[PATCH 1/1] lib/ecdsa: Fix LibreSSL before v2.7.0

Tom Rini trini at konsulko.com
Thu Jul 29 14:59:46 CEST 2021


On Thu, Jul 29, 2021 at 01:40:41PM +0300, Artem Panfilov wrote:
> On 29.07.2021 02:43, Tom Rini wrote:
> >
> > Yes, true.  And that's two 1-line if/else.  That's a reasonable to me
> > level of effort to keep supporting older hosts.  Your patch is adding in
> > 60 lines.  I really do want to dig a bit more here.
> 
> For me, it doesn't matter how many lines of code were added if I can't
> build host tools with older OpenSSL versions. So what's the point
> of keeping OpenSSL backward compatibility?

Well yes, this is part of the question now, is there enough interest in
the old version to bother with?  The other part of the question is
what's being built now that wasn't being built before, and is that a bug
or a feature (a less CONFIG-dependent set of tools is good for generic
distributions).

> > And honestly, part of my concerns also go around "who is going to
> > maintain / test this area?".  We don't have these older versions in CI
> > (or we would have seen the problem before merging).  Are you
> > volunteering to support the relevant code areas here but on older
> > openssl/libressl ?
> 
> We already have a nightly Jenkins CI job that tracks u-boot master
> and sends internal reports.
> 
> The best way would be to testing in the upstream azure pipeline.
> 
> You could add the following steps in your trini/u-boot-gitlab-ci-runner docker image:
> wget -O - https://www.openssl.org/source/old/1.0.2/openssl-1.0.2k.tar.gz | tar -C /opt -xz && \
> cd /opt/openssl-1.0.2k/ && ./config shared && \
> make && \
> make install
> 
> In azure pipeline add new job for testing with old OpenSSL:
> make tools-only_config tools-only NO_SDL=1 \
> HOSTLDFLAGS="-ldl -L/usr/local/ssl/lib" \
> HOSTCFLAGS="-I/usr/local/ssl/include"

And the next time something breaks, are you going to be available to fix
it?

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210729/9e2ef21c/attachment.sig>


More information about the U-Boot mailing list