diff --git a/attestation-service/docker/as-grpc/Dockerfile b/attestation-service/docker/as-grpc/Dockerfile index bffa766fee..9064825aff 100644 --- a/attestation-service/docker/as-grpc/Dockerfile +++ b/attestation-service/docker/as-grpc/Dockerfile @@ -13,12 +13,15 @@ WORKDIR /usr/src/attestation-service COPY . . # Install TPM Build Dependencies -RUN apt-get update && apt-get install -y protobuf-compiler clang libtss2-dev cmake +RUN apt-get update && apt-get install --no-install-recommends -y protobuf-compiler clang libtss2-dev cmake # Install TDX Build Dependencies +ARG DCAP_VERSION=1_24_100 RUN if [ "${ARCH}" = "x86_64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ - apt-get update && apt-get install -y libsgx-dcap-quote-verify-dev; fi + curl -sSLf https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99dcap_${DCAP_VERSION}_noble_custom_version.cfg | \ + tee -a /etc/apt/preferences.d/99dcap && \ + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ + apt-get update && apt-get install --no-install-recommends -y libsgx-dcap-quote-verify-dev; fi # Build and Install gRPC attestation-service RUN if [ "$(uname -m)" != "${ARCH}" ]; then \ @@ -46,12 +49,15 @@ RUN apt-get update && apt-get install openssl -y && \ rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/* # Install TDX Runtime Dependencies +ARG DCAP_VERSION=1_24_100 RUN if [ "${ARCH}" = "x86_64" ] && ( [ "${VERIFIER}" = "all-verifier" ] || [ "${VERIFIER}" = "tdx-verifier" ] ); \ then apt-get update && apt-get install curl gnupg -y && \ curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ + curl -sSLf https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99dcap_${DCAP_VERSION}_noble_custom_version.cfg | \ + tee -a /etc/apt/preferences.d/99dcap && \ + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ apt-get update && \ - apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \ + apt-get install --no-install-recommends -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \ apt-get remove curl gnupg -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*; fi diff --git a/attestation-service/docker/as-restful/Dockerfile b/attestation-service/docker/as-restful/Dockerfile index 574ae40613..84e43ea447 100644 --- a/attestation-service/docker/as-restful/Dockerfile +++ b/attestation-service/docker/as-restful/Dockerfile @@ -16,9 +16,12 @@ COPY . . RUN apt-get update && apt-get install -y protobuf-compiler clang libtss2-dev cmake # Install TDX Build Dependencies +ARG DCAP_VERSION=1_24_100 RUN if [ "${ARCH}" = "x86_64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ - apt-get update && apt-get install -y libsgx-dcap-quote-verify-dev; fi + curl -sSLf https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99dcap_${DCAP_VERSION}_noble_custom_version.cfg | \ + tee -a /etc/apt/preferences.d/99dcap && \ + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ + apt-get update && apt-get install --no-install-recommends -y libsgx-dcap-quote-verify-dev; fi # Build and Install RESTful attestation-service RUN if [ "$(uname -m)" != "${ARCH}" ]; then \ @@ -47,12 +50,15 @@ RUN apt-get update && apt-get install openssl -y && \ rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/* # Install TDX Runtime Dependencies +ARG DCAP_VERSION=1_24_100 RUN if [ "${ARCH}" = "x86_64" ] && ( [ "${VERIFIER}" = "all-verifier" ] || [ "${VERIFIER}" = "tdx-verifier" ] ); \ then apt-get update && apt-get install curl gnupg -y && \ curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ + curl -sSLf https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99dcap_${DCAP_VERSION}_noble_custom_version.cfg | \ + tee -a /etc/apt/preferences.d/99dcap && \ + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ apt-get update && \ - apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \ + apt-get install --no-install-recommends -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \ apt-get remove curl gnupg -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*; fi diff --git a/kbs/docker/Dockerfile b/kbs/docker/Dockerfile index c1c6248ce3..44feffb566 100644 --- a/kbs/docker/Dockerfile +++ b/kbs/docker/Dockerfile @@ -17,9 +17,12 @@ RUN apt-get update && \ RUN if [ "${ARCH}" = "aarch64" ]; then apt-get install -y libc-bin; fi +ARG DCAP_VERSION=1_24_100 RUN if [ "${ARCH}" = "x86_64" ]; then curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \ gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | \ + curl -sSLf https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99dcap_${DCAP_VERSION}_noble_custom_version.cfg | \ + tee -a /etc/apt/preferences.d/99dcap && \ + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | \ tee /etc/apt/sources.list.d/intel-sgx.list; fi && \ apt-get update && \ apt-get install -y --no-install-recommends \ @@ -50,6 +53,7 @@ ARG ARCH=x86_64 WORKDIR /tmp +ARG DCAP_VERSION=1_24_100 RUN apt-get update && \ apt-get install -y \ curl \ @@ -57,7 +61,9 @@ RUN apt-get update && \ gnupg-agent && \ if [ "${ARCH}" = "x86_64" ]; then curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \ gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ + curl -sSLf https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/99dcap_${DCAP_VERSION}_noble_custom_version.cfg | \ + tee -a /etc/apt/preferences.d/99dcap && \ + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ apt-get update && \ apt-get install -y --no-install-recommends \ libsgx-dcap-default-qpl \ diff --git a/tools/trustee-cli/Dockerfile b/tools/trustee-cli/Dockerfile index a890c24a3a..b37a00d1c8 100644 --- a/tools/trustee-cli/Dockerfile +++ b/tools/trustee-cli/Dockerfile @@ -17,12 +17,7 @@ RUN apt-get update && \ RUN if [ "${ARCH}" = "aarch64" ]; then apt-get install -y libc-bin; fi -RUN if [ "${ARCH}" = "x86_64" ]; then curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \ - gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | \ - tee /etc/apt/sources.list.d/intel-sgx.list; fi && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ +RUN apt-get install -y --no-install-recommends \ libclang-dev \ libprotobuf-dev \ libssl-dev \ @@ -32,10 +27,7 @@ RUN if [ "${ARCH}" = "x86_64" ]; then curl -fsSL https://download.01.org/intel-s protobuf-compiler \ wget \ clang \ - cmake \ - libtss2-dev && \ - if [ "${ARCH}" = "x86_64" ]; then apt-get install -y --no-install-recommends \ - libsgx-dcap-quote-verify-dev; fi + cmake # Build and Install trustee-cli WORKDIR /usr/src/trustee @@ -45,26 +37,5 @@ RUN cd tools/trustee-cli && make ARCH=${ARCH} && make ARCH=${ARCH} install # ubuntu:24.04 FROM ubuntu@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9 -ARG ARCH=x86_64 - -WORKDIR /tmp - -RUN apt-get update && \ - apt-get install -y \ - curl \ - gnupg \ - gnupg-agent && \ - if [ "${ARCH}" = "x86_64" ]; then curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \ - gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ - echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - libsgx-dcap-default-qpl \ - libsgx-dcap-quote-verify \ - libtss2-tctildr0 \ - libtss2-esys-3.0.2-0 ; \ - fi && \ - apt clean all && \ - rm -rf /tmp/* COPY --from=builder /usr/local/bin/trustee /usr/local/bin/trustee