with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
Currently, the sgx-sdk.runTestsHW attribute fails to build due to
linking errors. It looks like OpenSSL versions are mixed up.
And indeed sgx-sdk pulls in OpenSSL 3 while ipp-crypto pulls in
OpenSSL 1.1.
Fix by pinning the OpenSSL version for the SGX SDK to OpenSSL 1.1 as
well.
Changes sgx-psw to append `aesm` to `LD_LIBRARY_PATH`:
- Append instead of prepend to allow for overriding in service config
- As we already add a wrapper to add `aesm` to `LD_LIBRARY_PATH` it is
not necessary to also set in `LD_LIBRARY_PATH` of the systemd service.
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
Although we build the test app in SGX simulation mode which does not
require hardware SGX support, SGX SSL fails to initialize on non-Intel
CPUs. This is unexpected (and inconsistent with the `sgx-sdk` sample
code we run in the `installCheckPhase`) and subject to an upstream
issue: https://github.com/intel/intel-sgx-ssl/issues/113
Revert this commit as soon as the issue is resolved by Intel.
Make it easier to review updates to `sgx-{sdk,psw}` on machines with
actual SGX hardware support. The passthru tests build and run the SGX
samples in simulation mode which works without any hardware support. To
run the samples on a machine with SGX hardware support, issue the
following command:
```bash
$(nix-build -A sgx-sdk.runTestsHW)/bin/run-tests-hw
```
Make sure the SGX AESM daemon is running as some tests require it. See
the `services.aesmd.*` NixOS module options and the `sgx-psw` package
for details.
