From 9965f14b86aacdf7c13a59e3ee4e56cbc5a43267 Mon Sep 17 00:00:00 2001 From: Andrew Jeffery Date: Tue, 8 Aug 2023 15:42:05 +0000 Subject: [PATCH] Updated some nix config --- flake.lock | 42 +++- flake.nix | 3 +- nix/az-dcap.nix | 4 +- nix/ccf.nix | 36 +-- nix/default.nix | 14 +- nix/lskv.nix | 4 +- nix/openenclave.nix | 45 ++-- nix/patches/openenclave-pkgconfig.diff | 308 +++++++++++++++++++++++++ 8 files changed, 392 insertions(+), 64 deletions(-) create mode 100644 nix/patches/openenclave-pkgconfig.diff diff --git a/flake.lock b/flake.lock index f203e4358..de9ad5970 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,15 @@ { "nodes": { "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -17,11 +20,11 @@ }, "nix-filter": { "locked": { - "lastModified": 1666547822, - "narHash": "sha256-razwnAybPHyoAyhkKCwXdxihIqJi1G6e1XP4FQOJTEs=", + "lastModified": 1687178632, + "narHash": "sha256-HS7YR5erss0JCaUijPeyg2XrisEb959FIct3n2TMGbE=", "owner": "numtide", "repo": "nix-filter", - "rev": "1a3b735e13e90a8d2fd5629f2f8363bd7ffbbec7", + "rev": "d90c75e8319d0dd9be67d933d8eb9d0894ec9174", "type": "github" }, "original": { @@ -32,16 +35,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1666629043, - "narHash": "sha256-Yoq6Ut2F3Ol73yO9hG93x6ts5c4F5BhKTbcF3DtBEAw=", - "owner": "NixOS", + "lastModified": 1676357583, + "narHash": "sha256-I0uuiv0ej+kyg78RuAbUKPbFqHK/9LRH7H35vyiGj6s=", + "owner": "rrbutani", "repo": "nixpkgs", - "rev": "b39fd6e4edef83cb4a135ebef98751ce23becc33", + "rev": "99b2500ca56fd269396e5388fdd5c2550b48d033", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "rrbutani", + "ref": "fix/llvm-15-libcxx-linker-script-bug", "repo": "nixpkgs", "type": "github" } @@ -52,6 +55,21 @@ "nix-filter": "nix-filter", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9ce00e571..03d8530ca 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,8 @@ { description = "Confidential computing packages"; - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + # inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + inputs.nixpkgs.url = "github:rrbutani/nixpkgs/fix/llvm-15-libcxx-linker-script-bug"; inputs.flake-utils.url = "github:numtide/flake-utils"; inputs.nix-filter.url = "github:numtide/nix-filter"; diff --git a/nix/az-dcap.nix b/nix/az-dcap.nix index fe474b5dd..244f8085f 100644 --- a/nix/az-dcap.nix +++ b/nix/az-dcap.nix @@ -6,7 +6,7 @@ makeWrapper, fetchurl, lib, - openssl_1_1, + openssl, }: let fetchFromIntelGitHub = {path, ...} @ attrs: fetchurl ({ @@ -44,7 +44,7 @@ in }; nativeBuildInputs = [makeWrapper]; buildInputs = [ - (curl.override {openssl = openssl_1_1;}) + (curl.override {openssl = openssl;}) nlohmann_json ]; diff --git a/nix/ccf.nix b/nix/ccf.nix index 616b2bf5a..a03d1dc57 100644 --- a/nix/ccf.nix +++ b/nix/ccf.nix @@ -1,13 +1,14 @@ { fetchFromGitHub, + pkg-config, cmake, ninja, stdenv, openenclave, libuv, - az-dcap, - sgx-dcap, - sgx-psw, + # az-dcap, + # sgx-dcap, + # sgx-psw, makeWrapper, protobuf, openssl, @@ -31,24 +32,25 @@ in repo = "CCF"; name = "ccf-${version}"; rev = "ccf-${version}"; - hash = "sha256-IG5lgtiq/VPTJm9hMYcj9JTxsapD7+H1aw5+b6pY0ko="; + hash = "sha256-CofADLExBTo3CH7iACKKNxMsSpy/ZBWBRaXc3ELHAd4="; }; patches = [ - patches/ccf-no-python.diff - patches/ccf-no-python-pb2.diff + # patches/ccf-no-python.diff + # patches/ccf-no-python-pb2.diff patches/ccf-protoc-binary.diff - patches/ccf-ignore-submitter.diff + # patches/ccf-ignore-submitter.diff ]; nativeBuildInputs = [ cmake ninja + pkg-config libuv protobuf - arrow-cpp - sgx-dcap + # arrow-cpp + # sgx-dcap openenclave - makeWrapper + # makeWrapper ]; cmakeFlags = [ @@ -62,12 +64,12 @@ in NIX_NO_SELF_RPATH = "1"; postInstall = '' - wrapProgram $out/bin/cchost \ - --suffix LD_LIBRARY_PATH ':' "${az-dcap}/lib:${sgx-psw}/lib:${sgx-dcap}/lib" - - wrapProgram $out/bin/keygenerator.sh \ - --prefix PATH ':' "${openssl}/bin" - - ${toRemove} + # wrapProgram $out/bin/cchost \ + # --suffix LD_LIBRARY_PATH ':' "''${az-dcap}/lib:''${sgx-psw}/lib:''${sgx-dcap}/lib" + # + # wrapProgram $out/bin/keygenerator.sh \ + # --prefix PATH ':' "${openssl}/bin" + # + # ${toRemove} ''; } diff --git a/nix/default.nix b/nix/default.nix index d98b2c199..2ab5ee201 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -28,12 +28,12 @@ pkgs.lib.makeScope pkgs.newScope ( }; ccf = self.callPackage ./ccf.nix { - stdenv = pkgs.llvmPackages_10.libcxxStdenv; + stdenv = pkgs.llvmPackages_15.libcxxStdenv; }; ccf-sandbox = self.callPackage ./ccf-sandbox.nix {inherit ccf;}; lskv = self.callPackage ./lskv.nix { inherit ccf; - stdenv = pkgs.llvmPackages_10.libcxxStdenv; + stdenv = pkgs.llvmPackages_15.libcxxStdenv; }; lskv-sandbox = self.callPackage ./lskv-sandbox.nix {inherit ccf-sandbox lskv;}; packages = lskvlib.forAllPlatforms { @@ -53,25 +53,25 @@ pkgs.lib.makeScope pkgs.newScope ( az-dcap = self.callPackage ./az-dcap.nix {}; sgx-dcap = self.callPackage ./sgx-dcap.nix {}; - openenclave-version = "0.18.4"; + openenclave-version = "0.19.3"; openenclave-src = pkgs.fetchFromGitHub { owner = "openenclave"; repo = "openenclave"; rev = "v${openenclave-version}"; - hash = "sha256-65LHXKfDWUvLCMupJkF7o7d6ljsO7nwcmQxRU8H2Xls="; + hash = "sha256-RN7Mq6RO09CZOEoi/nYpPfa7TT1I5FYKqET8wRXnIxU="; fetchSubmodules = true; }; lvi-mitigation = self.callPackage ./lvi-mitigation.nix {}; openenclave = self.callPackage ./openenclave.nix { - # Openenclave doesn't build with libcxx, for some reason. - inherit (pkgs.llvmPackages_10) stdenv; + stdenv = pkgs.llvmPackages_11.libcxxStdenv; + openssl = pkgs.openssl_1_1; }; k6 = self.callPackage ./k6.nix {}; mkShell = args: (pkgs.mkShell.override { - stdenv = pkgs.llvmPackages_10.libcxxStdenv; + stdenv = pkgs.llvmPackages_15.libcxxStdenv; }) ({ NIX_CFLAGS_COMPILE = "-Wno-unused-command-line-argument"; NIX_NO_SELF_RPATH = "1"; diff --git a/nix/lskv.nix b/nix/lskv.nix index 035ec42c0..3ade6b08a 100644 --- a/nix/lskv.nix +++ b/nix/lskv.nix @@ -1,7 +1,7 @@ { stdenv, cmake, - sgx-dcap, + # sgx-dcap, openenclave, ninja, protobuf, @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { cmake ninja protobuf - sgx-dcap + # sgx-dcap (ccf.override {inherit platform;}) openenclave ]; diff --git a/nix/openenclave.nix b/nix/openenclave.nix index 2eece81d0..687faaa5d 100644 --- a/nix/openenclave.nix +++ b/nix/openenclave.nix @@ -4,27 +4,26 @@ fetchzip, openenclave-version, openenclave-src, - lvi-mitigation, cmake, ninja, perl, - openssl_1_1, + openssl, }: let sgx-h = fetchurl { url = "https://raw.githubusercontent.com/torvalds/linux/v5.13/arch/x86/include/uapi/asm/sgx.h"; sha256 = "4764b8ce858579d99f1b66bb1e5f04ba149a38aea15649fff19f65f8d9113fd0"; }; compiler-rt = fetchzip { - url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/compiler-rt-10.0.1.src.tar.xz"; - hash = "sha256-OErVbpYasfvBK0793ujshuHK4tbqq3grQHjYDpebmT4="; + url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-11.1.0/compiler-rt-11.1.0.src.tar.xz"; + hash = "sha256-jycaXF3wGF85B2cwe+1q5fVPhR+/JnaZ+4A8y/qyBag="; }; libcxx = fetchzip { - url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/libcxx-10.0.1.src.tar.xz"; - sha256 = "sha256-/OhdYPlbNHMxX2VxlurkOspC1OyPDmyUqXvZKxzwkTg="; + url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-11.1.0/libcxx-11.1.0.src.tar.xz"; + sha256 = "sha256-UoRPugdPj0FtKp79V1nljehWyhChxgUo3mb/Wyq/RIA="; }; symcrypt = fetchzip { - url = "https://github.com/microsoft/SymCrypt/releases/download/v101.3.0/symcrypt_AMD64_oe_full_v101.3.0-31e06ae.tgz"; - sha256 = "sha256-diA653HZ4Mn4JbeT6+U0anhP3ySVWZWjcXH7KVVkqkY="; + url = "https://github.com/microsoft/SymCrypt/releases/download/v103.0.1/symcrypt-linux-oe_full-AMD64-103.0.1-69dbff3.tar.gz"; + sha256 = "sha256-VCJlAOnbY2kYlnNv6SxumD4BinntAvpBFkUs9hBxCY4="; stripRoot = false; }; in @@ -32,13 +31,16 @@ in pname = "openenclave"; version = openenclave-version; src = openenclave-src; - patches = [patches/openenclave.diff]; + patches = [ + # patches/openenclave.diff + patches/openenclave-pkgconfig.diff + ]; cmakeFlags = [ "-DCMAKE_BUILD_TYPE=RelWithDebInfo" "-DFETCHCONTENT_SOURCE_DIR_COMPILER-RT-SOURCES=${compiler-rt}" "-DFETCHCONTENT_SOURCE_DIR_LIBCXX_SOURCES=${libcxx}" "-DFETCHCONTENT_SOURCE_DIR_SYMCRYPT_PACKAGE=${symcrypt}" - "-DCLANG_INTRINSIC_HEADERS_DIR=${toString stdenv.cc.cc.lib}/lib/clang/10.0.1/include" + "-DCLANG_INTRINSIC_HEADERS_DIR=${toString stdenv.cc.cc.lib}/lib/clang/${stdenv.cc.version}/include" "-DENABLE_REFMAN=OFF" "-DBUILD_TESTS=OFF" @@ -46,34 +48,31 @@ in # This breaks reproducible builds. "-DBUILD_OEUTIL_TOOL=OFF" - "-DCMAKE_BUILD_WITH_INSTALL_RPATH:BOOL=ON" - "-DCMAKE_INSTALL_RPATH_USE_LINK_PATH:BOOL=ON" - - "-DLVI_MITIGATION=ControlFlow" + # "-DCMAKE_BUILD_WITH_INSTALL_RPATH:BOOL=ON" + # "-DCMAKE_INSTALL_RPATH_USE_LINK_PATH:BOOL=ON" ]; preConfigure = '' - mkdir -p build/host build/3rdparty/symcrypt_engine + mkdir -p build/host + mkdir -p build/3rdparty/symcrypt_engine cp ${sgx-h} build/host/sgx.h ln -s ${compiler-rt} 3rdparty/compiler-rt/compiler-rt ln -s ${libcxx} 3rdparty/libcxx/libcxx ln -s ${symcrypt} build/3rdparty/symcrypt_engine/SymCrypt - ln -s ${lvi-mitigation}/bin build/lvi_mitigation_bin patchShebangs tools/oeutil/gen_pubkey_header.sh - patchShebangs tools/oeapkman/oeapkman + substituteInPlace tools/oeutil/gen_pubkey_header.sh --replace '/var/tmp/oeutil_lock' '.oeutil_lock' patchShebangs 3rdparty/openssl/append-unsupported patchShebangs 3rdparty/musl/append-deprecations + ''; - substituteInPlace pkgconfig/*.pc --replace \''${prefix}/@CMAKE_INSTALL_LIBDIR@ @CMAKE_INSTALL_LIBDIR@ - substituteInPlace pkgconfig/*.pc --replace \''${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ @CMAKE_INSTALL_INCLUDEDIR@ - - # since expansion isn't possible in cmakeFlags - cmakeFlags="$cmakeFlags -DLVI_MITIGATION_BINDIR=$PWD/build/lvi_mitigation_bin" + postFixup = '' + substituteInPlace $out/lib/${pname}/cmake/${pname}-*.cmake \ + --replace 'set(_IMPORT_PREFIX' '#set(_IMPORT_PREFIX' ''; nativeBuildInputs = [cmake ninja perl]; - propagatedBuildInputs = [openssl_1_1]; + propagatedBuildInputs = [openssl]; # Not sure if we want to keep this dontAutoPatchelf = true; diff --git a/nix/patches/openenclave-pkgconfig.diff b/nix/patches/openenclave-pkgconfig.diff new file mode 100644 index 000000000..1963200ff --- /dev/null +++ b/nix/patches/openenclave-pkgconfig.diff @@ -0,0 +1,308 @@ +diff --git a/pkgconfig/oeenclave-clang++-lvi-cfg.pc b/pkgconfig/oeenclave-clang++-lvi-cfg.pc +index 6ac9d6ec7..380ae3ba2 100644 +--- a/pkgconfig/oeenclave-clang++-lvi-cfg.pc ++++ b/pkgconfig/oeenclave-clang++-lvi-cfg.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibslvicfg=@LVI_MITIGATION_MBEDTLS_CRYPTO_LIBS@ + openssllibslvicfg=@LVI_MITIGATION_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oeenclave-clang++.pc b/pkgconfig/oeenclave-clang++.pc +index f588fa1fd..2108e0657 100644 +--- a/pkgconfig/oeenclave-clang++.pc ++++ b/pkgconfig/oeenclave-clang++.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibs=@ENCLAVE_MBEDTLS_CRYPTO_LIBS@ + openssllibs=@ENCLAVE_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oeenclave-clang-lvi-cfg.pc b/pkgconfig/oeenclave-clang-lvi-cfg.pc +index a7a8c4e7c..ebb4bafc3 100644 +--- a/pkgconfig/oeenclave-clang-lvi-cfg.pc ++++ b/pkgconfig/oeenclave-clang-lvi-cfg.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibslvicfg=@LVI_MITIGATION_MBEDTLS_CRYPTO_LIBS@ + openssllibslvicfg=@LVI_MITIGATION_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oeenclave-clang.pc b/pkgconfig/oeenclave-clang.pc +index 583a474d3..01d179059 100644 +--- a/pkgconfig/oeenclave-clang.pc ++++ b/pkgconfig/oeenclave-clang.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibs=@ENCLAVE_MBEDTLS_CRYPTO_LIBS@ + openssllibs=@ENCLAVE_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oeenclave-g++-lvi-cfg.pc b/pkgconfig/oeenclave-g++-lvi-cfg.pc +index 44b6fe8fd..1f06128db 100644 +--- a/pkgconfig/oeenclave-g++-lvi-cfg.pc ++++ b/pkgconfig/oeenclave-g++-lvi-cfg.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibslvicfg=@LVI_MITIGATION_MBEDTLS_CRYPTO_LIBS@ + openssllibslvicfg=@LVI_MITIGATION_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oeenclave-g++.pc b/pkgconfig/oeenclave-g++.pc +index 80ae85bd0..a1a45bd0b 100644 +--- a/pkgconfig/oeenclave-g++.pc ++++ b/pkgconfig/oeenclave-g++.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibs=@ENCLAVE_MBEDTLS_CRYPTO_LIBS@ + openssllibs=@ENCLAVE_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oeenclave-gcc-lvi-cfg.pc b/pkgconfig/oeenclave-gcc-lvi-cfg.pc +index bae4563ab..4aa5843de 100644 +--- a/pkgconfig/oeenclave-gcc-lvi-cfg.pc ++++ b/pkgconfig/oeenclave-gcc-lvi-cfg.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibslvicfg=@LVI_MITIGATION_MBEDTLS_CRYPTO_LIBS@ + openssllibslvicfg=@LVI_MITIGATION_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oeenclave-gcc.pc b/pkgconfig/oeenclave-gcc.pc +index 068c32f05..dd585c395 100644 +--- a/pkgconfig/oeenclave-gcc.pc ++++ b/pkgconfig/oeenclave-gcc.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + mbedtlslibs=@ENCLAVE_MBEDTLS_CRYPTO_LIBS@ + openssllibs=@ENCLAVE_OPENSSL_CRYPTO_LIBS@ +diff --git a/pkgconfig/oehost-clang++.pc b/pkgconfig/oehost-clang++.pc +index 89b5c91e0..114630754 100644 +--- a/pkgconfig/oehost-clang++.pc ++++ b/pkgconfig/oehost-clang++.pc +@@ -1,14 +1,13 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave clang++ flags and libraries for building hosts. + Version: @OE_VERSION@ + Requires: openssl +-Cflags: @HOST_CXXFLAGS_CLANG@ @HOST_INCLUDES@ ++Cflags: @HOST_CXXFLAGS_CLANG@ @HOST_INCLUDES@ + Libs: @HOST_CXXLIBS@ +diff --git a/pkgconfig/oehost-clang.pc b/pkgconfig/oehost-clang.pc +index 702ac7afb..3efa2d388 100644 +--- a/pkgconfig/oehost-clang.pc ++++ b/pkgconfig/oehost-clang.pc +@@ -1,14 +1,13 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave clang flags and libraries for building hosts. + Version: @OE_VERSION@ + Requires: openssl +-Cflags: @HOST_CFLAGS_CLANG@ @HOST_INCLUDES@ ++Cflags: @HOST_CFLAGS_CLANG@ @HOST_INCLUDES@ + Libs: @HOST_CLIBS@ +diff --git a/pkgconfig/oehost-g++.pc b/pkgconfig/oehost-g++.pc +index 944f85875..da928c4b0 100644 +--- a/pkgconfig/oehost-g++.pc ++++ b/pkgconfig/oehost-g++.pc +@@ -1,14 +1,13 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave g++ flags and libraries for building hosts. + Version: @OE_VERSION@ + Requires: openssl +-Cflags: @HOST_CXXFLAGS_GCC@ @HOST_INCLUDES@ ++Cflags: @HOST_CXXFLAGS_GCC@ @HOST_INCLUDES@ + Libs: @HOST_CXXLIBS@ +diff --git a/pkgconfig/oehost-gcc.pc b/pkgconfig/oehost-gcc.pc +index 6c86ba006..9b550b434 100644 +--- a/pkgconfig/oehost-gcc.pc ++++ b/pkgconfig/oehost-gcc.pc +@@ -1,14 +1,13 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=${pcfiledir}/../.. +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave gcc flags and libraries for building hosts. + Version: @OE_VERSION@ + Requires: openssl +-Cflags: @HOST_CFLAGS_GCC@ @HOST_INCLUDES@ ++Cflags: @HOST_CFLAGS_GCC@ @HOST_INCLUDES@ + Libs: @HOST_CLIBS@ +diff --git a/pkgconfig/oehostverify-clang++.pc b/pkgconfig/oehostverify-clang++.pc +index 33c01b43f..3c1e0fc4f 100644 +--- a/pkgconfig/oehostverify-clang++.pc ++++ b/pkgconfig/oehostverify-clang++.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=@PREFIX@ +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave clang++ flags and libraries verifying remote reports on hosts. +diff --git a/pkgconfig/oehostverify-clang.pc b/pkgconfig/oehostverify-clang.pc +index ed5b67a28..d643115d7 100644 +--- a/pkgconfig/oehostverify-clang.pc ++++ b/pkgconfig/oehostverify-clang.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=@PREFIX@ +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave clang flags and libraries verifying remote reports on hosts. +diff --git a/pkgconfig/oehostverify-g++.pc b/pkgconfig/oehostverify-g++.pc +index da30cf65b..0d4535cf4 100644 +--- a/pkgconfig/oehostverify-g++.pc ++++ b/pkgconfig/oehostverify-g++.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=@PREFIX@ +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave g++ flags and libraries verifying remote reports on hosts. +diff --git a/pkgconfig/oehostverify-gcc.pc b/pkgconfig/oehostverify-gcc.pc +index 0559e1f58..5a0cd10ed 100644 +--- a/pkgconfig/oehostverify-gcc.pc ++++ b/pkgconfig/oehostverify-gcc.pc +@@ -1,10 +1,9 @@ + # Copyright (c) Open Enclave SDK contributors. + # Licensed under the MIT License. + +-prefix=@PREFIX@ +-exec_prefix=${prefix} +-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++exec_prefix=@CMAKE_INSTALL_PREFIX@ ++includedir=@CMAKE_INSTALL_INCLUDEDIR@ ++libdir=@CMAKE_INSTALL_LIBDIR@ + + Name: Open Enclave + Description: Open Enclave gcc flags and libraries verifying remote reports on hosts.