From 84b0ca1b18b2f3d90ea781c1853de17c4948aab8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 27 Jan 2025 14:21:09 +0100 Subject: [PATCH] versions: Bump Ubuntu rootfs / initrd versions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While I wish we could be bumping to the very same version everywhere, it's not possible and it's been quite a ride to get a combination of things that work. Let me try to describe my approach here: * Do *NOT* stay on 20.04 * This version will be EOL'ed by April * This version has a very old version of systemd that causes a bug when trying to online the cpusets for guests using systemd as init, causing then a breakage on the qemu-coco-non-tee and TDX non-attestation set of tests * Bump to 22.04 when possible * This was possible for the majority of the cases, but for the confidential initrd & confidential images for x86_64, the reason being failures on AMD SEV CI (which I didn't debug), and a kernel panic on the CentOS 9 Stream TDX machine * 22.04 is being used instead of 24.04 as multistrap is simply broken on Ubuntu 24.04, and I'd prefer to stay on an LTS release whenever it's possible * Bump to 24.10 for x86_64 image confidential * This was done as we got everything working with 24.10 in the CI. * This requires using libtdx-attest from noble (Ubuntu 24.04), as Intel only releases their sgx stuff for LTS releases. * Stick to 20.04 for x86_64 initrd confidential * 24.10 caused a panic on their CI * This is only being used by AMD so far, so they can decide when to bump, after doing the proper testing & debug that the bump will work as expected for them Signed-off-by: Fabiano FidĂȘncio --- .../rootfs-builder/ubuntu/rootfs_lib.sh | 6 +++++- versions.yaml | 18 +++++++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh index bdfbd8bda..464144fb4 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh +++ b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh @@ -31,11 +31,15 @@ EOF curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmour -o $rootfs_dir/etc/apt/trusted.gpg.d/intel-sgx-deb.gpg sed -i -e "s/bootstrap=Ubuntu/bootstrap=Ubuntu intel-sgx/" $multistrap_conf + SUITE=$OS_VERSION + # Intel does not release sgx stuff for non-LTS, thus if using oracular (24.10), + # we need to enforce getting libtdx-attest from noble. + [ "$SUITE" = "oracular" ] && SUITE="noble" cat >> $multistrap_conf << EOF [intel-sgx] source=https://download.01.org/intel-sgx/sgx_repo/ubuntu -suite=$OS_VERSION +suite=$SUITE packages=libtdx-attest=1.22\* EOF fi diff --git a/versions.yaml b/versions.yaml index bcff52357..21590af1c 100644 --- a/versions.yaml +++ b/versions.yaml @@ -117,7 +117,7 @@ assets: architecture: aarch64: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "jammy" # 22.04 LTS nvidia-gpu: name: "ubuntu" version: "jammy" # 22.04 LTS @@ -126,19 +126,19 @@ assets: version: "jammy" # 22.04 LTS ppc64le: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "jammy" # 22.04 LTS s390x: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "jammy" # 22.04 LTS confidential: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "jammy" # 22.04 LTS x86_64: name: "ubuntu" - version: "focal" # 20.04 lTS + version: "jammy" # 22.04 lTS confidential: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "oracular" # 24.10 mariner: name: "cbl-mariner" version: "3.0" @@ -168,13 +168,13 @@ assets: # there is no such Rust target ppc64le: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "jammy" # 22.04 LTS s390x: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "jammy" # 22.04 LTS confidential: name: "ubuntu" - version: "focal" # 20.04 LTS + version: "jammy" # 22.04 LTS x86_64: name: "alpine" version: "3.18"