From dfff34d20cadb76d254f07f77cfe1dd8a0c7a86a Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Thu, 27 Jun 2024 09:50:53 +0100 Subject: [PATCH] [release/4.x] Cherry pick: Upgrade base to open enclave 0.19.7 (#6293) (#6294) --- .azure-pipelines-gh-pages.yml | 2 +- .azure-pipelines-templates/deploy_aci.yml | 4 ++-- .azure-pipelines.yml | 6 +++--- .azure_pipelines_snp.yml | 2 +- .daily.yml | 6 +++--- .devcontainer/devcontainer.json | 2 +- .github/workflows/ci-checks.yml | 2 +- .github/workflows/tlaplus.yml | 2 +- .multi-thread.yml | 2 +- .stress.yml | 2 +- CHANGELOG.md | 8 ++++++++ cmake/cpack_settings.cmake | 2 +- cmake/open_enclave.cmake | 2 +- docker/ccf_ci_built | 2 +- .../setup_vm/roles/openenclave/vars/common.yml | 4 ++-- scripts/azure_deployment/arm_aci.py | 2 +- 16 files changed, 29 insertions(+), 21 deletions(-) diff --git a/.azure-pipelines-gh-pages.yml b/.azure-pipelines-gh-pages.yml index b7477eb501ff..742c347bc18a 100644 --- a/.azure-pipelines-gh-pages.yml +++ b/.azure-pipelines-gh-pages.yml @@ -11,7 +11,7 @@ jobs: variables: Codeql.SkipTaskAutoInjection: true skipComponentGovernanceDetection: true - container: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 + container: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15 pool: vmImage: ubuntu-20.04 diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml index 94f9dc490ddf..b8aa1e2f0dcd 100644 --- a/.azure-pipelines-templates/deploy_aci.yml +++ b/.azure-pipelines-templates/deploy_aci.yml @@ -48,7 +48,7 @@ jobs: - script: | set -ex docker login -u $ACR_TOKEN_NAME -p $ACR_CI_PUSH_TOKEN_PASSWORD $ACR_REGISTRY - docker pull $ACR_REGISTRY/ccf/ci:oe-0.19.6-0-snp-clang15 + docker pull $ACR_REGISTRY/ccf/ci:2024-06-26-snp-clang15 docker build -f docker/ccf_ci_built . --build-arg="base=$BASE_IMAGE" --build-arg="platform=snp" -t $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD` docker push $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD` name: build_ci_image @@ -57,7 +57,7 @@ jobs: ACR_TOKEN_NAME: ci-push-token ACR_CI_PUSH_TOKEN_PASSWORD: $(ACR_CI_PUSH_TOKEN_PASSWORD) ACR_REGISTRY: ccfmsrc.azurecr.io - BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang15 + BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-snp-clang15 - script: | set -ex diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 52f397038aec..ab071241ee18 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -29,15 +29,15 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: snp - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-snp-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-sgx + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro variables: diff --git a/.azure_pipelines_snp.yml b/.azure_pipelines_snp.yml index 26a283a43120..663a5712dc1f 100644 --- a/.azure_pipelines_snp.yml +++ b/.azure_pipelines_snp.yml @@ -31,7 +31,7 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro jobs: diff --git a/.daily.yml b/.daily.yml index c628fba7a31a..e4f4a609b3c9 100644 --- a/.daily.yml +++ b/.daily.yml @@ -25,15 +25,15 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE - container: snp - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-snp-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-sgx + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx jobs: diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 8240bedbff73..06feab113380 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "CCF Development Environment", - "image": "ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15", + "image": "ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15", "runArgs": [], "extensions": [ "eamodio.gitlens", diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index c2ceee5cd788..d2893eba3264 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -9,7 +9,7 @@ on: jobs: checks: runs-on: ubuntu-latest - container: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 + container: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15 steps: - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" diff --git a/.github/workflows/tlaplus.yml b/.github/workflows/tlaplus.yml index 95f70b93261e..7a08a38a7bb2 100644 --- a/.github/workflows/tlaplus.yml +++ b/.github/workflows/tlaplus.yml @@ -14,7 +14,7 @@ jobs: name: Model Checking - Consensus runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] container: - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15 steps: - uses: actions/checkout@v3 diff --git a/.multi-thread.yml b/.multi-thread.yml index 4bc519dd646a..300eeabb0623 100644 --- a/.multi-thread.yml +++ b/.multi-thread.yml @@ -16,7 +16,7 @@ pr: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro jobs: diff --git a/.stress.yml b/.stress.yml index 53107381ae1e..7d2935e3eaf1 100644 --- a/.stress.yml +++ b/.stress.yml @@ -20,7 +20,7 @@ schedules: resources: containers: - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-sgx + image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index 96db3ad3695c..716b99d9fc29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [4.0.19] + +[4.0.19]: https://github.com/microsoft/CCF/releases/tag/ccf-4.0.19 + +### Dependencies + +- Updated Open Enclave to [0.19.7](https://github.com/openenclave/openenclave/releases/tag/v0.19.7). + ## [4.0.18] [4.0.18]: https://github.com/microsoft/CCF/releases/tag/ccf-4.0.18 diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index dbd91628dd82..5e94cbfe94e8 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -21,7 +21,7 @@ message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}") set(CCF_DEB_BASE_DEPENDENCIES "libuv1 (>= 1.34.2);openssl (>=1.1.1)") set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) -set(OE_VERSION "0.19.6") +set(OE_VERSION "0.19.7") if(COMPILE_TARGET STREQUAL "sgx") list(APPEND CCF_DEB_DEPENDENCIES "libc++1-11;libc++abi1-11;open-enclave (>=${OE_VERSION})" diff --git a/cmake/open_enclave.cmake b/cmake/open_enclave.cmake index c3bc5df4feea..0b922ba4a19f 100644 --- a/cmake/open_enclave.cmake +++ b/cmake/open_enclave.cmake @@ -6,7 +6,7 @@ if(NOT COMPILE_TARGET STREQUAL "sgx") endif() # Find OpenEnclave package -find_package(OpenEnclave 0.19.6 CONFIG REQUIRED) +find_package(OpenEnclave 0.19.7 CONFIG REQUIRED) # As well as pulling in openenclave:: targets, this sets variables which can be # used for our edge cases (eg - for virtual libraries). These do not follow the # standard naming patterns, for example use OE_INCLUDEDIR rather than diff --git a/docker/ccf_ci_built b/docker/ccf_ci_built index 95dd5807741f..4362f14b0428 100644 --- a/docker/ccf_ci_built +++ b/docker/ccf_ci_built @@ -4,7 +4,7 @@ # Latest image as of this change ARG platform=sgx -ARG base=ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp-clang-15 +ARG base=ccfmsrc.azurecr.io/ccf/ci:2024-06-26-snp-clang-15 FROM ${base} # SSH. Note that this could (should) be done in the base ccf_ci image instead diff --git a/getting_started/setup_vm/roles/openenclave/vars/common.yml b/getting_started/setup_vm/roles/openenclave/vars/common.yml index b02747bb80b9..1d7f01c20215 100644 --- a/getting_started/setup_vm/roles/openenclave/vars/common.yml +++ b/getting_started/setup_vm/roles/openenclave/vars/common.yml @@ -1,6 +1,6 @@ -oe_ver: "0.19.6" +oe_ver: "0.19.7" # Usually the same, except for rc, where ver is -rc and ver_ is _rc -oe_ver_: "0.19.6" +oe_ver_: "0.19.7" # Source install workspace: "/tmp/" diff --git a/scripts/azure_deployment/arm_aci.py b/scripts/azure_deployment/arm_aci.py index a1b40e299e0b..e28794b1c6e5 100644 --- a/scripts/azure_deployment/arm_aci.py +++ b/scripts/azure_deployment/arm_aci.py @@ -132,7 +132,7 @@ def parse_aci_args(parser: ArgumentParser) -> Namespace: "--aci-image", help="The name of the image to deploy in the ACI", type=str, - default="ccfmsrc.azurecr.io/ccf/ci:oe-0.19.6-0-snp", + default="ccfmsrc.azurecr.io/ccf/ci:2024-06-26-snp", ) parser.add_argument( "--aci-type",