prepare release

BUILD.md

@@ -36,7 +36,7 @@ Use these images to try the latest changes from the main branch:
 ## Build from source
 *Prerequisites*:
 * [Edgeless RT](https://github.com/edgelesssys/edgelessrt) is installed and sourced
-* Go 1.16 or newer
+* Go 1.17 or newer
 
 On Ubuntu 20.04 build with:
 ```sh

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.11)
-project(edb VERSION 0.2.1)
+project(edb VERSION 0.3.0)
 
 if (NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE Debug)

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20211006 AS build
+FROM ubuntu:focal-20220531 AS build
 
 RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y \
   bbe \
@@ -13,7 +13,8 @@ RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y \
   ninja-build=1.10.0-1build1 \
   zlib1g-dev=1:1.2.11.dfsg-2ubuntu1.3
 
-ARG erttag=v0.2.8 edbtag=v0.2.1
+ARG erttag=v0.3.3
+ARG edbtag=v0.3.0
 RUN git clone -b $erttag --depth=1 https://github.com/edgelesssys/edgelessrt \
   && git clone -b $edbtag --depth=1 https://github.com/edgelesssys/edgelessdb \
   && mkdir ertbuild edbbuild
@@ -38,8 +39,9 @@ RUN --mount=type=secret,id=signingkey,dst=/edbbuild/private.pem,required=true \
   && make sign-edb
 
 # deploy
-FROM ubuntu:focal-20211006
-ARG PSW_VERSION=2.15.100.3-focal1 DCAP_VERSION=1.12.100.3-focal1
+FROM ubuntu:focal-20220531
+ARG PSW_VERSION=2.17.100.3-focal1
+ARG DCAP_VERSION=1.14.100.3-focal1
 RUN apt update && apt install -y gnupg libcurl4 wget \
   && wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add \
   && echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' >> /etc/apt/sources.list \

charts/Chart.yaml

@@ -5,8 +5,8 @@ keywords:
 - database
 - confidential-computing
 type: application
-appVersion: v0.2.1
-version: v0.2.1
+appVersion: v0.3.0
+version: v0.3.0
 maintainers:
   - name: Edgeless Systems
     email: [email protected]

charts/README.md

@@ -52,7 +52,7 @@ their default values.
 | `edb.simulation`              |bool   | Needs be set to `true` when running on systems without SGX1+FLC capabilities | `false` |
 | `edb.sqlApiHost`              |string | The network address of the MySQL interface | `"0.0.0.0"` |
 | `edb.sqlApiPort`              |int    | Port of the MySQL interface | `3306` |
-| `global.image`                |object | EdgelessDB image configuration | `{"pullPolicy":"IfNotPresent","version":" v0.2.1","repository":"ghcr.io/edgelesssys"}` |
+| `global.image`                |object | EdgelessDB image configuration | `{"pullPolicy":"IfNotPresent","version":" v0.3.0","repository":"ghcr.io/edgelesssys"}` |
 | `global.podAnnotations`       |object | Additional annotations to add to all pods | `{}`|
 | `global.podLabels`            |object | Additional labels to add to all pods | `{}` |
 | `nodeSelector`                |object | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information | `{"beta.kubernetes.io/os": "linux"}` |

charts/values.yaml

@@ -3,7 +3,7 @@
 global:
   image:
     pullPolicy: IfNotPresent
-    version: v0.2.1
+    version: v0.3.0
     repository: ghcr.io/edgelesssys
 
   createdBy: Helm

demo/edgelessdb-sgx.json

@@ -1,5 +1,5 @@
 {
-	"SecurityVersion": 2,
+	"SecurityVersion": 3,
 	"ProductID": 16,
 	"SignerID": "67d7b00741440d29922a15a9ead427b6faf1d610238ae9826da345cea4fee0fe"
 }

edb/core/key.go

@@ -85,7 +85,7 @@ func (c *Core) loadMasterKey() ([]byte, error) {
 
 	// If key was set, unseal from disk
 	if c.rt.IsEnclave() {
-		key, err = ecrypto.Unseal(key)
+		key, err = ecrypto.Unseal(key, nil)
 		if err != nil {
 			return nil, err
 		}
@@ -140,14 +140,14 @@ func (c *Core) storeMasterKey(key []byte) error {
 	// Save master key
 	if c.rt.IsEnclave() {
 		var err error
-		key, err = ecrypto.SealWithProductKey(key)
+		key, err = ecrypto.SealWithProductKey(key, nil)
 		if err != nil {
 			return err
 		}
 	}
 
 	// Create dir
-	if err := os.MkdirAll(filepath.Join(c.cfg.DataPath, PersistenceDir), 0700); err != nil {
+	if err := os.MkdirAll(filepath.Join(c.cfg.DataPath, PersistenceDir), 0o700); err != nil {
 		return err
 	}
 
@@ -156,10 +156,10 @@ func (c *Core) storeMasterKey(key []byte) error {
 	if sealedKeyData, err := c.fs.ReadFile(fname); err == nil {
 		t := time.Now()
 		newFileName := fname + "_" + t.Format("20060102150405") + ".bak"
-		c.fs.WriteFile(newFileName, sealedKeyData, 0600)
+		c.fs.WriteFile(newFileName, sealedKeyData, 0o600)
 	}
 	// Write the sealed encryption key to disk
-	if err := c.fs.WriteFile(fname, key, 0600); err != nil {
+	if err := c.fs.WriteFile(fname, key, 0o600); err != nil {
 		return err
 	}
 

edb/integration_test.go

@@ -870,7 +870,7 @@ func getServerCertificate() string {
 	var blocks []*pem.Block
 	var err error
 	if attestationEnabled && *attestationConfig != "" {
-		blocks, err = era.GetCertificate(addrAPI, *attestationConfig)
+		blocks, _, err = era.GetCertificate(addrAPI, *attestationConfig)
 	} else {
 		blocks, err = era.InsecureGetCertificate(addrAPI)
 	}

go.mod

@@ -1,16 +1,47 @@
 module github.com/edgelesssys/edgelessdb
 
-go 1.16
+go 1.17
 
 require (
-	github.com/edgelesssys/ego v0.3.3
-	github.com/edgelesssys/era v0.3.1
-	github.com/edgelesssys/marblerun v0.5.0
+	github.com/edgelesssys/ego v0.5.0
+	github.com/edgelesssys/era v0.3.2
+	github.com/edgelesssys/marblerun v0.5.1
 	github.com/fatih/color v1.13.0
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/spf13/afero v1.6.0
-	github.com/stretchr/testify v1.7.0
-	github.com/tidwall/gjson v1.10.2 // indirect
-	google.golang.org/grpc v1.41.0
+	github.com/spf13/afero v1.8.2
+	github.com/stretchr/testify v1.7.2
+	google.golang.org/grpc v1.47.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-logr/logr v0.4.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.7 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.1.2 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/mattn/go-colorable v0.1.9 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/tidwall/gjson v1.11.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
+	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
+	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
+	golang.org/x/text v0.3.6 // indirect
+	google.golang.org/genproto v0.0.0-20210226172003-ab064af71705 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.21.3 // indirect
+	k8s.io/apimachinery v0.21.3 // indirect
+	k8s.io/klog/v2 v2.8.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
 )