Implement COSE receipts in scitt-ccf-ledger

.clang-tidy

@@ -1,12 +1,3 @@
-# Some of these we should fix:
-# - misc-non-private-member-variables-in-classes
-# - performance-move-const-arg
-# - performance-unnecessary-value-param
-# - readability-braces-around-statements
-# - readability-implicit-bool-conversion
-# - readability-qualified-auto
-#
-# The others are a bit more subjective and not really worth doing anything about.
 Checks: >
   -*,
   bugprone-*,
@@ -15,28 +6,17 @@ Checks: >
   clang-analyzer-*,
   concurrency-*,
   misc-*,
-  -misc-non-private-member-variables-in-classes,
-  -misc-unused-parameters,
   modernize-*,
   -modernize-avoid-bind,
-  -modernize-avoid-c-arrays,
-  -modernize-pass-by-value,
-  -modernize-use-auto,
-  -modernize-use-emplace,
-  -modernize-use-nodiscard,
-  -modernize-use-nullptr,
   -modernize-use-trailing-return-type,
-  -modernize-use-using,
   performance-*,
-  -performance-move-const-arg,
-  -performance-unnecessary-value-param,
   portability-*,
   readability-*,
-  -readability-convert-member-functions-to-static,
   -readability-else-after-return,
-  -readability-implicit-bool-conversion,
-  -readability-magic-numbers,
-  -readability-qualified-auto,
+  -readability-identifier-length,
+  -cert-dcl58-cpp,
+  -bugprone-easily-swappable-parameters,
+  -readability-function-cognitive-complexity,
 
 WarningsAsErrors: '*'
 # Include current directory files and exclude ccf imported code

.devcontainer/Dockerfile

@@ -1,4 +1 @@
-FROM ghcr.io/microsoft/ccf/app/dev/virtual:ccf-5.0.10
-
-# Dependency of the virtual build of attested-fetch.
-RUN apt-get update && apt-get install -y libcurl4-openssl-dev
+FROM ghcr.io/microsoft/ccf/app/dev/virtual:ccf-6.0.0-dev7

.github/workflows/build-test.yml

@@ -13,7 +13,7 @@ jobs:
   checks:
     name: Format and License Checks
     runs-on: ubuntu-20.04
-    container: ghcr.io/microsoft/ccf/app/dev/virtual:ccf-5.0.10
+    container: ghcr.io/microsoft/ccf/app/dev/virtual:ccf-6.0.0-dev7
     steps:
       - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
       - name: Checkout repository
@@ -30,19 +30,14 @@ jobs:
             nodes: ubuntu-20.04
             options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
             unit_tests_enabled: ON
-          - name: sgx
-            image: sgx
-            nodes: [self-hosted, 1ES.Pool=gha-sgx-scitt-pool]
-            options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision 
-            unit_tests_enabled: OFF
           - name: snp
             image: snp
             nodes: ubuntu-20.04
             options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
             unit_tests_enabled: OFF
     runs-on: ${{ matrix.platform.nodes }}
     container:
-      image: ghcr.io/microsoft/ccf/app/dev/${{ matrix.platform.image }}:ccf-5.0.10
+      image: ghcr.io/microsoft/ccf/app/dev/${{ matrix.platform.image }}:ccf-6.0.0-dev7
       options: ${{ matrix.platform.options }}
       env:
         # Helps to distinguish between CI and local builds.
@@ -61,22 +56,14 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: "Platform SGX"
-        run: |
-          sudo groupadd -fg $(/usr/bin/stat -Lc '%g' /dev/sgx_provision) sgx_prv;
-          sudo usermod -a -G sgx_prv $(whoami);
-          cat /proc/cpuinfo | grep flags | uniq;
-        shell: bash
-        if: "${{ matrix.platform.name == 'sgx' }}"
-
       # Work-around for https://github.com/actions/runner/issues/2033
       - name: Work around git safe.directory in container
         run: chown -R $(id -u):$(id -g) $PWD
-      - run: apt-get update && apt-get install -y libcurl4-openssl-dev faketime clang-tidy-10
+      - run: apt-get update && apt-get install -y clang-tidy-15
       - run: ./build.sh
       - run: ./run_unit_tests.sh
         if: "${{ matrix.platform.name == 'virtual' }}"
-      - run: ./run_functional_tests.sh --enable-faketime
+      - run: ./run_functional_tests.sh
         if: "${{ matrix.platform.name != 'snp' }}" # Functional tests are not supported on SNP platform for the moment
       - name: "Upload logs for ${{ matrix.platform.name }}"
         uses: actions/upload-artifact@v4

.github/workflows/codeql.yml

@@ -17,7 +17,7 @@ jobs:
     name: Analyze
 
     runs-on: ubuntu-latest
-    container: ghcr.io/microsoft/ccf/app/dev/virtual:ccf-5.0.10
+    container: ghcr.io/microsoft/ccf/app/dev/virtual:ccf-6.0.0-dev7
 
     permissions:
       actions: read
@@ -66,13 +66,7 @@ jobs:
 
     #   If the Autobuild fails above, remove it and uncomment the following three lines.
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    - if: matrix.language == 'cpp'
-      name: Install dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y libcurl4-openssl-dev
-
+
     - if: matrix.language == 'cpp'
       name: Build C++
       run: |

.pipelines/pullrequest.yml

@@ -8,7 +8,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time
 - name: CCF_VERSION
   displayName: Target CCF version to build for
   type: string
-  default: 5.0.10
+  default: 6.0.0-dev7
 
 variables:
   SCITT_CI: 1 # used in scitt builds and tests
@@ -95,16 +95,14 @@ extends:
           Environment:
             CMAKE_BUILD_TYPE: Debug
             ENABLE_CLANG_TIDY: ON
-          InstallPackages: [ libcurl4-openssl-dev, clang-tidy-10 ]
+          InstallPackages: [ clang-tidy-10 ]
 
       - template: .pipelines/local_virtual_build.yml@self
         parameters:
           Name: test_virtual
           DisplayName: Build and test (Virtual)
-          FunctionalTestArguments: '--enable-faketime'
           Environment:
             CMAKE_BUILD_TYPE: Debug
-          InstallPackages: [ libcurl4-openssl-dev, faketime ]
 
     - stage: test_virtual_docker_build
       jobs:
@@ -135,84 +133,6 @@ extends:
               DOCKER: 1
               ELEVATE_PRIVILEGES: true
 
-    - stage: test_sgx_vm_container_build
-      jobs:
-
-      ## About SGX support on OneBranch
-      # Local sgx build is not possible without changing the vm image in the pool
-      # from ubuntu 22 to ubuntu 20 because dcap was not released to v22 and is not
-      # installable. This was because openenclave is scheduled for deprecation. 
-      # Ubuntu 20 image with sgx support does not exist in the marketplace for us to switch to.
-      # Alternatively, it was being executed through the container in azure pipelines but
-      # when using custom pool image the usual container build support is not there so it 
-      # need to be run manually through docker.
-
-      - job: test_sgx_with_perf
-        pool:
-          type: linux
-          isCustom: true
-          name: scitt-dc-pool
-        variables:
-          ob_outputDirectory: $(Build.SourcesDirectory)/out
-        steps:
-          - checkout: SCITT
-            path: s/
-            submodules: recursive
-            lfs: false
-          - script: |
-              docker run --rm \
-                --device /dev/sgx_enclave:/dev/sgx_enclave \
-                --device /dev/sgx_provision:/dev/sgx_provision \
-                --volume /dev/sgx:/dev/sgx \
-                --volume /var/run/docker.sock:/var/run/docker.sock \
-                --volume $(pwd):/opt/app \
-                --workdir /opt/app \
-                --env PLATFORM="sgx" \
-                --env CMAKE_BUILD_TYPE="Release" \
-                --env CCF_UNSAFE="OFF" \
-                --env BUILD_TESTS="OFF" \
-                --env ENABLE_CLANG_TIDY="OFF" \
-                --env NINJA_FLAGS="-k 0" \
-                --env CXXFLAGS="-ferror-limit=0" \
-                --env ENABLE_PERF_TESTS="true" \
-                ghcr.io/microsoft/ccf/app/dev/sgx:ccf-${{ parameters.CCF_VERSION }} /bin/bash -c '\
-                  git config --global --add safe.directory "*"; \
-                  sudo groupadd -fg $(/usr/bin/stat -Lc '%g' /dev/sgx/provision) sgx_prv; \
-                  sudo usermod -a -G sgx_prv $(whoami); \
-                  ./build.sh && \
-                  ./run_functional_tests.sh; \
-                  '
-            displayName: Build test sgx through a dev container
-
-    - stage: test_sgx_docker_build
-      jobs:
-      - job: test_sgx_docker_build
-        pool:
-          type: linux
-          isCustom: true
-          name: scitt-dc-pool
-        variables:
-          ob_outputDirectory: $(Build.SourcesDirectory)/out
-          PLATFORM: sgx
-          CXXFLAGS: -ferror-limit=0
-          NINJA_FLAGS: -k 0
-        steps:
-          - checkout: SCITT
-            path: s/
-            submodules: recursive
-            fetchTags: true
-            fetchDepth: 0
-            lfs: false
-          - script: ./docker/build.sh
-            displayName: Build sgx with Docker
-          - template: .pipelines/python.yml@self
-          - script: ./run_functional_tests.sh
-            displayName: Run Functional Tests
-            env:
-              PLATFORM: sgx
-              DOCKER: 1
-              ELEVATE_PRIVILEGES: true # needs privileged access to run did server on 443 port
-
     - stage: snp_build
       jobs:
       - job: snp_build
@@ -231,10 +151,6 @@ extends:
             fetchTags: true
             fetchDepth: 0
             lfs: false
-          - script: |
-              sudo apt-get update
-              sudo apt-get install -y libcurl4-openssl-dev
-            displayName: Install additional packages
           - script: ./build.sh
             displayName: Build snp
             env: