Try   HackMD

build node

on host, not docker, if host is ubuntu 22.04:

cargo build --release --features=skip-extrinsic-filtering

docker setup for worker build

https://github.com/integritee-network/integritee-dev/tree/main/worker

docker run --name integritee-dev-worker-and-node -it -p 9944-9999:9944-9999 -v $(pwd):/home/ubuntu/worker -v $(pwd)/../integritee-node:/home/ubuntu/integritee-node -e MYUID=$(id -u) -e MYGUID=$(id -g) integritee/integritee-dev:0.2.2 /bin/bash

cd integritee-node
./target/release/integritee-node --dev --unsafe-ws-external --rpc-cors all

to re-enter docker later:
docker start -ai integritee-dev-worker-and-node
or if you NEED root access
docker exec -it integritee-dev-worker /bin/bash

teeracle

console 1: node

cd integritee-node
./target/release/integritee-node --dev --unsafe-rpc-external --rpc-cors all

console 2: worker

build and run teeracle:

SGX_MODE=SW WORKER_MODE=teeracle WORKER_FEATURES=dcap make
cd bin
./integritee-service -c run --skip-ra --dev --teeracle-interval 10s

console 3: demo

cd cli
./demo_teeracle_whitelist.sh -d 7 -i 10

sidechain

console 1: node

same as above

console 2: worker1

build and run validateer:

SGX_MODE=SW WORKER_MODE=sidechain WORKER_FEATURES=dcap make
cd bin
export RUST_LOG=info,substrate_api_client=warn,ws=warn,mio=warn,its_consensus_common=info,sidechain=info,integritee_service=trace,enclave_runtime=trace,ac_node_api=warn,sp_io=warn,itc_parentchain_indirect_calls_executor=trace,itp_stf_executor=trace,itc_parentchain_light_client=trace,itc_parentchain_block_importer=trace,itp_stf_state_handler=trace,ita_stf=trace,itp-attestation-handler=debug,itc_parentchain_indirect_calls_executor=trace,itp_top_pool=debug,itc_offchain_worker_executor=debug,ita_parentchain_interface=trace,its_rpc_handler=debug
./integritee-service -c run 11111111111111111111111111111111 --skip-ra --dev

console 3: worker2

RUST_LOG=info,substrate_api_client=warn,its_consensus_common=info,sidechain=info
./integritee-service -c -d ./worker2 -P 3000 -w 3001 -r 3444 -h 4546 run 11111111111111111111111111111111 --skip-ra --dev &> worker2.log

only worker in docker, rest on host

docker run --name integritee-dev-worker -it --expose 9944-9999 -p 2000:2000 -v $(pwd):/home/ubuntu/worker -e MYUID=$(id -u) -e MYGUID=$(id -g) integritee/integritee-dev:0.2.2 /bin/bash

find out host ip:

ip addr show docker0 | grep -Po 'inet \K[\d.]+'

use this IP address when calling the worker

export RUST_LOG=info,substrate_api_client=warn,ws=warn,mio=warn,its_consensus_common=info,sidechain=info,integritee_service=trace,enclave_runtime=trace,ac_node_api=warn,sp_io=warn,itc_parentchain_indirect_calls_executor=trace,itp_stf_executor=trace,itc_parentchain_light_client=trace,itc_parentchain_block_importer=trace,itp_stf_state_handler=trace,ita_stf=trace,itp-attestation-handler=debug,itc_parentchain_indirect_calls_executor=trace,itp_top_pool=debug,itc_offchain_worker_executor=debug,ita_parentchain_interface=trace,its_rpc_handler=debug
./integritee-service -u ws://172.17.0.1 --ws-external -c run --skip-ra --dev &> worker.log

replace MRENCLAVE with yours

export MRENCLAVE=3APJaot1twApyYjYK1SrFHQQmySdadohkkdfKatYiWhn
./integritee-cli -u ws://172.17.0.1 shield-funds //Alice //Alice 20000000000000 $MRENCLAVE
 
./integritee-cli -u ws://172.17.0.1 trusted --mrenclave $MRENCLAVE --direct unshield-funds //Alice //Alice 1000000000000

second worker requests provisioning in same container:

./integritee-service -u ws://172.17.0.1 -r 3444 -P 2100 -h 2110 -w 2101 -i 8788 -c -d /tmp/worker2 request-state --skip-ra &> worker2.log

or, alternatively, just starts running and obtains provisioning on the fly:

./integritee-service -u ws://172.17.0.1 -r 3444 -P 2100 -h 2110 -w 2101 -i 8788 -c -d /tmp/worker2 run --skip-ra --dev &> worker2.log

multi-parentchain testing

in integritee/parachain:

spawn rococo-local with asset hub and integritee
zombienet-linux-x64 spawn --provider native zombienet/rococo-local-with-integritee-and-asset-hub.toml

start worker with target-b AssetHub setup

export RUST_LOG=info,substrate_api_client=warn,ws=warn,mio=warn,its_consensus_common=info,sidechain=info,integritee_service=trace,enclave_runtime=trace,ac_node_api=warn,sp_io=warn,itc_parentchain_indirect_calls_executor=trace,itp_stf_executor=trace,itc_parentchain_light_client=trace,itc_parentchain_block_importer=trace,itp_stf_state_handler=trace,ita_stf=trace,itp-attestation-handler=debug,itc_parentchain_indirect_calls_executor=trace,itp_top_pool=debug,itc_offchain_worker_executor=debug,ita_parentchain_interface=trace,its_rpc_handler=debug,itp_extrinsics_factory=trace

./integritee-service -c -u ws://172.17.0.1 --target-b-parentchain-rpc-url ws://172.17.0.1 --target-b-parentchain-rpc-port 9954 run --skip-ra --dev --shielding-target target-b &> worker.log

the client now needs to connect to to either integritee or target_a depending on the activity

export FLAVOR_ID=sidechain
./demo_shielding_unshielding_using_shard_vault_on_target_a.sh -u ws://172.17.0.1 -A ws://172.17.0.1 -a 9954 -t first

privacy sidechain demo stuff

cli

#run validateer worker
./integritee-service -c -u ws://172.17.0.1 --target-a-parentchain-rpc-url ws://172.17.0.1 --target-a-parentchain-rpc-port 9954 run --skip-ra --dev --shielding-target target_a | tee 

# setup
alias integritee="../target/release/integritee-cli -u ws://172.17.0.1"
alias assethub="../target/release/integritee-cli -u ws://172.17.0.1 -p 9954"
read MRENCLAVE <<< $(integritee list-workers | awk '/  MRENCLAVE: / { print $2; exit }')
alias incognitee="../target/release/integritee-cli -u ws://172.17.0.1 trusted --mrenclave $MRENCLAVE"

assethub transfer //Alice //Laura 100000000000000
incognitee get-shard-vault
read VAULT <<< $(incognitee get-shard-vault)

# story
assethub balance //Laura
incognitee balance //Laura
incognitee get-shard-vault
assethub transfer //Laura $VAULT 50000000000000
assethub balance //Laura
incognitee balance //Laura 

incognitee balance //Julian
incognitee --direct transfer //Laura //Julian 10000000000000
incognitee balance //Laura
incognitee balance //Julian

assethub balance //Edward
incognitee --direct unshield-funds //Julian //Edward 9000000000000
assethub balance //Edward
incognitee balance //Julian

screencast hints:

new terminal:

docker start -a -i integritee-dev-worker
tmux -u # for unicode 
#Ctrl-B-: set -g mouse on
#Ctrl-B-" 
cd worker/bin # both
PS1="wallet> "
PS1="validateer> "

then, start validateer and wait until ProxyAdded appears on AssetHub

reasonable logging level for worker and cli:

export RUST_LOG=info,substrate_api_client=warn,ws=warn,mio=warn,ac_node_api=warn,sp_io=warn,sp_io::storage=error,tungstenite=warn
 
export RUST_LOG=trace,substrate_api_client=warn,ws=warn,mio=warn,ac_node_api=warn,sp_io=warn,sp_io::storage=error,tungstenite=warn,rustls=info,soketto=info,itc_tls_websocket_server=info,itc_rpc_client=info

browser UIs

browsers are very restrictive, even for localhost.
We need to use https for localhost or the browser will refuse to connect to the enclave with wss

setup https://localhost

THIS WORKS BUT DOES NOT SOLVE THE PROBLEM
the browser can connect to https://localhost, but the ws won't open anyway

sudo apt install openssl nginx
sudo mkdir /etc/ssl/localcerts
cd /etc/ssl/localcerts
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt
# enter 'localhost' for common name when prompted
sudo nano /etc/nginx/sites-available/default

server {
    listen 443 ssl;
    server_name localhost;

    ssl_certificate /etc/ssl/localcerts/localhost.crt;
    ssl_certificate_key /etc/ssl/localcerts/localhost.key;

    # Proxy requests to the application running on localhost:3000
    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

then

sudo systemctl restart nginx

integration tests for encointer-js/worker-api

manually change these lines and run yarn test with the worker running in docker:2000 and the node running on host:9944

caveat: each new build of the worker needs a change of MRENCLAVE














































diff --git a/packages/worker-api/src/integriteeWorker.spec.ts b/packages/worker-api/src/integriteeWorker.spec.ts
index 2a62d8c..60281cc 100644
--- a/packages/worker-api/src/integriteeWorker.spec.ts
+++ b/packages/worker-api/src/integriteeWorker.spec.ts
@@ -1,6 +1,6 @@
 import { Keyring } from '@polkadot/api';
 import { cryptoWaitReady } from '@polkadot/util-crypto';
-import { paseoNetwork} from './testUtils/networks.js';
+import { localDockerNetwork} from './testUtils/networks.js';
 import { IntegriteeWorker } from './integriteeWorker.js';
 import WS from 'websocket';
 import {type KeyringPair} from "@polkadot/keyring/types";
@@ -8,7 +8,7 @@ import {type KeyringPair} from "@polkadot/keyring/types";
 const {w3cwebsocket: WebSocket} = WS;
 
 describe('worker', () => {
-    const network = paseoNetwork();
+    const network = localDockerNetwork();
     let keyring: Keyring;
     let worker: IntegriteeWorker;
     let alice: KeyringPair;
@@ -39,7 +39,7 @@ describe('worker', () => {
     // skip it, as this requires a worker (and hence a node) to be running
     // To my knowledge jest does not have an option to run skipped tests specifically, does it?
     // Todo: add proper CI to test this too.
-    describe.skip('needs worker and node running', () => {
+    describe('needs worker and node running', () => {
         describe('getWorkerPubKey', () => {
             it('should return value', async () => {
                 const result = await worker.getShieldingKey();
diff --git a/packages/worker-api/src/testUtils/networks.ts b/packages/worker-api/src/testUtils/networks.ts
index a18308d..4e4d4d2 100644
--- a/packages/worker-api/src/testUtils/networks.ts
+++ b/packages/worker-api/src/testUtils/networks.ts
@@ -39,8 +39,8 @@ export const localDockerNetwork = () => {
     chain: 'ws://127.0.0.1:9944',
     worker: 'wss://127.0.0.1:2000',
     genesisHash: '0x388c446a804e24e77ae89f5bb099edb60cacc2ac7c898ce175bdaa08629c1439',
-    mrenclave: '9jm9Wm4DwGxsUUPA1cvcWWxyTuynpJ2YeEcNGnm8nztk',
-    chosenCid: '9jm9Wm4DwGxsUUPA1cvcWWxyTuynpJ2YeEcNGnm8nztk',
+    mrenclave: '6MEV9VrEpXaatzmohdVNS1rqFjE4EGQ8TzD3PtAypzLb',
+    chosenCid: '6MEV9VrEpXaatzmohdVNS1rqFjE4EGQ8TzD3PtAypzLb',
     customTypes: {},
     palletOverrides: {}
   };
Last changed by 
brenzi
0
250

Read more

Incognitee CLI tutorial

Download the CLI client (needs Linux, i.e. ubuntu 22.04)

Apr 2, 2024
Untitled

gantt title Encointer 2024 dateFormat YYYY-MM-DD todayMarker off axisFormat %b M1.1 : milestone, m11, after cplv, 2d M1.2 : milestone, m12, after lv, 2d M2.1 : milestone, m21, after idex, 2d M2.2 : milestone, m22, after dex, 2d

Dec 5, 2023
@fellowship application

@fellowship application

Aug 23, 2023
test your worker against Integritee's testnet on rococo

you have an sgx machine set up which can run your worker build in HW mode (can be debug mode, no production license required)

Jul 18, 2023
Read more from brenzi
Published on HackMD