build: move to Ubuntu 22.04

Occlum finally provides Ubuntu 22.04 packages so move to a more recent base OS. guest-components (Occlum snapshotter) expects certain libc files to be present but these are no longer installed through copy_bom dependencies so add them manually for now. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Aug 26, 2024 · f16d0fc · f16d0fc
1 parent ec9a1d5
commit f16d0fc
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/tools/packaging/build/unified-bundle/Dockerfile b/tools/packaging/build/unified-bundle/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04 as builder
+FROM ubuntu:22.04 as builder
 
 ARG KBC=cc-kbc
 
@@ -10,14 +10,14 @@ RUN apt-get update && \
     wget \
     gnupg
 
-ARG OCCLUM_VERSION=0.30.1-focal-1
+ARG OCCLUM_VERSION=0.30.1-jammy-1
 ARG SGXSDK_VERSION=2_23_100
 ARG RUST_VERSION=1.76.0
 
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=${RUST_VERSION}
-RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | tee -a /etc/apt/sources.list.d/intel-sgx.list \
+RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" | tee -a /etc/apt/sources.list.d/intel-sgx.list \
  && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg \
- && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99sgx_${SGXSDK_VERSION}_focal_custom_version.cfg | tee -a /etc/apt/preferences.d/99sgx_sdk \
+ && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99sgx_${SGXSDK_VERSION}_jammy_custom_version.cfg | tee -a /etc/apt/preferences.d/99sgx_sdk \
  && apt-get update \
  && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     libsgx-uae-service \
@@ -28,7 +28,7 @@ RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://d
     libsgx-quote-ex \
     libsgx-dcap-default-qpl
 
-RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/occlum.gpg] https://occlum.io/occlum-package-repos/debian focal main" | tee -a /etc/apt/sources.list.d/occlum.list \
+RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/occlum.gpg] https://occlum.io/occlum-package-repos/debian jammy main" | tee -a /etc/apt/sources.list.d/occlum.list \
  && wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | gpg --dearmor --output /usr/share/keyrings/occlum.gpg \
  && apt-get update
 RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -80,22 +80,22 @@ RUN export PATH="$PATH:/opt/occlum/build/bin" && \
         export DEBUG="--debug"; \
     fi; occlum package ${DEBUG}
 
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 RUN apt-get update && \
     env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     ca-certificates \
     wget \
     gnupg
 
-ARG OCCLUM_VERSION=0.30.1-focal-1
+ARG OCCLUM_VERSION=0.30.1-jammy-1
 ARG SGXSDK_VERSION=2_23_100
 
-RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | tee -a /etc/apt/sources.list.d/intel-sgx.list \
- && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/occlum.gpg] https://occlum.io/occlum-package-repos/debian focal main" | tee -a /etc/apt/sources.list.d/occlum.list \
+RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" | tee -a /etc/apt/sources.list.d/intel-sgx.list \
+ && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/occlum.gpg] https://occlum.io/occlum-package-repos/debian jammy main" | tee -a /etc/apt/sources.list.d/occlum.list \
  && wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | gpg --dearmor --output /usr/share/keyrings/occlum.gpg \
  && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg \
- && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99sgx_${SGXSDK_VERSION}_focal_custom_version.cfg | tee -a /etc/apt/preferences.d/99sgx_sdk \
+ && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99sgx_${SGXSDK_VERSION}_jammy_custom_version.cfg | tee -a /etc/apt/preferences.d/99sgx_sdk \
  && apt-get update \
  && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     libsgx-uae-service \

diff --git a/tools/packaging/build/unified-bundle/enclave-agent-cc-kbc.yaml b/tools/packaging/build/unified-bundle/enclave-agent-cc-kbc.yaml
@@ -14,6 +14,8 @@ targets:
       - files:
          - /opt/occlum/glibc/lib/libnss_files.so.2
          - /opt/occlum/glibc/lib/libnss_dns.so.2
+         - /opt/occlum/glibc/lib/libresolv.so.2
+         - /opt/occlum/glibc/lib/librt.so.1
          - /lib/x86_64-linux-gnu/libdl.so.2
   - target: /usr/lib/ssl
     copy:

diff --git a/tools/packaging/build/unified-bundle/enclave-agent-sample-kbc.yaml b/tools/packaging/build/unified-bundle/enclave-agent-sample-kbc.yaml
@@ -14,6 +14,8 @@ targets:
       - files:
          - /opt/occlum/glibc/lib/libnss_files.so.2
          - /opt/occlum/glibc/lib/libnss_dns.so.2
+         - /opt/occlum/glibc/lib/libresolv.so.2
+         - /opt/occlum/glibc/lib/librt.so.1
          - /lib/x86_64-linux-gnu/libdl.so.2
   - target: /usr/lib/ssl
     copy: