Ubuntu 24.04 LTS (noble) and Ubuntu 22.04 LTS (jammy)

.ci/check-python-platlib-debian12.dockerfile

@@ -0,0 +1,11 @@
+FROM debian:bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y \
+    python3 \
+    python3-distutils \
+    python3-setuptools
+
+COPY scripts/get-python-platlib.py /get-python-platlib.py
+RUN mkdir -p "$(python3 /get-python-platlib.py /usr/local)"

.ci/check-python-platlib-ubuntu24.04.dockerfile

@@ -0,0 +1,10 @@
+FROM ubuntu:24.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y \
+    python3 \
+    python3-setuptools
+
+COPY scripts/get-python-platlib.py /get-python-platlib.py
+RUN mkdir -p "$(python3 /get-python-platlib.py /usr/local)"

.ci/check-python-platlib.jenkinsfile

@@ -2,7 +2,9 @@ node() {
     checkout scm
 
     [
+        'debian12',
         'debian11',
+        'ubuntu24.04',
         'ubuntu22.04',
         'ubuntu20.04',
         'almalinux9',

.ci/lib/config.jenkinsfile

@@ -12,5 +12,9 @@ env.RA_TLS_ALLOW_HW_CONFIG_NEEDED = '1'
 env.RA_TLS_ALLOW_SW_HARDENING_NEEDED = '1'
 env.RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE = '1'
 
+if (env.RA_TYPE == null) {
+    env.RA_TYPE = 'dcap'
+}
+
 env.LC_ALL = 'C.UTF-8'
 env.LANG = env.LC_ALL

.ci/lib/stage-build-nosgx.jenkinsfile

@@ -52,6 +52,7 @@ stage('build') {
 
     // In CI we install to non-standard --prefix (see above). This makes sure the libraries are
     // available anyway.
+    env.LD_LIBRARY_PATH = libdir
     env.PKG_CONFIG_PATH = libdir + '/pkgconfig'
 
     // prevent cheating and testing from repo

.ci/lib/stage-build-sgx-vm.jenkinsfile

@@ -90,6 +90,7 @@ stage('build') {
 
     // In CI we install to non-standard --prefix (see above). This makes sure the libraries are
     // available anyway (e.g. gramine-sgx-pf-crypt needs libsgx_util.so).
+    env.LD_LIBRARY_PATH = libdir
     env.PKG_CONFIG_PATH = libdir + '/pkgconfig'
 
     // prevent cheating and testing from repo

.ci/lib/stage-build-sgx.jenkinsfile

@@ -73,6 +73,7 @@ stage('build') {
 
     // In CI we install to non-standard --prefix (see above). This makes sure the libraries are
     // available anyway.
+    env.LD_LIBRARY_PATH = libdir
     env.PKG_CONFIG_PATH = libdir + '/pkgconfig'
 
     // prevent cheating and testing from repo

.ci/lib/stage-test-direct.jenkinsfile

@@ -60,7 +60,7 @@ stage('test-direct') {
             # memcslap populates server but doesn't report errors, use
             # memcached-tool for this (must return two lines of stats)
             memcslap --servers=127.0.0.1 --concurrency=8
-            src/scripts/memcached-tool 127.0.0.1 | wc -l | grep -w "2"
+            test "$(src/scripts/memcached-tool 127.0.0.1 | wc -l)" -ge 2
         '''
     }
     timeout(time: 10, unit: 'MINUTES') {

.ci/lib/stage-test-sgx.jenkinsfile

@@ -14,18 +14,14 @@ stage('test-sgx') {
         fi
     '''
 
-    if (env.RA_TYPE == null) {
-        env.RA_TYPE = 'epid'
-    }
-
     timeout(time: 5, unit: 'MINUTES') {
         sh '''
             cd CI-Examples/helloworld
             make ${MAKEOPTS}
             make ${MAKEOPTS} check
         '''
     }
-    timeout(time: 5, unit: 'MINUTES') {
+    timeout(time: 10, unit: 'MINUTES') {
         sh '''
             cd CI-Examples/python
             make ${MAKEOPTS} RA_TYPE=$RA_TYPE RA_CLIENT_SPID=${ra_client_spid}
@@ -55,7 +51,7 @@ stage('test-sgx') {
             # memcslap populates server but doesn't report errors, use
             # memcached-tool for this (must return two lines of stats)
             memcslap --servers=127.0.0.1 --concurrency=8
-            src/scripts/memcached-tool 127.0.0.1 | wc -l | grep -w "2"
+            test "$(src/scripts/memcached-tool 127.0.0.1 | wc -l)" -ge 2
         '''
     }
     timeout(time: 15, unit: 'MINUTES') {

.ci/lib/stage-test.jenkinsfile

@@ -1,8 +1,4 @@
 stage('test') {
-    if (env.RA_TYPE == null) {
-        env.RA_TYPE = 'epid'
-    }
-
     timeout(time: 15, unit: 'MINUTES') {
         try {
             sh '''

.ci/linux-direct-ubuntu20.04-gcc-debug.jenkinsfile → .ci/linux-direct-ubuntu22.04-gcc-debug.jenkinsfile

@@ -1,11 +1,11 @@
-node('nonsgx_slave && aesni') {
+node('plain && jammy') {
     checkout scm
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
-    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_mar_2021.json") {
+        '-f .ci/ubuntu22.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-debug.jenkinsfile'
 

.ci/linux-direct-ubuntu20.04-gcc-release.jenkinsfile → .ci/linux-direct-ubuntu22.04-gcc-release.jenkinsfile

@@ -1,11 +1,11 @@
-node('nonsgx_slave && aesni') {
+node('plain && jammy') {
     checkout scm
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
-    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_mar_2021.json") {
+        '-f .ci/ubuntu22.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-release.jenkinsfile'
 

.ci/linux-direct-sanitizers.jenkinsfile → .ci/linux-direct-ubuntu22.04-sanitizers.jenkinsfile

@@ -1,11 +1,11 @@
-node('nonsgx_slave && aesni') {
+node('plain && jammy') {
     checkout scm
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
-    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_mar_2021.json") {
+        '-f .ci/ubuntu22.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-clang.jenkinsfile'
         load '.ci/lib/config-debug.jenkinsfile'

.ci/linux-direct-ubuntu24.04-gcc-debug.jenkinsfile

@@ -0,0 +1,19 @@
+node('plain && noble') {
+    checkout scm
+
+    load '.ci/lib/config-docker.jenkinsfile'
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu24.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-debug.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-nosgx.jenkinsfile'
+        load '.ci/lib/stage-test.jenkinsfile'
+        load '.ci/lib/stage-test-direct.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}

.ci/linux-direct-ubuntu24.04-gcc-release.jenkinsfile

@@ -0,0 +1,19 @@
+node('plain && noble') {
+    checkout scm
+
+    load '.ci/lib/config-docker.jenkinsfile'
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu24.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-release.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-nosgx.jenkinsfile'
+        load '.ci/lib/stage-test.jenkinsfile'
+        load '.ci/lib/stage-test-direct.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}

.ci/linux-direct-ubuntu24.04-sanitizers.jenkinsfile

@@ -0,0 +1,22 @@
+node('plain && noble') {
+    checkout scm
+
+    load '.ci/lib/config-docker.jenkinsfile'
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu24.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} --security-opt seccomp=${env.WORKSPACE}/scripts/docker_seccomp_aug_2022.json") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-clang.jenkinsfile'
+        load '.ci/lib/config-debug.jenkinsfile'
+        load '.ci/lib/config-ubsan.jenkinsfile'
+        load '.ci/lib/config-asan.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-nosgx.jenkinsfile'
+        load '.ci/lib/stage-test.jenkinsfile'
+        load '.ci/lib/stage-test-direct.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}

.ci/linux-sgx-edmm.jenkinsfile → .ci/linux-sgx-ubuntu22.04-edmm.jenkinsfile

@@ -4,18 +4,12 @@ node('sgx-edmm && aesni') {
     env.AVX = '1'  // EDMM-capable machines in our CI always have AVX
     env.SGX = '1'
     env.EDMM = '1'
-    env.RA_TYPE = 'dcap'
 
     load '.ci/lib/config-docker.jenkinsfile'
 
-    env.DOCKER_ARGS_SGX += '''
-        --volume=/usr/include/x86_64-linux-gnu/asm/sgx.h:/usr/include/asm/sgx.h:ro
-        --add-host host.docker.internal:host-gateway
-    '''
-
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
+        '-f .ci/ubuntu22.04.dockerfile .'
     ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-release.jenkinsfile'

.ci/linux-sgx-ubuntu20.04-gcc-release-apps.jenkinsfile → .ci/linux-sgx-ubuntu22.04-gcc-release-apps.jenkinsfile

@@ -1,13 +1,12 @@
-node('sgx_slave_2.6 && aesni') {
+node('sgx && jammy') {
     checkout scm
 
     env.SGX = '1'
-    env.SGX_DRIVER = 'oot'
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
+        '-f .ci/ubuntu22.04.dockerfile .'
     ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-release.jenkinsfile'

.ci/linux-sgx-ubuntu22.04-gcc-release.jenkinsfile

@@ -1,4 +1,4 @@
-node('sgx') {
+node('sgx && jammy') {
     checkout scm
 
     env.SGX = '1'

.ci/linux-sgx-ubuntu20.04-musl.jenkinsfile → .ci/linux-sgx-ubuntu22.04-musl.jenkinsfile

@@ -1,14 +1,13 @@
-node('sgx_slave_2.6 && aesni') {
+node('sgx && jammy') {
     checkout scm
 
     env.SGX = '1'
-    env.SGX_DRIVER = 'oot'
     env.GRAMINE_MUSL = '1'
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
+        '-f .ci/ubuntu22.04.dockerfile .'
     ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-release.jenkinsfile'

.ci/linux-sgx-sanitizers.jenkinsfile → .ci/linux-sgx-ubuntu22.04-sanitizers.jenkinsfile

@@ -1,13 +1,12 @@
-node('sgx_slave_2.6 && aesni') {
+node('sgx && jammy') {
     checkout scm
 
     env.SGX = '1'
-    env.SGX_DRIVER = 'oot'
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
+        '-f .ci/ubuntu22.04.dockerfile .'
     ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-clang.jenkinsfile'

.ci/linux-sgx-ubuntu24.04-edmm.jenkinsfile

@@ -0,0 +1,24 @@
+node('sgx-edmm && aesni') {
+    checkout scm
+
+    env.AVX = '1'  // EDMM-capable machines in our CI always have AVX
+    env.SGX = '1'
+    env.EDMM = '1'
+
+    load '.ci/lib/config-docker.jenkinsfile'
+
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu24.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-release.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-sgx.jenkinsfile'
+        load '.ci/lib/stage-test.jenkinsfile'
+        load '.ci/lib/stage-test-sgx.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}

.ci/linux-sgx-ubuntu24.04-gcc-release-apps.jenkinsfile

@@ -0,0 +1,20 @@
+node('sgx && noble') {
+    checkout scm
+
+    env.SGX = '1'
+
+    load '.ci/lib/config-docker.jenkinsfile'
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu24.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-release.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-sgx.jenkinsfile'
+        load '.ci/lib/stage-test-sgx.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}

.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile

@@ -1,4 +1,4 @@
-node('sgx') {
+node('sgx && noble') {
     checkout scm
 
     env.SGX = '1'

.ci/linux-sgx-ubuntu20.04-gcc-release.jenkinsfile → .ci/linux-sgx-ubuntu24.04-musl.jenkinsfile

@@ -1,13 +1,13 @@
-node('sgx_slave_2.6 && aesni') {
+node('sgx && noble') {
     checkout scm
 
     env.SGX = '1'
-    env.SGX_DRIVER = 'oot'
+    env.GRAMINE_MUSL = '1'
 
     load '.ci/lib/config-docker.jenkinsfile'
     docker.build(
         "local:${env.BUILD_TAG}",
-        '-f .ci/ubuntu20.04.dockerfile .'
+        '-f .ci/ubuntu24.04.dockerfile .'
     ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
         load '.ci/lib/config.jenkinsfile'
         load '.ci/lib/config-release.jenkinsfile'

.ci/linux-sgx-ubuntu24.04-sanitizers.jenkinsfile

@@ -0,0 +1,24 @@
+node('sgx && noble') {
+    checkout scm
+
+    env.SGX = '1'
+
+    load '.ci/lib/config-docker.jenkinsfile'
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu24.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-clang.jenkinsfile'
+        load '.ci/lib/config-debug.jenkinsfile'
+        load '.ci/lib/config-ubsan.jenkinsfile'
+        load '.ci/lib/config-asan.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-sgx.jenkinsfile'
+        load '.ci/lib/stage-test.jenkinsfile'
+        load '.ci/lib/stage-test-sgx.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}