docker: Use Ubuntu 22.04 as kbs base image

related-to: #153 When using debian:stable-slim as a base image the sgx verification libraries will crash when attempting to fetch an sgx collateral during td quote validation. Using Ubuntu 22.04 as a base image fixes the crash, and is consisten with the AS which uses same base image. Signed-off-by: Magnus Kulke <[email protected]>
confidential-containers · Apr 17, 2024 · ee1a8ce · ee1a8ce
1 parent 3d0b11d
commit ee1a8ce
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/kbs/docker/Dockerfile b/kbs/docker/Dockerfile
@@ -40,7 +40,7 @@ COPY . .
 ARG KBS_FEATURES=coco-as-builtin,rustls,resource,opa
 RUN cargo install --locked --path kbs/src/kbs --no-default-features --features ${KBS_FEATURES}
 
-FROM debian:stable-slim
+FROM ubuntu:22.04
 
 RUN apt-get update && \
     apt-get install -y \
@@ -51,12 +51,11 @@ RUN apt-get update && \
 # Install TDX Runtime Dependencies
 RUN curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | \
     gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-RUN echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list
+RUN echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list
 RUN apt-get update
 RUN apt-get install -y --no-install-recommends \
     libsgx-dcap-default-qpl \
     libsgx-dcap-quote-verify \
-    libtdx-attest \
     tpm2-tools
 
 # Intel PCCS URL Configurations