Update the Oak version.

Also remove crates that are now provided by the Oak crates index.

This includes some significant oak_containers_sdk changes.

Change-Id: If4623c538b803d5918714f23912807dcf4497306

Cargo_no_std.bazel.lock

@@ -131,9 +131,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
 
 [[package]]
 name = "base64"
-version = "0.22.1"
+version = "0.21.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
+checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
 
 [[package]]
 name = "base64ct"
@@ -479,7 +479,7 @@ dependencies = [
  "anyhow",
  "arrayvec",
  "atomic_refcell",
- "base64 0.22.1",
+ "base64 0.21.7",
  "bitflags 2.6.0",
  "bitvec",
  "bytes",

WORKSPACE

@@ -84,9 +84,9 @@ rules_proto_toolchains()
 
 http_archive(
     name = "oak",
-    sha256 = "3a8c15b9b4e1b292e4e471abbfc20431e31eb29bc3048bc440044a36e1de06ce",
-    strip_prefix = "oak-1d022f22cf7817eb99ba050a7ae3b16bfa349bac",
-    url = "https://github.com/project-oak/oak/archive/1d022f22cf7817eb99ba050a7ae3b16bfa349bac.tar.gz",
+    sha256 = "fc7f1600800495ac1227579395a66822402be61dd45d37664f379bab5dec4c26",
+    strip_prefix = "oak-e7c76de7f54ef58527bc7ee59ca7f2e8e32c22fb",
+    url = "https://github.com/project-oak/oak/archive/e7c76de7f54ef58527bc7ee59ca7f2e8e32c22fb.tar.gz",
 )
 
 load("@oak//bazel:repositories.bzl", "oak_toolchain_repositories")

apps/atomic_counter/container/BUILD

@@ -26,6 +26,7 @@ rust_binary(
         "//runtime:tcp_runtime",
         "@oak//oak_containers_sdk",
         "@oak//oak_proto_rust",
+        "@oak//oak_sdk/containers:oak_sdk_containers",
         "@oak_crates_index//:anyhow",
         "@oak_crates_index//:log",
         "@oak_crates_index//:tokio",

apps/atomic_counter/container/src/main.rs

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use anyhow::Context;
+use anyhow::{anyhow, Context};
 use oak_containers_sdk::OrchestratorClient;
 use oak_proto_rust::oak::attestation::v1::{
     binary_reference_value, kernel_binary_reference_value, reference_values, text_reference_value,
@@ -70,16 +70,24 @@ async fn main() -> anyhow::Result<()> {
     // information through debug logs.
     log::set_max_level(log::LevelFilter::Warn);
 
-    OrchestratorClient::create()
+    let channel = oak_sdk_containers::default_orchestrator_channel()
         .await
-        .context("couldn't create OrchestratorClient")?
-        .notify_app_ready()
+        .context("failed to create orchestrator channel")?;
+    let mut orchestrator_client = OrchestratorClient::create(&channel);
+    let evidence = orchestrator_client
+        .get_endorsed_evidence()
         .await
-        .context("failed to notify that app is ready")?;
-
-    let service = TonicApplicationService::new(|| {
+        .context("failed to get endorsed evidence")?
+        .evidence
+        .ok_or_else(|| anyhow!("EndorsedEvidence.evidence not set"))?;
+    let service = TonicApplicationService::new(channel, evidence, || {
         CounterActor::new_with_reference_values(get_reference_values())
     });
+
+    orchestrator_client
+        .notify_app_ready()
+        .await
+        .context("failed to notify that app is ready")?;
     tonic::transport::Server::builder()
         .add_service(EndpointServiceServer::new(service))
         .serve("[::]:8080".parse()?)

bazel/crates.bzl

@@ -25,11 +25,6 @@ _COMMON_PACKAGES = {
         version = "0.8.3",
         default_features = False,
     ),
-    "hashbrown": crate.spec(
-        default_features = False,
-        features = ["ahash"],
-        version = "0.14.3",
-    ),
     "slog": crate.spec(
         version = "2.2.0",
         default_features = False,
@@ -47,9 +42,6 @@ TCP_PACKAGES = _COMMON_PACKAGES | {
     "googletest": crate.spec(
         version = "0.11.0",
     ),
-    "mockall": crate.spec(
-        version = "0.11.4",
-    ),
     "slog-term": crate.spec(
         version = "2.9.0",
     ),
@@ -63,43 +55,9 @@ TCP_PACKAGES = _COMMON_PACKAGES | {
 
 # Crates used for no_std builds.
 TCP_NO_STD_PACKAGES = _COMMON_PACKAGES | {
-    "base64": crate.spec(
-        version = "0.22.1",
-        default_features = False,
-        features = ["alloc"],
-    ),
-    "p384": crate.spec(
-        version = "0.13.0",
-        default_features = False,
-        features = ["ecdsa", "pem"],
-    ),
     "rand": crate.spec(
         version = "0.8.5",
         default_features = False,
         features = ["alloc", "small_rng", "getrandom"],
     ),
-    "rsa": crate.spec(
-        version = "0.9.6",
-        default_features = False,
-    ),
-    "serde": crate.spec(
-        version = "1.0.195",
-        default_features = False,
-        features = ["derive"],
-    ),
-    "serde_json": crate.spec(
-        version = "1.0.113",
-        default_features = False,
-        features = ["alloc"],
-    ),
-    "time": crate.spec(
-        version = "0.3.28",
-        default_features = False,
-        features = ["serde", "parsing"],
-    ),
-    "x509-cert": crate.spec(
-        version = "0.2.5",
-        default_features = False,
-        features = ["pem"],
-    ),
 }