From 7eb96bec6a5ef0e3d1c1cd46e47ed4b6c2e86d32 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@matterlabs.dev>
Date: Thu, 8 Aug 2024 14:16:20 +0200
Subject: [PATCH] fix(gramine): maybe fix problem with golang `netpollBreak`

Old golang uses pipes for netpoll. And occasionally -EACCES was seen
with golang `netpollBreak` writing to a non-blocking pipe.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
---
 packages/gramine/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/gramine/default.nix b/packages/gramine/default.nix
index 2c98b96..93d58bf 100644
--- a/packages/gramine/default.nix
+++ b/packages/gramine/default.nix
@@ -2,6 +2,7 @@
 , lib
 , nixsgx
 , fetchurl
+, fetchpatch
 , bash
 , meson
 , nasm
@@ -69,6 +70,14 @@ python.pkgs.buildPythonPackage {
     fetchSubmodules = true;
   };
 
+  patches = [
+    # Add locking around read/write on encrypted pipes
+    (fetchpatch {
+      url = "https://github.com/gramineproject/gramine/commit/cd68a460abf9db2295f5dc5cf292b8678741fb22.patch";
+      hash = "sha256-KRgcFiZWCOz1x8O0cgL7aZ1xG9bdZDPwRKSgqOWJ2nQ=";
+    })
+  ];
+
   outputs = [ "out" "dev" ];
 
   # Unpack subproject sources