From cb9229ee58a3e93f65101bd6bcdbce9a0bceed3b Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Thu, 13 Jun 2024 15:39:51 +0100 Subject: [PATCH] Update to use latest CI image containing Open Enclave 0.19.6 (#6263) --- .azure-pipelines-gh-pages.yml | 2 +- .azure-pipelines-model-checking.yml | 2 +- .azure-pipelines-release.yml | 6 +++--- .azure-pipelines-templates/deploy_aci.yml | 4 ++-- .azure-pipelines.yml | 6 +++--- .azure_pipelines_snp.yml | 2 +- .daily.yml | 6 +++--- .devcontainer/devcontainer.json | 2 +- .github/workflows/bencher.yml | 2 +- .github/workflows/ci-checks.yml | 2 +- .github/workflows/tlaplus.yml | 2 +- .multi-thread.yml | 2 +- .stress.yml | 2 +- CHANGELOG.md | 1 + cmake/cpack_settings.cmake | 2 +- cmake/open_enclave.cmake | 2 +- docker/ccf_ci_built | 2 +- scripts/azure_deployment/arm_aci.py | 2 +- 18 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.azure-pipelines-gh-pages.yml b/.azure-pipelines-gh-pages.yml index 97766aee7db0..b7477eb501ff 100644 --- a/.azure-pipelines-gh-pages.yml +++ b/.azure-pipelines-gh-pages.yml @@ -11,7 +11,7 @@ jobs: variables: Codeql.SkipTaskAutoInjection: true skipComponentGovernanceDetection: true - container: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + container: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 pool: vmImage: ubuntu-20.04 diff --git a/.azure-pipelines-model-checking.yml b/.azure-pipelines-model-checking.yml index 8ffc8f8f39b1..7ffe0658c1ae 100644 --- a/.azure-pipelines-model-checking.yml +++ b/.azure-pipelines-model-checking.yml @@ -21,7 +21,7 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE jobs: diff --git a/.azure-pipelines-release.yml b/.azure-pipelines-release.yml index b3f78e4d7747..03d5e5778bb9 100644 --- a/.azure-pipelines-release.yml +++ b/.azure-pipelines-release.yml @@ -8,15 +8,15 @@ pr: none resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: snp - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-sgx + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro variables: diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml index d1d57259fd8a..0a1dd04cbba4 100644 --- a/.azure-pipelines-templates/deploy_aci.yml +++ b/.azure-pipelines-templates/deploy_aci.yml @@ -54,7 +54,7 @@ jobs: - script: | set -ex docker login -u $ACR_TOKEN_NAME -p $ACR_CI_PUSH_TOKEN_PASSWORD $ACR_REGISTRY - docker pull $ACR_REGISTRY/ccf/ci:2024-05-29-snp-clang15 + docker pull $ACR_REGISTRY/ccf/ci:oe-0.19.6-0-snp-clang15 docker build -f docker/ccf_ci_built . --build-arg="base=$BASE_IMAGE" --build-arg="platform=snp" -t $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD` docker push $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD` name: build_ci_image @@ -63,7 +63,7 @@ jobs: ACR_TOKEN_NAME: ci-push-token ACR_CI_PUSH_TOKEN_PASSWORD: $(ACR_CI_PUSH_TOKEN_PASSWORD) ACR_REGISTRY: ccfmsrc.azurecr.io - BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp-clang15 + BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang15 - script: | set -ex diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 4743da74a022..c8ff90eb3064 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -30,15 +30,15 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: snp - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-sgx + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro variables: diff --git a/.azure_pipelines_snp.yml b/.azure_pipelines_snp.yml index 5f109c3d57de..3708df528b85 100644 --- a/.azure_pipelines_snp.yml +++ b/.azure_pipelines_snp.yml @@ -32,7 +32,7 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro jobs: diff --git a/.daily.yml b/.daily.yml index fe6d6699fbf0..378a37159c58 100644 --- a/.daily.yml +++ b/.daily.yml @@ -27,15 +27,15 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE - container: snp - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-sgx + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx jobs: diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b0ad7d43182b..1057f18e21a8 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "CCF Development Environment", - "image": "ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15", + "image": "ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15", "runArgs": [], "extensions": [ "eamodio.gitlens", diff --git a/.github/workflows/bencher.yml b/.github/workflows/bencher.yml index f8917e22f90b..2096a34220e3 100644 --- a/.github/workflows/bencher.yml +++ b/.github/workflows/bencher.yml @@ -11,7 +11,7 @@ jobs: name: Continuous Benchmarking with Bencher runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] container: - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index 17ce9f6e3f4b..b99186c23065 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -12,7 +12,7 @@ permissions: read-all jobs: checks: runs-on: ubuntu-latest - container: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + container: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 steps: - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" diff --git a/.github/workflows/tlaplus.yml b/.github/workflows/tlaplus.yml index 1c988584050e..546d9396b812 100644 --- a/.github/workflows/tlaplus.yml +++ b/.github/workflows/tlaplus.yml @@ -19,7 +19,7 @@ jobs: name: Model Checking - Consistency runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] container: - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 steps: - uses: actions/checkout@v4 diff --git a/.multi-thread.yml b/.multi-thread.yml index b3c13ff2ee0d..d8ceba878f3c 100644 --- a/.multi-thread.yml +++ b/.multi-thread.yml @@ -20,7 +20,7 @@ pr: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro jobs: diff --git a/.stress.yml b/.stress.yml index 99d93a9907fa..5fdf14ce6b42 100644 --- a/.stress.yml +++ b/.stress.yml @@ -24,7 +24,7 @@ schedules: resources: containers: - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-sgx + image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e08b86dace7..cffeed9edbb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Added TypeScript `TypedKvSet` and `ccfapp.typedKv` to facilitate set handling from application code. - Added support for UVM endorsements signed with EC keys (#6231). +- Updated Open Enclave to [0.19.6](https://github.com/openenclave/openenclave/releases/tag/v0.19.6). ### Removed diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 46f7bca40ae6..c51e8485ac7d 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -24,7 +24,7 @@ message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}") set(CCF_DEB_BASE_DEPENDENCIES "libuv1 (>= 1.34.2);openssl (>=1.1.1f)") set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) -set(OE_VERSION "0.19.3") +set(OE_VERSION "0.19.6") if(COMPILE_TARGET STREQUAL "sgx") list(APPEND CCF_DEB_DEPENDENCIES "libc++1-11;libc++abi1-11;open-enclave (>=${OE_VERSION})" diff --git a/cmake/open_enclave.cmake b/cmake/open_enclave.cmake index 4d99cc9ea841..4bb7b8fc0040 100644 --- a/cmake/open_enclave.cmake +++ b/cmake/open_enclave.cmake @@ -13,7 +13,7 @@ if(REQUIRE_OPENENCLAVE) endif() # Find OpenEnclave package - find_package(OpenEnclave 0.19.3 CONFIG REQUIRED) + find_package(OpenEnclave 0.19.6 CONFIG REQUIRED) option(USE_OPENSSL_3 "Use OpenSSL 3.x for Open Enclave builds" ON) if(USE_OPENSSL_3) diff --git a/docker/ccf_ci_built b/docker/ccf_ci_built index 3ec61d922a9f..95dd5807741f 100644 --- a/docker/ccf_ci_built +++ b/docker/ccf_ci_built @@ -4,7 +4,7 @@ # Latest image as of this change ARG platform=sgx -ARG base=ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp-clang-15 +ARG base=ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang-15 FROM ${base} # SSH. Note that this could (should) be done in the base ccf_ci image instead diff --git a/scripts/azure_deployment/arm_aci.py b/scripts/azure_deployment/arm_aci.py index 72cfccf1bae8..8c2b15556601 100644 --- a/scripts/azure_deployment/arm_aci.py +++ b/scripts/azure_deployment/arm_aci.py @@ -133,7 +133,7 @@ def parse_aci_args(parser: ArgumentParser) -> Namespace: "--aci-image", help="The name of the image to deploy in the ACI", type=str, - default="ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp", + default="ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp", ) parser.add_argument( "--aci-type",