Context:
The `aesm_service` binary depends on a vendored library called
`CppMicroServices`. At build time, this lib creates and then bundles
service resources into a zip file and then embeds this zip into the
binary. Without changes, the `aesm_service` will be different after every
build because the embedded zip file contents have different modified times.
All credits to @haraldh for this patch <3
* Updated platform enclaves.
* Re-enable parallel build; seems to work properly across several
different machines.
* Ensure all non-enclave libs get stripped so we don't add `gcc` to the
runtime closure.
* I'm not sure what the value of providing a non-platfrom /bin/mount is
for non-NixOS users for a service that isn't used that only bloats
closure size.
Changes sgx-psw to append `aesm` to `LD_LIBRARY_PATH`:
- Append instead of prepend to allow for overriding in service config
- As we already add a wrapper to add `aesm` to `LD_LIBRARY_PATH` it is
not necessary to also set in `LD_LIBRARY_PATH` of the systemd service.
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>