# SGX SDK is for development use only hence no deubg package needed. %define debug_package %{nil} Name: linux-sgx Version: 2.22 Release: 1%{?dist} Summary: Intel SGX SDK # The entire source code is BSD, except some third party projects are # under other licenses listed in License.txt. License: BSD-3-Clause AND Apache-2.0 AND MIT AND OpenSSL AND ISC AND BSD-2-Clause AND GPL-2.0-only AND SMLNJ AND NCSA AND Apache-1.0 AND FSFAP AND BSD-4-Clause-UC AND FSFUL AND Zlib AND (Apache-2.0 OR GPL-2.0-or-later) AND EPL-1.0 AND MS-PL AND BSD-4-Clause AND MIT-0 URL: https://github.com/intel/linux-sgx Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_%{version}.tar.gz#/linux-sgx-sgx_%{version}.tar.gz # In external/epid-sdk/ Provides: bundled(epid-sdk) = 6.0.0 # In external/rdrand/ Provides: bundled(RdRand) = 1.1 # In external/tinyxml2/ Provides: bundled(tinyxml2) = 7.0.0 # In external/vtune/ Provides: bundled(vtune) = 2018 Source1: https://github.com/intel/ipp-crypto/archive/refs/tags/ippcp_2021.9.0.tar.gz Provides: bundled(ipp-crypto) = 2021.9.0 Source2: https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v3.4.0.tar.gz#/mbedtls-v3.4.0.tar.gz Provides: bundled(mbedtls) = 3.4.0 Source3: https://github.com/llvm-mirror/openmp/archive/refs/heads/svn-tags/RELEASE_801.tar.gz#/llvm-openmp-801.tar.gz Provides: bundled(libomp) = 801 Source4: https://github.com/protocolbuffers/protobuf/releases/download/v3.20.1/protobuf-all-3.20.1.tar.gz Provides: bundled(protobuf) = 3.20.1 Source5: https://github.com/intel/sgx-emm/archive/refs/tags/sgx-emm-1.0.2.tar.gz Provides: bundled(sgx-emm) = 1.0.2 Source6: https://github.com/PJK/libcbor/archive/refs/tags/v0.10.2.tar.gz#/libcbor-0.10.2.tar.gz Provides: bundled(libcbor) = 0.10.2 Source7: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/dcap_1.19_reproducible.tar.gz Provides: bundled(dcap) = 1.19 Source8: https://github.com/intel/intel-sgx-ssl/archive/refs/tags/3.0_Rev1.tar.gz#/sgxssl-3.0_Rev1.tar.gz Provides: bundled(sgxssl) = 3.0_Rev1 Source9: https://www.openssl.org/source/openssl-3.0.10.tar.gz Provides: bundled(openssl) = 3.0.10 # Fix parallel build race condition Patch1: cbor-untrusted.patch # stop ipp-crypto build using git Patch2: ippcp-build.patch # don't hide failures from sub-make Patch3: sdk-hidden-errors.patch # errors exposed by new toolchain Patch4: tlibc-errors.patch Patch5: libunwind-errors.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: binutils BuildRequires: libtool BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: make BuildRequires: cmake BuildRequires: ocaml BuildRequires: ocaml-ocamlbuild BuildRequires: openssl-devel BuildRequires: protobuf-compiler BuildRequires: protobuf-devel BuildRequires: libcurl-devel BuildRequires: python3-devel BuildRequires: perl-generators BuildRequires: perl-interpreter BuildRequires: perl-devel BuildRequires: perl(FindBin) BuildRequires: perl(lib) BuildRequires: perl(IPC::Cmd) BuildRequires: nasm BuildRequires: python-unversioned-command Requires: binutils Requires: gdb Requires: gcc-c++ # SGX is a feature supported and verified on x86_64 only. ExclusiveArch: x86_64 %description The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. %package devel Summary: Intel SGX SDK devel package %description devel Intel SGX SDK devel package contains most of the libraries, docuements and tools needed for developers to create SGX enabled applications. %package examples Summary: Intel SGX SDK Sample Code Requires: %{name} = %{version}-%{release} Requires: libsgx-urts >= %{version}-%{release} Requires: libsgx-enclave-common >= %{version}-%{release} %description examples The Intel SGX SDK sample code projects show developers how to create an enclave, how to use C++11 library inside the enclave, how to do local attestation and remote attestation, etc. %prep %autosetup -n %{name}-sgx_%{version} -p1 ./external/sgx-emm/create_symlink.sh ( cd external/ippcp_internal/ipp-crypto tar zxvf %{SOURCE1} --strip 1 perl -i -p -e 's/ -Werror"/"/' sources/cmake/linux/* ) ( cd external/mbedtls/mbedtls_code tar zxvf %{SOURCE2} --strip 1 patch -p1 < ../sgx_mbedtls.patch ) ( cd external/openmp/openmp_code tar zxvf %{SOURCE3} --strip 1 patch -p1 < ../0001-Enable-OpenMP-in-SGX.patch ) ( cd external/protobuf/protobuf_code tar zxvf %{SOURCE4} --strip 1 patch -p1 < ../sgx_protobuf.patch ) ( cd external/sgx-emm/emm_src tar zxvf %{SOURCE5} --strip 1 ) ( cd external/cbor/libcbor tar zxvf %{SOURCE6} --strip 1 cd .. cp -a libcbor sgx_libcbor cd libcbor patch -p1 < ../raw_cbor.patch cd ../sgx_libcbor patch -p1 < ../sgx_cbor.patch ) ( cd external/dcap_source tar zxvf %{SOURCE7} --strip 1 mkdir sgxssl cd sgxssl tar zxvf %{SOURCE8} --strip 1 # XXX we must cripple ECC crypto with # # - 0010-Add-changes-to-ectest-and-eccurve.patch # - 0011-Remove-EC-curves.patch # - 0012-Disable-explicit-ec.patch # - 0013-skipped-tests-EC-curves.patch # # And pass no-mdc2 no-ec2m no-sm2 no-sm4 cp %{SOURCE9} openssl_source/ ) ( cd external/sgxssl tar zxvf %{SOURCE8} --strip 1 # XXX we must cripple ECC crypto # see above cp %{SOURCE9} openssl_source/ ) %build %make_build -C external/ippcp_internal -j 20 # Fool sdk/Makefile's bogus check for pre-built libs # that we don't use as we set USE_OPT_LIBS=0 mkdir -p external/ippcp_internal/lib/linux/intel64 touch external/ippcp_internal/lib/linux/intel64/phony %make_build sdk_no_mitigation USE_OPT_LIBS=0 -j 1 %install # We don't directly use the resulting tarball, as the script # leaves the unpacked tarball contents around, which we can # grab instead ./linux/installer/common/sdk/createTarball.sh vroot=linux/installer/common/sdk/output/package %__install -d %{buildroot}%{_bindir} %__install -d %{buildroot}%{_libdir} %__install -d %{buildroot}%{_libdir}/pkgconfig %__install -d %{buildroot}%{_libdir}/sgx-gdb-plugin %__install -d %{buildroot}%{_includedir}/sgxsdk %__install -d %{buildroot}%{_prefix}/lib/sgxsdk %__install -d %{buildroot}%{_datadir}/sgxsdk cp $vroot/bin/sgx-gdb %{buildroot}%{_bindir}/ cp $vroot/bin/x64/sgx* %{buildroot}%{_bindir}/ cp -a $vroot/include/* %{buildroot}%{_includedir}/sgxsdk/ cp -a $vroot/lib64/*.so %{buildroot}%{_libdir}/ cp -a $vroot/lib64/*.a %{buildroot}%{_prefix}/lib/sgxsdk/ cp -a $vroot/lib64/libc++_Changes_SGX.txt %{buildroot}%{_datadir}/sgxsdk/ cp -a $vroot/lib64/gdb-sgx-plugin/* %{buildroot}%{_libdir}/sgx-gdb-plugin/ cp -a $vroot/pkgconfig/* %{buildroot}%{_libdir}/pkgconfig/ cp -a $vroot/SampleCode %{buildroot}%{_datadir}/sgxsdk/ cp -a $vroot/buildenv.mk %{buildroot}%{_datadir}/sgxsdk/ # Remove non-simulation libs for lib in epid launch quote_ex uae_service urts do rm -f %{buildroot}%{_libdir}/libsgx_${lib}.so rm -f %{buildroot}%{_libdir}/libsgx_${lib}.so.1 rm -f %{buildroot}%{_libdir}/pkgconfig/libsgx_${lib}.pc done # Not desired rm -f %{buildroot}%{_prefix}/lib/sgxsdk/libtdx_tls.a rm -f %{buildroot}%{_prefix}/lib/sgxsdk/libsgx_mbedcrypto.a %files devel %license License.txt %{_bindir}/sgx_config_cpusvn %{_bindir}/sgx_edger8r %{_bindir}/sgx_encrypt %{_bindir}/sgx-gdb %{_bindir}/sgx_protoc %{_bindir}/sgx_sign %{_libdir}/libsgx_capable.so %{_libdir}/libsgx_epid_sim.so %{_libdir}/libsgx_launch_sim.so %{_libdir}/libsgx_ptrace.so %{_libdir}/libsgx_quote_ex_sim.so %{_libdir}/libsgx_uae_service_sim.so %{_libdir}/libsgx_urts_sim.so %{_libdir}/pkgconfig/libsgx_epid_sim.pc %{_libdir}/pkgconfig/libsgx_launch_sim.pc %{_libdir}/pkgconfig/libsgx_quote_ex_sim.pc %{_libdir}/pkgconfig/libsgx_uae_service_sim.pc %{_libdir}/pkgconfig/libsgx_urts_sim.pc %dir %{_libdir}/sgx-gdb-plugin/ %{_libdir}/sgx-gdb-plugin/gdb_sgx_cmd %{_libdir}/sgx-gdb-plugin/gdb_sgx_plugin.py %{_libdir}/sgx-gdb-plugin/load_symbol_cmd.py %{_libdir}/sgx-gdb-plugin/printers.py %{_libdir}/sgx-gdb-plugin/readelf.py %{_libdir}/sgx-gdb-plugin/sgx_emmt.py %dir %{_includedir}/sgxsdk/ %{_includedir}/sgxsdk/sgx*.h %{_includedir}/sgxsdk/sgx_*.edl %{_includedir}/sgxsdk/ipp/ %{_includedir}/sgxsdk/libcxx/ %{_includedir}/sgxsdk/mbedtls/ %{_includedir}/sgxsdk/stdc++/ %{_includedir}/sgxsdk/tlibc/ %{_includedir}/sgxsdk/tprotobuf/ %dir %{_prefix}/lib/sgxsdk/ # XXX why renamed ? #{_prefix}/lib/sgxsdk/libsgtcxx.a %{_prefix}/lib/sgxsdk/libsgx_tcxx.a %{_prefix}/lib/sgxsdk/libsgx_capable.a %{_prefix}/lib/sgxsdk/libsgx_dcap_tvl.a %{_prefix}/lib/sgxsdk/libsgx_omp.a %{_prefix}/lib/sgxsdk/libsgx_pcl.a %{_prefix}/lib/sgxsdk/libsgx_pclsim.a %{_prefix}/lib/sgxsdk/libsgx_protobuf.a %{_prefix}/lib/sgxsdk/libsgx_pthread.a %{_prefix}/lib/sgxsdk/libsgx_tcmalloc.a %{_prefix}/lib/sgxsdk/libsgx_tcrypto.a %{_prefix}/lib/sgxsdk/libsgx_tkey_exchange.a %{_prefix}/lib/sgxsdk/libsgx_tprotected_fs.a %{_prefix}/lib/sgxsdk/libsgx_trts.a %{_prefix}/lib/sgxsdk/libsgx_trts_sim.a %{_prefix}/lib/sgxsdk/libsgx_tservice.a %{_prefix}/lib/sgxsdk/libsgx_tservice_sim.a %{_prefix}/lib/sgxsdk/libsgx_tstdc.a %{_prefix}/lib/sgxsdk/libsgx_tswitchless.a %{_prefix}/lib/sgxsdk/libsgx_ttls.a %{_prefix}/lib/sgxsdk/libsgx_ukey_exchange.a %{_prefix}/lib/sgxsdk/libsgx_uprotected_fs.a %{_prefix}/lib/sgxsdk/libsgx_uswitchless.a %{_prefix}/lib/sgxsdk/libsgx_utls.a %dir %{_datadir}/sgxsdk/ %{_datadir}/sgxsdk/buildenv.mk %{_datadir}/sgxsdk/libc++_Changes_SGX.txt %exclude %{_datadir}/sgxsdk/SampleCode/ %files examples %{_datadir}/sgxsdk/SampleCode/ %changelog * Tue Oct 17 2023 Yunying Sun - 2.22.100.0-1 - Initial packaging