From 7dd8f19039e489a265e1870bb74e42db8680302a Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Sat, 12 Jun 2021 17:43:51 -0400 Subject: [PATCH] WIP: figure more general mechanism to build ipp crypto When building SDK & IPP Crypto from source with nix, the current check for the IPP source code does not work properly. That is, even though the IPP Crypto source code is there the check in the Makefile triggers the call to the ipp_source target which invokes git to update the submodule or clone the repo. In the context of a nix derivation, the source code along with the submodules is fetch at the beginning and the .git directory is removed, such that later invocations to git commands such as the one in the Makefile for the ipp_source target, fail. Also, depending on the environment, NIX_PATH may not be set and is therefore too restrictive as a check or assumes too much. A more general mechanism would be preferable. --- external/ippcp_internal/Makefile | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/external/ippcp_internal/Makefile b/external/ippcp_internal/Makefile index e1f9f34f2..f7b36382d 100644 --- a/external/ippcp_internal/Makefile +++ b/external/ippcp_internal/Makefile @@ -36,7 +36,7 @@ DIR = $(CURDIR) IPP_CONFIG = -Bbuild -DCMAKE_VERBOSE_MAKEFILE=on # Ignore the CMAKE C/C++ compiler check to avoid conflicts with mitigation options -IPP_CONFIG += -DCMAKE_C_COMPILER_WORKS=TRUE -DCMAKE_CXX_COMPILER_WORKS=TRUE +IPP_CONFIG += -DCMAKE_C_COMPILER_WORKS=TRUE -DCMAKE_CXX_COMPILER_WORKS=TRUE IPP_SOURCE = ipp-crypto ARCH = intel64 IPP_CONFIG += -DARCH=$(ARCH) @@ -59,13 +59,21 @@ else ifeq ($(MITIGATION-CVE-2020-0551), CF) endif OUT_DIR = lib/linux/$(ARCH)/$(SUB_DIR)/ +#CHECK_SOURCE := +## For reproducibility build in docker, the code should be +## prepared before build. So skip the code check to avoid +## triggering network request +#ifneq ($(origin NIX_PATH), environment) +#CHECK_SOURCE:= ipp_source +#endif +# FIXME temporary workaround for nix derivation +# Why can't IPP simply be a dependency like any other dependency? +# IPP library is a git submodule which must be init CHECK_SOURCE := -# For reproducibility build in docker, the code should be -# prepared before build. So skip the code check to avoid -# triggering network request -ifneq ($(origin NIX_PATH), environment) -CHECK_SOURCE:= ipp_source -endif +#ifeq ("$(wildcard $(LINUX_EXTERNAL_DIR)/ippcp_internal/ipp_crypto)", "") +#CHECK_SOURCE := ipp_source +#endif + .PHONY: all build_ipp all: build_ipp