Skip to content

Commit 7dd10fe

Browse files
jbern0rdjbern0rd
authored
chore: Ubuntu 24.04 (#34)
1 parent 6c7a40e commit 7dd10fe

File tree

3 files changed

+15
-22
lines changed

3 files changed

+15
-22
lines changed

base-image/Dockerfile

Lines changed: 15 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM ubuntu:20.04 AS build
1+
FROM ubuntu:24.04 AS build
22

33
RUN apt-get update \
44
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y \
@@ -33,16 +33,16 @@ RUN apt-get install -y \
3333
libcurl4-openssl-dev \
3434
libcbor-dev
3535

36-
# RA-TLS DCAP libraries:
37-
RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null \
38-
&& wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -\
36+
# RA-TLS DCAP libraries
37+
# https://download.01.org/intel-sgx/sgx_repo/ubuntu/dists/noble/main/binary-amd64/Packages
38+
RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list \
39+
&& wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key -O /etc/apt/keyrings/intel-sgx-keyring.asc \
3940
&& apt-get update \
4041
&& apt-get install -y \
4142
libsgx-dcap-quote-verify-dev \
4243
libsgx-dcap-ql-dev \
4344
libsgx-uae-service \
44-
libtdx-attest=1.20.100.2-focal1 \
45-
libtdx-attest-dev=1.20.100.2-focal1 \
45+
libtdx-attest-dev \
4646
libsgx-dcap-default-qpl-dev
4747

4848
RUN mkdir -p $HOME/.cargo/ && echo '[source.crates-io] \n registry = "git://mirrors.ustc.edu.cn/crates.io-index"' >> $HOME/.cargo/config
@@ -64,19 +64,16 @@ RUN cd /cvm-agent/cvmassistants/secretprovider/secret-provider-agent \
6464
&& make all
6565

6666
# Final image
67-
FROM ubuntu:20.04
67+
FROM ubuntu:24.04
6868

6969
RUN apt-get update \
7070
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y \
71+
cryptsetup-bin \
7172
wget \
7273
software-properties-common \
7374
vim \
7475
libcbor-dev
7576

76-
RUN mkdir -p /usr/share/zoneinfo/
77-
COPY zoneinfo /usr/share/zoneinfo
78-
RUN ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
79-
8077
RUN mkdir -p /workplace/app \
8178
&& mkdir -p /workplace/apploader/conf \
8279
&& mkdir -p /workplace/cvm-agent/cvmassistants/pkitool/conf \
@@ -98,7 +95,6 @@ COPY --from=build /cvm-agent/cvmassistants/pkitool/pkitool /workplace/cvm-agen
9895
COPY --from=build /cvm-agent/cvmassistants/pkitool/conf /workplace/cvm-agent/cvmassistants/pkitool/conf
9996

10097
#get disktool
101-
RUN apt install -y cryptsetup-bin
10298
COPY --from=build /cvm-agent/cvmassistants/disktool/ /workplace/cvm-agent/cvmassistants/disktool
10399

104100
#for support tdx attest
@@ -110,16 +106,16 @@ RUN mkdir -p /workplace/cvm-agent/cvmassistants/keyprovider \
110106
&& mkdir -p /usr/local/lib/rats-tls \
111107
&& mkdir -p /opt/csv/hsk_cek/
112108

113-
## RA-TLS DCAP libraries:
114-
RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null \
115-
&& wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -\
109+
# RA-TLS DCAP libraries
110+
# https://download.01.org/intel-sgx/sgx_repo/ubuntu/dists/noble/main/binary-amd64/Packages
111+
RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list \
112+
&& wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key -O /etc/apt/keyrings/intel-sgx-keyring.asc \
116113
&& apt-get update \
117114
&& apt-get install -y \
118115
libsgx-dcap-quote-verify \
119116
libsgx-dcap-ql \
120117
libsgx-uae-service \
121-
libtdx-attest=1.20.100.2-focal1 \
122-
libtdx-attest-dev=1.20.100.2-focal1 \
118+
libtdx-attest \
123119
libsgx-dcap-default-qpl
124120

125121
COPY --from=build /cvm-agent/cvmassistants/keyprovider/key-provider-agent/key_provider_agent /workplace/cvm-agent/cvmassistants/keyprovider
@@ -136,9 +132,8 @@ COPY --from=build /cvm-agent/cvmassistants/secretprovider/secret-provider-agent
136132
RUN apt-get update \
137133
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y \
138134
supervisor \
139-
pip \
140-
curl \
141-
&& pip3 install requests -i https://pypi.tuna.tsinghua.edu.cn/simple
135+
curl
136+
142137
#todo make supervisord.conf configurable so that it can change the log path
143138
COPY --from=build /cvm-agent/base-image/supervisord/supervisord.conf /etc/supervisor/
144139
COPY --from=build /cvm-agent/apploader/conf/appload-supervisord.ini /workplace/supervisord/apploader

base-image/release.sh

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,11 +20,9 @@ function build::image() {
2020
rm -rf $BASE_DIR/../../docker-release
2121
mkdir -p $BASE_DIR/../../docker-release/tmp
2222
cp -a $BASE_DIR/Dockerfile $BASE_DIR/../../docker-release
23-
cp -a $BASE_DIR/supervisord/* $BASE_DIR/../../docker-release
2423

2524
# move to docker-release
2625
cd $BASE_DIR/../../docker-release
27-
cp -a /usr/share/zoneinfo .
2826
cp -a $BASE_DIR/../* tmp
2927

3028
docker build --no-cache --build-arg VERSION=$release_desc --build-arg https_proxy=${PROXY} -t $BASE_NAME:${VERSION} .

cvmassistants/disktool/encryptedDisk.sh

100755100644
File mode changed.

0 commit comments

Comments
 (0)