diff options
Diffstat (limited to 'pkgs/os-specific/linux/sgx/ssl/default.nix')
-rw-r--r-- | pkgs/os-specific/linux/sgx/ssl/default.nix | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/pkgs/os-specific/linux/sgx/ssl/default.nix b/pkgs/os-specific/linux/sgx/ssl/default.nix index 9d1905e09d1f7..94d7e20b21c41 100644 --- a/pkgs/os-specific/linux/sgx/ssl/default.nix +++ b/pkgs/os-specific/linux/sgx/ssl/default.nix @@ -1,8 +1,8 @@ { stdenv +, callPackage , fetchFromGitHub , fetchurl , lib -, openssl , perl , sgx-sdk , which @@ -10,7 +10,7 @@ }: let sgxVersion = sgx-sdk.versionTag; - opensslVersion = "1.1.1u"; + opensslVersion = "3.0.12"; in stdenv.mkDerivation { pname = "sgx-ssl" + lib.optionalString debug "-debug"; @@ -19,15 +19,15 @@ stdenv.mkDerivation { src = fetchFromGitHub { owner = "intel"; repo = "intel-sgx-ssl"; - rev = "lin_${sgxVersion}_${opensslVersion}"; - hash = "sha256-zbXEQz72VUPqnGrboX6oXliaLpbcos7tV6K9lX+zleg="; + rev = "3.0_Rev2"; + hash = "sha256-dmLyaG6v+skjSa0KxLAfIfSBOxp9grrI7ds6WdGPe0I="; }; postUnpack = let opensslSourceArchive = fetchurl { url = "https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz"; - hash = "sha256-4vjYS1I+7NBse+diaDA3AwD7zBU4a/UULXJ1j2lj68Y="; + hash = "sha256-+Tyejt3l6RZhGd4xdV/Ie0qjSGNmL2fd/LoU0La2m2E="; }; in '' @@ -37,7 +37,7 @@ stdenv.mkDerivation { postPatch = '' patchShebangs Linux/build_openssl.sh - # Run the test in the `installCheckPhase`, not the `buildPhase` + # Skip the tests. Build and run separately (see below). substituteInPlace Linux/sgx/Makefile \ --replace '$(MAKE) -C $(TEST_DIR) all' \ 'bash -c "true"' @@ -46,7 +46,6 @@ stdenv.mkDerivation { nativeBuildInputs = [ perl sgx-sdk - stdenv.cc.libc which ]; @@ -60,21 +59,22 @@ stdenv.mkDerivation { "DESTDIR=$(out)" ]; - # Build the test app - doInstallCheck = true; - installCheckTarget = "test"; - installCheckFlags = [ - "SGX_MODE=SIM" - "-j 1" # Makefile doesn't support multiple jobs - ]; - nativeInstallCheckInputs = [ - openssl - ]; + # These tests build on any x86_64-linux but BOTH SIM and HW will only _run_ on + # real Intel hardware. Split these out so OfBorg doesn't choke on this pkg. + # + # ``` + # nix run .#sgx-ssl.tests.HW + # nix run .#sgx-ssl.tests.SIM + # ``` + passthru.tests = { + HW = callPackage ./tests.nix { sgxMode = "HW"; inherit opensslVersion; }; + SIM = callPackage ./tests.nix { sgxMode = "SIM"; inherit opensslVersion; }; + }; meta = with lib; { description = "Cryptographic library for Intel SGX enclave applications based on OpenSSL"; homepage = "https://github.com/intel/intel-sgx-ssl"; - maintainers = with maintainers; [ trundle veehaitch ]; + maintainers = with maintainers; [ phlip9 trundle veehaitch ]; platforms = [ "x86_64-linux" ]; license = [ licenses.bsd3 licenses.openssl ]; }; |