diff options
Diffstat (limited to 'pkgs/os-specific/linux/sgx/ssl/default.nix')
-rw-r--r-- | pkgs/os-specific/linux/sgx/ssl/default.nix | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/sgx/ssl/default.nix b/pkgs/os-specific/linux/sgx/ssl/default.nix new file mode 100644 index 0000000000000..c54eda19d6a21 --- /dev/null +++ b/pkgs/os-specific/linux/sgx/ssl/default.nix @@ -0,0 +1,95 @@ +{ stdenv +, fetchFromGitHub +, fetchpatch +, fetchurl +, lib +, perl +, sgx-sdk +, which +, debug ? false +}: +let + sgxVersion = sgx-sdk.versionTag; + opensslVersion = "1.1.1l"; +in +stdenv.mkDerivation rec { + pname = "sgx-ssl" + lib.optionalString debug "-debug"; + version = "lin_${sgxVersion}_${opensslVersion}"; + + src = fetchFromGitHub { + owner = "intel"; + repo = "intel-sgx-ssl"; + rev = version; + hash = "sha256-ibPXs90ni2fkxJ09fNO6wWVpfCFdko6MjBFkEsyIih8="; + }; + + postUnpack = + let + opensslSourceArchive = fetchurl { + url = "https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz"; + hash = "sha256-C3o+XlnDSCf+DDp0t+yLrvMCuY+oAIjX+RU6oW+na9E="; + }; + in + '' + ln -s ${opensslSourceArchive} $sourceRoot/openssl_source/openssl-${opensslVersion}.tar.gz + ''; + + patches = [ + # https://github.com/intel/intel-sgx-ssl/pull/111 + ./intel-sgx-ssl-pr-111.patch + ]; + + postPatch = '' + patchShebangs Linux/build_openssl.sh + + # Run the test in the `installCheckPhase`, not the `buildPhase` + substituteInPlace Linux/sgx/Makefile \ + --replace '$(MAKE) -C $(TEST_DIR) all' \ + 'bash -c "true"' + ''; + + enableParallelBuilding = true; + + nativeBuildInputs = [ + perl + sgx-sdk + stdenv.glibc + which + ]; + + makeFlags = [ + "-C Linux" + ] ++ lib.optionals debug [ + "DEBUG=1" + ]; + + installFlags = [ + "DESTDIR=$(out)" + ]; + + # Build the test app + # + # Running the test app is currently only supported on Intel CPUs + # and will fail on non-Intel CPUs even in SGX simulation mode. + # Therefore, we only build the test app without running it until + # upstream resolves the issue: https://github.com/intel/intel-sgx-ssl/issues/113 + doInstallCheck = true; + installCheckTarget = "all"; + installCheckFlags = [ + "SGX_MODE=SIM" + "-C sgx/test_app" + "-j 1" # Makefile doesn't support multiple jobs + ]; + preInstallCheck = '' + # Expects the enclave file in the current working dir + ln -s sgx/test_app/TestEnclave.signed.so . + ''; + + meta = with lib; { + description = "Cryptographic library for Intel SGX enclave applications based on OpenSSL"; + homepage = "https://github.com/intel/intel-sgx-ssl"; + maintainers = with maintainers; [ trundle veehaitch ]; + platforms = [ "x86_64-linux" ]; + license = with licenses; [ bsd3 openssl ]; + }; +} |