sgx-sdk, sgx-psw: improve samples

pkgs/os-specific/linux/sgx/samples/default.nix

@@ -0,0 +1,109 @@
+{ stdenv
+, lib
+, makeWrapper
+, sgx-sdk
+, sgx-psw
+, which
+  # "SIM" or "HW"
+, sgxMode
+}:
+let
+  isSimulation = sgxMode == "SIM";
+  buildSample = name: stdenv.mkDerivation {
+    pname = name;
+    version = sgxMode;
+
+    src = sgx-sdk.out;
+    sourceRoot = "${sgx-sdk.name}/share/SampleCode/${name}";
+
+    nativeBuildInputs = [
+      makeWrapper
+      which
+    ];
+
+    buildInputs = [
+      sgx-sdk
+    ];
+
+    # The samples don't have proper support for parallel building
+    # causing them to fail randomly.
+    enableParallelBuilding = false;
+
+    buildFlags = [
+      "SGX_MODE=${sgxMode}"
+    ];
+
+    installPhase = ''
+      runHook preInstall
+
+      mkdir -p $out/{bin,lib}
+      install -m 755 app $out/bin
+      install *.so $out/lib
+
+      wrapProgram "$out/bin/app" \
+        --run "cd $out/lib" \
+        ${lib.optionalString (!isSimulation)
+        ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"''}
+
+      runHook postInstall
+    '';
+
+    # Breaks the signature of the enclaves
+    dontFixup = true;
+
+    # We don't have access to real SGX hardware during the build
+    doInstallCheck = isSimulation;
+    installCheckPhase = ''
+      runHook preInstallCheck
+
+      pushd /
+      echo a | $out/bin/app
+      popd
+
+      runHook preInstallCheck
+    '';
+  };
+in
+{
+  cxx11SGXDemo = buildSample "Cxx11SGXDemo";
+  localAttestation = (buildSample "LocalAttestation").overrideAttrs (oldAttrs: {
+    installPhase = ''
+      runHook preInstall
+
+      mkdir -p $out/{bin,lib}
+      install -m 755 bin/app* $out/bin
+      install bin/*.so $out/lib
+
+      for bin in $out/bin/*; do
+        wrapProgram $bin \
+          --run "cd $out/lib" \
+          ${lib.optionalString (!isSimulation)
+          ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"''}
+      done
+
+      runHook postInstall
+    '';
+  });
+  powerTransition = buildSample "PowerTransition";
+  protobufSGXDemo = buildSample "ProtobufSGXDemo";
+  remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
+    # Makefile sets rpath to point to $TMPDIR
+    preFixup = ''
+      patchelf --remove-rpath $out/bin/app
+    '';
+
+    postInstall = ''
+      install sample_libcrypto/*.so $out/lib
+    '';
+  });
+  sampleEnclave = buildSample "SampleEnclave";
+  sampleEnclavePCL = buildSample "SampleEnclavePCL";
+  sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";
+  sealUnseal = (buildSample "SealUnseal").overrideAttrs (oldAttrs: {
+    prePatch = ''
+      substituteInPlace App/App.cpp \
+        --replace '"sealed_data_blob.txt"' '"/tmp/sealed_data_blob.txt"'
+    '';
+  });
+  switchless = buildSample "Switchless";
+}

pkgs/os-specific/linux/sgx/sdk/default.nix

@@ -3,15 +3,16 @@
 , fetchFromGitHub
 , fetchpatch
 , fetchzip
-, callPackage
 , autoconf
 , automake
 , binutils
+, callPackage
 , cmake
 , file
 , gdb
 , git
 , libtool
+, linkFarmFromDrvs
 , nasm
 , ocaml
 , ocamlPackages
@@ -20,6 +21,7 @@
 , python3
 , texinfo
 , validatePkgConfig
+, writeShellApplication
 , writeShellScript
 , writeText
 , debug ? false
@@ -257,7 +259,25 @@ stdenv.mkDerivation rec {
     postHooks+=(sgxsdk)
   '';
 
-  passthru.tests = callPackage ./samples.nix { };
+  passthru.tests = callPackage ../samples { sgxMode = "SIM"; };
+
+  # Run tests in SGX hardware mode on an SGX-enabled machine
+  # $(nix-build -A sgx-sdk.runTestsHW)/bin/run-tests-hw
+  passthru.runTestsHW =
+    let
+      testsHW = lib.filterAttrs (_: v: v ? "name") (callPackage ../samples { sgxMode = "HW"; });
+      testsHWLinked = linkFarmFromDrvs "sgx-samples-hw-bundle" (lib.attrValues testsHW);
+    in
+    writeShellApplication {
+      name = "run-tests-hw";
+      text = ''
+        for test in ${testsHWLinked}/*; do
+          printf '*** Running test %s ***\n\n' "$(basename "$test")"
+          printf 'a\n' | "$test/bin/app"
+          printf '\n'
+        done
+      '';
+    };
 
   meta = with lib; {
     description = "Intel SGX SDK for Linux built with IPP Crypto Library";