search

gramineproject / graphene

Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
https://grapheneproject.io
GNU Lesser General Public License v3.0
765 stars 262 forks source link

[LibOS] Add Glibc 2.34 and make it default #2656

Closed jurobystricky closed 3 years ago

jurobystricky commented 3 years ago

Add support for Glibc version 2.34.

Signed-off-by: Juro Bystricky juro.bystricky@intel.com

Description of the changes

Add support for glibc.2.34 rather than applying CVE patch(es) to Glibc-2.33

How to test this PR?

Run the LibOS regression test suite:

$ cd graphene
$ openssl genrsa -3 -out ./Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072
$ ISGX_DRIVER_PATH="" make SGX=1 -j$(nproc)
$ make -j$(nproc)
$ meson build --buildtype=release -Ddirect=enabled -Dsgx=enabled
$ ninja -C build
$ sudo ninja -C build install
$ cd LibOS/shim/test/regression
$ make SGX=1 regression

Expected result: No failed tests. Something like this:

========================================================== 103 passed, 4 skipped in 147.10 seconds ==========================================================

This change is Reviewable

jurobystricky commented 3 years ago

Just to clarify: the intent is to keep glibc-2.34 only, removing all previous versions completely. If this is the case, some .ci jenkinsfiles should be modified by updating GLIBC_VERSION as well.

dimakuv commented 3 years ago

Jenkins, test this please

mkow commented 3 years ago

Jenkins, retest this please

mkow commented 3 years ago

Jenkins, retest Jenkins-Debug-18.04 please (apps.LTP.writev07 timed out, known issue)

mkow commented 3 years ago

Jenkins, retest Jenkins-Debug-18.04 please (now apps.LTP.fcntl14 timed out...)