about summary refs log tree commit diff
path: root/pkgs/os-specific/linux/sgx/ssl/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/sgx/ssl/default.nix')
-rw-r--r--pkgs/os-specific/linux/sgx/ssl/default.nix36
1 files changed, 18 insertions, 18 deletions
diff --git a/pkgs/os-specific/linux/sgx/ssl/default.nix b/pkgs/os-specific/linux/sgx/ssl/default.nix
index 9d1905e09d1f7..94d7e20b21c41 100644
--- a/pkgs/os-specific/linux/sgx/ssl/default.nix
+++ b/pkgs/os-specific/linux/sgx/ssl/default.nix
@@ -1,8 +1,8 @@
 { stdenv
+, callPackage
 , fetchFromGitHub
 , fetchurl
 , lib
-, openssl
 , perl
 , sgx-sdk
 , which
@@ -10,7 +10,7 @@
 }:
 let
   sgxVersion = sgx-sdk.versionTag;
-  opensslVersion = "1.1.1u";
+  opensslVersion = "3.0.12";
 in
 stdenv.mkDerivation {
   pname = "sgx-ssl" + lib.optionalString debug "-debug";
@@ -19,15 +19,15 @@ stdenv.mkDerivation {
   src = fetchFromGitHub {
     owner = "intel";
     repo = "intel-sgx-ssl";
-    rev = "lin_${sgxVersion}_${opensslVersion}";
-    hash = "sha256-zbXEQz72VUPqnGrboX6oXliaLpbcos7tV6K9lX+zleg=";
+    rev = "3.0_Rev2";
+    hash = "sha256-dmLyaG6v+skjSa0KxLAfIfSBOxp9grrI7ds6WdGPe0I=";
   };
 
   postUnpack =
     let
       opensslSourceArchive = fetchurl {
         url = "https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz";
-        hash = "sha256-4vjYS1I+7NBse+diaDA3AwD7zBU4a/UULXJ1j2lj68Y=";
+        hash = "sha256-+Tyejt3l6RZhGd4xdV/Ie0qjSGNmL2fd/LoU0La2m2E=";
       };
     in
     ''
@@ -37,7 +37,7 @@ stdenv.mkDerivation {
   postPatch = ''
     patchShebangs Linux/build_openssl.sh
 
-    # Run the test in the `installCheckPhase`, not the `buildPhase`
+    # Skip the tests. Build and run separately (see below).
     substituteInPlace Linux/sgx/Makefile \
       --replace '$(MAKE) -C $(TEST_DIR) all' \
                 'bash -c "true"'
@@ -46,7 +46,6 @@ stdenv.mkDerivation {
   nativeBuildInputs = [
     perl
     sgx-sdk
-    stdenv.cc.libc
     which
   ];
 
@@ -60,21 +59,22 @@ stdenv.mkDerivation {
     "DESTDIR=$(out)"
   ];
 
-  # Build the test app
-  doInstallCheck = true;
-  installCheckTarget = "test";
-  installCheckFlags = [
-    "SGX_MODE=SIM"
-    "-j 1" # Makefile doesn't support multiple jobs
-  ];
-  nativeInstallCheckInputs = [
-    openssl
-  ];
+  # These tests build on any x86_64-linux but BOTH SIM and HW will only _run_ on
+  # real Intel hardware. Split these out so OfBorg doesn't choke on this pkg.
+  #
+  # ```
+  # nix run .#sgx-ssl.tests.HW
+  # nix run .#sgx-ssl.tests.SIM
+  # ```
+  passthru.tests = {
+    HW = callPackage ./tests.nix { sgxMode = "HW"; inherit opensslVersion; };
+    SIM = callPackage ./tests.nix { sgxMode = "SIM"; inherit opensslVersion; };
+  };
 
   meta = with lib; {
     description = "Cryptographic library for Intel SGX enclave applications based on OpenSSL";
     homepage = "https://github.com/intel/intel-sgx-ssl";
-    maintainers = with maintainers; [ trundle veehaitch ];
+    maintainers = with maintainers; [ phlip9 trundle veehaitch ];
     platforms = [ "x86_64-linux" ];
     license = [ licenses.bsd3 licenses.openssl ];
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-16 13:52:12 +0000