Aiakos provider in SGX LKL

//prerequisites: python 3.5, pip
//clone sgx-lkl repo
//fix it's getrandom() problem using this fix: https://gist.github.com/avigail-oron/20261038c9f04df80845a45d5e573bad
//set it's iptables according to sgx-lkl instructions
//use the miniroot example app as a basis
//create a python miniapp using the following buildenv.sh:

#!/bin/sh
set -ex
PATH=/usr/sbin:/sbin:/usr/bin:/bin
cd /home
echo -e "http://nl.alpinelinux.org/alpine/v3.5/main\nhttp://nl.alpinelinux.org/alpine/v3.5/community" > /etc/apk/repositories
apk update
#for python3:
apk add expat gdbm libbz2 libffi libressl2.4-libcrypto libressl2.4-libssl musl ncurses-libs readline sqlite-libs
apk add xz-libs 
apk add zlib
apk add python3

//Perform all installations on host machine, then we'll copy them into the python app image
//------------------------------------------------------------------------------------------
//install mysql client:
sudo apt-get install libmysqlclient-dev
//get aiakos server git repo:
mkdir -p /home/ubuntu/workspace
cd /home/ubuntu/workspace
git clone https://gitlab.com/aiakos/aiakos
cd aiakos
//add chaussette to requirements:
nano requirements.txt
//add the line:
chaussette==1.3.0
//save and exit

//when runing on an env with multiple python versions, make sure to install requirements in the correct version:
//(detailed instructions are here: https://stackoverflow.com/questions/42662104/how-to-install-pip-for-python-3-6-on-ubuntu-16-10)
/usr/bin/python3.6 -m pip install -r requirements.txt
//verify requirements have been installed in 3.5:
find / -name 'requests.py'

//Copy all requirements into the python app image:
//-------------------------------------------------
//mount the image into disk:
mkdir -p /tmp/lkl
mount -o loop /home/ubuntu/workspace/sgx-lkl/apps/miniroot/sgxlkl-miniroot-fs.img /tmp/lkl
cp -R /home/ubuntu/usr/local/lib/python3.5/dist-packages/* /tmp/lkl/usr/local/lib/python3.5/dist-packages
cp -R /usr/local/bin/chaussette /tmp/lkl/usr/local/bin
//unmount the image so it'll affect the enclave:
umount /tmp/lkl

//set all env vars in the shell, the enclave will inherit them:
export PYTHONPATH=/lib/python3.6/site-packages:/bin:/lib/python3.6/site-packages/aiakos
export DJANGO_SETTINGS_MODULE=aiakos.settings
export SECRET_KEY=x
export DATABASE_URL=mysql://aiakos@<mysql ip>/accounts
export BASE_URL=http://10.0.1.1:8080           
export INSECURE_END_SESSION_ENDPOINT
export DEBUG=1

//Initialization step #1:
SGXLKL_TAP=sgxlkl_tap0 SGXLKL_HEAP=200M SGXLKL_KEY=/home/ubuntu/workspace/sgx-lkl/build/config/enclave_debug.key /home/ubuntu/workspace/sgx-lkl/build/sgx-lkl-run /home/ubuntu/workspace/sgx-lkl/apps/miniroot/sgxlkl-miniroot-fs.img /usr/bin/python3  /bin/django-admin migrate

//Initialization step #2:
SGXLKL_TAP=sgxlkl_tap0 SGXLKL_HEAP=200M SGXLKL_KEY=/home/ubuntu/workspace/sgx-lkl/build/config/enclave_debug.key /home/ubuntu/workspace/sgx-lkl/build/sgx-lkl-run /home/ubuntu/workspace/sgx-lkl/apps/miniroot/sgxlkl-miniroot-fs.img /usr/bin/python3  /bin/django-admin loaddata /lib/python3.6/site-packages/aiakos/devdata.yaml

//Launching the provider:
SGXLKL_TAP=sgxlkl_tap0 SGXLKL_HEAP=200M SGXLKL_KEY=/home/ubuntu/workspace/sgx-lkl/build/config/enclave_debug.key /home/ubuntu/workspace/sgx-lkl/build/sgx-lkl-run /home/ubuntu/workspace/sgx-lkl/apps/miniroot/sgxlkl-miniroot-fs.img /usr/bin/python3  /bin/chaussette --host 10.0.1.1  --backend wsgiref aiakos.wsgi.application


//Note: when configuring the OPIDC client - give it 10.0.1.1:8080 as the AUTH_URL, so redirection will work properly
//No need for any NAT rule, all is internal


############
SGXLKL_TAP=sgxlkl_tap0 SGXLKL_HEAP=200M SGXLKL_KEY=/home/ubuntu/workspace/sgx-lkl/build/config/enclave_debug.key /home/ubuntu/workspace/sgx-lkl/build/sgx-lkl-run /home/ubuntu/workspace/lkl-images/aiakos-server/lkl-working-with-ssl/sgxlkl-aiakos-fs.img /usr/bin/python3 /bin/chaussette --host 10.0.1.1 --backend gevent aiakos.wsgi.application  "/etc/aiakos/rsakeys/client-ssl/aiakos-selfsigned.crt" "/etc/aiakos/rsakeys/client-ssl/aiakos-selfsigned.key"
############