Update SVR to Ubuntu 22.04 and Debian bookworm.

2025-04-18 14:50:02 -07:00 · 2025-04-18 14:50:02 -07:00 · 9d5df31e6a
commit 9d5df31e6a
parent e00c2232b1
16 changed files with 162 additions and 76 deletions
--- a/1
+++ b/1
@ -45,6 +45,7 @@ clean:
 	$(MAKE) $(MAKE_ARGS) -C host clean
 	rm -rf docker/build
 	rm -rf .cargohome/* .cargohome/.*cache* .cargotarget/*
+	git submodule foreach --recursive git clean -fxd

 dockerbase: | git
 	[ "" != "$(SKIP_DOCKER_BUILD)" ] || \
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -6,34 +6,10 @@ FROM amd64/debian:bookworm@sha256:e83f38eb264420870d48bccc73f04df5fffc710c66528a
 LABEL description="linux build environment for sgx."

 COPY docker/apt.conf docker/sources.list /etc/apt/
-RUN rm -rf /etc/apt/sources.list.d/* && \
-    while true; do apt-get update && break; done && \
-    while true; do apt-get install -y \
-      gpg \
-      gnupg2 \
-      wget \
-      software-properties-common \
-    && break; done
+RUN rm -rf /etc/apt/sources.list.d/*
+COPY docker/sgx_runtime_libraries.sh /tmp/
+RUN /tmp/sgx_runtime_libraries.sh

-COPY docker/sgx.sources.list docker/ms.sources.list /etc/apt/sources.list.d/
-# ms and intel repos keep old packages around,
-# however if they remove some of these in the future
-# binary packages can be retrieved from github releases
-RUN wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
-    wget -qO - https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
-    while true; do apt-get update && break; done && \
-    while true; do apt-get install -y \
-    libsgx-ae-id-enclave=1.22.100.3-jammy1 \
-    libsgx-ae-pce=2.25.100.3-jammy1 \
-    libsgx-ae-qe3=1.22.100.3-jammy1 \
-    libsgx-dcap-ql=1.22.100.3-jammy1 \
-    libsgx-dcap-ql-dev=1.22.100.3-jammy1 \
-    libsgx-enclave-common=2.25.100.3-jammy1 \
-    libsgx-headers=2.25.100.3-jammy1 \
-    libsgx-pce-logic=1.22.100.3-jammy1 \
-    libsgx-qe3-logic=1.22.100.3-jammy1 \
-    libsgx-urts=2.25.100.3-jammy1 \
-    && break; done && apt-get clean
 ARG OPENENCLAVE_VERSION=0.19.10
 ARG OPENENCLAVE_HASH=4a5f77edaaebb1fee52b6f5b2b5f1200fd57a048fb3fcf82afa5dd69ee3b1a8f
 ADD --checksum=sha256:${OPENENCLAVE_HASH} \
--- a/docker/sgx_runtime_libraries.sh
+++ b/docker/sgx_runtime_libraries.sh
@ -0,0 +1,46 @@
+#!/bin/bash
+set -eux -o pipefail
+
+apt-get update
+apt-get install -y \
+      gpg \
+      gnupg2 \
+      wget \
+      software-properties-common \
+      debian-archive-keyring \
+## apt-get install
+echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/22.04/prod jammy main" | tee /etc/apt/sources.list.d/msprod.list
+echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" | tee /etc/apt/sources.list.d/sgx.list
+
+wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -
+wget -qO - https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
+
+apt-get update
+apt-get -y install \
+    libsgx-ae-epid=2.25.100.3-jammy1 \
+    libsgx-ae-id-enclave=1.22.100.3-jammy1 \
+    libsgx-ae-le=2.25.100.3-jammy1 \
+    libsgx-ae-pce=2.25.100.3-jammy1 \
+    libsgx-ae-qe3=1.22.100.3-jammy1 \
+    libsgx-ae-qve=1.22.100.3-jammy1 \
+    libsgx-aesm-ecdsa-plugin=2.25.100.3-jammy1 \
+    libsgx-aesm-epid-plugin=2.25.100.3-jammy1 \
+    libsgx-aesm-launch-plugin=2.25.100.3-jammy1 \
+    libsgx-aesm-pce-plugin=2.25.100.3-jammy1 \
+    libsgx-aesm-quote-ex-plugin=2.25.100.3-jammy1 \
+    libsgx-dcap-default-qpl=1.22.100.3-jammy1 \
+    libsgx-dcap-default-qpl-dev=1.22.100.3-jammy1 \
+    libsgx-dcap-ql=1.22.100.3-jammy1 \
+    libsgx-dcap-ql-dev=1.22.100.3-jammy1 \
+    libsgx-dcap-quote-verify=1.22.100.3-jammy1 \
+    libsgx-enclave-common=2.25.100.3-jammy1 \
+    libsgx-headers=2.25.100.3-jammy1 \
+    libsgx-launch=2.25.100.3-jammy1 \
+    libsgx-pce-logic=1.22.100.3-jammy1 \
+    libsgx-qe3-logic=1.22.100.3-jammy1 \
+    libsgx-quote-ex=2.25.100.3-jammy1 \
+    libsgx-urts=2.25.100.3-jammy1 \
+    sgx-aesm-service=2.25.100.3-jammy1 \
+## apt-get install
+
+apt-get clean
--- a/docker/sources.list
+++ b/docker/sources.list
@ -1,2 +1,5 @@
 deb http://snapshot.debian.org/archive/debian/20250312T000000Z/ bookworm main
 deb http://snapshot.debian.org/archive/debian/20250312T000000Z/ bookworm-updates main
+
+# for old libprotobuf
+deb http://snapshot.debian.org/archive/debian/20250312T000000Z/ bullseye main
--- a/enclave/releases/nitro/nitro.75882c69.52b91975.65d6db28.eif
+++ b/enclave/releases/nitro/nitro.75882c69.52b91975.65d6db28.eif
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4652ac7de4430eaaf8d71cafaa7993b9377abab5ebd01c4d2355a1b03f1bc6fa
+size 186404907
--- a/enclave/releases/sgx/default.093be9ea32405e85ae28dbb48eb668aebeb7dbe29517b9b86ad4bec4dfe0e6a6
+++ b/enclave/releases/sgx/default.093be9ea32405e85ae28dbb48eb668aebeb7dbe29517b9b86ad4bec4dfe0e6a6
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:96d8c7174a81ccee5752dc9002a1992aaf059e809fde21d92a48e9270fbc4751
+size 34830088
--- a/enclave/releases/sgx/default.11ff31e9e9c43001c10313b5bcf893a699a2ee95e9614510dfcd1233f8940b65
+++ b/enclave/releases/sgx/default.11ff31e9e9c43001c10313b5bcf893a699a2ee95e9614510dfcd1233f8940b65
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:171618d04e2c3f1200c99a7dccac0b272aa80f3bb6320646ff9e46f909fd3eae
-size 34769424
--- a/enclave/releases/sgx/default.a6622ad4656e1abcd0bc0ff17c229477747d2ded0495c4ebee7ed35c1789fa97
+++ b/enclave/releases/sgx/default.a6622ad4656e1abcd0bc0ff17c229477747d2ded0495c4ebee7ed35c1789fa97
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f65e6acc1b700f732fda5ab2cee0b86c6ae6b94ef06f2179fade104356e13001
-size 30881792
--- a/enclave/releases/sgx/default.bfb0c79614ff45e8d38caf603deab3ea28c71dfbea787cac203073d7e12bae74
+++ b/enclave/releases/sgx/default.bfb0c79614ff45e8d38caf603deab3ea28c71dfbea787cac203073d7e12bae74
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8e49d62614563499590ee9c41905ebc58401411fae8c400e5e8fd2dd251c7844
-size 34814888
--- a/enclave/releases/sgx/small.2e8cefe6e3f389d8426adb24e9b7fb7adf10902c96f06f7bbcee36277711ed91
+++ b/enclave/releases/sgx/small.2e8cefe6e3f389d8426adb24e9b7fb7adf10902c96f06f7bbcee36277711ed91
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:21bc876f948650c485800f82df726c83ec87c7bea2388fd05e4b08a1a0abbe9c
+size 34830088
--- a/enclave/releases/sgx/small.38f055c0465b379aef56e3ba9318317eacca9432bdd3b3cab887d09eb84b379f
+++ b/enclave/releases/sgx/small.38f055c0465b379aef56e3ba9318317eacca9432bdd3b3cab887d09eb84b379f
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55c9c1e0d91147ceda026def1245df6dd0d74be49efeb7a202670c075d8eeb5e
-size 34814888
--- a/enclave/releases/sgx/small.acb1973aa0bbbd14b3b4e06f145497d948fd4a98efc500fcce363b3b743ec482
+++ b/enclave/releases/sgx/small.acb1973aa0bbbd14b3b4e06f145497d948fd4a98efc500fcce363b3b743ec482
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fd1b9e3ee33f625b62ab9c1ce4f595af56f3cd9fc2e216ab654e863128594852
-size 30881792
--- a/enclave/releases/sgx/small.c49739bec442e209506152e38ae498c3688d32d4f575d7b23a31166b5506c610
+++ b/enclave/releases/sgx/small.c49739bec442e209506152e38ae498c3688d32d4f575d7b23a31166b5506c610
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:396aa25e6120fb0620db75082f0422051b105443849a35a280298335d8a707cc
-size 34769424
--- a/host/rustclient/Cargo.lock
+++ b/host/rustclient/Cargo.lock
@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4

 [[package]]
 name = "addr2line"
@ -126,9 +126,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"

 [[package]]
 name = "bytes"
-version = "1.8.0"
+version = "1.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ac0150caa2ae65ca5bd83f25c7de183dea78d4d366469f148435e2acfbad0da"
+checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"

 [[package]]
 name = "cc"
@ -198,7 +198,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
 dependencies = [
 "generic-array",
- "rand_core",
+ "rand_core 0.6.4",
 "typenum",
 ]

@ -356,7 +356,19 @@ checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
 dependencies = [
 "cfg-if",
 "libc",
- "wasi",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "r-efi",
+ "wasi 0.14.2+wasi-0.2.4",
 ]

 [[package]]
@ -515,7 +527,7 @@ checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec"
 dependencies = [
 "hermit-abi",
 "libc",
- "wasi",
+ "wasi 0.11.0+wasi-snapshot-preview1",
 "windows-sys 0.52.0",
 ]

@ -597,7 +609,7 @@ version = "0.2.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
 dependencies = [
- "zerocopy",
+ "zerocopy 0.7.35",
 ]

 [[package]]
@ -608,7 +620,7 @@ checksum = "e10cdd9eee50fe65bbd4f40211f1a492f1ee52e97a51100950b6f1fa319ab7cd"
 dependencies = [
 "cc",
 "dunce",
- "getrandom",
+ "getrandom 0.2.15",
 "libc",
 ]

@ -713,24 +725,30 @@ dependencies = [
 ]

 [[package]]
-name = "rand"
-version = "0.8.5"
+name = "r-efi"
+version = "5.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"
+
+[[package]]
+name = "rand"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94"
 dependencies = [
- "libc",
 "rand_chacha",
- "rand_core",
+ "rand_core 0.9.3",
+ "zerocopy 0.8.24",
 ]

 [[package]]
 name = "rand_chacha"
-version = "0.3.1"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
 dependencies = [
 "ppv-lite86",
- "rand_core",
+ "rand_core 0.9.3",
 ]

 [[package]]
@ -739,7 +757,16 @@ version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
 dependencies = [
- "getrandom",
+ "getrandom 0.2.15",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
+dependencies = [
+ "getrandom 0.3.2",
 ]

 [[package]]
@ -875,7 +902,7 @@ dependencies = [
 "curve25519-dalek",
 "pqcrypto-kyber",
 "pqcrypto-traits",
- "rand_core",
+ "rand_core 0.6.4",
 "rustc_version",
 "sha2",
 "subtle",
@ -923,18 +950,18 @@ dependencies = [

 [[package]]
 name = "thiserror"
-version = "1.0.69"
+version = "2.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
+checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
 dependencies = [
 "thiserror-impl",
 ]

 [[package]]
 name = "thiserror-impl"
-version = "1.0.69"
+version = "2.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
+checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
 dependencies = [
 "proc-macro2",
 "quote",
@ -958,9 +985,9 @@ dependencies = [

 [[package]]
 name = "tokio-tungstenite"
-version = "0.24.0"
+version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "edc5f74e248dc973e0dbb7b74c7e0d6fcc301c694ff50049504004ef4d0cdcd9"
+checksum = "7a9daff607c6d2bf6c16fd681ccb7eecc83e4e2cdc1ca067ffaadfca5de7f084"
 dependencies = [
 "futures-util",
 "log",
@ -970,11 +997,10 @@ dependencies = [

 [[package]]
 name = "tungstenite"
-version = "0.24.0"
+version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18e5b8366ee7a95b16d32197d0b2604b43a0be89dc5fac9f8e96ccafbaedda8a"
+checksum = "4793cb5e56680ecbb1d843515b23b6de9a75eb04b66643e256a396d43be33c13"
 dependencies = [
- "byteorder",
 "bytes",
 "data-encoding",
 "http",
@ -1026,6 +1052,15 @@ version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"

+[[package]]
+name = "wasi"
+version = "0.14.2+wasi-0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
+dependencies = [
+ "wit-bindgen-rt",
+]
+
 [[package]]
 name = "windows-sys"
 version = "0.52.0"
@ -1108,6 +1143,15 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"

+[[package]]
+name = "wit-bindgen-rt"
+version = "0.39.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.35"
@ -1115,7 +1159,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
 dependencies = [
 "byteorder",
- "zerocopy-derive",
+ "zerocopy-derive 0.7.35",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2586fea28e186957ef732a5f8b3be2da217d65c5969d4b1e17f973ebbe876879"
+dependencies = [
+ "zerocopy-derive 0.8.24",
 ]

 [[package]]
@ -1129,6 +1182,17 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "zerocopy-derive"
+version = "0.8.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a996a8f63c5c4448cd959ac1bab0aaa3306ccfd060472f85943ee0750f0169be"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "zeroize"
 version = "1.8.1"
--- a/host/rustclient/Cargo.toml
+++ b/host/rustclient/Cargo.toml
@ -7,7 +7,7 @@ edition = "2021"

 [dependencies]
 snow = { version = "0.9.6", features = ["hfs", "pqclean_kyber1024"] }
-tokio-tungstenite = "0.24.0"
+tokio-tungstenite = "0.26.2"
 prost = "0.13.1"
 simple-error = "0.3.1"
 base64 = "0.22.1"
--- a/host/rustclient/src/main.rs
+++ b/host/rustclient/src/main.rs
@ -41,7 +41,12 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
    let now = SystemTime::now();
    let unix_secs = now.duration_since(SystemTime::UNIX_EPOCH)?.as_secs();
    println!("Timestamp: {}", unix_secs);
-    let mut mac = HmacSha256::new_from_slice(b"123456")?;
+    let key = if let Ok(k) = std::env::var("AUTH_KEY") {
+        BASE64_STANDARD.decode(k)?
+    } else {
+        b"123456".to_vec()
+    };
+    let mut mac = HmacSha256::new_from_slice(&key)?;
    let user = &[1u8; 16];
    let to_mac: Vec<u8> = [
        hex::encode(user).as_bytes(),
@ -89,7 +94,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
    let len = initiator.write_message(&[], &mut buf)?;

    println!("Send handshake start");
-    stream.write(tungstenite::Message::Binary(buf[..len].to_vec()))?;
+    stream.write(tungstenite::Message::Binary(buf[..len].to_vec().into()))?;
    stream.flush()?;

    println!("Recv handshake start");