-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Install SGX powHSM as a systemd service (#226)
- Loading branch information
1 parent
c93d70d
commit f45141f
Showing
6 changed files
with
131 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/bash | ||
|
||
DOCKER_CNT=powhsmsgx-runner | ||
docker stop $DOCKER_CNT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
[Unit] | ||
Description=SGX powHSM | ||
Wants=network.target | ||
After=syslog.target network-online.target docker.service | ||
Requires=docker.service | ||
|
||
[Service] | ||
Type=simple | ||
WorkingDirectory=$HSM_INSTALL_DIR | ||
User=hsm | ||
Group=hsm | ||
ExecStart=$HSM_INSTALL_DIR/bin/start | ||
ExecStop=$HSM_INSTALL_DIR/bin/stop | ||
Restart=on-failure | ||
RestartSec=10 | ||
KillMode=mixed | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
#!/bin/bash | ||
|
||
# Require superuser | ||
if ! [ "$(id -u)" == "0" ]; then | ||
echo -e "\e[1;31mPlease run with sudo.\e[0m" | ||
exit 1 | ||
fi | ||
|
||
if [ -z "$1" ]; then | ||
echo -e "\e[1;31mUsage: $0 <service-file>\e[0m" | ||
exit 1 | ||
fi | ||
|
||
SERVICE_UNIT=$(realpath $1) | ||
if [ ! -f "$SERVICE_UNIT" ]; then | ||
echo "\e[1;31mService file not found: $SERVICE_UNIT\e[0m" | ||
exit 1 | ||
fi | ||
|
||
# Extract the installation directory from the service file | ||
INSTALL_DIR=$(grep -oP 'WorkingDirectory=\K.*' $SERVICE_UNIT) | ||
if [ -z "$INSTALL_DIR" ]; then | ||
echo -e "\e[1;31mCould not extract installation directory from service file.\e[0m" | ||
exit 1 | ||
fi | ||
|
||
echo -e "\e[1;32mCreating hsm user and group...\e[0m" | ||
if ! id -u hsm >/dev/null 2>&1; then | ||
useradd -rm -s /bin/bash hsm || exit $? | ||
usermod -aG docker hsm || exit $? | ||
else | ||
echo -e "\e[1;33mUser 'hsm' already exists. Skipping user creation.\e[0m" | ||
fi | ||
|
||
DEFAULT_NETWORK="net_sgx" | ||
while true; do | ||
echo -e "\e[1;32mEnter the name of the docker network to be created: [$DEFAULT_NETWORK]\e[0m" | ||
read -p "> " NETWORK | ||
if [ -z "$NETWORK" ]; then | ||
NETWORK=$DEFAULT_NETWORK | ||
fi | ||
echo -e "\e[1;33mThe docker network will be named '$NETWORK'. Proceed? [Y/n]\e[0m" | ||
read -p "> " proceed | ||
if [[ "Y" == "$proceed" ]] || [[ "y" == "$proceed" ]] || [ -z "$proceed" ]; then | ||
break | ||
fi | ||
done | ||
|
||
echo -e "\e[1;32mCreating $NETWORK network...\e[0m" | ||
docker network rm $NETWORK 2> /dev/null | ||
docker network create $NETWORK &> /dev/null | ||
echo "NETWORK=$NETWORK" >> $INSTALL_DIR/.env || exit $? | ||
|
||
echo -e "\e[1;32mSetting permisions...\e[0m" | ||
chown -R root:hsm $INSTALL_DIR || exit $? | ||
chmod 664 $INSTALL_DIR/*.dat $INSTALL_DIR/.env || exit $? | ||
|
||
echo -e "\e[1;32mCreating service...\e[0m" | ||
cp $SERVICE_UNIT /etc/systemd/system/hsmsgx.service | ||
systemctl daemon-reload || exit $? | ||
echo -e "\e[1;32mEnabling service...\e[0m" | ||
systemctl enable hsmsgx.service || exit $? | ||
echo -e "\e[1;32mEStarting service...\e[0m" | ||
systemctl start hsmsgx.service || exit $? | ||
echo -e "\e[1;32mService started.\e[0m" | ||
echo -e "\e[1;32mTo check the status of the service, run 'systemctl status hsmsgx.service'.\e[0m" | ||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,21 @@ | ||
#!/bin/bash | ||
|
||
$(dirname $0)/scripts/run_with_docker ./scripts/setup $1 | ||
# Require superuser, since we need to install a service in the host | ||
if ! [ "$(id -u)" == "0" ]; then | ||
echo -e "\e[1;32mPlease run with sudo.\e[0m" | ||
exit 1 | ||
fi | ||
|
||
ROOT_DIR=$(realpath $(dirname $0)) | ||
$ROOT_DIR/scripts/run_with_docker ./scripts/setup $1 | ||
if [ $? -ne 0 ]; then | ||
echo -e "\e[1;31m Error during the powhsm setup, aborting \e[0m" | ||
exit 1 | ||
fi | ||
|
||
$ROOT_DIR/scripts/install_service $ROOT_DIR/service/hsmsgx.service | ||
if [ $? -ne 0 ]; then | ||
echo -e "\e[1;31m Error during the powhsm service installation, aborting \e[0m" | ||
exit 1 | ||
fi | ||
echo -e "\e[1;32mHSM SGX setup done.\e[0m" |