpt-proof:latest - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Clone and set up GSC - run: | - git clone https://github.com/gramineproject/gsc.git - cd gsc - python3 -m pip install --no-cache-dir 'docker>=7.1.0' 'jinja2>=3.1.4' 'tomli>=2.0.1' 'tomli-w>=1.0.0' 'pyyaml>=6.0.2' - - - name: Create signing key - run: | - echo "${{ secrets.SIGNING_KEY }}" > signing_key.pem - chmod 600 signing_key.pem - - - name: Build GSC image - run: | - cd gsc - ./gsc build sixgpt-proof ../sixgpt-proof.manifest.template -c ../config.yaml - - - name: Sign GSC image - run: | - cd gsc - ./gsc sign-image sixgpt-proof ../signing_key.pem -c ../config.yaml - - - name: Export GSC image to file - run: | - docker save gsc-sixgpt-proof:latest | gzip > gsc-sixgpt-proof-${{ github.run_number }}.tar.gz - - - name: Generate verification data - run: | - cd gsc - ./gsc info-image gsc-sixgpt-proof > ../sigstruct.txt - - - name: Upload image - uses: actions/upload-artifact@v3 - with: - name: gsc-sixgpt-proof-image - path: gsc-sixgpt-proof-${{ github.run_number }}.tar.gz - - - name: Upload verification data - uses: actions/upload-artifact@v3 - with: - name: gsc-sixgpt-proof-sigstruct - path: sigstruct.txt - - - name: Generate release body - run: | - echo "MRSIGNER: $(grep -oP 'mr_signer = "\K[^"]*' sigstruct.txt)" >> release_body.txt - echo "MRENCLAVE: $(grep -oP 'mr_enclave = "\K[^"]*' sigstruct.txt)" >> release_body.txt - echo "Image SHA256: $(sha256sum gsc-sixgpt-proof-${{ github.run_number }}.tar.gz | cut -d' ' -f1)" >> release_body.txt - - - name: Create Release and Upload Assets - uses: softprops/action-gh-release@v1 - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ github.run_number }} - name: Release v${{ github.run_number }} - body_path: release_body.txt - draft: false - prerelease: false - files: | - ./gsc-sixgpt-proof-${{ github.run_number }}.tar.gz - ./sigstruct.txt - - - name: Cleanup signing key - if: always() - run: | - rm -f signing_key.pem - - - name: Log build result - if: always() - run: | - if [ ${{ job.status }} == "success" ]; then - echo "Build and release completed successfully" - else - echo "Build and release failed" - fi \ No newline at end of file + - uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build Docker image + uses: docker/build-push-action@v4 + with: + context: . + load: true + tags: | + my-proof:${{ github.run_number }} + my-proof:latest + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Export image to file + run: | + docker save my-proof:latest | gzip > my-proof-${{ github.run_number }}.tar.gz + + - name: Generate release body + run: | + echo "Image SHA256: $(sha256sum my-proof-${{ github.run_number }}.tar.gz | cut -d' ' -f1)" >> release_body.txt + + - name: Upload image + uses: actions/upload-artifact@v3 + with: + name: my-proof-image + path: my-proof-${{ github.run_number }}.tar.gz + + - name: Create Release and Upload Assets + uses: softprops/action-gh-release@v1 + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: v${{ github.run_number }} + name: Release v${{ github.run_number }} + body_path: release_body.txt + draft: false + prerelease: false + files: | + ./my-proof-${{ github.run_number }}.tar.gz + + - name: Log build result + if: always() + run: | + if [ ${{ job.status }} == "success" ]; then + echo "Build and release completed successfully" + else + echo "Build and release failed" + fi \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index aaab71c..d6d560e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,5 @@ FROM python:3.12-slim -# Install any Python dependencies your application needs, e.g.: -RUN pip install --no-cache-dir requests - -RUN mkdir /sealed && chmod 777 /sealed - WORKDIR /app COPY . /app @@ -12,4 +7,4 @@ COPY . /app # Install any needed packages specified in requirements.txt RUN pip install --no-cache-dir -r requirements.txt -CMD ["python", "-m", "sixgpt_proof"] +CMD ["python", "-m", "my_proof"] diff --git a/config.yaml b/config.yaml deleted file mode 100644 index 04270db..0000000 --- a/config.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# NOTE: This file was copied from https://github.com/gramineproject/gsc/blob/fcf96546f4a23a4e6bcc6a14d80cf1521c018fc9/config.yaml.template - -# -# Specify the OS distro that is used to build Gramine, i.e., the distro from where the Gramine build -# gets all tools and dependencies from. This distro should match the distro underlying the -# application's Docker image; otherwise the results may be unpredictable (if you specify `"auto"`, -# which is recommended, you don't need to worry about the mismatch). -# -# Currently supported distros are: -# - ubuntu:20.04, ubuntu:21.04, ubuntu:22.04, ubuntu:23.04 -# - debian:10, debian:11, debian:12 -# - centos:8 -# - quay.io/centos/centos:stream9 -# - redhat/ubi8:8.8, redhat/ubi9:9.4 -# - redhat/ubi8-minimal:8.8, redhat/ubi9-minimal:9.4 - -# If Distro is set to "auto", GSC detects the distro automatically by examining the supplied -# Docker image. Alternatively, Distro can be set to one of the supported distros mentioned above. -Distro: "auto" - -# If the image has a specific registry, define it here. -# Empty by default; example value: "registry.access.redhat.com/ubi8". -Registry: "" - -# If you're using your own fork and branch of Gramine, specify the GitHub link and the branch name -# below; typically, you want to keep the default values though. -# -# It is also possible to specify the prebuilt Gramine Docker image (that was built previously via -# the `gsc build-gramine` command). For this, remove Repository and Branch and instead write: -# Image: "" -# -# GSC releases are guaranteed to work with corresponding Gramine releases (and GSC `master` -# branch is guaranteed to work with current Gramine `master` branch). -Gramine: - Repository: "https://github.com/gramineproject/gramine.git" - Branch: "master" - -# Specify the Intel SGX driver installed on your machine (more specifically, on the machine where -# the graminized Docker container will run); there are several variants of the SGX driver: -# -# - upstream (in-kernel) driver: use empty values like below -# Repository: "" -# Branch: "" -# -# - DCAP out-of-tree driver: same as above, use empty values -# Repository: "" -# Branch: "" -# -# - legacy out-of-tree driver: use something like the below values, but adjust the branch name -# Repository: "https://github.com/01org/linux-sgx-driver.git" -# Branch: "sgx_driver_1.9" -# -SGXDriver: - Repository: "" - Branch: "" \ No newline at end of file diff --git a/sixgpt_proof/__init__.py b/my_proof/__init__.py similarity index 100% rename from sixgpt_proof/__init__.py rename to my_proof/__init__.py diff --git a/sixgpt_proof/__main__.py b/my_proof/__main__.py similarity index 89% rename from sixgpt_proof/__main__.py rename to my_proof/__main__.py index 8300067..dcdae4d 100644 --- a/sixgpt_proof/__main__.py +++ b/my_proof/__main__.py @@ -6,9 +6,9 @@ import zipfile from typing import Dict, Any -from sixgpt_proof.proof import Proof +from my_proof.proof import Proof -INPUT_DIR, OUTPUT_DIR, SEALED_DIR = '/input', '/output', '/sealed' +INPUT_DIR, OUTPUT_DIR = '/input', '/output' logging.basicConfig(level=logging.INFO, format='%(message)s') @@ -16,8 +16,7 @@ def load_config() -> Dict[str, Any]: """Load proof configuration from environment variables.""" config = { - 'dlp_id': 202, # Set your own DLP ID here - 'use_sealing': os.path.isdir(SEALED_DIR), + 'dlp_id': 14, # Set your own DLP ID here 'input_dir': INPUT_DIR, "sixgpt_api_key": os.environ.get("SIXGPT_API_KEY", None), "miner_address": os.environ.get("MINER_ADDRESS", None), diff --git a/sixgpt_proof/extract/__init__.py b/my_proof/extract/__init__.py similarity index 100% rename from sixgpt_proof/extract/__init__.py rename to my_proof/extract/__init__.py diff --git a/sixgpt_proof/models/proof_response.py b/my_proof/models/proof_response.py similarity index 100% rename from sixgpt_proof/models/proof_response.py rename to my_proof/models/proof_response.py diff --git a/sixgpt_proof/proof.py b/my_proof/proof.py similarity index 93% rename from sixgpt_proof/proof.py rename to my_proof/proof.py index 11e5bfe..0ba24f3 100644 --- a/sixgpt_proof/proof.py +++ b/my_proof/proof.py @@ -4,10 +4,10 @@ import random -from sixgpt_proof.extract import extract_data, validate_json_structure -from sixgpt_proof.models.proof_response import ProofResponse -from sixgpt_proof.wikipedia.verify_content import WikipediaSummarization -from sixgpt_proof.sixgpt import evaluate_question, evaluate_answer, get_uniqueness_score +from my_proof.extract import extract_data, validate_json_structure +from my_proof.models.proof_response import ProofResponse +from my_proof.wikipedia.verify_content import WikipediaSummarization +from my_proof.sixgpt import evaluate_question, evaluate_answer, get_uniqueness_score MIN_NUMBER_OF_EXAMPLES = 50 diff --git a/sixgpt_proof/sixgpt/__init__.py b/my_proof/sixgpt/__init__.py similarity index 100% rename from sixgpt_proof/sixgpt/__init__.py rename to my_proof/sixgpt/__init__.py diff --git a/sixgpt_proof/wikipedia/verify_content.py b/my_proof/wikipedia/verify_content.py similarity index 100% rename from sixgpt_proof/wikipedia/verify_content.py rename to my_proof/wikipedia/verify_content.py diff --git a/requirements.txt b/requirements.txt index 572b352..903705e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ pydantic +requests diff --git a/sixgpt-proof.manifest.template b/sixgpt-proof.manifest.template deleted file mode 100644 index 901e83d..0000000 --- a/sixgpt-proof.manifest.template +++ /dev/null @@ -1,33 +0,0 @@ -# Adjust this as needed. -sgx.enclave_size = "256M" - -# Increase this as needed, e.g., if you run a web server. -sgx.max_threads = 4 - -# Whitelist ENV variables that get passed to the enclave -# Using { passthrough = true } allows values to be passed in from the Satya node's /RunProof endpoint -loader.env.SIXGPT_API_KEY = { passthrough = true } -loader.env.MINER_ADDRESS = { passthrough = true } -loader.env.FILE_ID = { passthrough = true } - -# Gramine gives a warning that allowed_files is not safe in production, but it -# should generally be fine for our use case which inherently assumes that input -# files are untrusted until proven otherwise. -sgx.allowed_files = [ - "file:/input/", - "file:/output/", - # Required for internet access from inside the enclave - "file:/etc/hosts", - "file:/etc/resolv.conf", -] - -# These directories are mounted from the host, which will be a temporary directory from the Satya node that's running the proof. -fs.mounts = [ - { type = "encrypted", path = "/sealed", uri = "file:/sealed", key_name = "_sgx_mrenclave" }, - { path = "/input", uri = "file:/input" }, - { path = "/output", uri = "file:/output" }, -] - -# You can add other Gramine-manifest-compatible options as needed, see the -# Gramine documentation for more details: https://gramine.readthedocs.io. Note -# that gsc defines a number of manifest settings by default.