# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

FROM ubuntu:18.04 as javaenclave_base

LABEL maintainer="Junshao Wang"

ENV GRAALVM_HOME="/root/tools/graalvm-ce-java11-22.2.0"
ENV JAVA_HOME="/root/tools/graalvm-ce-java11-22.2.0"
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
ENV CC=/usr/local/occlum/bin/occlum-gcc

ARG PSW_VERSION=2.18.100.3
ARG DCAP_VERSION=1.15.100.3

ADD ["tmpDownloadDir/graalvm-ce-java11-22.2.0.tar.gz", "/root/tools/"]
ADD ["tmpDownloadDir/zlib-1.2.11.tar.gz", "/root/tools/"]
ADD ["tmpDownloadDir/Alibaba_Dragonwell_Standard_11.0.16.12.8_x64_alpine-linux.tar.gz", "/root/tools"]
ADD ["tmpDownloadDir/sgx_linux_x64_sdk_2.17.101.1.bin", "/root/tools/"]

# install necessary tools.
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y gdb gnupg wget aptitude libfuse-dev libtool tzdata jq unzip && \
    echo -e 'yes\n' | DEBIAN_FRONTEND=noninteractive apt-get install -y maven && \
    echo -e 'yes\n' | DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential libz-dev zlib1g-dev && \
    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' > /etc/apt/sources.list.d/intel-sgx.list && \
    wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - && \
    echo 'deb [arch=amd64] https://occlum.io/occlum-package-repos/debian bionic main' | tee /etc/apt/sources.list.d/occlum.list && \
    wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - && \
    apt-get update && aptitude install -y \
    occlum \
    libsgx-launch-dev=${PSW_VERSION}-bionic1 \
    libsgx-urts=${PSW_VERSION}-bionic1 \
    libsgx-urts-dbgsym=${PSW_VERSION}-bionic1 \
    libsgx-uae-service=${PSW_VERSION}-bionic1 \
    libsgx-dcap-quote-verify-dev=${DCAP_VERSION}-bionic1 \
    libsgx-dcap-ql=${DCAP_VERSION}-bionic1 \
    libsgx-dcap-ql-dev=${DCAP_VERSION}-bionic1 \
    libsgx-dcap-default-qpl=${DCAP_VERSION}-bionic1 && \
    cd /root/tools/zlib-1.2.11 && ./configure --prefix=/opt/occlum/toolchains/gcc/x86_64-linux-musl && make && make install && \
    cd /root/tools && chmod 777 sgx_linux_x64_sdk_2.17.101.1.bin && echo -e 'no\n/opt/teesdk\n' | ./sgx_linux_x64_sdk_2.17.101.1.bin

# copy dcap_occlum lib from occlum docker image.
COPY --from=docker.io/occlum/occlum:0.26.4-ubuntu18.04 /opt/occlum/toolchains/dcap_lib /opt/occlum/toolchains/dcap_lib

# fix occlum aesm service issue.
RUN sed -i '/"Error: AESM service is not started yet. Need to start it first"/{N;s/.*//}' /opt/occlum/build/bin/occlum