tlsn-quote-verification/intel-tee-quote-verification-docker/Dockerfile

# ---------- BUILD STAGE ----------
FROM ubuntu:22.04 AS builder

ENV DEBIAN_FRONTEND=noninteractive

# Install Rust
RUN apt-get update && apt-get install -y curl build-essential \
    && curl https://sh.rustup.rs -sSf | sh -s -- -y \
    && . "$HOME/.cargo/env"

ENV PATH="/root/.cargo/bin:${PATH}"

# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    pkg-config libssl-dev clang llvm-dev libclang-dev \
    ca-certificates software-properties-common gnupg wget

# Add Intel SGX repo (Jammy/22.04)
RUN wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -
RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
    > /etc/apt/sources.list.d/intel-sgx.list

# Install SGX quote verification libraries + headers
RUN apt-get update && apt-get install -y --no-install-recommends \
    libsgx-dcap-quote-verify libsgx-dcap-quote-verify-dev

# Copy source
WORKDIR /app
COPY . .

# Build the binary
RUN cargo build --release

# ---------- RUNTIME STAGE ----------
FROM ubuntu:22.04

ENV DEBIAN_FRONTEND=noninteractive

# Add Intel SGX repo to get runtime libs
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates curl wget gnupg \
    && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - \
    && echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
        > /etc/apt/sources.list.d/intel-sgx.list \
    && apt-get update && apt-get install -y --no-install-recommends \
        libsgx-dcap-quote-verify libsgx-dcap-default-qpl \
    && rm -rf /var/lib/apt/lists/*

# Create working directory
WORKDIR /app

# Copy binary and any runtime data
COPY --from=builder /app/target/release/tee_quote_verification .
COPY etc/sgx_default_qcnl.conf /etc/sgx_default_qcnl.conf

# Run the program
CMD ["./tee_quote_verification"]