From f837e01c155d9ba3e61db0b98e4ca2ac4ce07ba1 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Thu, 6 Jun 2024 17:19:19 +0300
Subject: [PATCH 1/3] Drop Golang installation

With the move to Regorus, Golang builds are no longer needed.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 .github/workflows/kbs-e2e.yaml              | 4 ----
 attestation-service/Dockerfile.as-grpc      | 6 ------
 attestation-service/Dockerfile.as-restful   | 6 ------
 kbs/docker/Dockerfile                       | 4 ----
 kbs/docker/Dockerfile.coco-as-grpc          | 6 +-----
 kbs/docker/Dockerfile.intel-trust-authority | 6 +-----
 kbs/quickstart.md                           | 7 -------
 7 files changed, 2 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/kbs-e2e.yaml b/.github/workflows/kbs-e2e.yaml
index 245db6997..456394e37 100644
--- a/.github/workflows/kbs-e2e.yaml
+++ b/.github/workflows/kbs-e2e.yaml
@@ -36,10 +36,6 @@ jobs:
         profile: minimal
         toolchain: ${{ env.RUSTC_VERSION }}
 
-    - uses: actions/setup-go@v5
-      with:
-        go-version: stable
-
     - name: Set up rust build cache
       uses: actions/cache@v4
       continue-on-error: false
diff --git a/attestation-service/Dockerfile.as-grpc b/attestation-service/Dockerfile.as-grpc
index 403b62938..1aabc3153 100644
--- a/attestation-service/Dockerfile.as-grpc
+++ b/attestation-service/Dockerfile.as-grpc
@@ -7,12 +7,6 @@ FROM rust:latest as builder
 WORKDIR /usr/src/attestation-service
 COPY . .
 
-# Install golang
-RUN wget https://go.dev/dl/go1.20.1.linux-amd64.tar.gz && \
-    tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
-
-ENV PATH="/usr/local/go/bin:${PATH}"
-
 # Install TPM Build Dependencies
 RUN apt-get update && apt-get install -y protobuf-compiler clang libtss2-dev
 
diff --git a/attestation-service/Dockerfile.as-restful b/attestation-service/Dockerfile.as-restful
index 322536c05..565701aec 100644
--- a/attestation-service/Dockerfile.as-restful
+++ b/attestation-service/Dockerfile.as-restful
@@ -7,12 +7,6 @@ FROM rust:latest as builder
 WORKDIR /usr/src/attestation-service
 COPY . .
 
-# Install golang
-RUN wget https://go.dev/dl/go1.20.1.linux-amd64.tar.gz && \
-    tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
-
-ENV PATH="/usr/local/go/bin:${PATH}"
-
 # Install TPM Build Dependencies
 RUN apt-get update && apt-get install -y protobuf-compiler clang libtss2-dev
 
diff --git a/kbs/docker/Dockerfile b/kbs/docker/Dockerfile
index 0d2795412..68ee3f249 100644
--- a/kbs/docker/Dockerfile
+++ b/kbs/docker/Dockerfile
@@ -29,10 +29,6 @@ RUN curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.k
     libsgx-dcap-quote-verify-dev \
     libtdx-attest-dev
 
-RUN wget https://go.dev/dl/go1.20.1.linux-amd64.tar.gz
-RUN tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
-ENV PATH="/usr/local/go/bin:${PATH}"
-
 # Build and Install KBS
 WORKDIR /usr/src/kbs
 COPY . .
diff --git a/kbs/docker/Dockerfile.coco-as-grpc b/kbs/docker/Dockerfile.coco-as-grpc
index 9022d5c9d..696c14a0c 100644
--- a/kbs/docker/Dockerfile.coco-as-grpc
+++ b/kbs/docker/Dockerfile.coco-as-grpc
@@ -3,11 +3,7 @@ FROM rust:latest as builder
 WORKDIR /usr/src/kbs
 COPY . .
 
-RUN apt-get update && apt install -y protobuf-compiler wget git
-
-RUN wget https://go.dev/dl/go1.20.1.linux-amd64.tar.gz
-RUN tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
-ENV PATH="/usr/local/go/bin:${PATH}"
+RUN apt-get update && apt install -y protobuf-compiler git
 
 # Build and Install KBS
 RUN cargo install --path kbs/src/kbs --no-default-features --features coco-as-grpc,resource,opa,rustls
diff --git a/kbs/docker/Dockerfile.intel-trust-authority b/kbs/docker/Dockerfile.intel-trust-authority
index 29e4cd943..78e187eb5 100644
--- a/kbs/docker/Dockerfile.intel-trust-authority
+++ b/kbs/docker/Dockerfile.intel-trust-authority
@@ -3,11 +3,7 @@ FROM rust:latest as builder
 WORKDIR /usr/src/kbs
 COPY . .
 
-RUN apt-get update && apt install -y wget git
-
-RUN wget https://go.dev/dl/go1.20.1.linux-amd64.tar.gz
-RUN tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
-ENV PATH="/usr/local/go/bin:${PATH}"
+RUN apt-get update && apt install -y git
 
 # Build and Install KBS
 RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,rustls,resource,opa
diff --git a/kbs/quickstart.md b/kbs/quickstart.md
index 45f613d10..2a1285f86 100644
--- a/kbs/quickstart.md
+++ b/kbs/quickstart.md
@@ -13,13 +13,6 @@ curl https://sh.rustup.rs -sSf | sh
 source "$HOME/.cargo/env"
 ```
 
-In order to compile some Go components (e.g. the OPA policy engine), install
-the Go compiler (>= 1.20):
-```shell
-sudo apt-get install -y golang-1.20
-export PATH=/usr/lib/go-1.20/bin:$PATH
-```
-
 Install dependencies:
 ```shell
 curl -L "https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key" | sudo apt-key add -

From 0431b909302a78fd3622ea53fe13f3064d444020 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Thu, 6 Jun 2024 17:20:33 +0300
Subject: [PATCH 2/3] Update DCAP installation

try to harmonize to jammy based packages. Also drop libtdx-attest*
because that is an attester lib and unused in quote verification.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 attestation-service/Dockerfile.as-grpc    | 6 +++---
 attestation-service/Dockerfile.as-restful | 6 +++---
 attestation-service/tests/e2e/Makefile    | 1 -
 kbs/docker/Dockerfile                     | 2 +-
 4 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/attestation-service/Dockerfile.as-grpc b/attestation-service/Dockerfile.as-grpc
index 1aabc3153..8de377d9f 100644
--- a/attestation-service/Dockerfile.as-grpc
+++ b/attestation-service/Dockerfile.as-grpc
@@ -12,8 +12,8 @@ RUN apt-get update && apt-get install -y protobuf-compiler clang libtss2-dev
 
 # Install TDX Build Dependencies
 RUN curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
-    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
-    apt-get update && apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify-dev
+    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
+    apt-get update && apt-get install -y libsgx-dcap-quote-verify-dev
 
 # Build and Install gRPC attestation-service
 RUN cargo install --path attestation-service/attestation-service --bin grpc-as --features grpc-bin --locked
@@ -28,7 +28,7 @@ RUN apt-get update && apt-get install curl gnupg openssl -y && \
     rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*
 
 RUN curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
-    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
+    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
     apt-get update && \
     apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \
     rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*
diff --git a/attestation-service/Dockerfile.as-restful b/attestation-service/Dockerfile.as-restful
index 565701aec..5b617db52 100644
--- a/attestation-service/Dockerfile.as-restful
+++ b/attestation-service/Dockerfile.as-restful
@@ -12,8 +12,8 @@ RUN apt-get update && apt-get install -y protobuf-compiler clang libtss2-dev
 
 # Install TDX Build Dependencies
 RUN curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
-    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
-    apt-get update && apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify-dev
+    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
+    apt-get update && apt-get install -y libsgx-dcap-quote-verify-dev
 
 # Build and Install RESTful attestation-service
 RUN cargo install --path attestation-service/attestation-service --bin restful-as --features restful-bin --locked
@@ -27,7 +27,7 @@ RUN apt-get update && apt-get install curl gnupg openssl -y && \
     rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*
 
 RUN curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
-    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
+    echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
     apt-get update && \
     apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \
     rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*
diff --git a/attestation-service/tests/e2e/Makefile b/attestation-service/tests/e2e/Makefile
index 2b74e0392..6bbd48dd1 100644
--- a/attestation-service/tests/e2e/Makefile
+++ b/attestation-service/tests/e2e/Makefile
@@ -27,7 +27,6 @@ install-dependencies:
 		protobuf-compiler \
 		clang \
 		libtss2-dev \
-		libtdx-attest-dev \
 		libsgx-dcap-quote-verify-dev \
 		libsgx-dcap-default-qpl
 
diff --git a/kbs/docker/Dockerfile b/kbs/docker/Dockerfile
index 68ee3f249..5b1bd993b 100644
--- a/kbs/docker/Dockerfile
+++ b/kbs/docker/Dockerfile
@@ -11,7 +11,7 @@ RUN apt-get update && \
 
 RUN curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \
     gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \
-    echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | \
+    echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | \
     tee /etc/apt/sources.list.d/intel-sgx.list && \
     apt-get update && \
     apt-get install -y --no-install-recommends \

From f14e08dfed0c958e515f9f0316a94af0d48aa1e1 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Wed, 12 Jun 2024 13:03:45 +0300
Subject: [PATCH 3/3] kbs: images: do not COPY openssl libs

rust:latest points to a new enough Debian that comes
with libssl3 so there's no need to COPY the openssl libs
anymore for KBS to work.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 kbs/docker/Dockerfile.intel-trust-authority | 2 --
 1 file changed, 2 deletions(-)

diff --git a/kbs/docker/Dockerfile.intel-trust-authority b/kbs/docker/Dockerfile.intel-trust-authority
index 78e187eb5..8aeae5f62 100644
--- a/kbs/docker/Dockerfile.intel-trust-authority
+++ b/kbs/docker/Dockerfile.intel-trust-authority
@@ -14,6 +14,4 @@ LABEL org.opencontainers.image.source="https://github.com/confidential-container
 
 RUN apt update && apt install -y ca-certificates
 
-COPY --from=builder /usr/lib/x86_64-linux-gnu/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
-COPY --from=builder /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
 COPY --from=builder /usr/local/cargo/bin/kbs /usr/local/bin/kbs