Description
As per https://github.com/fortanix/rust-sgx/tree/master/em-app, to build for SGX, some compiler flags are passed:
export CFLAGS_x86_64_fortanix_unknown_sgx="-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening"
export CC_x86_64_fortanix_unknown_sgx=clang-11
cargo build --target=x86_64-fortanix-unknown-sgx --lockedIt's also what the CI does, as defined under the oasis-sdk/.github/actions/hash-rust/action.yml.
Related/background: rust-lang/llvm-project#58
UPDATE
Added the options in
Lines 86 to 101 in b01c667
Except for the cflag option -isystem/usr/include/x86_64-linux-gnu. As pointed out in the TODO note in the code snippet above, section 6.8 Purity in Nixpkgs of the Nixpkgs (21.11) Manual, points out:
Measures taken to prevent dependencies on packages outside the store, and what you can do to prevent them.
GCC doesn’t search in locations such as
/usr/include. In fact, attempts to add such directories through the-Iflag are filtered out. Likewise, the linker (from GNU binutils) doesn’t search in standard locations such as/usr/lib. Programs built on Linux are linked against a GNU C Library that likewise doesn’t search in the default system locations.
So, maybe it's fine to totally omit the option -isystem/usr/include/x86_64-linux-gnu as it would be ignored, or should it be replaced to the appropriate location under the nix/store/...?