41 lines
911 B
Nix
41 lines
911 B
Nix
|
{
|
|||
|
|
stdenv,
|
|||
|
|
fetchFromGitHub,
|
|||
|
|
cmake,
|
|||
|
|
nasm,
|
|||
|
|
openssl,
|
|||
|
|
python3,
|
|||
|
|
extraCmakeFlags ? [ ],
|
|||
|
|
}:
|
|||
|
|
stdenv.mkDerivation rec {
|
|||
|
|
pname = "ipp-crypto";
|
|||
|
|
version = "2021.11.1";
|
|||
|
|
|
|||
|
|
src = fetchFromGitHub {
|
|||
|
|
owner = "intel";
|
|||
|
|
repo = "ipp-crypto";
|
|||
|
|
rev = "ippcp_${version}";
|
|||
|
|
hash = "sha256-OgNrrPE8jFVD/hcv7A43Bno96r4Z/lb7/SE6TEL7RDI=";
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
cmakeFlags = [
|
|||
|
|
"-DARCH=intel64"
|
|||
|
|
# sgx-sdk now requires FIPS-compliance mode turned on
|
|||
|
|
"-DIPPCP_FIPS_MODE=on"
|
|||
|
|
]
|
|||
|
|
++ extraCmakeFlags;
|
|||
|
|
|
|||
|
|
# Yes, it seems bad for a cryptography library to trigger this
|
|||
|
|
# warning. We previously pinned an EOL GCC which avoided it, but this
|
|||
|
|
# issue is present regardless of whether we use a compiler that flags
|
|||
|
|
# it up or not; upstream just doesn’t test with modern compilers.
|
|||
|
|
env.NIX_CFLAGS_COMPILE = "-Wno-error=stringop-overflow";
|
|||
|
|
|
|||
|
|
nativeBuildInputs = [
|
|||
|
|
cmake
|
|||
|
|
nasm
|
|||
|
|
openssl
|
|||
|
|
python3
|
|||
|
|
];
|
|||
|
|
}
|