Remove SGX pins from base images (#6757)

achamayou · web-flow · commit 256c5c71c678 · 2025-01-15T11:15:57.000Z
diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml
@@ -50,7 +50,7 @@ jobs:
         env:
           ACR_REGISTRY_RESOURCE_NAME: ccfmsrc
           ACR_REGISTRY: ccfmsrc.azurecr.io
-          BASE_IMAGE: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+          BASE_IMAGE: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 
       - script: |
           set -ex
diff --git a/.azure_pipelines_snp.yml b/.azure_pipelines_snp.yml
@@ -22,7 +22,7 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
 jobs:
diff --git a/.github/workflows/bencher.yml b/.github/workflows/bencher.yml
@@ -13,7 +13,7 @@ jobs:
     name: Continuous Benchmarking with Bencher
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/ci-verification.yml b/.github/workflows/ci-verification.yml
@@ -24,7 +24,7 @@ jobs:
     name: Model Checking - Consistency
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
     defaults:
       run:
         working-directory: tla
@@ -102,7 +102,7 @@ jobs:
     name: Model Checking - Consensus
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
     defaults:
       run:
         working-directory: tla
@@ -158,7 +158,7 @@ jobs:
     name: Trace Validation - Consensus
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
   checks:
     name: "Format and License Checks"
     runs-on: ubuntu-latest
-    container: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+    container: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 
     steps:
       - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
@@ -44,7 +44,7 @@ jobs:
             options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
     runs-on: ${{ matrix.platform.nodes }}
     container:
-      image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-14-01-2025
       options: ${{ matrix.platform.options }}
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -25,7 +25,7 @@ jobs:
     # Insufficient space to run on public runner, so use custom pool
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
       options: --user root
 
     permissions:
diff --git a/.github/workflows/long-test.yml b/.github/workflows/long-test.yml
@@ -17,7 +17,7 @@ jobs:
     if: ${{ contains(github.event.pull_request.labels.*.name, 'run-long-test') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 
     steps:
       - uses: actions/checkout@v4
@@ -35,7 +35,7 @@ jobs:
     if: ${{ contains(github.event.pull_request.labels.*.name, 'run-long-test') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 
     steps:
       - uses: actions/checkout@v4
@@ -79,7 +79,7 @@ jobs:
     name: TSAN
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 
     steps:
       - uses: actions/checkout@v4
@@ -117,7 +117,7 @@ jobs:
     name: LTS
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/long-verification.yml b/.github/workflows/long-verification.yml
@@ -22,7 +22,7 @@ jobs:
     if: ${{ contains(github.event.pull_request.labels.*.name, 'run-long-verification') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
     defaults:
       run:
         working-directory: tla
@@ -50,7 +50,7 @@ jobs:
     if: ${{ contains(github.event.pull_request.labels.*.name, 'run-long-verification') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
     runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     container:
-      image: ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
     defaults:
       run:
         working-directory: tla
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -75,7 +75,7 @@ jobs:
             nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
     runs-on: ${{ matrix.platform.nodes }}
     container:
-      image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-08-01-2025-2
+      image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-14-01-2025
       options: "--user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro ${{ matrix.platform.container_options }}"
     steps:
       - uses: actions/checkout@v4
diff --git a/.snpcc_canary b/.snpcc_canary
@@ -4,4 +4,4 @@
 /-xXx--//-----x=x--/-xXx--/---x---->>>--/
 ...
 /\/\d(-_-)b/\/\
-----vmpl
+----vmpl--
diff --git a/docker/README.md b/docker/README.md
@@ -9,5 +9,5 @@ To build a given image, run:
 
 ```bash
 $ cd CCF/
-$ docker build -t <tag> -f docker/<app_run|app_dev|ccf_ci> --build-arg="platform=<sgx|snp|virtual>" --build-arg="clang_version=<11|15>" .
+$ docker build -t <tag> -f docker/<app_run|app_dev|ccf_ci> --build-arg="platform=<snp|virtual>" --build-arg="clang_version=<15>" .
 ```
diff --git a/docker/app_dev b/docker/app_dev
@@ -1,27 +1,11 @@
 # Application Development image
 # Contains a CCF release for platform and toolchain for target platform
 
-ARG platform=sgx
+FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04
 
-# SGX
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-sgx
-
-WORKDIR /
-COPY ./docker/sgx_deps_pin.sh /
-RUN ./sgx_deps_pin.sh && rm /sgx_deps_pin.sh
-
-# SNP
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-snp
-
-# Virtual
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-virtual
-
-# Final dev image
-FROM base-${platform} AS final
-
-ARG platform=sgx
+ARG platform=snp
 ARG ansible_vars
-ARG clang_version=11
+ARG clang_version=15
 
 RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries
 
diff --git a/docker/app_run b/docker/app_run
@@ -1,27 +1,11 @@
 # Application Runtime image
 # Contains the cchost binary and its runtime dependencies for target platform
 
-ARG platform=sgx
+FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 
 
-# SGX
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-sgx
-
-WORKDIR /
-COPY ./docker/sgx_deps_pin.sh /
-RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh
-
-# SNP
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-snp
-
-# Virtual
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-virtual
-
-# Final runtime image
-FROM base-${platform} AS final
-
-ARG platform=sgx
+ARG platform=snp
 ARG ansible_vars
-ARG clang_version=11
+ARG clang_version=15
 
 RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries
 
diff --git a/docker/ccf_ci b/docker/ccf_ci
@@ -1,26 +1,10 @@
 # CCF Continuous Integration image
 # Contains CCF build dependencies and toolchain for target platform
 
-ARG platform=sgx
+FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04
 
-# SGX
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-sgx
-
-WORKDIR /
-COPY ./docker/sgx_deps_pin.sh /
-RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh
-
-# SNP
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-snp
-
-# Virtual
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 AS base-virtual
-
-# Final CCF CI image
-FROM base-${platform} AS final
-
-ARG platform=sgx
-ARG clang_version=11
+ARG platform
+ARG clang_version=15
 ARG ansible_vars
 
 RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries
diff --git a/docker/ccf_ci_built b/docker/ccf_ci_built
@@ -3,7 +3,7 @@
 # Also contains CCF source and build directory
 
 # Latest image as of this change
-ARG base=ghcr.io/microsoft/ccf/ci/default:build-08-01-2025-2
+ARG base=ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
 FROM ${base}
 
 # SSH. Note that this could (should) be done in the base ccf_ci image instead
diff --git a/docker/sgx_deps_pin.sh b/docker/sgx_deps_pin.sh
diff --git a/getting_started/setup_vm/roles/ccf_build/vars/clang15.yml b/getting_started/setup_vm/roles/ccf_build/vars/clang15.yml
@@ -17,7 +17,6 @@ debs:
   - expect
   - git
   - ccache
-  - kmod # modinfo for sgxinfo.sh
   - cmake
   - libssl-dev
   - libnghttp2-dev # experimental http2 support
diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml
@@ -33,14 +33,6 @@
   become: true
   when: run_js|bool
 
-- name: Copy JS generic (SGX)
-  copy:
-    src: "/opt/ccf_{{ platform }}/lib/{{ ccf_js_app_name }}.enclave.so.signed"
-    dest: "/usr/lib/ccf/{{ ccf_js_app_name }}.enclave.so.signed"
-    remote_src: true
-  become: true
-  when: (run_js|bool) and (platform == "sgx")
-
 - name: Copy JS generic (Virtual)
   copy:
     src: "/opt/ccf_{{ platform }}/lib/{{ ccf_js_app_name }}.virtual.so"
diff --git a/getting_started/setup_vm/roles/ccf_install/vars/common.yml b/getting_started/setup_vm/roles/ccf_install/vars/common.yml
@@ -1,4 +1,4 @@
 ccf_ver: "latest"
 run_js: false
 ccf_js_app_name: "libjs_generic"
-platform: "sgx"
+platform: "snp"
diff --git a/samples/scripts/sgxinfo.sh b/samples/scripts/sgxinfo.sh
