feat: initial commit

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

packages/azure-dcap-client/Azure-DCAP-Client.patch

@@ -0,0 +1,38 @@
+diff --git a/src/dcap_provider.cpp b/src/dcap_provider.cpp
+index af09546..40f8883 100644
+--- a/src/dcap_provider.cpp
++++ b/src/dcap_provider.cpp
+@@ -1348,7 +1348,7 @@ static std::string build_tcb_info_url(
+         tcb_info_url << base_url;
+     }
+     else
+-        tcb_info_url << get_base_url();
++        tcb_info_url << "https://api.trustedservices.intel.com/sgx/certification";
+ 
+     if (!version.empty())
+     {
+@@ -1441,7 +1441,7 @@ static std::string build_enclave_id_url(
+         qe_id_url << base_url;
+     }
+     else
+-        qe_id_url << get_base_url();
++        qe_id_url << "https://api.trustedservices.intel.com/sgx/certification/";
+ 
+     // Select the correct issuer header name
+     if (!version.empty())
+@@ -1536,6 +1536,7 @@ static quote3_error_t get_collateral(
+                 "Successfully fetched %s from URL: '%s'.",
+                 friendly_name.c_str(),
+                 url.c_str());
++/*
+             std::string cache_control;
+             auto get_cache_header_operation = get_unescape_header(*curl_operation, headers::CACHE_CONTROL, &cache_control);
+             retval = convert_to_intel_error(get_cache_header_operation);
+@@ -1549,6 +1550,7 @@ static quote3_error_t get_collateral(
+                     local_cache_add(issuer_chain_cache_name, expiry, issuer_chain.size(), issuer_chain.c_str());
+                 }
+             }
++*/
+         }
+ 
+         return retval;

packages/azure-dcap-client/default.nix

@@ -0,0 +1,88 @@
+{ stdenv
+, fetchFromGitHub
+, lib
+, curl
+, nlohmann_json
+, openssl
+, pkg-config
+, linkFarmFromDrvs
+, callPackage
+}:
+let
+  # Although those headers are also included in the source of `sgx-psw`, the `azure-dcap-client` build needs specific versions
+  filterSparse = list: ''
+    cp -r "$out"/. .
+    find "$out" -mindepth 1 -delete
+    cp ${lib.concatStringsSep " " list} "$out/"
+  '';
+  headers = linkFarmFromDrvs "azure-dcpa-client-intel-headers" [
+    (fetchFromGitHub rec {
+      name = "${repo}-headers";
+      owner = "intel";
+      repo = "linux-sgx";
+      # See: <src/Linux/configure> for the revision `azure-dcap-client` uses.
+      rev = "1ccf25b64abd1c2eff05ead9d14b410b3c9ae7be";
+      hash = "sha256-WJRoS6+NBVJrFmHABEEDpDhW+zbWFUl65AycCkRavfs=";
+      sparseCheckout = [
+        "common/inc/sgx_report.h"
+        "common/inc/sgx_key.h"
+        "common/inc/sgx_attributes.h"
+      ];
+      postFetch = filterSparse sparseCheckout;
+    })
+  ];
+in
+stdenv.mkDerivation rec {
+  pname = "azure-dcap-client";
+  version = "1.12.3";
+
+  src = fetchFromGitHub {
+    owner = "microsoft";
+    repo = pname;
+    rev = version;
+    hash = "sha256-zTDaICsSPXctgFRCZBiZwXV9dLk2pFL9kp5a8FkiTZA=";
+  };
+
+  patches = [
+    ./missing-includes.patch
+    ./Azure-DCAP-Client.patch
+  ];
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+
+  buildInputs = [
+    curl
+    nlohmann_json
+    openssl
+  ];
+
+  postPatch = ''
+    mkdir -p src/Linux/ext/intel
+    find -L '${headers}' -type f -exec ln -s {} src/Linux/ext/intel \;
+
+    substitute src/Linux/Makefile{.in,} \
+      --replace '##CURLINC##' '${curl.dev}/include/curl/' \
+      --replace '$(TEST_SUITE): $(PROVIDER_LIB) $(TEST_SUITE_OBJ)' '$(TEST_SUITE): $(TEST_SUITE_OBJ)'
+  '';
+
+  env.NIX_CFLAGS_COMPILE = "-Wno-deprecated-declarations";
+
+  makeFlags = [
+    "-C src/Linux"
+    "prefix=$(out)"
+  ];
+
+  # Online test suite; run with
+  # $(nix-build -A sgx-azure-dcap-client.tests.suite)/bin/tests
+  passthru.tests.suite = callPackage ./test-suite.nix { };
+
+  meta = with lib; {
+    description = "Interfaces between SGX SDKs and the Azure Attestation SGX Certification Cache";
+    homepage = "https://github.com/microsoft/azure-dcap-client";
+    maintainers = with maintainers; [ phlip9 trundle veehaitch ];
+    platforms = [ "x86_64-linux" ];
+    license = [ licenses.mit ];
+  };
+}

packages/azure-dcap-client/missing-includes.patch

@@ -0,0 +1,12 @@
+diff --git a/src/Linux/local_cache.cpp b/src/Linux/local_cache.cpp
+index fe48b90..aa91cb8 100644
+--- a/src/Linux/local_cache.cpp
++++ b/src/Linux/local_cache.cpp
+@@ -6,6 +6,7 @@
+ #include <algorithm>
+ #include <cstring>
+ #include <mutex>
++#include <stdexcept>
+ 
+ #include <fcntl.h>
+ #include <ftw.h>

packages/azure-dcap-client/test-suite.nix

@@ -0,0 +1,32 @@
+{ lib
+, sgx-azure-dcap-client
+, gtest
+, makeWrapper
+}:
+sgx-azure-dcap-client.overrideAttrs (old: {
+  nativeBuildInputs = old.nativeBuildInputs ++ [
+    makeWrapper
+    gtest
+  ];
+
+  patches = [
+    ./tests-missing-includes.patch
+  ];
+
+  buildFlags = [
+    "tests"
+  ];
+
+  installPhase = ''
+    runHook preInstall
+
+    install -D ./src/Linux/tests "$out/bin/tests"
+
+    runHook postInstall
+  '';
+
+  postFixup = ''
+    wrapProgram "$out/bin/tests" \
+      --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-azure-dcap-client ]}"
+  '';
+})

packages/azure-dcap-client/tests-missing-includes.patch

@@ -0,0 +1,12 @@
+diff --git a/src/UnitTest/test_local_cache.cpp b/src/UnitTest/test_local_cache.cpp
+index 5fbc31b..6b8d52e 100644
+--- a/src/UnitTest/test_local_cache.cpp
++++ b/src/UnitTest/test_local_cache.cpp
+@@ -5,6 +5,7 @@
+ #include <gtest/gtest.h>
+ 
+ #undef NDEBUG // ensure that asserts are never compiled out
++#include <array>
+ #include <cassert>
+ #include <cstdio>
+ #include <cstring>