prepare release

BUILD.md

@@ -20,17 +20,17 @@ docker run --rm --entrypoint cat edb edgelessdb-sgx.json > edgelessdb-sgx.json
 ## Run the Docker image
 You can run EdgelessDB in simulation mode on any system:
 ```sh
-docker run --name my-edb -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 -t edb
+docker run -t --name my-edb -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 edb
 ```
 
 If your dev environment supports SGX-FLC:
 ```sh
-docker run --name my-edb -p3306:3306 -p8080:8080 --privileged -v /dev/sgx:/dev/sgx -t edb
+docker run -t --name my-edb -p3306:3306 -p8080:8080 --device /dev/sgx_enclave --device /dev/sgx_provision edb
 ```
 
 If your dev environment supports SGX without FLC:
 ```sh
-docker run --name my-edb -p3306:3306 -p8080:8080 --device /dev/isgx -v /var/run/aesmd:/var/run/aesmd -t edb
+docker run -t --name my-edb -p3306:3306 -p8080:8080 --device /dev/isgx -v /var/run/aesmd:/var/run/aesmd edb
 ```
 Note that you'll get attestation errors on such systems.
 

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.11)
-project(edb VERSION 0.3.0)
+project(edb VERSION 0.3.1)
 
 if (NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE Debug)

Dockerfile

@@ -1,20 +1,22 @@
-FROM ubuntu:focal-20220531 AS build
+FROM ghcr.io/edgelesssys/edgelessdb/build-base:v0.3.1 AS build
 
-RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y \
+# don't run `apt-get update` because required packages are cached in build-base for reproducibility
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
   bbe \
   bison \
   build-essential \
+  ca-certificates \
   clang-10 \
   cmake \
-  doxygen \
   git \
   liblz4-dev \
+  libncurses-dev \
   libssl-dev \
   ninja-build \
   zlib1g-dev
 
-ARG erttag=v0.3.3
-ARG edbtag=v0.3.0
+ARG erttag=v0.3.5
+ARG edbtag=v0.3.1
 RUN git clone -b $erttag --depth=1 https://github.com/edgelesssys/edgelessrt \
   && git clone -b $edbtag --depth=1 https://github.com/edgelesssys/edgelessdb \
   && mkdir ertbuild edbbuild
@@ -40,29 +42,27 @@ RUN --mount=type=secret,id=signingkey,dst=/edbbuild/private.pem,required=true \
   && cat edgelessdb-sgx.json
 
 # deploy
-FROM ubuntu:focal-20220531
+FROM ubuntu:focal-20220801
 ARG PSW_VERSION=2.17.100.3-focal1
 ARG DCAP_VERSION=1.14.100.3-focal1
-RUN apt update && apt install -y gnupg libcurl4 wget \
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates gnupg libcurl4 wget \
   && wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add \
   && echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' >> /etc/apt/sources.list \
   && wget -qO- https://packages.microsoft.com/keys/microsoft.asc | apt-key add \
   && echo 'deb [arch=amd64] https://packages.microsoft.com/ubuntu/20.04/prod focal main' >> /etc/apt/sources.list \
-  && apt update && apt install -y --no-install-recommends \
+  && apt-get update && apt-get install -y --no-install-recommends \
+  libsgx-ae-id-enclave=$DCAP_VERSION \
   libsgx-ae-pce=$PSW_VERSION \
   libsgx-ae-qe3=$DCAP_VERSION \
-  libsgx-ae-qve=$DCAP_VERSION \
   libsgx-dcap-ql=$DCAP_VERSION \
-  libsgx-dcap-ql-dev=$DCAP_VERSION \
   libsgx-enclave-common=$PSW_VERSION \
-  libsgx-headers=$PSW_VERSION \
   libsgx-launch=$PSW_VERSION \
   libsgx-pce-logic=$DCAP_VERSION \
   libsgx-qe3-logic=$DCAP_VERSION \
   libsgx-urts=$PSW_VERSION \
-  && apt install -d az-dcap-client libsgx-dcap-default-qpl=$DCAP_VERSION
+  && apt-get install -d az-dcap-client libsgx-dcap-default-qpl=$DCAP_VERSION
 COPY --from=build /edbbuild/edb /edbbuild/edb-enclave.signed /edbbuild/edgelessdb-sgx.json /edgelessdb/src/entry.sh /
 COPY --from=build /opt/edgelessrt/bin/erthost /opt/edgelessrt/bin/
-ENV PATH=${PATH}:/opt/edgelessrt/bin AZDCAP_DEBUG_LOG_LEVEL=error
+ENV PATH=${PATH}:/opt/edgelessrt/bin
 ENTRYPOINT ["/entry.sh"]
 EXPOSE 3306 8080

Dockerfile.build-base

@@ -0,0 +1,14 @@
+FROM ubuntu:focal-20220801
+RUN apt-get update && apt-get install -dy --no-install-recommends \
+  bbe \
+  bison \
+  build-essential \
+  ca-certificates \
+  clang-10 \
+  cmake \
+  git \
+  liblz4-dev \
+  libncurses-dev \
+  libssl-dev \
+  ninja-build \
+  zlib1g-dev

README.md

@@ -29,12 +29,12 @@ For details see [concepts](https://docs.edgeless.systems/edgelessdb/#/getting-st
 
 Run EdgelessDB on an SGX-capable system:
 ```sh
-docker run --name my-edb -p3306:3306 -p8080:8080 --privileged -v /dev/sgx:/dev/sgx -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb
+docker run -t --name my-edb -p3306:3306 -p8080:8080 --device /dev/sgx_enclave --device /dev/sgx_provision ghcr.io/edgelesssys/edgelessdb-sgx-1gb
 ```
 
 Or try it in simulation mode on any system:
 ```sh
-docker run --name my-edb -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb
+docker run -t --name my-edb -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 ghcr.io/edgelesssys/edgelessdb-sgx-1gb
 ```
 
 You may want to start with [using EdgelessDB as a high-security SQL database](https://docs.edgeless.systems/edgelessdb/#/getting-started/quickstart-sgx) in a possibly untrusted environment.

charts/Chart.yaml

@@ -2,17 +2,17 @@ apiVersion: v2
 name: edgelessdb
 description: EdgelessDB is a MySQL-compatible database for confidential computing. It runs entirely inside a secure enclave and comes with advanced features for collaboration, recovery, and access control.
 keywords:
-- database
-- confidential-computing
+  - database
+  - confidential-computing
 type: application
-appVersion: v0.3.0
-version: v0.3.0
+appVersion: v0.3.1
+version: v0.3.1
 maintainers:
   - name: Edgeless Systems
     email: contact@edgeless.systems
     url: https://edgeless.systems/
 sources:
-- https://github.com/edgelesssys/edgelessdb
+  - https://github.com/edgelesssys/edgelessdb
 home: https://edgeless.systems
 icon: https://raw.githubusercontent.com/edgelesssys/helm/main/edgelessdb_icon.svg
 annotations:

charts/README.md

@@ -52,7 +52,7 @@ their default values.
 | `edb.simulation`              |bool   | Needs be set to `true` when running on systems without SGX1+FLC capabilities | `false` |
 | `edb.sqlApiHost`              |string | The network address of the MySQL interface | `"0.0.0.0"` |
 | `edb.sqlApiPort`              |int    | Port of the MySQL interface | `3306` |
-| `global.image`                |object | EdgelessDB image configuration | `{"pullPolicy":"IfNotPresent","version":" v0.3.0","repository":"ghcr.io/edgelesssys"}` |
+| `global.image`                |object | EdgelessDB image configuration | `{"pullPolicy":"IfNotPresent","version":" v0.3.1","repository":"ghcr.io/edgelesssys"}` |
 | `global.podAnnotations`       |object | Additional annotations to add to all pods | `{}`|
 | `global.podLabels`            |object | Additional labels to add to all pods | `{}` |
 | `nodeSelector`                |object | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information | `{"beta.kubernetes.io/os": "linux"}` |

charts/values.yaml

@@ -3,7 +3,7 @@
 global:
   image:
     pullPolicy: IfNotPresent
-    version: v0.3.0
+    version: v0.3.1
     repository: ghcr.io/edgelesssys
 
   createdBy: Helm

demo/edgelessdb-sgx.json

@@ -1,5 +1,5 @@
 {
-	"SecurityVersion": 3,
+	"SecurityVersion": 4,
 	"ProductID": 16,
 	"SignerID": "67d7b00741440d29922a15a9ead427b6faf1d610238ae9826da345cea4fee0fe"
 }

go.mod

@@ -3,45 +3,47 @@ module github.com/edgelesssys/edgelessdb
 go 1.17
 
 require (
-	github.com/edgelesssys/ego v0.5.0
+	github.com/edgelesssys/ego v1.0.0
 	github.com/edgelesssys/era v0.3.2
-	github.com/edgelesssys/marblerun v0.5.1
+	github.com/edgelesssys/marblerun v0.6.0
 	github.com/fatih/color v1.13.0
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/spf13/afero v1.8.2
-	github.com/stretchr/testify v1.7.2
-	google.golang.org/grpc v1.47.0
+	github.com/spf13/afero v1.9.2
+	github.com/stretchr/testify v1.8.0
+	google.golang.org/grpc v1.48.0
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/go-logr/logr v0.4.0 // indirect
+	github.com/go-logr/logr v1.2.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.7 // indirect
-	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/uuid v1.1.2 // indirect
-	github.com/json-iterator/go v1.1.11 // indirect
-	github.com/mattn/go-colorable v0.1.9 // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/tidwall/gjson v1.11.0 // indirect
+	github.com/tidwall/gjson v1.14.1 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
-	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
-	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
-	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
-	golang.org/x/text v0.3.6 // indirect
-	google.golang.org/genproto v0.0.0-20210226172003-ab064af71705 // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
+	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.21.3 // indirect
-	k8s.io/apimachinery v0.21.3 // indirect
-	k8s.io/klog/v2 v2.8.0 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
+	k8s.io/api v0.24.2 // indirect
+	k8s.io/apimachinery v0.24.2 // indirect
+	k8s.io/klog/v2 v2.60.1 // indirect
+	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
+	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 )