Create a Dockerfile

The first step in creating a working Docker image is to write a Dockerfile that adds the required components to a base image. You will then use the docker build command and the Dockerfile to create a runnable Docker image containing the Anjuna Runtime.

To set up a working Dockerfile, begin by creating a directory to contain it.

Then, inside the directory, using your favorite editor, create a file named "Dockerfile".

Next, find the following section that matches your chosen version of Linux and use the sample Dockerfile contents in that section to populate your new Dockerfile.

  • Ubuntu 20.04

  • Ubuntu 18.04

  • Debian 10

FROM ubuntu:20.04

# Adding the Anjuna Runtime and dependencies to the image
ADD anjuna-with-deps-ubuntu-20.04.tar.gz /

# Setting up environment variables
ENV PATH="/anjuna/bin:/anjuna/tools:${PATH}"
ENV ANJUNA_DIR=/anjuna/
ENV ANJUNA_BIN_DIR=/anjuna/bin
ENV SGX_SIGNER_KEY=/anjuna/signing/enclave-key.pem
ENV AZDCAP_DEBUG_LOG_LEVEL=error

# Updating the CA certificates to allow attestation
RUN ["/bin/bash", "-c", "echo mozilla/DigiCert_Global_Root_G2.crt >> /etc/ca-certificates.conf"]
RUN ["/bin/bash", "-c", "echo mozilla/COMODO_RSA_Certification_Authority.crt >> /etc/ca-certificates.conf"]
RUN ["/bin/bash", "-c", "echo mozilla/USERTrust_RSA_Certification_Authority.crt >> /etc/ca-certificates.conf"]
RUN ["mkdir", "-p", "/etc/ssl/certs"]
RUN ["/bin/bash", "/usr/sbin/update-ca-certificates"]

If you’re using a different base Docker image that is based on ubuntu:20.04, replace the first line with the name of the correct image.

FROM ubuntu:18.04

# Adding the Anjuna Runtime and dependencies to the image
ADD anjuna-with-deps-ubuntu-18.04.tar.gz /

# Setting up environment variables
ENV PATH="/anjuna/bin:/anjuna/tools:${PATH}"
ENV ANJUNA_DIR=/anjuna/
ENV ANJUNA_BIN_DIR=/anjuna/bin
ENV SGX_SIGNER_KEY=/anjuna/signing/enclave-key.pem
ENV AZDCAP_DEBUG_LOG_LEVEL=error

# Updating the CA certificates to allow attestation
RUN ["/bin/bash", "-c", "echo mozilla/DigiCert_Global_Root_G2.crt >> /etc/ca-certificates.conf"]
RUN ["/bin/bash", "-c", "echo mozilla/COMODO_RSA_Certification_Authority.crt >> /etc/ca-certificates.conf"]
RUN ["/bin/bash", "-c", "echo mozilla/USERTrust_RSA_Certification_Authority.crt >> /etc/ca-certificates.conf"]
RUN ["mkdir", "-p", "/etc/ssl/certs"]
RUN ["/bin/bash", "/usr/sbin/update-ca-certificates"]

If you’re using a different base Docker image that is based on ubuntu:18.04, replace the first line with the name of the correct image.

FROM debian:buster

# Adding the Anjuna Runtime and dependencies to the image
ADD anjuna-with-deps-debian-10.tar.gz /

# Setting up environment variables
ENV PATH="/anjuna/bin:/anjuna/tools:${PATH}"
ENV ANJUNA_DIR=/anjuna/
ENV ANJUNA_BIN_DIR=/anjuna/bin
ENV SGX_SIGNER_KEY=/anjuna/signing/enclave-key.pem
ENV AZDCAP_DEBUG_LOG_LEVEL=error

# Updating the CA certificates to allow attestation
RUN ["/bin/bash", "-c", "echo mozilla/DigiCert_Global_Root_G2.crt >> /etc/ca-certificates.conf"]
RUN ["/bin/bash", "-c", "echo mozilla/COMODO_RSA_Certification_Authority.crt >> /etc/ca-certificates.conf"]
RUN ["/bin/bash", "-c", "echo mozilla/USERTrust_RSA_Certification_Authority.crt >> /etc/ca-certificates.conf"]
RUN ["mkdir", "-p", "/etc/ssl/certs"]
RUN ["/bin/bash", "/usr/sbin/update-ca-certificates"]

If you’re using a different base Docker image that is based on debian:buster, replace the first line with the name of the correct image.

In this tutorial, you will not define an ENTRYPOINT, because you will run an interactive shell within the container. For actual containers, your ENTRYPOINT would call anjuna-sgxrun in development, or anjuna-runtime in production.

The ADD directive that unpacks the anjuna-with-deps archive into the container must set the destination to / (the root directory). Unpacking anjuna-with-deps into a different, non-root location is not supported.

Optional: using a non-root container user

In some environments, using the default root container user is not permitted. If you are using a non-root user, a few changes are required to the Dockerfile above:

  • You must switch to the non-root user before running the # Setting up environment variables section.

  • Your non-root user must be able to read the /anjuna directory to run Anjuna CLI commands, which may require running a chmod +r or chown.

  • If using anjuna-sgxrun, your non-root user must be able to write to the current working directory, which may require running a chmod +w or chown.

  • Your non-root user needs access to /dev/sgx/provision and /dev/sgx/enclave, which is usually controlled by the group sgx_prv. See Enclave not authorized to run for instructions.