Merging upstream version 1.46.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 0 insertions, 436 deletions

diff --git a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/CMakeLists.txt b/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/CMakeLists.txt
deleted file mode 100644
index 7ab55224..00000000
--- a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/CMakeLists.txt
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright (c) 2022 Intel Corporation
-# Copyright (c) 2020-2021 Alibaba Cloud
-# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
-
-cmake_minimum_required(VERSION 3.1.4)
-project(sgx-ra)
-
-################ runtime settings  ##############
-set (WAMR_BUILD_PLATFORM "linux-sgx")
-
-# Reset default linker flags
-set (CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
-set (CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS "")
-
-# Set WAMR_BUILD_TARGET
-if (NOT DEFINED WAMR_BUILD_TARGET)
-  if (CMAKE_SIZEOF_VOID_P EQUAL 8)
-    # Build as X86_64 by default in 64-bit platform
-    set (WAMR_BUILD_TARGET "X86_64")
-  elseif (CMAKE_SIZEOF_VOID_P EQUAL 4)
-    # Build as X86_32 by default in 32-bit platform
-    set (WAMR_BUILD_TARGET "X86_32")
-  else ()
-    message(SEND_ERROR "Unsupported build target platform!")
-  endif ()
-endif ()
-
-if (NOT CMAKE_BUILD_TYPE)
-  set (CMAKE_BUILD_TYPE Release)
-endif ()
-
-set (WAMR_BUILD_INTERP 1)
-set (WAMR_BUILD_AOT 1)
-set (WAMR_BUILD_JIT 0)
-set (WAMR_BUILD_LIBC_BUILTIN 1)
-set (WAMR_BUILD_LIBC_WASI 1)
-set (WAMR_BUILD_LIB_PTHREAD 1)
-set (WAMR_BUILD_FAST_INTERP 1)
-set (WAMR_BUILD_LIB_RATS 1)
-
-# compiling and linking flags
-set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--gc-sections")
-set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -ffunction-sections -fdata-sections \
-                                     -Wall -Wno-unused-parameter -Wno-pedantic \
-                                     -nostdinc -fvisibility=hidden -fpie" )
-
-# build out vmlib
-set (WAMR_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../..)
-set (SGX_PLATFORM_DIR ${WAMR_ROOT_DIR}/product-mini/platforms/linux-sgx)
-include (${WAMR_ROOT_DIR}/build-scripts/runtime_lib.cmake)
-
-add_library(vmlib ${WAMR_RUNTIME_LIB_SOURCE})
-
-add_custom_command (
-             OUTPUT libvmlib_untrusted.a
-             COMMAND mkdir -p untrusted && cd untrusted &&
-                     ${CMAKE_C_COMPILER} -c ${PLATFORM_SHARED_SOURCE_UNTRUSTED}
-             COMMAND ${CMAKE_AR} rc libvmlib_untrusted.a untrusted/*.o)
-
-add_custom_target (vmlib_untrusted ALL DEPENDS libvmlib_untrusted.a)
-
-execute_process (
-    COMMAND bash -c "sed -i -E 's/^#define WASM_ENABLE_LIB_RATS 0/#define WASM_ENABLE_LIB_RATS 1/g' ${SGX_PLATFORM_DIR}/enclave-sample/Enclave/Enclave.edl"
-    COMMAND bash -c "sed -i -E 's/^WAMR_BUILD_LIB_RATS = 0/WAMR_BUILD_LIB_RATS = 1/g' ${SGX_PLATFORM_DIR}/enclave-sample/Makefile"
-    OUTPUT_VARIABLE cmdOutput
-)
-
-################ wamr runtime ###################
-add_custom_target (
-              iwasm ALL
-              DEPENDS vmlib_untrusted vmlib_untrusted vmlib
-              COMMAND make -C  ${SGX_PLATFORM_DIR}/enclave-sample SGX_MODE=HW SGX_DEBUG=1 VMLIB_BUILD_DIR=${CMAKE_BINARY_DIR}
-              COMMAND ${CMAKE_COMMAND} -E copy ${SGX_PLATFORM_DIR}/enclave-sample/enclave.signed.so ${CMAKE_BINARY_DIR}
-              COMMAND ${CMAKE_COMMAND} -E copy ${SGX_PLATFORM_DIR}/enclave-sample/iwasm ${CMAKE_BINARY_DIR}
-              COMMAND make -C ${SGX_PLATFORM_DIR}/enclave-sample clean)
-
-################ wasm application ###############
-add_subdirectory(wasm-app)
diff --git a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/README.md b/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/README.md
deleted file mode 100644
index 39a2f2d9..00000000
--- a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/README.md
+++ /dev/null
@@ -1,203 +0,0 @@
-"sgx-ra" sample introduction
-==============
-
-This sample demonstrates how to execute Remote Attestation on SGX with [librats](https://github.com/inclavare-containers/librats) and run it with iwasm. It can only build on [SGX supported processors](https://www.intel.com/content/www/us/en/support/articles/000028173/processors.html), please check it.
-
-## Preparation
-
-SGX-RA requires to have installed:
- - the WASI-SDK, located in `/opt/wasi-sdk`
- - CMake >= 3.11, which is not provided on Ubuntu 18.04 (use [Kitware APT Repository](https://apt.kitware.com/))
-
-### Intel SGX dependencies
-
-Before starting, we need to download and install [SGX SDK](https://download.01.org/intel-sgx/latest/linux-latest/distro) and [SGX DCAP Library](https://download.01.org/intel-sgx/latest/dcap-latest) referring to this [guide](https://download.01.org/intel-sgx/sgx-dcap/1.8/linux/docs/Intel_SGX_DCAP_Linux_SW_Installation_Guide.pdf).
-
-The following commands are an example of the SGX environment installation on Ubuntu 18.04.
-``` shell
-# Set your platform, you can get the platforms list on
-# https://download.01.org/intel-sgx/latest/linux-latest/distro
-$ cd $HOME
-$ SGX_PLATFORM=ubuntu18.04-server
-$ SGX_SDK_VERSION=2.17.100.3
-$ SGX_DRIVER_VERSION=1.41
-
-# install the dependencies
-$ sudo apt-get update
-$ sudo apt-get install -y dkms
-
-# install SGX Driver
-$ wget https://download.01.org/intel-sgx/latest/linux-latest/distro/$SGX_PLATFORM/sgx_linux_x64_driver_$SGX_DRIVER_VERSION.bin
-$ chmod +x sgx_linux_x64_driver_$SGX_DRIVER_VERSION.bin
-$ sudo ./sgx_linux_x64_driver_$SGX_DRIVER_VERSION.bin
-
-# install SGX SDK
-$ wget https://download.01.org/intel-sgx/latest/linux-latest/distro/$SGX_PLATFORM/sgx_linux_x64_sdk_$SGX_SDK_VERSION.bin
-$ chmod +x sgx_linux_x64_sdk_$SGX_SDK_VERSION.bin
-$ sudo ./sgx_linux_x64_sdk_$SGX_SDK_VERSION.bin
-
-# install SGX DCAP Library
-$ echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null
-$ wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
-$ sudo apt-get update
-$ sudo apt-get install -y libsgx-uae-service libsgx-dcap-default-qpl-dev libsgx-dcap-ql-dev libsgx-dcap-quote-verify-dev
-
-# install SGX SSL Library
-$ git clone https://github.com/intel/linux-sgx.git
-$ cd linux-sgx && make preparation
-$ sudo cp external/toolset/{current_distr}/* /usr/local/bin
-$ # Verify that the paths are correctly set
-$ which ar as ld objcopy objdump ranlib
-$ cd ../
-$ git clone https://github.com/intel/intel-sgx-ssl.git
-$ wget https://www.openssl.org/source/openssl-1.1.1q.tar.gz
-$ cp openssl-1.1.1q.tar.gz intel-sgx-ssl/openssl_source
-$ rm -f openssl-1.1.1q.tar.gz
-$ cd intel-sgx-ssl/Linux
-$ source /opt/intel/sgxsdk/environment
-$ make all
-$ sudo make install
-```
-
-You can optionally grant users to communicate with the SDK platform using the following command.
-Otherwise, enclaves must be launched with root privileges.
-
-```shell
-sudo usermod -a -G sgx_prv <username>
-```
-
-### Intel Provisioning Certification Service (Intel PCS)
-
-Intel DCAP connects to Intel PCS to download the attestation collateral for SGX-enabled machines.
-Intel provides a [quick install guide](https://www.intel.com/content/www/us/en/developer/articles/guide/intel-software-guard-extensions-data-center-attestation-primitives-quick-install-guide.html) to set up a simplified environment.
-This section summarizes the commands to issue for setting up a working environment on Ubuntu 18.04.
-
-### Subscribe to Intel PCS Web services
-
-Intel SGX DCAP requires a complimentary subscription to the Intel PCS.
-To subscribe to the service, browse the [Intel SGX Software Services](https://api.portal.trustedservices.intel.com/) page.
-A the end of the subscription process, save the primary and the secondary keys.
-
-### Set up the Intel Provisioning Certification Caching Service (Intel PCCS)
-
-Intel PCCS is a caching mechanism for attestation collateral, preventing continuously communicating with Intel PCS during attestation.
-Intel provides an implementation of the cache mechanism.
-
-The following commands set up Intel PCCS.
-```shell
-# install Node.js
-$ curl -o setup.sh -sL https://deb.nodesource.com/setup_14.x
-$ chmod a+x setup.sh
-$ sudo ./setup.sh
-# install PCCS software
-$ sudo apt-get install -y cracklib-runtime sqlite3 python build-essential
-$ sudo apt-get install -y sgx-dcap-pccs
-```
-
-The installation will run the PCCS setup script, asking you several questions.
-
-```
-Do you want to configure PCCS now? (Y/N)
-```
-
-Answer "Y" to this question.
-
-```
-Set HTTPS listening port [8081] (1024-65535)
-```
-
-Accept the default listening port of 8081.
-
-```
-Set the PCCS service to accept local connections only? [Y] (Y/N)
-```
-
-Answer "N" to this question. We want the PCCS service to accept connections from other systems.
-
-```
-Set your Intel PCS API key (Press ENTER to skip)
-```
-
-Enter either your primary or secondary key retrieved from the previous subsection.
-If you already subscribed, you can retrieve them [here](https://api.portal.trustedservices.intel.com/developer).
-
-```
-Choose caching fill method : [LAZY] (LAZY/OFFLINE/REQ)
-```
-
-Answer "REQ" to this question. This places the caching service in the "on request" mode, which means it will fetch the attestation collateral for hosts as provisioning requests are received.
-
-```
-Set PCCS server administrator password:
-Re-enter administrator password:
-Set PCCS server user password:
-Re-enter user password:
-```
-
-Enter two passwords for the PCCS server.
-
-```
-Do you want to generate insecure HTTPS key and cert for PCCS service? [Y] (Y/N)
-```
-
-Answer "Y" to this question.
-
-### Provisioning a system into Intel PCCS
-
-Now that the PCCS is up and running, it's time to provision an Intel SGX-enabled platform.
-We use the tool `PCKIDRetrievalTool` to get the attestation collateral of the current machine.
-
-``` shell
-$ sudo apt-get install -y sgx-pck-id-retrieval-tool
-```
-
-Adapt the configuration file of `PCKIDRetrievalTool` located in `/opt/intel/sgx-pck-id-retrieval-tool/network_setting.conf` and make the following changes:
-- Change the **PCCS_URL** to match your caching service's location.
-- Uncomment the **user_token** parameter, and set it to the user password you created when configuring the PCCS.
-- Set the **proxy_type** to fit your environment (most likely, this will be `direct`)
-- Ensure **USE_SECURE_CERT** is set to `FALSE` since we're using a self-signed certificate for testing purposes.
-
-Save your changes and run the provisioning tool.
-
-```shell
-$ PCKIDRetrievalTool
-Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.14.100.3
-
-the data has been sent to cache server successfully and pckid_retrieval.csv has been generated successfully!
-```
-
-You may get some warnings during this execution of the tool.
-A correct insertion into the cache server usually means the retrieval of the attestation collateral worked.
-Execute the following command to verify the collateral could be stored in your instance of Intel PCCS:
-
-```
-curl -k https://localhost:8081/sgx/certification/v3/qe/identity
-```
-
-This should print a JSON value with the attestation collateral.
-
-### Runtime configuration
-
-Edit the configuration file, `/etc/sgx_default_qcnl.conf`, and make the following changes:
-- Set the **PCCS_URL** parameter to the location of our PCCS server.
-- Set **USE_SECURE_CERT** to `FALSE` since we're using a self-signed certificate for testing purposes.
-
-This system is now ready to run Intel SGX workloads with generate evidence for remote attestation.
-
-## Build and executing the sample
-
-``` shell
-$ mkdir build && cd build
-$ cmake ..
-$ make
-$ # run the sample
-$ ./iwasm wasm-app/test.wasm
-```
-
-The sample will print the evidence in JSON and the message: *Evidence is trusted.*
-
-## Further readings
-
-- [Intel SGX Software Installation Guide For Linux OS](https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf)
-- [Intel Software Guard Extensions (Intel® SGX) Data Center Attestation Primitives: Library API ](https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf)
-- [Remote Attestation for Multi-Package Platforms using Intel SGX Datacenter Attestation Primitives (DCAP)](https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf)
diff --git a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/wasm-app/CMakeLists.txt b/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/wasm-app/CMakeLists.txt
deleted file mode 100644
index afba7dfb..00000000
--- a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/wasm-app/CMakeLists.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright (c) 2022 Intel Corporation
-# Copyright (c) 2020-2021 Alibaba Cloud
-# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
-
-cmake_minimum_required(VERSION 3.0)
-project(wasm-app)
-
-set (WAMR_ROOT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../../..)
-set (LIB_RATS_DIR ${WAMR_ROOT_DIR}/core/iwasm/libraries/lib-rats)
-
-set (CMAKE_C_LINK_FLAGS "")
-set (CMAKE_CXX_LINK_FLAGS "")
-if (APPLE)
-    set (HAVE_FLAG_SEARCH_PATHS_FIRST 0)
-endif ()
-
-set (CMAKE_SYSTEM_PROCESSOR wasm32)
-set (CMAKE_SYSROOT                  ${WAMR_ROOT_DIR}/wamr-sdk/app/libc-builtin-sysroot)
-
-if (NOT DEFINED WASI_SDK_DIR)
-    set (WASI_SDK_DIR               "/opt/wasi-sdk")
-endif ()
-
-set (CMAKE_C_FLAGS                  "-nostdlib")
-set (CMAKE_C_COMPILER_TARGET        "wasm32")
-set (CMAKE_C_COMPILER               "${WASI_SDK_DIR}/bin/clang")
-
-set (CMAKE_EXE_LINKER_FLAGS
-    "-Wl,--max-memory=131072 -z stack-size=8192   \
-     -Wl,--no-entry,--strip-all                   \
-     -Wl,--export=__main_argc_argv                \
-     -Wl,--export=__heap_base,--export=__data_end \
-     -Wl,--allow-undefined"
-)
-
-add_executable(test.wasm main.c)
-set_target_properties(test.wasm PROPERTIES INCLUDE_DIRECTORIES ${LIB_RATS_DIR})
-target_link_libraries(test.wasm)
diff --git a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/wasm-app/main.c b/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/wasm-app/main.c
deleted file mode 100644
index 89c4144a..00000000
--- a/fluent-bit/lib/wasm-micro-runtime-WAMR-1.2.2/samples/sgx-ra/wasm-app/main.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2022 Intel Corporation
- * Copyright (c) 2020-2021 Alibaba Cloud
- *
- * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "lib_rats_wrapper.h"
-
-#define __is_print(ch) ((unsigned int)((ch) - ' ') < 127u - ' ')
-
-/**
- * hex_dump
- *
- * @brief dump data in hex format
- *
- * @param title: Title
- * @param buf: User buffer
- * @param size: Dump data size
- * @param number: The number of outputs per line
- *
- * @return void
- */
-void
-hex_dump(const char *title, const uint8_t *buf, uint32_t size, uint32_t number)
-{
-    int i, j;
-    if (title) {
-        printf("\n\t%s:\n\n", title);
-    }
-
-    for (i = 0; i < size; i += number) {
-        printf("%08X: ", i);
-
-        for (j = 0; j < number; j++) {
-            if (j % 8 == 0) {
-                printf(" ");
-            }
-            if (i + j < size)
-                printf("%02X ", buf[i + j]);
-            else
-                printf("   ");
-        }
-        printf(" ");
-
-        for (j = 0; j < number; j++) {
-            if (i + j < size) {
-                printf("%c", __is_print(buf[i + j]) ? buf[i + j] : '.');
-            }
-        }
-        printf("\n");
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret_code = -1;
-    char *evidence_json = NULL;
-
-    // Generate user_data by SHA256 buffer and the wasm module.
-    // user_data = SHA256(sha256_wasm_module || buffer)
-    const char *buffer = "This is a sample.";
-
-    // If you want to declare the evidence of type rats_sgx_evidence_t on the
-    // stack, you should modify the stack size of the CMAKE_EXE_LINKER_FLAGS in
-    // CMakeLists.txt to 51200 at least.
-    rats_sgx_evidence_t *evidence =
-        (rats_sgx_evidence_t *)malloc(sizeof(rats_sgx_evidence_t));
-    if (!evidence) {
-        printf("ERROR: No memory to allocate.\n");
-        goto err;
-    }
-
-    int rats_err = librats_collect(&evidence_json, buffer);
-    if (rats_err != 0) {
-        printf("ERROR: Collect evidence failed, error code: %#x\n", rats_err);
-        goto err;
-    }
-
-    if (librats_parse_evidence(evidence_json, evidence) != 0) {
-        printf("ERROR: Parse evidence failed.\n");
-        goto err;
-    }
-
-    // You could use these parameters for further verification.
-    hex_dump("Quote", evidence->quote, evidence->quote_size, 32);
-    hex_dump("User Data", evidence->user_data, SGX_USER_DATA_SIZE, 32);
-    hex_dump("MRENCLAVE", evidence->mr_enclave, SGX_MEASUREMENT_SIZE, 32);
-    hex_dump("MRSIGNER", evidence->mr_signer, SGX_MEASUREMENT_SIZE, 32);
-    printf("\n\tProduct ID:\t\t%u\n", evidence->product_id);
-    printf("\tSecurity Version:\t%u\n", evidence->security_version);
-    printf("\tAttributes.flags:\t%llu\n", evidence->att_flags);
-    printf("\tAttribute.xfrm:\t\t%llu\n", evidence->att_xfrm);
-
-    rats_err = librats_verify((const char *)evidence_json, evidence->user_data);
-    if (rats_err != 0) {
-        printf("ERROR: Evidence is not trusted, error code: %#x.\n", rats_err);
-        goto err;
-    }
-
-    ret_code = 0;
-    printf("Evidence is trusted.\n");
-
-err:
-    if (evidence_json) {
-        free(evidence_json);
-    }
-
-    if (evidence) {
-        free(evidence);
-    }
-
-    return ret_code;
-}