Name: linux-sgx Version: 2.5 Release: 1%{?dist} Summary: Intel SGX for Linux License: BSD or GPLv2+ URL: https://github.com/intel/linux-sgx Source0: https://github.com/intel/linux-sgx/archive/sgx_%{version}.tar.gz Source1: sgx_packer.py %global debug_package %{nil} # SGX exists only for x86_64 ExclusiveArch: x86_64 # General tools BuildRequires: gcc-c++ autoconf automake libtool systemd git # For the SDK BuildRequires: ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget python # For the Platform SoftWare (PSW, includes AESMD) BuildRequires: openssl-devel libcurl-devel protobuf-devel cmake Requires(pre): shadow-utils %description Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. The Linux* Intel(R) SGX software stack is comprised of the Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW). The Intel(R) SGX SDK and Intel(R) SGX PSW are hosted in the linux-sgx project. The linux-sgx-driver project hosts the out-of-tree driver for the Linux* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete. The repository provides a reference implementation of a Launch Enclave for 'Flexible Launch Control' under psw/ae/ref_le. The reference LE implemenation can be used as a basis for enforcing different launch control policy by the platform developer or owner. To build and try it by yourself, please refer to the ref_le.md for details. %prep %autosetup -n linux-sgx-sgx_%{version} %build git init git add . git -c user.name=Builder -c user.email=builder@puiterwijk.org commit -sm init git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git external/dcap_source ./download_prebuilt.sh %if %{fedora} >= 30 CXXFLAGS="-Wno-error=implicit -Wno-error=conversion -Wno-error=shadow -Wno-error=float-equal -Wno-error=redundant-decls -Wno-error=deprecated-copy" \ %else CXXFLAGS="-Wno-error=implicit -Wno-error=conversion -Wno-error=shadow -Wno-error=float-equal -Wno-error=redundant-decls" \ %endif make psw_install_pkg DEBUG=1 %install rm -rf %{_builddir}/out mkdir %{_builddir}/out python3 %{SOURCE1} %{_builddir}/out linux/installer/common/{libsgx-enclave-common,psw}/BOMs/*_{base,x64}.txt mkdir -p %{buildroot}/usr/lib64 cp %{_builddir}/out/package/lib64/*.so %{buildroot}/usr/lib64/ mkdir -p %{buildroot}/var/opt/aesmd %{buildroot}/etc cp -rf %{_builddir}/out/package/aesm/data %{buildroot}/var/opt/aesmd/ cp -rf %{_builddir}/out/package/aesm/conf/aesmd.conf %{buildroot}/etc/aesmd.conf rm -rf %{_builddir}/out/package/aesm/{data,conf} mkdir -p %{buildroot}/var/run/aesmd mkdir -p %{buildroot}%{_unitdir} sed -e "s:@aesm_folder@:/opt/intel/sgxpsw/aesm:" -e "/ExecStartPre/d" %{_builddir}/out/package/aesm/aesmd.service >%{buildroot}%{_unitdir}/aesmd.service mkdir -p %{buildroot}/opt/intel/sgxpsw cp -r %{_builddir}/out/package/aesm %{buildroot}/opt/intel/sgxpsw %files /usr/lib64/libsgx_enclave_common.so.1 /usr/lib64/libsgx_enclave_common.so /usr/lib64/libsgx_uae_service.so /usr/lib64/libsgx_urts.so /etc/aesmd.conf /var/opt/aesmd /var/run/aesmd %{_unitdir}/aesmd.service /opt/intel/sgxpsw %pre getent group aesmd >/dev/null || groupadd -r aesmd getent passwd aesmd >/dev/null || \ useradd -r -g aesmd -d /var/opt/aesmd -s /sbin/nologin \ -c "User for aesmd" aesmd exit 0 %changelog * Fri Apr 5 2019 Patrick Uiterwijk - 2.5-1 - Initial packaging