Use ubuntu 22.04 in docker image

gowthamsk-arm · gowthamsk-arm · commit 08ee5d748ded · 2023-03-21T10:36:12.000Z
The cross compilation of the latest psa-crypto sys crate fails for
aarch64 target on a ubuntu 18.04 machine. This is due to the 0.63.0
version of bindgen in psa-crypto-sys. The latest bindgen crate has
a check which compares size_t, ssize_t with target pointer and aborts
if they are unequal when size_t_is_usize flag is set. In ubuntu 18.04
these are read as 4 and 8 bytes respectively which is wrong. This is
an issue with the c library mismatchs of target toolchains in 18.04.
Hence we are updating the docker test image to 22.04. Also, 18.04 is
reaching end of life in April 2023.

This commit involves the following changes:
- Use ubuntu 22.04 as base image
- Dependency packages missing in 22.04 have been added
- Tpm library versions have been bumped as 22.04 has openssl &gt; 3.0
- Older version libts used to generate keys has been removed as
  the missing dependencies for it causes compilation issues.
  Instead we use parsec 1.0.0 which uses a libts version which is
  compatible with 22.04 for generating keys for both SQLite and
  OnDisk KIM.

Signed-off-by: Gowtham Suresh Kumar &lt;gowtham.sureshkumar@arm.com&gt;

 # OnDisk KIM.
diff --git a/e2e_tests/docker_image/generate-keys.sh b/e2e_tests/docker_image/generate-keys.sh
@@ -27,7 +27,7 @@ wait_for_killprocess() {
     done
 }
 
-configure_tpm() 
+configure_tpm()
 {
     tpm_server &
     wait_for_process "tpm_server"
@@ -63,16 +63,16 @@ save_generated_mappings_keys()
     else
         mv /var/lib/parsec/kim-mappings $DESTINATION_PATH
     fi
-    
+
     mv /tmp/create_keys/parsec/0000000000000002.psa_its $DESTINATION_PATH
     mv /tmp/create_keys/parsec/0000000000000003.psa_its $DESTINATION_PATH
 }
 
 generate_and_store_keys_for_ondisk_KIM()
 {
-    # This config.toml of parsec version 0.7.0 uses on disk manager. The latest 
+    # This config.toml of parsec version 0.7.0 uses on disk manager. The latest
     # one is updated to use SQLite manager.
-    ./target/debug/parsec -c e2e_tests/provider_cfg/all/config.toml &
+    ./target/debug/parsec -c e2e_tests/provider_cfg/all/on-disk-kim-all-providers.toml &
     wait_for_process "parsec"
     wait_for_file "/tmp/parsec.sock"
 
@@ -111,7 +111,7 @@ generate_and_store_keys_for_sqlite_KIM()
     ./target/debug/parsec -c e2e_tests/provider_cfg/all/config.toml &
     wait_for_process "parsec"
     wait_for_file "/tmp/parsec.sock"
-    
+
     # Generate keys for all providers (trusted-service-provider isn't included)
     parsec-tool -p 1 create-rsa-key -k rsa-mbed
     parsec-tool -p 1 create-ecc-key -k ecc-mbed
@@ -156,35 +156,8 @@ EOF
     save_generated_mappings_keys /tmp/sqlite/ts-keys/
 }
 
-# Install an old version mock Trusted Services compatible with old parsec 0.7.0
-# used in generate_key.sh script
-install_trusted_services_lib_old()
-{
-    git clone https://git.trustedfirmware.org/TS/trusted-services.git --branch integration
-    pushd trusted-services && git reset --hard 35c6d643b5f0c0387702e22bf742dd4878ca5ddd && popd
-    # Install correct python dependencies
-    pip3 install -r trusted-services/requirements.txt
-    pushd /tmp/trusted-services/deployments/libts/linux-pc/
-    cmake .
-    make
-    cp libts.so nanopb_install/lib/libprotobuf-nanopb.a mbedcrypto_install/lib/libmbedcrypto.a /usr/local/lib/
-    popd
-    rm -rf /tmp/trusted-services
-}
 
-if [ "$1" == "ondisk" ]; then
-    install_trusted_services_lib_old
-    # Use an old version of the Parsec service to make sure keys can still be used
-    # with today's version.
-    git clone https://github.com/parallaxsecond/parsec.git --branch 0.7.0 /tmp/create_keys/parsec
-elif [ "$1" == "sqlite" ]; then
-    # Use an old version of the Parsec service to make sure keys can still be used
-    # with today's version.
-    git clone https://github.com/parallaxsecond/parsec.git --branch 1.0.0 /tmp/create_keys/parsec
-else
-    echo "Incorrect usage of script"
-    exit 1
-fi
+git clone https://github.com/parallaxsecond/parsec.git --branch 1.0.0 /tmp/create_keys/parsec
 
 cd /tmp/create_keys/parsec
 git submodule update --init --recursive
diff --git a/e2e_tests/docker_image/parsec-service-test-all.Dockerfile b/e2e_tests/docker_image/parsec-service-test-all.Dockerfile
@@ -1,6 +1,6 @@
 # Copyright 2021 Contributors to the Parsec project.
 # SPDX-License-Identifier: Apache-2.0
-FROM ubuntu:18.04
+FROM ubuntu:22.04
 
 # The specific version of libraries used in this Dockerfile should not change without having
 # carefully checked that this is not breaking stability.
@@ -9,27 +9,27 @@ FROM ubuntu:18.04
 
 ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig
 
-RUN apt update
+RUN apt-get update && apt-get -y upgrade
 RUN apt install -y autoconf-archive libcmocka0 libcmocka-dev procps
 RUN apt install -y iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev doxygen libjson-c-dev
 RUN apt install -y --fix-missing wget python3 cmake clang
 RUN apt install -y libini-config-dev libcurl4-openssl-dev curl libgcc1
-RUN apt install -y python3-distutils libclang-6.0-dev protobuf-compiler python3-pip
+RUN apt install -y python3-distutils libclang-11-dev protobuf-compiler python3-pip
+RUN apt install -y libgcrypt20-dev uuid-dev
 RUN DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
 WORKDIR /tmp
 
-# Download and install TSS 2.0
-RUN git clone https://github.com/tpm2-software/tpm2-tss.git --branch 2.3.3
+# Download and install TSS 3.2.0
+RUN git clone https://github.com/tpm2-software/tpm2-tss.git --branch 3.2.0
 RUN cd tpm2-tss \
 	&& ./bootstrap \
 	&& ./configure \
 	&& make -j$(nproc) \
 	&& make install \
 	&& ldconfig
-RUN rm -rf tpm2-tss
 
-# Download and install TPM 2.0 Tools verison 4.1.1
-RUN git clone https://github.com/tpm2-software/tpm2-tools.git --branch 4.1.1
+# Download and install TPM 2.0 Tools verison 5.5
+RUN git clone https://github.com/tpm2-software/tpm2-tools.git --branch 5.5
 RUN cd tpm2-tools \
 	&& ./bootstrap \
 	&& ./configure --prefix=/usr \
@@ -38,9 +38,9 @@ RUN cd tpm2-tools \
 RUN rm -rf tpm2-tools
 
 # Download and install software TPM
-ARG ibmtpm_name=ibmtpm1637
+ARG ibmtpm_name=ibmtpm1682
 RUN wget -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz"
-RUN sha256sum $ibmtpm_name.tar.gz | grep ^dd3a4c3f7724243bc9ebcd5c39bbf87b82c696d1c1241cb8e5883534f6e2e327
+RUN sha256sum $ibmtpm_name.tar.gz | grep ^3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f
 RUN mkdir -p $ibmtpm_name \
 	&& tar -xvf $ibmtpm_name.tar.gz -C $ibmtpm_name \
 	&& chown -R root:root $ibmtpm_name \
@@ -123,7 +123,6 @@ ENV PARSEC_SERVICE_ENDPOINT="unix:/tmp/parsec.sock"
 
 # Generate keys for the key mappings test for ondisk KIM
 COPY generate-keys.sh /tmp/
-RUN ./generate-keys.sh ondisk
 
 # Install mock Trusted Services
 RUN git clone https://git.trustedfirmware.org/TS/trusted-services.git --branch integration \
@@ -138,8 +137,20 @@ RUN cd trusted-services/deployments/libts/linux-pc/ \
 RUN rm -rf trusted-services
 
 # Generate keys for the key mappings test for sqlite KIM
+RUN ./generate-keys.sh ondisk
 RUN ./generate-keys.sh sqlite
 
+# Compile latest version of tpm2-tss
+RUN cd tpm2-tss \
+	&& make uninstall \
+	&& git checkout 4.0.1 \
+	&& ./bootstrap \
+	&& ./configure \
+	&& make -j$(nproc) \
+	&& make install \
+	&& ldconfig
+RUN rm -rf tpm2-tss
+
 # Import an old version of the e2e tests
 COPY import-old-e2e-tests.sh /tmp/
 RUN ./import-old-e2e-tests.sh
