diff --git a/.azure-pipelines-gh-pages.yml b/.azure-pipelines-gh-pages.yml index b55ce678f9c..bae3c389ca4 100644 --- a/.azure-pipelines-gh-pages.yml +++ b/.azure-pipelines-gh-pages.yml @@ -11,7 +11,7 @@ jobs: variables: Codeql.SkipTaskAutoInjection: true skipComponentGovernanceDetection: true - container: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15 + container: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15 pool: vmImage: ubuntu-20.04 diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml index 34e09eae1e2..31cfe1dc602 100644 --- a/.azure-pipelines-templates/deploy_aci.yml +++ b/.azure-pipelines-templates/deploy_aci.yml @@ -50,7 +50,7 @@ jobs: - script: | set -ex docker login -u $ACR_TOKEN_NAME -p $ACR_CI_PUSH_TOKEN_PASSWORD $ACR_REGISTRY - docker pull $ACR_REGISTRY/ccf/ci:16-08-2023-1-snp-clang15 + docker pull $ACR_REGISTRY/ccf/ci:05-09-2023-snp-clang15 docker build -f docker/ccf_ci_built . --build-arg="base=$BASE_IMAGE" --build-arg="platform=snp" -t $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD` docker push $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD` name: build_ci_image @@ -59,7 +59,7 @@ jobs: ACR_TOKEN_NAME: ci-push-token ACR_CI_PUSH_TOKEN_PASSWORD: $(ACR_CI_PUSH_TOKEN_PASSWORD) ACR_REGISTRY: ccfmsrc.azurecr.io - BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang15 + BASE_IMAGE: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang15 - script: | set -ex diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 14961f3494e..562355c9e8c 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -29,15 +29,15 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: snp - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-sgx + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro variables: diff --git a/.azure_pipelines_snp.yml b/.azure_pipelines_snp.yml index 0e40402cc7d..b5f2e8ba095 100644 --- a/.azure_pipelines_snp.yml +++ b/.azure_pipelines_snp.yml @@ -31,7 +31,7 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro jobs: diff --git a/.daily.yml b/.daily.yml index 665cb37370f..b5f58711bc0 100644 --- a/.daily.yml +++ b/.daily.yml @@ -25,15 +25,15 @@ schedules: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE - container: snp - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-sgx + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx jobs: diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index e7c143f59e5..56fe9eb6d16 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "CCF Development Environment", - "image": "ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15", + "image": "ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15", "runArgs": [], "extensions": [ "eamodio.gitlens", diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index cd3477df003..f0145898880 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -9,7 +9,7 @@ on: jobs: checks: runs-on: ubuntu-latest - container: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15 + container: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15 steps: - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" diff --git a/.multi-thread.yml b/.multi-thread.yml index 7e90377ee79..a53c1c0c70d 100644 --- a/.multi-thread.yml +++ b/.multi-thread.yml @@ -16,7 +16,7 @@ pr: resources: containers: - container: virtual - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-virtual-clang15 + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-virtual-clang15 options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro jobs: diff --git a/.stress.yml b/.stress.yml index a0bdfce012b..fd366dd0c15 100644 --- a/.stress.yml +++ b/.stress.yml @@ -20,7 +20,7 @@ schedules: resources: containers: - container: sgx - image: ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-sgx + image: ccfmsrc.azurecr.io/ccf/ci:05-09-2023-sgx options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index 68d07be520b..de3e89333e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Updated `fmt` library from `9.1.0` to `10.1.1`. - Updated QCBOR from `1.1` to `1.2`. - Updated `nghttp2` from `1.51.0` to `1.55.1`. +- Updated Intel SGX PSW from 2.17 to 2.20 (#5616) ## [4.0.7] diff --git a/docker/ccf_ci_built b/docker/ccf_ci_built index 65a7d24d6ea..c1ce2b48cf7 100644 --- a/docker/ccf_ci_built +++ b/docker/ccf_ci_built @@ -4,7 +4,7 @@ # Latest image as of this change ARG platform=sgx -ARG base=ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp-clang-15 +ARG base=ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp-clang-15 FROM ${base} # SSH. Note that this could (should) be done in the base ccf_ci image instead diff --git a/docker/sgx_deps_pin.sh b/docker/sgx_deps_pin.sh index 2da9335d8d3..75474bfeeb4 100755 --- a/docker/sgx_deps_pin.sh +++ b/docker/sgx_deps_pin.sh @@ -10,7 +10,7 @@ mkdir -p /etc/init echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries UBUNTU=focal -PSW_VERSION=2.17.100 +PSW_VERSION=2.20.100 if [ -z "$PSW_VERSION" ]; then echo "Please set PSW_VERSION (e.g. 2.11)." >&2; @@ -23,5 +23,5 @@ apt-get update && apt-get install -y wget gnupg # Reference https://manpages.debian.org/buster/apt/apt_preferences.5.en.html # Download the pref file from https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/ # Assuming file name to follow *sgx__${UBUNTU}_custom_version.cfg convention -wget -r -l1 --no-parent -nd -A "*sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files" +wget -r -l1 --no-parent -nd -A "*sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/" mv ./*"sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "/etc/apt/preferences.d/intel-sgx.pref" \ No newline at end of file diff --git a/scripts/azure_deployment/arm_aci.py b/scripts/azure_deployment/arm_aci.py index 9a1244fb651..63aecdd58db 100644 --- a/scripts/azure_deployment/arm_aci.py +++ b/scripts/azure_deployment/arm_aci.py @@ -132,7 +132,7 @@ def parse_aci_args(parser: ArgumentParser) -> Namespace: "--aci-image", help="The name of the image to deploy in the ACI", type=str, - default="ccfmsrc.azurecr.io/ccf/ci:16-08-2023-1-snp", + default="ccfmsrc.azurecr.io/ccf/ci:05-09-2023-snp", ) parser.add_argument( "--aci-type",