From 4a7e2071fc502a0aa3ff8b1a98b9374a2b7eaafe Mon Sep 17 00:00:00 2001
From: w00559322 <wangyu283@huawei.com>
Date: Fri, 9 Sep 2022 09:59:34 +0800
Subject: [PATCH] DCAP disabling the rpatch option

(cherry picked from commit 7f2739935ef076a1193d486474ec60d532fd5742)
---
 DCAP-disabling-the-rpatch-option.patch | 87 ++++++++++++++++++++++++++
 linux-sgx.spec                         | 17 ++---
 2 files changed, 93 insertions(+), 11 deletions(-)
 create mode 100644 DCAP-disabling-the-rpatch-option.patch

diff --git a/DCAP-disabling-the-rpatch-option.patch b/DCAP-disabling-the-rpatch-option.patch
new file mode 100644
index 0000000..6d39245
--- /dev/null
+++ b/DCAP-disabling-the-rpatch-option.patch
@@ -0,0 +1,87 @@
+From a5e35c922b40a634b3d7b01d92724b86df20758f Mon Sep 17 00:00:00 2001
+From: wangyu <wangyu283@huawei.com>
+Date: Fri, 9 Sep 2022 10:09:37 +0800
+Subject: [PATCH] DCAP disabling the rpatch option
+
+---
+ .../QuoteGeneration/buildenv.mk                            | 7 +------
+ .../QuoteGeneration/quote_wrapper/ql/linux/Makefile        | 2 +-
+ .../tools/PCKCertSelection/PCKSelectionSample/Makefile     | 2 +-
+ .../tools/PCKRetrievalTool/Makefile                        | 2 +-
+ .../tools/PCKRetrievalTool/Qpl/linux/Makefile              | 2 +-
+ 5 files changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk
+index 8c87626e..f05ccdaf 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk
++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk
+@@ -97,12 +97,7 @@ INCLUDE :=
+ CUR_DIR := $(realpath $(call parent-dir,$(lastword $(wordlist 2,$(words $(MAKEFILE_LIST)),x $(MAKEFILE_LIST)))))
+ 
+ # turn on stack protector for SDK
+-CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
+-ifeq ($(CC_BELOW_4_9), 1)
+-    COMMON_FLAGS += -fstack-protector
+-else
+-    COMMON_FLAGS += -fstack-protector-strong
+-endif
++COMMON_FLAGS += -fstack-protector-strong
+ 
+ ifdef DEBUG
+     COMMON_FLAGS += -O0 -ggdb -DDEBUG -UNDEBUG
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile
+index 3dde7a10..30009c2d 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile
++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile
+@@ -51,7 +51,7 @@ QL_Lib_Include_Paths += -I../../quote/inc -I../../../pce_wrapper/inc -I../inc
+ QL_Lib_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(QL_Lib_Include_Paths)
+ 
+ LDUFLAGS:= -pthread $(COMMON_LDFLAGS)
+-LDUFLAGS += -Wl,--version-script=dcap_ql_wrapper.lds -Wl,--gc-sections -Wl,-rpath=.
++LDUFLAGS += -Wl,--version-script=dcap_ql_wrapper.lds -Wl,--gc-sections
+ 
+ QL_Lib_Cpp_Flags := $(QL_Lib_C_Flags) -std=c++11
+ QL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -g -L$(Quote_Library_Dir) -lsgx_qe3_logic -L$(PCE_Library_Dir) -lsgx_pce_logic -L$(TOP_DIR)/build/linux -L$(SGX_SDK)/lib64 -lpthread -ldl
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile
+index 2068554b..da3d3bea 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile
++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile
+@@ -79,7 +79,7 @@ C_FLAGS:= -DLINUX -fPIC -Werror $(APP_INCLUDE_PATHS)
+ 
+ # link flags, link CPUSVNCompare library
+ LINK_FLAGS := -Wl,-rpath,${ORIGIN} -L$(BIN_DIR) -l$(LIB_NAME)
+-LINK_FLAGS := -Wl,-rpath=. -L$(BIN_DIR) -l$(LIB_NAME)
++LINK_FLAGS := -L$(BIN_DIR) -l$(LIB_NAME)
+ 
+ # debug/release switch
+ ifeq ($(DEBUG), 1)
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile
+index 4596ee9c..116db7d2 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile
++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile
+@@ -104,7 +104,7 @@ App_C_Flags := $(COMMON_FLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
+ 
+ App_Cpp_Flags := $(App_C_Flags) -std=c++11
+ App_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,-z,relro,-z,now,-z,noexecstack
+-App_Link_Flags +=  -lcurl -ldl -lpthread -Wl,-rpath=.
++App_Link_Flags +=  -lcurl -ldl -lpthread
+ 
+ 
+ App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile
+index b046d726..551a133f 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile
++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile
+@@ -91,7 +91,7 @@ LDUFLAGS += -Wl,--gc-sections
+ 
+ QPL_Lib_Cpp_Flags := $(QPL_Lib_C_Flags) -std=c++11
+ 
+-QPL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -L$(SGX_SDK)/lib64 -lpthread -ldl  -Wl,-rpath=.
++QPL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -L$(SGX_SDK)/lib64 -lpthread -ldl
+ 
+ 
+ QPL_Lib_Cpp_Objects := $(QPL_Lib_Cpp_Files:.cpp=.o)
+-- 
+2.33.0
+
+
diff --git a/linux-sgx.spec b/linux-sgx.spec
index 4606f4d..aa82d29 100644
--- a/linux-sgx.spec
+++ b/linux-sgx.spec
@@ -1,6 +1,6 @@
 Name:           linux-sgx
 Version:        2.15.1
-Release:        5
+Release:        6
 Summary:        Intel(R) Software Guard Extensions for Linux* OS
 ExclusiveArch:	x86_64
 License:        BSD-3-Clause
@@ -28,6 +28,7 @@ Patch6:         backport-CVE-2022-1292.patch
 Patch7:         adapt-openssl-CVE.patch
 Patch8:         backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
 Patch9:         backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
+Patch10:        DCAP-disabling-the-rpatch-option.patch
 
 BuildRequires:  gcc-c++ protobuf-devel libtool ocaml-ocamlbuild openssl openssl-devel cmake python curl-devel createrepo_c git nasm
 
@@ -271,16 +272,7 @@ Intel(R) Software Guard Extensions Basic Headers
 %%setup -q -D -a 10 -n linux-sgx-sgx_%{version}/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteVerification/intel-sgx-ssl-lin_2.15.1_1.1.1l/openssl_source
 %%setup -q -D -a 9 -n linux-sgx-sgx_%{version}
 
-%%patch0 -p1
-%%patch1 -p1
-%%patch2 -p1
-%%patch3 -p1
-%%patch4 -p1
-%%patch5 -p1
-%%patch6 -p1
-%%patch7 -p1
-%%patch8 -p1
-%%patch9 -p1
+%autopatch -p1
 
 %build
 
@@ -1037,6 +1029,9 @@ fi
 %files -n libsgx-headers -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers
 
 %changelog
+* Fri Sep 09 2022 wangyu <wangyu283@huawei.com> - 2.15.1-6
+- DCAP disabling the rpatch option
+
 * Sat Aug 27 2022 houmingyong<houmingyong@huawei.com> - 2.15.1-5
 - backport openssl CVE-2022-2068 and CVE-2022-2097
 
-- 
Gitee