clearlinux/graphene
2
0
Fork 0
mirror of https://github.com/clearlinux/graphene.git synced 2026-06-29 17:35:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1d25612006245d30d695ff64ddb33d2178abcb23
graphene/Examples/python-scipy-insecure
T
History
Paweł Marczewski 1d25612006 [CI] Enable pylint unconditionally, fix violations 
Pylint output was filtered so that many files with existing pylint
violations were allowed to stay broken.

I made sure all files pass pylint, but whitelisted some rules that
we commonly disable:

* missing docstrings: most of the code is tests/internal anyway
* invalid-name: too many violations, and we commonly use one- or
  two-character names (like "a, b" or "t1, t2") which is
  disallowed by this rule; we could tweak it and then fix
  remaining violations such as camel-case or lowercase constants
* fixme: we leave TODOs as a matter of practice, same as in C
* high-level style rules like too-few-* and too-many-*,
  no-self-use

Hopefully that will make using pylint less annoying, while also
catching serious issues (such as unused variables or imports).
2020-11-17 13:45:09 -08:00
..
scripts
[CI] Enable pylint unconditionally, fix violations
2020-11-17 13:45:09 -08:00
.gitignore
[LibOS+Pal] manifest: Remove support for loader.exec and sgx.sigfile
2020-10-23 00:06:46 +02:00
Makefile
[LibOS,Pal,Examples,GSC,Docs] Move manifest parsing to TOML
2020-11-12 05:45:07 -08:00
python.manifest.template
[LibOS,Pal,Examples,GSC,Docs] Move manifest parsing to TOML
2020-11-12 05:45:07 -08:00
README.md
Migrate and remove test/apps submodule
2020-03-30 21:10:41 +02:00

README.md

Python example

This directory contains an example for running Python 3 with SciPy/NumPy in Graphene, including the Makefile and a template for generating the manifest. The application is tested on Ubuntu 16.04, with both normal Linux and SGX platforms.

This example is insecure: the manifest file uses sgx.allowed_files to allow all Python libraries/scripts without any integrity checks. This example simply shows the functionality of Graphene but does not prevent the attacker from silently modifying Python files. For secure Python usage, see the python-simple example.

Generating the manifest

Installing prerequisites

For generating the manifest and running the test scripts, please run the following command to install the required Python packages (Ubuntu-specific):

sudo apt-get install libnss-mdns python3-numpy python3-scipy

Building for Linux

Run make (non-debug) or make DEBUG=1 (debug) in the directory.

Building for SGX

Run make SGX=1 (non-debug) or make SGX=1 DEBUG=1 (debug) in the directory.

Building with a local Python installation

By default, the make command creates the manifest for the Python binary from the system installation. If you have a local installation, you may create the manifest with the PYTHONPATH variable set accordingly. You can also specify a particular version of Python. For example:

make PYTHONPATH=<python install path> PYTHONVERSION=python3.2 SGX=1

By default, PYTHONPATH=/usr and PYTHONVERSION=python3.5.

Run Python with Graphene

Here's an example of running Python scripts under Graphene:

Without SGX:

./pal_loader python.manifest scripts/test-numpy.py
./pal_loader python.manifest scripts/test-scipy.py

With SGX:

SGX=1 ./pal_loader python.manifest scripts/test-numpy.py
SGX=1 ./pal_loader python.manifest scripts/test-scipy.py
Reference in New Issue View Git Blame Copy Permalink