From 2012ec6a761d1f719d8c5de57dd1f8dd39dee243 Mon Sep 17 00:00:00 2001
From: Joe Zheng <joe.zheng@intel.com>
Date: Wed, 5 Jul 2023 12:09:12 +0800
Subject: [PATCH 1/2] hotfix for ubuntu 22.04 support

* upgrade golang to 1.17 for isecl
* upgrade docker to the version supported
---
 .../infrastructure/install_golang/defaults/main.yml           | 4 ++--
 roles/infrastructure/docker/defaults/main.yml                 | 2 +-
 roles/infrastructure/docker/vars/debian.yml                   | 4 ++--
 .../provision_sgx_enabled_platform/tasks/debian.yml           | 4 ++--
 roles/security/isecl/common/vars/main.yml                     | 3 +--
 5 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/roles/baseline_ansible/infrastructure/install_golang/defaults/main.yml b/roles/baseline_ansible/infrastructure/install_golang/defaults/main.yml
index b1bdd3a..4347040 100644
--- a/roles/baseline_ansible/infrastructure/install_golang/defaults/main.yml
+++ b/roles/baseline_ansible/infrastructure/install_golang/defaults/main.yml
@@ -1,12 +1,12 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2021 Intel Corporation
 ---
-golang_version: 1.16
+golang_version: 1.17
 golang_download_name: "go{{ golang_version }}.linux-amd64.tar.gz"
 golang_download_url_base: "https://dl.google.com/go/"
 golang_download_url: "{{ golang_download_url_base }}{{ golang_download_name }}"
 golang_download_dest: "{{ project_dir }}/golang/{{ golang_download_name }}"
-golang_download_checksum: "sha256:013a489ebb3e24ef3d915abe5b94c3286c070dfe0818d5bca8108f1d6e8440d2"
+golang_download_checksum: "sha256:6bf89fc4f5ad763871cf7eac80a2d594492de7a818303283f1366a7f6a30372d"
 
 golang_default_exports: [
   "export GOROOT=/usr/local/go",
diff --git a/roles/infrastructure/docker/defaults/main.yml b/roles/infrastructure/docker/defaults/main.yml
index d09f700..c34b35d 100644
--- a/roles/infrastructure/docker/defaults/main.yml
+++ b/roles/infrastructure/docker/defaults/main.yml
@@ -5,7 +5,7 @@
 ## URLs to docker images saved with `docker save <image>:<ver> | gzip > <image>.tar.gz` that are going to be preloaded after docker setup
 docker_images: []
 
-_docker_version: "20.10.12"
+_docker_version: "20.10.13"
 _docker_packages:
   - "docker-ce-{{ _docker_version }}"
   - "docker-ce-cli-{{ _docker_version }}"
diff --git a/roles/infrastructure/docker/vars/debian.yml b/roles/infrastructure/docker/vars/debian.yml
index a58a7b0..c63a2c9 100644
--- a/roles/infrastructure/docker/vars/debian.yml
+++ b/roles/infrastructure/docker/vars/debian.yml
@@ -4,8 +4,8 @@
 ---
 
 _docker_os_dependencies: "apt-transport-https,ca-certificates,curl,gnupg-agent,software-properties-common,moreutils,jq,auditd,python3-pip"
-# version string specific for Ubuntu 20.04
-_docker_package_version: "5:{{ _docker_version }}~3-0~ubuntu-focal"
+# version string specific for Ubuntu 22.04
+_docker_package_version: "5:{{ _docker_version }}~3-0~ubuntu-jammy"
 _docker_packages:
   - "docker-ce={{ _docker_package_version }}"
   - "docker-ce-cli={{ _docker_package_version }}"
diff --git a/roles/infrastructure/provision_sgx_enabled_platform/tasks/debian.yml b/roles/infrastructure/provision_sgx_enabled_platform/tasks/debian.yml
index 01a3a76..38b4355 100644
--- a/roles/infrastructure/provision_sgx_enabled_platform/tasks/debian.yml
+++ b/roles/infrastructure/provision_sgx_enabled_platform/tasks/debian.yml
@@ -17,7 +17,7 @@
   block:
     - name: remove repo related files
       apt_repository:
-        repo: deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main
+        repo: deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main
         state: absent
       become: yes
 
@@ -28,7 +28,7 @@
 
     - name: add SGX repository
       apt_repository:
-        repo: deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main
+        repo: deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main
       become: yes
   when: sgx_repo.stat.exists == false
 
diff --git a/roles/security/isecl/common/vars/main.yml b/roles/security/isecl/common/vars/main.yml
index 7f80725..a4832f7 100644
--- a/roles/security/isecl/common/vars/main.yml
+++ b/roles/security/isecl/common/vars/main.yml
@@ -13,10 +13,9 @@ install_dependencies:
     - unzip
     - make
     - cabextract
-    - g++-8
     - build-essential
     - tpm-udev
-    - libtss2-esys0
+    - libtss2-esys-3.0.2-0
     - init-system-helpers
     - libgcrypt20-dev
     - libtss2-dev

From 4298211dec84991748236b88b83d3e01bc48ec6f Mon Sep 17 00:00:00 2001
From: Joe Zheng <joe.zheng@intel.com>
Date: Mon, 24 Jun 2024 13:58:42 +0800
Subject: [PATCH 2/2] increase default nproc limits

the previous 4096 nproc is too restricted, the default value on Ubuntu
22.04 is 63502, this limitation is shared by the same user no matter it
is in the container or not, so increase it to 40960 to avoid out of
resource error in the container
---
 roles/infrastructure/docker/templates/daemon.json.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/infrastructure/docker/templates/daemon.json.j2 b/roles/infrastructure/docker/templates/daemon.json.j2
index 2cc3ab2..bfd9e6d 100644
--- a/roles/infrastructure/docker/templates/daemon.json.j2
+++ b/roles/infrastructure/docker/templates/daemon.json.j2
@@ -23,8 +23,8 @@
     },
     "nproc": {
       "Name": "nproc",
-      "Hard": 4096,
-      "Soft": 4096
+      "Hard": 40960,
+      "Soft": 40960
     }
   }
 }