harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-21 15:33:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: sgx-2.25 dcap-1.22

Browse source 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2024-10-15 08:27:44 +02:00
parent 00bb72e3ef
commit 41b3543753
Signed by: harald
GPG key ID: F519A1143B3FBE32
7 changed files with 34 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

11
packages/sgx-dcap/SGXDataCenterAttestationPrimitives-tarball-repro.patch
View file

@ -119,17 +119,6 @@ index 4e53085..7047a49 100755
pushd ${INSTALL_PATH} &> /dev/null
sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
popd &> /dev/null
diff --git a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh
index fa3286e..cacf5a3 100755
--- a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh
+++ b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/createTarball.sh
@@ -57,5 +57,5 @@ python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=f
# Create the tarball
pushd ${INSTALL_PATH} &> /dev/null
-tar -zcvf ${TARBALL_NAME} *
+tar -zcv --sort=name --owner=root:0 --group=root:0 --mtime='UTC 2019-01-01 00:00:00' -f ${TARBALL_NAME} *
popd &> /dev/null
diff --git a/QuoteGeneration/installer/linux/common/tdx-qgs/createTarball.sh b/QuoteGeneration/installer/linux/common/tdx-qgs/createTarball.sh

20
packages/sgx-dcap/default.nix
View file

@ -15,7 +15,7 @@
}:
stdenv.mkDerivation rec {
pname = "sgx-dcap";
version = "1.21";
version = "1.22";
postUnpack =
let
@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
filename = "prebuilt_dcap_${version}.tar.gz";
prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
hash = "sha256-/PPD2MyNxoCwzNljIFcpkFvItXbyvymsJ7+Uf4IyZuk=";
hash = "sha256-RTpJQ6epoAN8YQXSJUjJQ5mPaQIiQpStTWFsnspjjDQ=";
};
};
in
@ -33,13 +33,14 @@ stdenv.mkDerivation rec {
|| (echo "Could not find expected prebuilt DCAP ${dcap.filename} in dcap source" >&2 && grep 'ae_file_name' "$sourceRoot/QuoteGeneration/download_prebuilt.sh" && exit 1)
tar -zxf ${dcap.prebuilt} -C $sourceRoot/QuoteGeneration/
tar -zxf ${dcap.prebuilt} -C $sourceRoot/
'';
src = fetchFromGitHub {
owner = "intel";
repo = "SGXDataCenterAttestationPrimitives";
rev = "DCAP_${version}";
hash = "sha256-Vp8R4W6qdPTGJFNJrPPKe9Oqxxj+UIdZf2GSL+gCyjU=";
hash = "sha256-Ubjm3/tpfkRrKhub10g2oDl+2vv/MF4wnJR/nLz7KDk=";
fetchSubmodules = true;
};
@ -75,11 +76,11 @@ stdenv.mkDerivation rec {
patchShebangs --build $(find . -name '*.sh')
'';
preBuild = ''
makeFlagsArray+=(SGX_SDK="${nixsgx.sgx-sdk}" SGXSSL_PACKAGE_PATH="${nixsgx.sgx-ssl}")
'';
makeFlags = [
"SGX_SDK=${nixsgx.sgx-sdk}"
"SGXSSL_PACKAGE_PATH=${nixsgx.sgx-ssl}"
];
# sigh... Intel!
enableParallelBuilding = true;
dontUseCmakeConfigure = true;
@ -112,7 +113,6 @@ stdenv.mkDerivation rec {
./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network
./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi
./tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool
#./QuoteGeneration/installer/linux/common/sgx-dcap-pccs
)
for src in ''${dcap_pkgdirs[@]}; do
@ -152,10 +152,6 @@ stdenv.mkDerivation rec {
"$ra_uefi"
tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/output
"$pck_id_retrieval_tool"
#QuoteGeneration/installer/linux/common/sgx-dcap-pccs/output
#"$pccs"
# sgx-ra-service
# tdx-qgs
)
for ((i = 0 ; i < ''${#dcap_map[@]} ; i+=2 )); do