| blob | 73cde2e030af4adfaf01fe69bb1efc4843c1651b |
1 { stdenv
2 , callPackage
3 , fetchFromGitHub
4 , fetchurl
5 , lib
6 , perl
7 , sgx-sdk
8 , which
9 , debug ? false
10 }:
11 let
12 sgxVersion = sgx-sdk.versionTag;
13 opensslVersion = "3.0.13";
14 in
15 stdenv.mkDerivation {
16 pname = "sgx-ssl" + lib.optionalString debug "-debug";
17 version = "${sgxVersion}_${opensslVersion}";
19 src = fetchFromGitHub {
20 owner = "intel";
21 repo = "intel-sgx-ssl";
22 rev = "3.0_Rev2";
23 hash = "sha256-dmLyaG6v+skjSa0KxLAfIfSBOxp9grrI7ds6WdGPe0I=";
24 };
26 postUnpack =
27 let
28 opensslSourceArchive = fetchurl {
29 url = "https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz";
30 hash = "sha256-iFJXU/edO+wn0vp8ZqoLkrOqlJja/ZPXz6SzeAza4xM=";
31 };
32 in
33 ''
34 ln -s ${opensslSourceArchive} $sourceRoot/openssl_source/openssl-${opensslVersion}.tar.gz
35 '';
37 postPatch = ''
38 patchShebangs Linux/build_openssl.sh
40 # Skip the tests. Build and run separately (see below).
41 substituteInPlace Linux/sgx/Makefile \
42 --replace-fail '$(MAKE) -C $(TEST_DIR) all' \
43 'bash -c "true"'
44 '';
46 nativeBuildInputs = [
47 perl
48 sgx-sdk
49 which
50 ];
52 makeFlags = [
53 "-C Linux"
54 ] ++ lib.optionals debug [
55 "DEBUG=1"
56 ];
58 installFlags = [
59 "DESTDIR=$(out)"
60 ];
62 # These tests build on any x86_64-linux but BOTH SIM and HW will only _run_ on
63 # real Intel hardware. Split these out so OfBorg doesn't choke on this pkg.
64 #
65 # ```
66 # nix run .#sgx-ssl.tests.HW
67 # nix run .#sgx-ssl.tests.SIM
68 # ```
69 passthru.tests = {
70 HW = callPackage ./tests.nix { sgxMode = "HW"; inherit opensslVersion; };
71 SIM = callPackage ./tests.nix { sgxMode = "SIM"; inherit opensslVersion; };
72 };
74 meta = {
75 description = "Cryptographic library for Intel SGX enclave applications based on OpenSSL";
76 homepage = "https://github.com/intel/intel-sgx-ssl";
77 maintainers = with lib.maintainers; [ phlip9 trundle veehaitch ];
78 platforms = [ "x86_64-linux" ];
79 license = with lib.licenses; [ bsd3 openssl ];
80 };
81 }