fix manifest + minor changes (#3397)

* minor change

* populate env

* add env for manifest

* fmt

Author: BillyWooo

tee-worker/omni-executor/Dockerfile

@@ -69,7 +69,7 @@ ENV BUILD_DIR=$HOME/tee-worker/omni-executor
 COPY . $HOME
 WORKDIR $BUILD_DIR
 
-RUN make
+RUN make SGX=1 SGX_DEBUG=0
 
 
 ### Release image (with SGX Hardware)
@@ -91,12 +91,12 @@ RUN apt-get install -y \
     curl \
     libssl-dev \
     clang \
+    pkg-config \
     ca-certificates
 
 RUN mkdir -p /wkdir /wkdir/local
 
 COPY --from=sgx-builder $BUILD_DIR/omni-executor $BIN_DIR/omni-executor
-COPY --from=sgx-builder $BUILD_DIR/omni-executor.manifest $BIN_DIR/omni-executor.manifest
 COPY --from=sgx-builder $BUILD_DIR/omni-executor.manifest.sgx $BIN_DIR/omni-executor.manifest.sgx
 COPY --from=sgx-builder $BUILD_DIR/omni-executor.sig $BIN_DIR/omni-executor.sig
 
@@ -108,7 +108,7 @@ RUN groupadd -g 1000 ubuntu && \
 RUN chmod +x $BIN_DIR/omni-executor && \
     chown ubuntu:ubuntu * && \
     ldd $BIN_DIR/omni-executor && $BIN_DIR/omni-executor --version && \
-    ls -al $BIN_DIR 
+    ls -al $BIN_DIR
 
 USER ubuntu
 

tee-worker/omni-executor/omni-executor.manifest.template

@@ -39,6 +39,8 @@ sgx.trusted_files = [
   "file:/usr/lib/ssl/certs/ca-certificates.crt",
 ]
 
+sgx.allowed_files = [ "file:/usr/lib/ssl/certs" ]
+
 # The maximum number of threads in a single process needs to be declared in advance.
 # You need to account for:
 # - one main thread

tee-worker/omni-executor/parentchain/attestation/src/lib.rs

@@ -45,10 +45,10 @@ pub async fn perform_attestation(
 		f.write_all(&content).unwrap();
 
 		quote = fs::read("/dev/attestation/quote").unwrap();
-		info!("Attestation quote {:?}", quote);
 
 		let dcap_quote: DcapQuote =
 			DcapQuote::decode(&mut quote.as_slice()).expect("Failed to decode quote");
+		info!("Attestation dcap_quote {:?}", dcap_quote);
 
 		mrenclave = dcap_quote.body.mr_enclave;
 		info!("MRENCLAVE in hex {:?}", hex::encode(mrenclave));