versions: Bump Ubuntu rootfs / initrd versions

While I wish we could be bumping to the very same version everywhere, it's not possible and it's been quite a ride to get a combination of things that work. Let me try to describe my approach here: * Do *NOT* stay on 20.04 * This version will be EOL'ed by April * This version has a very old version of systemd that causes a bug when trying to online the cpusets for guests using systemd as init, causing then a breakage on the qemu-coco-non-tee and TDX non-attestation set of tests * Bump to 22.04 when possible * This was possible for the majority of the cases, but for the confidential initrd & confidential images for x86_64, the reason being failures on AMD SEV CI (which I didn't debug), and a kernel panic on the CentOS 9 Stream TDX machine * 22.04 is being used instead of 24.04 as multistrap is simply broken on Ubuntu 24.04, and I'd prefer to stay on an LTS release whenever it's possible * Bump to 24.10 for x86_64 image confidential * This was done as we got everything working with 24.10 in the CI. * This requires using libtdx-attest from noble (Ubuntu 24.04), as Intel only releases their sgx stuff for LTS releases. * Stick to 20.04 for x86_64 initrd confidential * 24.10 caused a panic on their CI * This is only being used by AMD so far, so they can decide when to bump, after doing the proper testing & debug that the bump will work as expected for them Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-04-27 11:31:05 +00:00 · 2025-01-27 14:21:09 +01:00 · 2025-01-27 14:21:09 +01:00 · 84b0ca1b18
commit 84b0ca1b18
parent b6e0effc06
2 changed files with 14 additions and 10 deletions
--- a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh
+++ b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh
@ -31,11 +31,15 @@ EOF
 		curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key |
 			gpg --dearmour -o $rootfs_dir/etc/apt/trusted.gpg.d/intel-sgx-deb.gpg
 		sed -i -e "s/bootstrap=Ubuntu/bootstrap=Ubuntu intel-sgx/" $multistrap_conf
+		SUITE=$OS_VERSION
+		# Intel does not release sgx stuff for non-LTS, thus if using oracular (24.10),
+		# we need to enforce getting libtdx-attest from noble.
+		[ "$SUITE" = "oracular" ] && SUITE="noble"
 		cat >> $multistrap_conf << EOF

 [intel-sgx]
 source=https://download.01.org/intel-sgx/sgx_repo/ubuntu
-suite=$OS_VERSION
+suite=$SUITE
 packages=libtdx-attest=1.22\*
 EOF
 	fi
--- a/versions.yaml
+++ b/versions.yaml
@ -117,7 +117,7 @@ assets:
    architecture:
      aarch64:
        name: "ubuntu"
-        version: "focal" # 20.04 LTS
+        version: "jammy" # 22.04 LTS
        nvidia-gpu:
          name: "ubuntu"
          version: "jammy" # 22.04 LTS
@ -126,19 +126,19 @@ assets:
          version: "jammy" # 22.04 LTS
      ppc64le:
        name: "ubuntu"
-        version: "focal" # 20.04 LTS
+        version: "jammy" # 22.04 LTS
      s390x:
        name: "ubuntu"
-        version: "focal" # 20.04 LTS
+        version: "jammy" # 22.04 LTS
        confidential:
          name: "ubuntu"
-          version: "focal" # 20.04 LTS
+          version: "jammy" # 22.04 LTS
      x86_64:
        name: "ubuntu"
-        version: "focal" # 20.04 lTS
+        version: "jammy" # 22.04 lTS
        confidential:
          name: "ubuntu"
-          version: "focal" # 20.04 LTS
+          version: "oracular" # 24.10
        mariner:
          name: "cbl-mariner"
          version: "3.0"
@ -168,13 +168,13 @@ assets:
      # there is no such Rust target
      ppc64le:
        name: "ubuntu"
-        version: "focal" # 20.04 LTS
+        version: "jammy" # 22.04 LTS
      s390x:
        name: "ubuntu"
-        version: "focal" # 20.04 LTS
+        version: "jammy" # 22.04 LTS
        confidential:
          name: "ubuntu"
-          version: "focal" # 20.04 LTS
+          version: "jammy" # 22.04 LTS
      x86_64:
        name: "alpine"
        version: "3.18"