feat: add sgx-dcap.pck_id_retrieval_tool

for `PCKIDRetrievalTool` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 23:43:56 +02:00 · 2024-03-13 15:21:31 +01:00 · 2024-03-13 15:21:31 +01:00 · 795851e244
commit 795851e244
parent c66c2e4343
1 changed files with 224 additions and 197 deletions
--- a/packages/sgx-dcap/default.nix
+++ b/packages/sgx-dcap/default.nix
@ -11,13 +11,9 @@
 , curl
 , zip
 , nixsgx
-,
+, makeWrapper
 }:
-
+stdenv.mkDerivation rec {
 let inherit (lib) optional; in
 let
  self = stdenv.mkDerivation rec {
  pname = "sgx-dcap";
  version = "1.20";
@ -63,6 +59,7 @@ let
    "ra_uefi"
    "tdx_logic"
    "libtdx_attest"
    "pck_id_retrieval_tool"
  ];
  patches = [
@ -87,8 +84,7 @@ let
  # sigh... Intel!
  installPhase = ''
-      # set -x
+    #set -xe
      set -e
    runHook preInstall
    # sigh... Intel!
@ -111,6 +107,7 @@ let
        ./QuoteGeneration/installer/linux/common/libtdx-attest
        ./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-network
        ./tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi
        ./tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool
        #./QuoteGeneration/installer/linux/common/sgx-dcap-pccs
    )
@ -149,9 +146,10 @@ let
        "$ra_network"
        tools/SGXPlatformRegistration/package/installer/common/libsgx-ra-uefi/output/libsgx-ra-uefi
        "$ra_uefi"
        tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/output
        "$pck_id_retrieval_tool"
        #QuoteGeneration/installer/linux/common/sgx-dcap-pccs/output
        #"$pccs"
          #    sgx-pck-id-retrieval-tool
        #    sgx-ra-service
        #    tdx-qgs
    )
@ -164,8 +162,22 @@ let
        mkdir -p "$dst"
        if [[ -d "$out/$src/opt/intel" ]]; then 
          find "$out/$src/opt/intel" 
          moveToOutput "$src/opt/intel" "$dst"
          mkdir "$dst/bin"
          mv "$dst/$src/opt/intel"/*/* "$dst/bin/"
        fi
        if [[ -d "$out/$src" ]]; then 
          find "$out/$src"
          moveToOutput "$src" "$dst"
        fi
        if [[ -d "$out/$src-dev" ]]; then 
          find "$out/$src-dev"
          moveToOutput "$src-dev" "$dst"
        fi
        mv "$dst"/$src/* "$dst"/
@ -187,11 +199,24 @@ let
    mkdir -p "$out"/share/doc
    echo Hello > "$out"/share/doc/README.md
    rm "$pck_id_retrieval_tool"/bin/lib*so*
    mkdir "$pck_id_retrieval_tool"/lib
    cp QuoteGeneration/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so "$pck_id_retrieval_tool"/lib
    ln -fs ../lib/libsgx_id_enclave.signed.so "$pck_id_retrieval_tool"/bin/libsgx_id_enclave.signed.so.1
    cp QuoteGeneration/psw/ae/data/prebuilt/libsgx_pce.signed.so "$pck_id_retrieval_tool"/lib
    ln -fs ../lib/libsgx_pce.signed.so "$pck_id_retrieval_tool"/bin/libsgx_pce.signed.so.1
    #set +x
    runHook postInstall
  '';
  postFixup = ''
    wrapProgram "$pck_id_retrieval_tool/bin/PCKIDRetrievalTool" \
      --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ nixsgx.sgx-psw ]}:$ra_uefi/lib:$ra_network/lib"
  '';
  nativeBuildInputs = [
-      nixsgx.sgx-sdk
+    makeWrapper
    cmake
    openssl
    python3
@ -202,6 +227,10 @@ let
    zip
  ];
  buildInputs = [
    nixsgx.sgx-sdk
  ];
  doCheck = false;
  dontDisableStatic = false;
@ -212,6 +241,4 @@ let
    platforms = [ "x86_64-linux" ];
    license = with licenses; [ bsd3 ];
  };
-  };
+}
 in
 self