integritee-worker

Integritee worker for Integritee node or parachain

This is part of Integritee

Build and Run

Please see our Integritee Book to learn how to build and run this.

• install SGX SDK
  • You can find working but (too) specific steps in the CI
  • Or DIY official guide
• setup needed env vars eg source /opt/intel/sgxsdk/environment
  • NOTE: it MUST match the directory where you installed the SDK
  • NOTE: the PATH MUST contain "Intel binutils"(ie linker etc)
  • NOTE: it WILL NOT build with latest compiler; eg use export CC=gcc-11 CXX=g++-11
• compile and run the tests: make && (cd bin/ && touch spid.txt key.txt && ./integritee-service test --all) and cargo test --release
  • NOTE: SGX tests MUST be run with a special exe, NOT using cargo test
  • IF you get compilation errors like:

    /home/XXX/.cargo/git/checkouts/incubator-teaclave-sgx-sdk-c63c8825343e87f0/d2d339c/sgx_unwind/../sgx_unwind/libunwind/include/pthread_compat.h:39:10: fatal error: sgx_spinlock.h: No such file or directory
     39 | #include "sgx_spinlock.h"
  

  It means the SDK is not properly installed and/or the env vars are not properly set.

WIP make && (cd bin && RUST_LOG=warn RUST_BACKTRACE=1 INTERSTELLAR_URI_NODE=http://127.0.0.1:8990 IPFS_ROOT_URL=http://127.0.0.1:5001 ./integritee-service --clean-reset -P 2090 -p 9990 -r 3490 -w 2091 -h 4545 run --skip-ra --dev)

WIP (cd cli/ && ./demo_interstellar.sh -p 9990 -P 2090)

SGX(enclave) compilation errors

If the root crate compiles but enclave-runtime does not with some std related error: CHECK with: cd enclave-runtime/ && cargo no-std-check --profile=release --manifest-path Cargo.toml

If this command return a problematic library: CHECK with e.g.: cargo tree --invert thiserror Please see our Integritee Book to learn how to build and run this.

To start multiple worker and a node with one simple command: Check out this README.

Docker

See docker/README.md.

Tests

There are 3 types of tests:

• cargo tests
• enclave tests
• integration tests

Cargo Tests

Run

cargo test

Enclave Tests

Run

make
./bin/integritee-service test --all

Integration Tests

See docker/README.md

Direct calls scalability

For direct calls, a worker runs a web-socket server inside the enclave. An important factor for scalability is the transaction throughput of a single worker instance, which is in part defined by the maximum number of concurrent socket connections possible. On Linux by default, a process can have a maximum of 1024 concurrent file descriptors (show by ulimit -n). If the web-socket server hits that limit, incoming connections will be declined until one of the established connections is closed. Permanently changing the ulimit -n value can be done in the /etc/security/limits.conf configuration file. See this guide for more information.