Name: linux-sgx Version: 2.15.1 Release: 6 Summary: Intel(R) Software Guard Extensions for Linux* OS ExclusiveArch: x86_64 License: BSD-3-Clause URL: https://github.com/intel/linux-sgx Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_2.15.1.tar.gz Source1: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/DCAP_1.12.1.tar.gz Source2: https://github.com/llvm-mirror/openmp/archive/svn-tags/openmp_code.tar.gz Source3: https://github.com/oneapi-src/oneDNN/archive/oneDNN-2.5.tar.gz Source4: https://github.com/intel/ipp-crypto/archive/ipp-crypto.tar.gz Source5: https://download.01.org/intel-sgx/sgx-linux/2.15.1/optimized_libs_2.15.1.tar.gz Source6: https://download.01.org/intel-sgx/sgx-linux/2.15.1/prebuilt_ae_2.15.1.tar.gz Source7: https://github.com/protocolbuffers/protobuf/archive/refs/tags/protobuf_code.tar.gz Source8: https://download.01.org/intel-sgx/sgx-dcap/1.9/linux/prebuilt_dcap_1.9.tar.gz Source9: https://download.01.org/intel-sgx/sgx-linux/2.15.1/as.ld.objdump.r4.tar.gz Source10: https://github.com/openssl/openssl/archive/refs/tags/openssl-1.1.1l.tar.gz Source11: https://github.com/intel/intel-sgx-ssl/archive/refs/tags/intel-sgx-ssl-lin_2.15.1_1.1.1l.zip Patch0: 0001-disable-the-download-process-in-building.patch Patch1: 0002-fix-building-error-for-systemd.patch Patch2: add-secure-compilation-options.patch Patch3: backport-CVE-2021-22570.patch Patch4: backport-CVE-2022-0778.patch Patch5: backport-CVE-2022-0778_test.patch Patch6: backport-CVE-2022-1292.patch Patch7: adapt-openssl-CVE.patch Patch8: backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch Patch9: backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch Patch10: DCAP-disabling-the-rpatch-option.patch BuildRequires: gcc-c++ protobuf-devel libtool ocaml-ocamlbuild openssl openssl-devel cmake python curl-devel createrepo_c git nasm Requires: glibc %description Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. %package -n sgxsdk Summary: Development files for linux sgx Requires: glibc tar Provides: libsgx_urts_sim.so()(64bit) %description -n sgxsdk Development files for linux sgx %package -n libsgx-ae-qe3 Summary: Intel(R) Software Guard Extensions QE3 %description -n libsgx-ae-qe3 Intel(R) Software Guard Extensions QE3 %package -n libsgx-pce-logic Summary: Intel(R) Software Guard Extensions PCE logic Requires: libsgx-urts >= %{version} libsgx-ae-pce >= %{version} %description -n libsgx-pce-logic Intel(R) Software Guard Extensions PCE logic %package -n libsgx-qe3-logic Summary: Intel(R) Software Guard Extensions QE3 logic Requires: libsgx-urts >= %{version} libsgx-ae-pce >= %{version} %description -n libsgx-qe3-logic Intel(R) Software Guard Extensions QE3 logic %package -n sgx-aesm-service Summary: Intel(R) Software Guard Extensions AESM Service %description -n sgx-aesm-service Intel(R) Software Guard Extensions AESM Service %package -n libsgx-ae-epid Summary: Intel(R) Software Guard Extensions QE and PvE %description -n libsgx-ae-epid Intel(R) Software Guard Extensions QE and PvE %package -n libsgx-ae-le Summary: Intel(R) Software Guard Extensions LE %description -n libsgx-ae-le Intel(R) Software Guard Extensions LE %package -n libsgx-ae-pce Summary: Intel(R) Software Guard Extensions PCE %description -n libsgx-ae-pce Intel(R) Software Guard Extensions PCE %package -n libsgx-aesm-ecdsa-plugin Summary: ECDSA Quote Plugin for Intel(R) Software Guard Extensions AESM Service Requires: sgx-aesm-service >= %{version}-%{release} libsgx-qe3-logic >= %{version}-%{release} libsgx-aesm-pce-plugin >= %{version}-%{release} %description -n libsgx-aesm-ecdsa-plugin ECDSA Quote Plugin for Intel(R) Software Guard Extensions AESM Service %package -n libsgx-aesm-epid-plugin Summary: EPID Quote Plugin for Intel(R) Software Guard Extensions AESM Service Requires: sgx-aesm-service >= %{version}-%{release} libsgx-ae-epid >= %{version}-%{release} libsgx-aesm-pce-plugin >= %{version}-%{release} %description -n libsgx-aesm-epid-plugin EPID Quote Plugin for Intel(R) Software Guard Extensions AESM Service %package -n libsgx-aesm-launch-plugin Summary: Launch Plugin for Intel(R) Software Guard Extensions AESM Service Requires: sgx-aesm-service >= %{version}-%{release} libsgx-ae-le >= %{version}-%{release} %description -n libsgx-aesm-launch-plugin Launch Plugin for Intel(R) Software Guard Extensions AESM Service %package -n libsgx-aesm-pce-plugin Summary: PCE Plugin for Intel(R) Software Guard Extensions AESM Service Requires: sgx-aesm-service >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release} %description -n libsgx-aesm-pce-plugin PCE Plugin for Intel(R) Software Guard Extensions AESM Service %package -n libsgx-aesm-quote-ex-plugin Summary: Unified Quote Plugin for Intel(R) Software Guard Extensions AESM Service Requires: sgx-aesm-service >= %{version}-%{release} libsgx-aesm-ecdsa-plugin >= %{version}-%{release} Recommends: libsgx-aesm-epid-plugin >= %{version}-%{release} %description -n libsgx-aesm-quote-ex-plugin Unified Quote Plugin for Intel(R) Software Guard Extensions AESM Service %package -n libsgx-epid Summary: Intel(R) Software Guard Extensions EPID Quote Service Recommends: libsgx-aesm-epid-plugin >= %{version}-%{release} %description -n libsgx-epid Intel(R) Software Guard Extensions EPID Quote Service %package -n libsgx-epid-devel Summary: Intel(R) Software Guard Extensions EPID Quote Service for Developers Requires: libsgx-epid = %{version}-%{release} %description -n libsgx-epid-devel Intel(R) Software Guard Extensions EPID Quote Service for Developers %package -n libsgx-launch Summary: Intel(R) Software Guard Extensions Launch Service Recommends: libsgx-aesm-launch-plugin >= %{version}-%{release} %description -n libsgx-launch Intel(R) Software Guard Extensions Launch Service %package -n libsgx-launch-devel Summary: Intel(R) Software Guard Extensions Launch Service for Developers Requires: libsgx-launch = %{version}-%{release} %description -n libsgx-launch-devel Intel(R) Software Guard Extensions Launch Service for Developers %package -n libsgx-quote-ex Summary: Intel(R) Software Guard Extensions Unified Quote Service Recommends: libsgx-aesm-quote-ex-plugin >= %{version}-%{release} %description -n libsgx-quote-ex Intel(R) Software Guard Extensions Unified Quote Service %package -n libsgx-quote-ex-devel Summary: Intel(R) Software Guard Extensions Unified Quote Service for Developers Requires: libsgx-quote-ex = %{version}-%{release} %description -n libsgx-quote-ex-devel Intel(R) Software Guard Extensions Unified Quote Service for Developers %package -n libsgx-uae-service Summary: Intel(R) Software Guard Extensions Untrusted AE Service Requires: libsgx-epid >= %{version}-%{release} libsgx-launch >= %{version}-%{release} libsgx-quote-ex >= %{version}-%{release} %description -n libsgx-uae-service Intel(R) Software Guard Extensions Untrusted AE Service %package -n libsgx-enclave-common Summary: Intel(R) Software Guard Extensions Enclave Common Loader Recommends: libsgx-launch >= %{version}-%{release} %description -n libsgx-enclave-common Intel(R) Software Guard Extensions Enclave Common Loader %package -n libsgx-enclave-common-devel Summary: Intel(R) Software Guard Extensions Enclave Common Loader for Developers Requires: libsgx-enclave-common = %{version}-%{release} %description -n libsgx-enclave-common-devel Intel(R) Software Guard Extensions Enclave Common Loader for Developers %package -n libsgx-urts Summary: Intel(R) Software Guard Extensions uRTS Requires: libsgx-enclave-common >= %{version}-%{release} %description -n libsgx-urts Intel(R) Software Guard Extensions uRTS %package -n libsgx-dcap-default-qpl Summary: Intel(R) Software Guard Extensions Default Quote Provider Library %description -n libsgx-dcap-default-qpl Intel(R) Software Guard Extensions Default Quote Provider Library %package -n libsgx-dcap-default-qpl-devel Summary: Intel(R) Software Guard Extensions Default Quote Provider Library for Developers Requires: libsgx-dcap-default-qpl = %{version}-%{release} %description -n libsgx-dcap-default-qpl-devel Intel(R) Software Guard Extensions Default Quote Provider Library for Developers %package -n sgx-dcap-pccs Summary: Intel(R) Software Guard Extensions PCK Caching Service %description -n sgx-dcap-pccs Intel(R) Software Guard Extensions PCK Caching Service %package -n libsgx-dcap-ql Summary: Intel(R) Software Guard Extensions Data Center Attestation Primitives Requires: libsgx-qe3-logic >= %{version}-%{release} libsgx-pce-logic >= %{version}-%{release} Requires: libsgx-dcap-quote-verify >= %{version}-%{release} libsgx-ae-qve >= %{version}-%{release} %description -n libsgx-dcap-ql Intel(R) Software Guard Extensions Data Center Attestation Primitives %package -n libsgx-dcap-ql-devel Summary: Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers Requires: libsgx-dcap-ql = %{version}-%{release} %description -n libsgx-dcap-ql-devel Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers %package -n libsgx-ae-qve Summary: Intel(R) Software Guard Extensions QVE %description -n libsgx-ae-qve Intel(R) Software Guard Extensions QVE %package -n libsgx-dcap-quote-verify Summary: Intel(R) Software Guard Extensions Data Center Attestation Primitives Recommends: libsgx-ae-qve >= %{version}-%{release} libsgx-urts >= %{version}-%{release} %description -n libsgx-dcap-quote-verify Intel(R) Software Guard Extensions Data Center Attestation Primitives %package -n libsgx-dcap-quote-verify-devel Summary: Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers Requires: libsgx-dcap-quote-verify >= %{version}-%{release} %description -n libsgx-dcap-quote-verify-devel Intel(R) Software Guard Extensions Data Center Attestation Primitives for Developers %package -n sgx-pck-id-retrieval-tool Summary: Intel(R) Software Guard Extensions:this tool is used to collect the platform information to retrieve the PCK certs from PCS(Provisioning Certification Server) Recommends: libsgx-urts >= %{version}-%{release}, libsgx-dcap-ql >= %{version}-%{release}, libsgx-ra-uefi >= %{version}-%{release} %description -n sgx-pck-id-retrieval-tool %package -n libsgx-ra-uefi Summary: Intel(R) Software Guard Extensions Registration Agent UEFI Library %description -n libsgx-ra-uefi Intel(R) Software Guard Extensions Registration Agent UEFI Library %package -n libsgx-ra-uefi-devel Summary: Intel(R) Software Guard Extensions Registration Agent UEFI Library for Developers Requires: libsgx-ra-uefi = %{version}-%{release} %description -n libsgx-ra-uefi-devel Intel(R) Software Guard Extensions Registration Agent UEFI Library for Developers %package -n libsgx-ra-network Summary: Intel(R) Software Guard Extensions Registration Agent Network Library %description -n libsgx-ra-network Intel(R) Software Guard Extensions Registration Agent Network Library %package -n libsgx-ra-network-devel Summary: Intel(R) Software Guard Extensions Registration Agent Network Library for Developers Requires: libsgx-ra-network = %{version}-%{release} %description -n libsgx-ra-network-devel Intel(R) Software Guard Extensions Registration Agent Network Library for Developers %package -n sgx-ra-service Summary: Intel(R) Software Guard Extensions Registration Agent Service Requires: libsgx-ra-uefi >= %{version}-%{release}, libsgx-ra-network >= %{version}-%{release} %description -n sgx-ra-service Intel(R) Software Guard Extensions Registration Agent Service %package -n libsgx-headers Summary: Intel(R) Software Guard Extensions Basic Headers %description -n libsgx-headers Intel(R) Software Guard Extensions Basic Headers %package_help %prep %setup -q -b 0 -n linux-sgx-sgx_%{version} %%setup -q -D -a 1 -n linux-sgx-sgx_%{version}/external/dcap_source %%setup -q -D -a 2 -n linux-sgx-sgx_%{version}/external/openmp %%setup -q -D -a 3 -n linux-sgx-sgx_%{version}/external/dnnl/dnnl %%setup -q -D -a 4 -n linux-sgx-sgx_%{version}/external/ippcp_internal %%setup -q -D -a 5 -n linux-sgx-sgx_%{version} %%setup -q -D -a 6 -n linux-sgx-sgx_%{version} %%setup -q -D -a 7 -n linux-sgx-sgx_%{version}/external/protobuf %%setup -q -D -a 8 -n linux-sgx-sgx_%{version}/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration %%setup -q -D -a 11 -n linux-sgx-sgx_%{version}/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteVerification/ %%setup -q -D -a 10 -n linux-sgx-sgx_%{version}/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteVerification/intel-sgx-ssl-lin_2.15.1_1.1.1l/openssl_source %%setup -q -D -a 9 -n linux-sgx-sgx_%{version} %autopatch -p1 %build pushd external/dcap_source/ mv SGXDataCenterAttestationPrimitives-DCAP_1.12.1/{.[!.],}* . rm -rf SGXDataCenterAttestationPrimitives-DCAP_1.12.1 popd pushd external/dcap_source/QuoteVerification mv intel-sgx-ssl-lin_2.15.1_1.1.1l sgxssl popd cp %{SOURCE10} external/dcap_source/QuoteVerification/sgxssl/openssl_source pushd external/dnnl/dnnl mv oneDNN-2.5/{.[!.],}* . rm -rf oneDNN-2.5 popd make -j -C external/ippcp_internal/ make -j2 sdk_install_pkg_no_mitigation linux/installer/bin/sgx_linux_x64_sdk_2.15.101.1.bin --prefix=./ source ./sgxsdk/environment make -j2 psw %define DCAP_LINUX_INSTALLER_COMMON_DIR external/dcap_source/QuoteGeneration/installer/linux/common/ %define DCAP_LINUX_INSTALLER_RPM_DIR external/dcap_source/QuoteGeneration/installer/linux/rpm %define LINUX_INSTALLER_COMMON_DIR linux/installer/common %define LINUX_INSTALLER_RPM_DIR linux/installer/rpm source ./%{LINUX_INSTALLER_COMMON_DIR}/sdk/installConfig.x64 %{LINUX_INSTALLER_COMMON_DIR}/sdk/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/sdk/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/sdk/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/sdk/build source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-ae-qe3/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-ae-qe3/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qe3/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-ae-qe3/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qe3/build make -C external/dcap_source/QuoteGeneration pce_logic source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-pce-logic/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-pce-logic/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-pce-logic/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-pce-logic/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-pce-logic/build make -C external/dcap_source/QuoteGeneration qe3_logic source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-qe3-logic/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-qe3-logic/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-qe3-logic/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-qe3-logic/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-qe3-logic/build make -C external/dcap_source/QuoteGeneration qcnl_wrapper make -C external/dcap_source/QuoteGeneration qpl_wrapper source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-default-qpl/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-default-qpl/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-default-qpl/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build make -C external/dcap_source/tools/PCKCertSelection mkdir -p external/dcap_source/QuoteGeneration/pccs/lib/ cp external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so external/dcap_source/QuoteGeneration/pccs/lib/ source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/sgx-dcap-pccs/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/sgx-dcap-pccs/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/sgx-dcap-pccs/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build make -C external/dcap_source/QuoteGeneration qve_wrapper source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-ql/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-ql/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-ql/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build make -C external/dcap_source/QuoteGeneration qve_wrapper source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-ae-qve/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-ae-qve/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qve/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-ae-qve/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qve/build source ./%{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-quote-verify/installConfig %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-quote-verify/createTarball.sh mkdir -p %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build tar -xvf %{DCAP_LINUX_INSTALLER_COMMON_DIR}/libsgx-dcap-quote-verify/output/${TARBALL_NAME} -C %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build make -C external/dcap_source/tools/PCKRetrievalTool/ source ./external/dcap_source/tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/installConfig external/dcap_source/tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/createTarball.sh mkdir -p external/dcap_source/tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/build tar -xvf external/dcap_source/tools/PCKRetrievalTool/installer/common/sgx-pck-id-retrieval-tool/output/${TARBALL_NAME} -C external/dcap_source/tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/build source ./%{LINUX_INSTALLER_COMMON_DIR}/sgx-aesm-service/installConfig %{LINUX_INSTALLER_COMMON_DIR}/sgx-aesm-service/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/sgx-aesm-service/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build source ./%{LINUX_INSTALLER_COMMON_DIR}/libsgx-epid/installConfig %{LINUX_INSTALLER_COMMON_DIR}/libsgx-epid/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/libsgx-epid/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build source ./%{LINUX_INSTALLER_COMMON_DIR}/libsgx-launch/installConfig %{LINUX_INSTALLER_COMMON_DIR}/libsgx-launch/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/libsgx-launch/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build source ./%{LINUX_INSTALLER_COMMON_DIR}/libsgx-quote-ex/installConfig %{LINUX_INSTALLER_COMMON_DIR}/libsgx-quote-ex/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/libsgx-quote-ex/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build source ./%{LINUX_INSTALLER_COMMON_DIR}/libsgx-uae-service/installConfig %{LINUX_INSTALLER_COMMON_DIR}/libsgx-uae-service/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/libsgx-uae-service/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/libsgx-uae-service/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/libsgx-uae-service/build source ./%{LINUX_INSTALLER_COMMON_DIR}/libsgx-enclave-common/installConfig %{LINUX_INSTALLER_COMMON_DIR}/libsgx-enclave-common/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/libsgx-enclave-common/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build source ./%{LINUX_INSTALLER_COMMON_DIR}/libsgx-urts/installConfig %{LINUX_INSTALLER_COMMON_DIR}/libsgx-urts/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/libsgx-urts/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/libsgx-urts/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/libsgx-urts/build %define TOOLS_INSTALLER_PLATFORM_DIR external/dcap_source/tools/SGXPlatformRegistration/ %define TOOLS_INSTALLER_COMMON_DIR external/dcap_source/tools/SGXPlatformRegistration/package/installer/common/ %define TOOLS_INSTALLER_RPM_DIR external/dcap_source/tools/SGXPlatformRegistration/package/installer/rpm make -C %{TOOLS_INSTALLER_PLATFORM_DIR}/package MP_VERIFY_DATA_STRUCTS=$(MP_VERIFY_DATA_STRUCTS) mkdir -p %{TOOLS_INSTALLER_PLATFORM_DIR}/build/installer source ./%{TOOLS_INSTALLER_COMMON_DIR}/libsgx-ra-uefi/installConfig %{TOOLS_INSTALLER_COMMON_DIR}/libsgx-ra-uefi/createTarball.sh mkdir -p %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-uefi/build tar -xvf %{TOOLS_INSTALLER_COMMON_DIR}/libsgx-ra-uefi/output/${TARBALL_NAME} -C %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-uefi/build source ./%{TOOLS_INSTALLER_COMMON_DIR}/libsgx-ra-network/installConfig %{TOOLS_INSTALLER_COMMON_DIR}/libsgx-ra-network/createTarball.sh mkdir -p %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-network/build tar -xvf %{TOOLS_INSTALLER_COMMON_DIR}/libsgx-ra-network/output/${TARBALL_NAME} -C %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-network/build source ./%{TOOLS_INSTALLER_COMMON_DIR}/sgx-ra-service/installConfig %{TOOLS_INSTALLER_COMMON_DIR}/sgx-ra-service/createTarball.sh mkdir -p %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build tar -xvf %{TOOLS_INSTALLER_COMMON_DIR}/sgx-ra-service/output/${TARBALL_NAME} -C %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build source ./%{LINUX_INSTALLER_COMMON_DIR}/libsgx-headers/installConfig %{LINUX_INSTALLER_COMMON_DIR}/libsgx-headers/createTarball.sh mkdir -p %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build tar -xvf %{LINUX_INSTALLER_COMMON_DIR}/libsgx-headers/output/${TARBALL_NAME} -C %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build %install pushd %{LINUX_INSTALLER_RPM_DIR}/sdk/build mkdir %{?buildroot}/sdk-dir/ make DESTDIR=%{?buildroot}/sdk-dir/ install install -d %{?buildroot}/sdk-dir%{_docdir}/sgxsdk popd cp ./sgxsdk/environment %{?buildroot}/sdk-dir/opt/intel/sgxsdk sed -i 's/^.*export SGX_SDK.*$/export SGX_SDK=\/opt\/intel\/sgxsdk/g' %{?buildroot}/sdk-dir/opt/intel/sgxsdk/environment find %{LINUX_INSTALLER_RPM_DIR}/sdk/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/sdk-dir%{_docdir}/sgxsdk/COPYING echo "/opt/intel/sgxsdk" > %{LINUX_INSTALLER_RPM_DIR}/sdk/build/list-sgxsdk find %{?buildroot}/sdk-dir | sort | \ awk '$0 !~ last "/" {print last} {last=$0} END {print last}' | \ sed -e "s#^%{?buildroot}/sdk-dir##" | \ grep -v "^/opt/intel/sgxsdk" >> %{LINUX_INSTALLER_RPM_DIR}/sdk/build/list-sgxsdk || : cp -r %{?buildroot}/sdk-dir/* %{?buildroot}/ rm -rf %{?buildroot}/sdk-dir/ rm -rf %{?buildroot}/opt/intel/sgxsdk/SampleCode pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qe3/build mkdir -p %{?buildroot}/libsgx-ae-qe3-dir/ make DESTDIR=%{?buildroot}/libsgx-ae-qe3-dir/ install install -d %{?buildroot}/libsgx-ae-qe3-dir/%{_docdir}/libsgx-ae-qe3 popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qe3/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-ae-qe3-dir%{_docdir}/libsgx-ae-qe3/COPYING for f in $(find %{?buildroot}/libsgx-ae-qe3-dir -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-ae-qe3-dir##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qe3/build/list-libsgx-ae-qe3 done cp -r %{?buildroot}/libsgx-ae-qe3-dir/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-ae-qe3-dir/ pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-pce-logic/build mkdir -p %{?buildroot}/libsgx-pce-logic-dir/ make DESTDIR=%{?buildroot}/libsgx-pce-logic-dir/ install install -d %{?buildroot}/libsgx-pce-logic-dir/%{_docdir}/libsgx-pce-logic popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-pce-logic/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-pce-logic-dir%{_docdir}/libsgx-pce-logic/COPYING for f in $(find %{?buildroot}/libsgx-pce-logic-dir -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-pce-logic-dir##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-pce-logic/build/list-libsgx-pce-logic done cp -r %{?buildroot}/libsgx-pce-logic-dir/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-pce-logic-dir/ pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-qe3-logic/build mkdir -p %{?buildroot}/libsgx-qe3-logic-dir/ make DESTDIR=%{?buildroot}/libsgx-qe3-logic-dir/ install install -d %{?buildroot}/libsgx-qe3-logic-dir/%{_docdir}/libsgx-qe3-logic popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-qe3-logic/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-qe3-logic-dir%{_docdir}/libsgx-qe3-logic/COPYING for f in $(find %{?buildroot}/libsgx-qe3-logic-dir -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-qe3-logic-dir##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-qe3-logic/build/list-libsgx-qe3-logic done cp -r %{?buildroot}/libsgx-qe3-logic-dir/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-qe3-logic-dir/ pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build mkdir -p %{?buildroot}/libsgx-dcap-default-qpl-dir/ make DESTDIR=%{?buildroot}/libsgx-dcap-default-qpl-dir/ install install -d %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl%{_docdir}/libsgx-dcap-default-qpl popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl%{_docdir}/libsgx-dcap-default-qpl/COPYING for f in $(find %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build/list-libsgx-dcap-default-qpl done cp -r %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl/ for f in $(find %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl-dev##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build/list-libsgx-dcap-default-qpl-devel done cp -r %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-dcap-default-qpl-dir/libsgx-dcap-default-qpl-dev/ sed -i 's#^/etc/sgx_default_qcnl.conf#%config &#' %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build/list-libsgx-dcap-default-qpl pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build mkdir -p %{?buildroot}/sgx-dcap-pccs-dir/ make DESTDIR=%{?buildroot}/sgx-dcap-pccs-dir/ install install -d %{?buildroot}/sgx-dcap-pccs-dir%{_docdir}/sgx-dcap-pccs popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/sgx-dcap-pccs-dir%{_docdir}/sgx-dcap-pccs/COPYING echo "/opt/intel/sgx-dcap-pccs" > %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build/list-sgx-dcap-pccs echo %{_docdir}/sgx-dcap-pccs/COPYING >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build/list-sgx-dcap-pccs echo "%config /opt/intel/sgx-dcap-pccs/config/default.json" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build/list-sgx-dcap-pccs cp -r %{?buildroot}/sgx-dcap-pccs-dir/* %{?buildroot}/ rm -rf %{?buildroot}/sgx-dcap-pccs-dir/ pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build mkdir -p %{?buildroot}/libsgx-dcap-ql-dir/ make DESTDIR=%{?buildroot}/libsgx-dcap-ql-dir/ install install -d %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql%{_docdir}/libsgx-dcap-ql popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql%{_docdir}/libsgx-dcap-ql/COPYING for f in $(find %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build/list-libsgx-dcap-ql done cp -r %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql for f in $(find %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql-dev##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build/list-libsgx-dcap-ql-devel done cp -r %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-dcap-ql-dir/libsgx-dcap-ql-dev pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qve/build mkdir -p %{?buildroot}/libsgx-ae-qve-dir/ make DESTDIR=%{?buildroot}/libsgx-ae-qve-dir/ install install -d %{?buildroot}/libsgx-ae-qve-dir%{_docdir}/libsgx-ae-qve popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qve/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-ae-qve-dir/%{_docdir}/libsgx-ae-qve/COPYING for f in $(find %{?buildroot}/libsgx-ae-qve-dir -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-ae-qve-dir##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qve/build/list-libsgx-ae-qve done cp -r %{?buildroot}/libsgx-ae-qve-dir/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-ae-qve-dir/ pushd %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build mkdir -p %{?buildroot}/libsgx-dcap-quote-verify-dir/ make DESTDIR=%{?buildroot}/libsgx-dcap-quote-verify-dir/ install install -d %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify%{_docdir}/libsgx-dcap-quote-verify popd find %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify%{_docdir}/libsgx-dcap-quote-verify/COPYING for f in $(find %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build/list-libsgx-dcap-quote-verify done cp -r %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify for f in $(find %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify-dev##" >> %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build/list-libsgx-dcap-quote-verify-devel done cp -r %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-dcap-quote-verify-dir/libsgx-dcap-quote-verify-dev pushd external/dcap_source/tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/build mkdir -p %{?buildroot}/sgx-pck-id-retrieval-tool-dir/ make DESTDIR=%{?buildroot}/sgx-pck-id-retrieval-tool-dir/ install popd echo "/opt/intel/sgx-pck-id-retrieval-tool" > external/dcap_source/tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/build/list-sgx-pck-id-retrieval-tool find %{?buildroot}/sgx-pck-id-retrieval-tool-dir | sort | \ awk '$0 !~ last "/" {print last} {last=$0} END {print last}' | \ sed -e "s#^%{?buildroot}/sgx-pck-id-retrieval-tool-dir##" | \ grep -v "^/opt/intel/sgx-pck-id-retrieval-tool" >> external/dcap_source/tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/build/list-sgx-pck-id-retrieval-tool || : sed -i 's#^/etc/rad.conf#%config &#' external/dcap_source/tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/build/list-sgx-pck-id-retrieval-tool cp -r %{?buildroot}/sgx-pck-id-retrieval-tool-dir/* %{?buildroot}/ rm -rf %{?buildroot}/sgx-pck-id-retrieval-tool-dir/ source ./%{LINUX_INSTALLER_COMMON_DIR}/sgx-aesm-service/installConfig PACKAGE_NAMES[0]=${AESM_SERVICE_PACKAGE_NAME} PACKAGE_NAMES[1]=${AE_EPID_PACKAGE_NAME} PACKAGE_NAMES[2]=${AE_LE_PACKAGE_NAME} PACKAGE_NAMES[3]=${AE_PCE_PACKAGE_NAME} PACKAGE_NAMES[4]=${AESM_ECDSA_PACKAGE_NAME} PACKAGE_NAMES[5]=${AESM_EPID_PACKAGE_NAME} PACKAGE_NAMES[6]=${AESM_LAUNCH_PACKAGE_NAME} PACKAGE_NAMES[7]=${AESM_PCE_PACKAGE_NAME} PACKAGE_NAMES[8]=${AESM_QUOTE_EX_PACKAGE_NAME} pushd %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build mkdir -p %{?buildroot}/sgx-aesm-service-dir/ make DESTDIR=%{?buildroot}/sgx-aesm-service-dir/ install popd for PACKAGE_NAME in ${PACKAGE_NAMES[@]}; do install -d %{?buildroot}/sgx-aesm-service-dir/${PACKAGE_NAME}%{_docdir}/${PACKAGE_NAME} find %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/sgx-aesm-service-dir/${PACKAGE_NAME}%{_docdir}/${PACKAGE_NAME}/COPYING # echo "${AESM_SERVICE_PACKAGE_PATH}/${AESM_SERVICE_PACKAGE_NAME}" > %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-${PACKAGE_NAME} find %{?buildroot}/sgx-aesm-service-dir/${PACKAGE_NAME} | sort | \ awk '$0 !~ last "/" {print last} {last=$0} END {print last}' | \ sed -e "s#^%{?buildroot}/sgx-aesm-service-dir/${PACKAGE_NAME}##" >> %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-${PACKAGE_NAME} # grep -v "${AESM_SERVICE_PACKAGE_PATH}/${AESM_SERVICE_PACKAGE_NAME}" >> %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-${PACKAGE_NAME} || : cp -r %{?buildroot}/sgx-aesm-service-dir/${PACKAGE_NAME}/* %{?buildroot}/ rm -rf %{?buildroot}/sgx-aesm-service-dir/${PACKAGE_NAME}/ sed -i 's#^/etc/aesmd.conf#%config &#' %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-${PACKAGE_NAME} done pushd %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build mkdir %{?buildroot}/libsgx-epid-dir/ make DESTDIR=%{?buildroot}/libsgx-epid-dir/ install install -d %{?buildroot}/libsgx-epid-dir/libsgx-epid%{_docdir}/libsgx-epid popd find %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-epid-dir/libsgx-epid%{_docdir}/libsgx-epid/COPYING for f in $(find %{?buildroot}/libsgx-epid-dir/libsgx-epid -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-epid-dir/libsgx-epid##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build/list-libsgx-epid done cp -r %{?buildroot}/libsgx-epid-dir/libsgx-epid/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-epid-dir/libsgx-epid/ for f in $(find %{?buildroot}/libsgx-epid-dir/libsgx-epid-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-epid-dir/libsgx-epid-dev##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build/list-libsgx-epid-devel done cp -r %{?buildroot}/libsgx-epid-dir/libsgx-epid-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-epid-dir/libsgx-epid-dev pushd %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build mkdir %{?buildroot}/libsgx-launch-dir/ make DESTDIR=%{?buildroot}/libsgx-launch-dir/ install install -d %{?buildroot}/libsgx-launch-dir/libsgx-launch%{_docdir}/libsgx-launch popd find %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-launch-dir/libsgx-launch%{_docdir}/libsgx-launch/COPYING for f in $(find %{?buildroot}/libsgx-launch-dir/libsgx-launch -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-launch-dir/libsgx-launch##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build/list-libsgx-launch done cp -r %{?buildroot}/libsgx-launch-dir/libsgx-launch/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-launch-dir/libsgx-launch/ for f in $(find %{?buildroot}/libsgx-launch-dir/libsgx-launch-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-launch-dir/libsgx-launch-dev##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build/list-libsgx-launch-devel done cp -r %{?buildroot}/libsgx-launch-dir/libsgx-launch-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-launch-dir/libsgx-launch-dev pushd %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build mkdir %{?buildroot}/libsgx-quote-ex-dir/ make DESTDIR=%{?buildroot}/libsgx-quote-ex-dir/ install install -d %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex%{_docdir}/libsgx-quote-ex popd find %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex%{_docdir}/libsgx-quote-ex/COPYING for f in $(find %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build/list-libsgx-quote-ex done cp -r %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex/ for f in $(find %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex-dev##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build/list-libsgx-quote-ex-devel done cp -r %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-quote-ex-dir/libsgx-quote-ex-dev pushd %{LINUX_INSTALLER_RPM_DIR}/libsgx-uae-service/build mkdir %{?buildroot}/libsgx-uae-service-dir/ make DESTDIR=%{?buildroot}/libsgx-uae-service-dir/ install install -d %{?buildroot}/libsgx-uae-service-dir%{_docdir}/libsgx-uae-service popd find %{LINUX_INSTALLER_RPM_DIR}/libsgx-uae-service/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-uae-service-dir%{_docdir}/libsgx-uae-service/COPYING for f in $(find %{?buildroot}/libsgx-uae-service-dir -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-uae-service-dir##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-uae-service/build/list-libsgx-uae-service done cp -r %{?buildroot}/libsgx-uae-service-dir/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-uae-service-dir/ pushd %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build mkdir %{?buildroot}/libsgx-enclave-common-dir/ make DESTDIR=%{?buildroot}/libsgx-enclave-common-dir/ install install -d %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common%{_docdir}/libsgx-enclave-common popd find %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common%{_docdir}/libsgx-enclave-common/COPYING for f in $(find %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build/list-libsgx-enclave-common done cp -r %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common/ for f in $(find %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common-dev##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build/list-libsgx-enclave-common-devel done cp -r %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-enclave-common-dir/libsgx-enclave-common-dev pushd %{LINUX_INSTALLER_RPM_DIR}/libsgx-urts/build mkdir %{?buildroot}/libsgx-urts-dir/ make DESTDIR=%{?buildroot}/libsgx-urts-dir/ install install -d %{?buildroot}/libsgx-urts-dir%{_docdir}/libsgx-urts popd find %{LINUX_INSTALLER_RPM_DIR}/libsgx-urts/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-urts-dir%{_docdir}/libsgx-urts/COPYING for f in $(find %{?buildroot}/libsgx-urts-dir -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-urts-dir##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-urts/build/list-libsgx-urts done cp -r %{?buildroot}/libsgx-urts-dir/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-urts-dir/ pushd %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-uefi/build mkdir %{?buildroot}/libsgx-ra-uefi-dir/ make DESTDIR=%{?buildroot}/libsgx-ra-uefi-dir/ install popd for f in $(find %{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi##" >> %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-uefi/build/list-libsgx-ra-uefi done cp -r %{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi/ for f in $(find %{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi-dev##" >> %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-uefi/build/list-libsgx-ra-uefi-devel done cp -r %{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-ra-uefi-dir/libsgx-ra-uefi-dev pushd %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-network/build mkdir %{?buildroot}/libsgx-ra-network-dir/ make DESTDIR=%{?buildroot}/libsgx-ra-network-dir/ install popd for f in $(find %{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network##" >> %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-network/build/list-libsgx-ra-network done cp -r %{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network/ for f in $(find %{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network-dev -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network-dev##" >> %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-network/build/list-libsgx-ra-network-devel done cp -r %{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network-dev/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-ra-network-dir/libsgx-ra-network-dev pushd %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build mkdir %{?buildroot}/sgx-ra-service-dir/ make DESTDIR=%{?buildroot}/sgx-ra-service-dir/ install popd echo "/opt/intel/sgx-ra-service" > %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build/list-sgx-ra-service find %{?buildroot}/sgx-ra-service-dir | sort | \ awk '$0 !~ last "/" {print last} {last=$0} END {print last}' | \ sed -e "s#^%{?buildroot}/sgx-ra-service-dir##" | \ grep -v "^/opt/intel/sgx-ra-service" >> %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build/list-sgx-ra-service || : sed -i 's#^/etc/rad.conf#%config &#' %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build/list-sgx-ra-service cp -r %{?buildroot}/sgx-ra-service-dir/* %{?buildroot}/ rm -rf %{?buildroot}/sgx-ra-service-dir/ pushd %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build mkdir %{?buildroot}/libsgx-headers-dir/ make DESTDIR=%{?buildroot}/libsgx-headers-dir/ install install -d %{?buildroot}/libsgx-headers-dir%{_docdir}/libsgx-headers popd find %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/package/licenses/ -type f -print0 | xargs -0 -n1 cat >> %{?buildroot}/libsgx-headers-dir%{_docdir}/libsgx-headers/COPYING for f in $(find %{?buildroot}/libsgx-headers-dir -type f -o -type l); do echo $f | sed -e "s#%{?buildroot}/libsgx-headers-dir##" >> %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers done cp -r %{?buildroot}/libsgx-headers-dir/* %{?buildroot}/ rm -rf %{?buildroot}/libsgx-headers-dir/ %pre %post -n sgx-aesm-service if [ -x /opt/intel/sgx-aesm-service/startup.sh ]; then /opt/intel/sgx-aesm-service/startup.sh; fi %post -n libsgx-enclave-common trigger_udev() { if ! which udevadm &> /dev/null; then return 0 fi udevadm control --reload || : udevadm trigger || : } trigger_udev %post -n sgx-dcap-pccs PCCS_USER=pccs PCCS_HOME=/opt/intel/sgx-dcap-pccs if [ ! $(getent group $PCCS_USER) ]; then groupadd $PCCS_USER fi if ! id "$PCCS_USER" &>/dev/null; then adduser --system $PCCS_USER -g $PCCS_USER --home $PCCS_HOME --no-create-home --shell /bin/bash fi chown -R $PCCS_USER:$PCCS_USER $PCCS_HOME chmod 640 $PCCS_HOME/config/default.json #Install PCCS as system service echo -n "Installing PCCS service ..." if [ -d /run/systemd/system ]; then PCCS_NAME=pccs.service PCCS_TEMP=$PCCS_HOME/$PCCS_NAME if [ -d /lib/systemd/system ]; then PCCS_DEST=/lib/systemd/system/$PCCS_NAME else PCCS_DEST=/usr/lib/systemd/system/$PCCS_NAME fi cp $PCCS_TEMP $PCCS_DEST chmod 0644 $PCCS_DEST systemctl daemon-reload systemctl enable pccs elif [ -d /etc/init/ ]; then PCCS_NAME=pccs.service PCCS_TEMP=$PCCS_HOME/$PCCS_NAME PCCS_DEST=/etc/init/$PCCS_NAME cp $PCCS_TEMP $PCCS_DEST chmod 0644 $PCCS_DEST /sbin/initctl reload-configuration else echo " failed." echo "Unsupported platform - neither systemctl nor initctl was found." exit 5 fi echo "finished." echo "Installation completed successfully." %post -n sgx-pck-id-retrieval-tool ################################################################################ # Set up SGX pck cert id retrieve tool # ################################################################################ # Install the SGX_PCK_ID_RETRIEVE_TOOL ln -s -f /opt/intel/sgx-pck-id-retrieval-tool/PCKIDRetrievalTool /usr/local/bin/PCKIDRetrievalTool retval=$? if test $retval -ne 0; then echo "failed to install $SGX_PCK_ID_RETRIEVE_TOOL_NAME." exit 6 fi echo -e "Installation succeed!" %post -n libsgx-ae-pce trigger_udev() { if ! which udevadm &> /dev/null; then return 0 fi udevadm control --reload || : udevadm trigger || : } # Add sgx_prv for in-kernel driver. if [ -c /dev/sgx_provision -o -c /dev/sgx/provision ]; then /usr/bin/getent group sgx_prv &> /dev/null || /usr/sbin/groupadd sgx_prv trigger_udev fi %post -n sgx-ra-service ################################################################################ # Set up SGX Registration Agent # ################################################################################ # Generate the script to setup environment variables MPA_DST_PATH=/opt/intel/sgx-ra-service # Install the MPA service if [ -d /run/systemd/users ]; then MPA_NAME=mpa_registration_tool.service MPA_TEMP=$MPA_DST_PATH/$MPA_NAME if [ -d /lib/systemd/system ]; then MPA_DEST=/lib/systemd/system/$MPA_NAME else MPA_DEST=/usr/lib/systemd/system/$MPA_NAME fi # sed -e "s:@mpa_folder@:$MPA_DST_PATH:" \ # $MPA_TEMP > $MPA_DEST chmod 0644 $MPA_DEST systemctl enable mpa_registration_tool.service #systemctl enable systemd-networkd-wait-online retval=$? elif [ -d /etc/init/ ]; then MPA_NAME=mpa_registration_tool.conf MPA_TEMP=$MPA_DST_PATH/$MPA_NAME MPA_DEST=/etc/init/$MPA_NAME sed -e "s:@mpa_folder@:$MPA_DST_PATH:" \ $MPA_TEMP > $MPA_DEST chmod 0644 $MPA_DEST /sbin/initctl reload-configuration retval=$? else echo "Failed." echo "Unsupported platform - neither systemctl nor initctl is no found." exit 5 fi if test $retval -ne 0; then echo "failed to install $MPA_NAME." exit 6 fi #Removing config files from temporary location rm -f $MPA_DST_PATH/mpa_registration_tool.conf rm -f $MPA_DST_PATH/mpa_registration_tool.service echo -e "Installation succeed!" #Run service systemctl start mpa_registration_tool.service %postun -n sgx-ra-service # Generate the script to setup environment variables MPA_DST_PATH=/opt/intel/sgx-ra-service # Disable service if [ -d /run/systemd/users ]; then systemctl disable mpa_registration_tool.service fi # Removing MPA configuration file rm -f /etc/init/mpa_registration_tool.conf rm -f /lib/systemd/system/mpa_registration_tool.service rm -f /usr/lib/systemd/system/mpa_registration_tool.service rm -f /etc/systemd/system/mpa_registration_tool.service # Removing MPA folder rm -rf $MPA_DST_PATH #Removing log file rm -f /var/log/mpa_registration.log echo -e "Uninstallation succeed!" %postun -n sgx-pck-id-retrieval-tool # Removing SGX_PCK_ID_RETRIEVE_TOOL soft link file if [ "$1" = "0" ]; then rm -f /usr/local/bin/PCKIDRetrievalTool fi echo -e "Uninstallation succeed!" %preun -n sgx-aesm-service if [ "$1" = "0" ]; then if [ -x /opt/intel/sgx-aesm-service/cleanup.sh ]; then /opt/intel/sgx-aesm-service/cleanup.sh; fi fi %postun -n sgx-dcap-pccs if [ $1 == 0 ]; then echo -n "Uninstalling PCCS service ..." if [ -d /run/systemd/system ]; then PCCS_NAME=pccs.service if [ -d /lib/systemd/system ]; then PCCS_DEST=/lib/systemd/system/$PCCS_NAME else PCCS_DEST=/usr/lib/systemd/system/$PCCS_NAME fi systemctl stop pccs || true systemctl disable pccs || true rm $PCCS_DEST || true systemctl daemon-reload elif [ -d /etc/init/ ]; then PCCS_NAME=pccs.service PCCS_DEST=/etc/init/$PCCS_NAME rm $PCCS_DEST || true /sbin/initctl reload-configuration fi echo "finished." if [ -d %{_install_path} ]; then pushd %{_install_path} &> /dev/null rm -rf node_modules || true popd &> /dev/null fi fi %files -n sgxsdk -f %{LINUX_INSTALLER_RPM_DIR}/sdk/build/list-sgxsdk %files -n libsgx-ae-qe3 -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qe3/build/list-libsgx-ae-qe3 %files -n libsgx-pce-logic -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-pce-logic/build/list-libsgx-pce-logic %files -n libsgx-qe3-logic -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-qe3-logic/build/list-libsgx-qe3-logic %files -n libsgx-dcap-default-qpl -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build/list-libsgx-dcap-default-qpl %files -n libsgx-dcap-default-qpl-devel -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-default-qpl/build/list-libsgx-dcap-default-qpl-devel %files -n sgx-aesm-service -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-sgx-aesm-service %exclude /var/opt/aesmd/data %files -n libsgx-ae-epid -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-ae-epid %files -n libsgx-ae-le -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-ae-le %files -n libsgx-ae-pce -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-ae-pce %files -n libsgx-aesm-ecdsa-plugin -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-aesm-ecdsa-plugin %files -n libsgx-aesm-epid-plugin -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-aesm-epid-plugin %files -n libsgx-aesm-launch-plugin -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-aesm-launch-plugin %files -n libsgx-aesm-pce-plugin -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-aesm-pce-plugin %files -n libsgx-aesm-quote-ex-plugin -f %{LINUX_INSTALLER_RPM_DIR}/sgx-aesm-service/build/list-libsgx-aesm-quote-ex-plugin %files -n libsgx-epid -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build/list-libsgx-epid %files -n libsgx-epid-devel -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-epid/build/list-libsgx-epid-devel %files -n libsgx-launch -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build/list-libsgx-launch %files -n libsgx-launch-devel -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-launch/build/list-libsgx-launch-devel %files -n libsgx-quote-ex -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build/list-libsgx-quote-ex %files -n libsgx-quote-ex-devel -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-quote-ex/build/list-libsgx-quote-ex-devel %files -n libsgx-uae-service -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-uae-service/build/list-libsgx-uae-service %files -n libsgx-enclave-common -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build/list-libsgx-enclave-common %files -n libsgx-enclave-common-devel -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-enclave-common/build/list-libsgx-enclave-common-devel %files -n libsgx-urts -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-urts/build/list-libsgx-urts %files -n sgx-dcap-pccs -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/sgx-dcap-pccs/build/list-sgx-dcap-pccs %files -n libsgx-dcap-ql -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build/list-libsgx-dcap-ql %files -n libsgx-dcap-ql-devel -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-ql/build/list-libsgx-dcap-ql-devel %files -n libsgx-ae-qve -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-ae-qve/build/list-libsgx-ae-qve %files -n libsgx-dcap-quote-verify -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build/list-libsgx-dcap-quote-verify %files -n libsgx-dcap-quote-verify-devel -f %{DCAP_LINUX_INSTALLER_RPM_DIR}/libsgx-dcap-quote-verify/build/list-libsgx-dcap-quote-verify-devel %files -n sgx-pck-id-retrieval-tool -f external/dcap_source/tools/PCKRetrievalTool/installer/rpm/sgx-pck-id-retrieval-tool/build/list-sgx-pck-id-retrieval-tool %files -n libsgx-ra-uefi -f %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-uefi/build/list-libsgx-ra-uefi %files -n libsgx-ra-uefi-devel -f %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-uefi/build/list-libsgx-ra-uefi-devel %files -n libsgx-ra-network -f %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-network/build/list-libsgx-ra-network %files -n libsgx-ra-network-devel -f %{TOOLS_INSTALLER_RPM_DIR}/libsgx-ra-network/build/list-libsgx-ra-network-devel %files -n sgx-ra-service -f %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build/list-sgx-ra-service %files -n libsgx-headers -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers %changelog * Fri Sep 09 2022 wangyu - 2.15.1-6 - DCAP disabling the rpatch option * Sat Aug 27 2022 houmingyong - 2.15.1-5 - backport openssl CVE-2022-2068 and CVE-2022-2097 * Mon Jun 27 2022 wangyu - 2.15.1-4 - backport openssl CVE-2022-0778 and CVE-2022-1292, protobuf CVE-2021-22570 * Wed Jun 22 2022 zhengxiaoxiao - 2.15.1-3 - sgx-aesm-service exclude /var/opt/aesmd/data * Wed Jun 22 2022 wangyu - 2.15.1-2 - add yaml file * Mon Jun 13 2022 wangyu - 2.15.1-1 - init