Skip to content

chore: Ubuntu 24.04 #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jbern0rd merged 2 commits into from
Nov 12, 2025
Merged

chore: Ubuntu 24.04 #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
958877f
chore: Ubuntu 24.04
jbern0rd Nov 10, 2025
cac1130
fix: remove executable bit on encryptedDisk.sh
jbern0rd Nov 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 15 additions & 20 deletions base-image/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ubuntu:20.04 AS build
FROM ubuntu:24.04 AS build

RUN apt-get update \
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y \
Expand Down Expand Up @@ -33,16 +33,16 @@ RUN apt-get install -y \
libcurl4-openssl-dev \
libcbor-dev

# RA-TLS DCAP libraries:
RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null \
&& wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -\
# RA-TLS DCAP libraries
# https://download.01.org/intel-sgx/sgx_repo/ubuntu/dists/noble/main/binary-amd64/Packages
RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list \
&& wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key -O /etc/apt/keyrings/intel-sgx-keyring.asc \
&& apt-get update \
&& apt-get install -y \
libsgx-dcap-quote-verify-dev \
libsgx-dcap-ql-dev \
libsgx-uae-service \
libtdx-attest=1.20.100.2-focal1 \
libtdx-attest-dev=1.20.100.2-focal1 \
libtdx-attest-dev \
libsgx-dcap-default-qpl-dev

RUN mkdir -p $HOME/.cargo/ && echo '[source.crates-io] \n registry = "git://mirrors.ustc.edu.cn/crates.io-index"' >> $HOME/.cargo/config
Expand All @@ -64,19 +64,16 @@ RUN cd /cvm-agent/cvmassistants/secretprovider/secret-provider-agent \
&& make all

# Final image
FROM ubuntu:20.04
FROM ubuntu:24.04

RUN apt-get update \
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y \
cryptsetup-bin \
wget \
software-properties-common \
vim \
libcbor-dev

RUN mkdir -p /usr/share/zoneinfo/
COPY zoneinfo /usr/share/zoneinfo
RUN ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime

RUN mkdir -p /workplace/app \
&& mkdir -p /workplace/apploader/conf \
&& mkdir -p /workplace/cvm-agent/cvmassistants/pkitool/conf \
Expand All @@ -98,7 +95,6 @@ COPY --from=build /cvm-agent/cvmassistants/pkitool/pkitool /workplace/cvm-agen
COPY --from=build /cvm-agent/cvmassistants/pkitool/conf /workplace/cvm-agent/cvmassistants/pkitool/conf

#get disktool
RUN apt install -y cryptsetup-bin
COPY --from=build /cvm-agent/cvmassistants/disktool/ /workplace/cvm-agent/cvmassistants/disktool

#for support tdx attest
Expand All @@ -110,16 +106,16 @@ RUN mkdir -p /workplace/cvm-agent/cvmassistants/keyprovider \
&& mkdir -p /usr/local/lib/rats-tls \
&& mkdir -p /opt/csv/hsk_cek/

## RA-TLS DCAP libraries:
RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null \
&& wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -\
# RA-TLS DCAP libraries
# https://download.01.org/intel-sgx/sgx_repo/ubuntu/dists/noble/main/binary-amd64/Packages
RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list \
&& wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key -O /etc/apt/keyrings/intel-sgx-keyring.asc \
&& apt-get update \
&& apt-get install -y \
libsgx-dcap-quote-verify \
libsgx-dcap-ql \
libsgx-uae-service \
libtdx-attest=1.20.100.2-focal1 \
libtdx-attest-dev=1.20.100.2-focal1 \
libtdx-attest \
libsgx-dcap-default-qpl

COPY --from=build /cvm-agent/cvmassistants/keyprovider/key-provider-agent/key_provider_agent /workplace/cvm-agent/cvmassistants/keyprovider
Expand All @@ -136,9 +132,8 @@ COPY --from=build /cvm-agent/cvmassistants/secretprovider/secret-provider-agent
RUN apt-get update \
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y \
supervisor \
pip \
curl \
&& pip3 install requests -i https://pypi.tuna.tsinghua.edu.cn/simple
curl

#todo make supervisord.conf configurable so that it can change the log path
COPY --from=build /cvm-agent/base-image/supervisord/supervisord.conf /etc/supervisor/
COPY --from=build /cvm-agent/apploader/conf/appload-supervisord.ini /workplace/supervisord/apploader
Expand Down
2 changes: 0 additions & 2 deletions base-image/release.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,9 @@ function build::image() {
rm -rf $BASE_DIR/../../docker-release
mkdir -p $BASE_DIR/../../docker-release/tmp
cp -a $BASE_DIR/Dockerfile $BASE_DIR/../../docker-release
cp -a $BASE_DIR/supervisord/* $BASE_DIR/../../docker-release

# move to docker-release
cd $BASE_DIR/../../docker-release
cp -a /usr/share/zoneinfo .
cp -a $BASE_DIR/../* tmp

docker build --no-cache --build-arg VERSION=$release_desc --build-arg https_proxy=${PROXY} -t $BASE_NAME:${VERSION} .
Expand Down
Empty file modified cvmassistants/disktool/encryptedDisk.sh
100755 → 100644
View file
Open in desktop
Empty file.