Add support for Ubuntu 24.04 (Azure#625)

.github/workflows/e2e-tests-manual.yaml

@@ -56,6 +56,7 @@ jobs:
         - 'platform:el9'
         - 'ubuntu:20.04'
         - 'ubuntu:22.04'
+        - 'ubuntu:24.04'
         test_name:
         - 'manual-symmetric-key'
         - 'manual-x509'

.github/workflows/e2e-tests-scheduled.yaml

@@ -74,6 +74,7 @@ jobs:
         - 'platform:el9'
         - 'ubuntu:20.04'
         - 'ubuntu:22.04'
+        - 'ubuntu:24.04'
         test_name:
         - 'manual-symmetric-key'
         - 'manual-x509'
@@ -86,9 +87,7 @@ jobs:
           - os: 'debian:10'
             branch: 'main'
           # The scheduled E2E test in the release/1.x branch would fail until the changes are merged. Excluding for now.
-          - os: 'ubuntu:22.04'
-            branch: 'release/1.4'
-          - os: 'platform:el9'
+          - os: 'ubuntu:24.04'
             branch: 'release/1.4'
 
       max-parallel: 10

.github/workflows/packages.yaml

@@ -19,6 +19,7 @@ jobs:
         - 'redhat/ubi9:latest'
         - 'ubuntu:20.04'
         - 'ubuntu:22.04'
+        - 'ubuntu:24.04'
         arch:
         - 'amd64'
         - 'arm32v7'

.github/workflows/test.yaml

@@ -23,6 +23,7 @@ jobs:
         - 'redhat/ubi9:latest'
         - 'ubuntu:20.04'
         - 'ubuntu:22.04'
+        - 'ubuntu:24.04'
         arch:
         - 'amd64'
 
@@ -80,6 +81,7 @@ jobs:
         - 'redhat/ubi9:latest'
         - 'ubuntu:20.04'
         - 'ubuntu:22.04'
+        - 'ubuntu:24.04'
         pkcs11_backend:
         - '' # filesystem keys
         - 'softhsm'

ci/e2e-tests/test-run.sh

@@ -109,6 +109,10 @@ get_package() {
             artifact_name='ubuntu-22.04'
             ;;
 
+        'ubuntu:24.04')
+            artifact_name='ubuntu-24.04'
+            ;;
+
         *)
             echo "Unsupported OS $OS" >&2
             exit 1
@@ -201,6 +205,11 @@ get_package() {
             printf '%s/%s\n' "$PWD" aziot-identity-service_*_amd64.deb
             ;;
 
+        'ubuntu:24.04')
+            unzip -j package.zip 'ubuntu2404/amd64/aziot-identity-service_*_amd64.deb' >&2
+            printf '%s/%s\n' "$PWD" aziot-identity-service_*_amd64.deb
+            ;;
+
         *)
             echo "Unsupported OS $OS" >&2
             exit 1
@@ -603,6 +612,13 @@ case "$OS" in
         vm_image='Canonical:0001-com-ubuntu-minimal-jammy:minimal-22_04-lts-gen2:latest'
         ;;
 
+    'ubuntu:24.04')
+        # az vm image list --all \
+        #     --publisher 'Canonical' --offer 'ubuntu-24_04-lts' --sku 'minimal' \
+        #     --query "[?publisher == 'Canonical' && offer == 'ubuntu-24_04-lts' && sku == 'minimal'].{ sku: sku, version: version, urn: urn }" --output table
+        vm_image='Canonical:ubuntu-24_04-lts:minimal:latest'
+        ;;
+
      *)
         echo "Unsupported OS $OS" >&2
         exit 1
@@ -862,7 +878,7 @@ ssh -i "$PWD/vm-ssh-key" "aziot@$vm_public_ip" "
         exit 1
     fi
 
-    if [[ (\"$OS\" != 'ubuntu:22.04' && \"$OS\" != 'platform:el9') ||  \"$test_name\" != *'-x509'* ]]; then
+    if [[ (\"$OS\" != 'ubuntu:22.04' && \"$OS\" != 'ubuntu:24.04' && \"$OS\" != 'platform:el9') ||  \"$test_name\" != *'-x509'* ]]; then
         device_twin=\"\$(~/iothub-get-twin.sh \"\$device_identity\")\"
         printf 'Device twin: %s\n' \"\$device_twin\" >&2
     fi
@@ -888,7 +904,7 @@ ssh -i "$PWD/vm-ssh-key" "aziot@$vm_public_ip" "
         exit 1
     fi
 
-    if [[ (\"$OS\" != 'ubuntu:22.04' && \"$OS\" != 'platform:el9') ||  \"$test_name\" != *'-x509'* ]]; then
+    if [[ (\"$OS\" != 'ubuntu:22.04' && \"$OS\" != 'ubuntu:24.04' && \"$OS\" != 'platform:el9') ||  \"$test_name\" != *'-x509'* ]]; then
         module_twin=\"\$(~/iothub-get-twin.sh \"\$module_identity\")\"
         printf 'Module twin: %s\n' \"\$module_twin\" >&2
     fi

ci/install-build-deps.sh

@@ -12,7 +12,7 @@ fi
 
 if [ -z "${DISABLE_FOR_CODEQL:-}" ]; then
     case "$OS:$ARCH" in
-        'debian:11:amd64'|'debian:12:amd64'|'ubuntu:20.04:amd64'|'ubuntu:22.04:amd64')
+        'debian:11:amd64'|'debian:12:amd64'|'ubuntu:20.04:amd64'|'ubuntu:22.04:amd64'|'ubuntu:24.04:amd64')
             export DEBIAN_FRONTEND=noninteractive
             export TZ=UTC
 
@@ -164,6 +164,46 @@ if [ -z "${DISABLE_FOR_CODEQL:-}" ]; then
                 llvm-dev pkg-config
             ;;
 
+        # Ubuntu 24.04 uses DEB822 format for sources.list, so we have to handle it differently
+        'ubuntu:24.04:aarch64'|'ubuntu:24.04:arm32v7')
+            export DEBIAN_FRONTEND=noninteractive
+            export TZ=UTC
+
+            case "$ARCH" in
+                'aarch64')
+                    arch_alias='arm64'
+                    ;;
+                'arm32v7')
+                    arch_alias='armhf'
+                    ;;
+                *)
+                    echo "Unexpected ARCH $ARCH" >&2
+                    exit 1
+                    ;;
+            esac
+
+            # Update existing repos to be specifically for amd64
+            sed -ie '/^Architectures:/d' /etc/apt/sources.list.d/ubuntu.sources
+            sed -ie '/^Components:/a Architectures: amd64' /etc/apt/sources.list.d/ubuntu.sources
+
+            # Add arch-specific repos
+            </etc/apt/sources.list.d/ubuntu.sources sed \
+                -e "s/^Architectures: amd64/Architectures: $arch_alias/g" \
+                -e 's|URIs: http://archive.ubuntu.com/ubuntu/|URIs: http://ports.ubuntu.com/ubuntu-ports/|g' \
+                -e 's|URIs: http://security.ubuntu.com/ubuntu/|URIs: http://ports.ubuntu.com/ubuntu-ports/|g' \
+                >/etc/apt/sources.list.d/ubuntu.ports.sources
+
+            dpkg --add-architecture $arch_alias
+            apt-get update
+            apt-get upgrade -y
+            apt-get install -y --no-install-recommends \
+                acl autoconf autoconf-archive automake build-essential ca-certificates \
+                clang cmake crossbuild-essential-$arch_alias curl git jq \
+                libc-dev:$arch_alias libclang1 libcurl4-openssl-dev:$arch_alias \
+                libltdl-dev:$arch_alias libssl-dev:$arch_alias libtool libtss2-dev:$arch_alias \
+                llvm-dev pkg-config:$arch_alias
+            ;;
+
         'mariner:2:amd64' | 'mariner:2:aarch64')
             export DEBIAN_FRONTEND=noninteractive
             export TZ=UTC

ci/install-runtime-deps.sh

@@ -42,16 +42,16 @@ case "$OS" in
         esac
         ;;
 
-    'debian:11'|'debian:12'|'ubuntu:20.04'|'ubuntu:22.04')
+    'debian:11'|'debian:12'|'ubuntu:20.04'|'ubuntu:22.04'|'ubuntu:24.04')
         # openssl 1.1.1 for Debian 11, Ubuntu 20.04, RHEL 8
-        # openssl 3.0 for Debian 12, Ubuntu 22.04, RHEL 9
+        # openssl 3.0 for Debian 12, Ubuntu 22.04/24.04, RHEL 9
 
         apt-get update -y
         DEBIAN_FRONTEND=noninteractive TZ=UTC apt-get install -y curl jq openssl ca-certificates libtss2-dev
 
         case "${PKCS11_BACKEND:-}" in
             'softhsm')
-                DEBIAN_FRONTEND=noninteractive TZ=UTC apt-get install -y softhsm
+                DEBIAN_FRONTEND=noninteractive TZ=UTC apt-get install -y softhsm2
 
                 export PKCS11_LIB_PATH='/usr/lib/softhsm/libsofthsm2.so'
 

ci/install-test-deps.sh

@@ -22,9 +22,9 @@ case "$OS" in
             expect gawk libjson-glib-dev libtasn1-6-dev net-tools python3 socat
         ;;
 
-    # On 22.04 we use the provided swtpm + libtpms0 packages instead of building them ourselves.
+    # On 22.04/24.04 we use the provided swtpm + libtpms0 packages instead of building them ourselves.
     # The libtss2-dev package includes a TCTI module for swtpm.
-    'ubuntu:22.04')
+    'ubuntu:22.04'|'ubuntu:24.04')
         export SKIP_TSS_MINIMAL=0
         export USE_SWTPM_PKG=1
 

ci/package.sh

@@ -48,7 +48,7 @@ case "$OS" in
             "packages/$TARGET_DIR/"
         ;;
 
-    'debian:11'|'debian:12'|'ubuntu:20.04'|'ubuntu:22.04')
+    'debian:11'|'debian:12'|'ubuntu:20.04'|'ubuntu:22.04'|'ubuntu:24.04')
         DEBIAN_FRONTEND=noninteractive TZ=UTC apt-get install -y dh-make debhelper
 
         make ARCH="$ARCH" PACKAGE_VERSION="$PACKAGE_VERSION" PACKAGE_RELEASE="$PACKAGE_RELEASE" VENDOR_LIBTSS="${VENDOR_LIBTSS:-0}" V=1 deb
@@ -73,6 +73,11 @@ case "$OS" in
                 TARGET_DIR="ubuntu2204/$ARCH"
                 DBGSYM_EXT='ddeb'
                 ;;
+
+            'ubuntu:24.04')
+                TARGET_DIR="ubuntu2404/$ARCH"
+                DBGSYM_EXT='ddeb'
+                ;;
 
             *)
                 echo 'unreachable' >&2

ci/test-aziot-key-openssl-engine-shared.sh

@@ -7,7 +7,7 @@ cd /src
 . ./ci/install-runtime-deps.sh
 
 case "$OS" in
-    'debian:11'|'debian:12'|'platform:el8'|'platform:el9'|'ubuntu:20.04'|'ubuntu:22.04')
+    'debian:11'|'debian:12'|'platform:el8'|'platform:el9'|'ubuntu:20.04'|'ubuntu:22.04'|'ubuntu:24.04')
         cp \
             ./target/debug/libaziot_key_openssl_engine_shared.so \
             "$(openssl version -e | sed -E 's/^ENGINESDIR: "(.*)"$/\1/')/aziot_keys.so"

docs-dev/packages.md

@@ -35,6 +35,10 @@ This repository contains three services - `aziot-certd`, `aziot-identityd` and `
 <td>Ubuntu 22.04</td>
 <td><code>ubuntu:22.04</code></td>
 </tr>
+<tr>
+<td>Ubuntu 24.04</td>
+<td><code>ubuntu:24.04</code></td>
+</tr>
 </tbody>
 </table>
 

docs-dev/packaging.md

@@ -122,4 +122,4 @@ For example, if you have a module process, the process needs to interact with th
 
 ## Package dependencies
 
-The binaries and libraries shipped in this package only depend on OpenSSL (v3.0 on Ubuntu 22.04 and RHEL 9, v1.1 on other supported distributions).
+The binaries and libraries shipped in this package only depend on OpenSSL (v3.0 on Ubuntu 22.04/24.04 and RHEL 9, v1.1 on other supported distributions).