Broken build with disabling OpenSSL crypto
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards, Jernej
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit as patch?
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \ - fdt-libcrypto.o) + fdt-libcrypto.o) \ + kwbimage.o
ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \ - kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \ @@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \
On Wed, Oct 06, 2021 at 05:05:24PM -0500, Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej ?krabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit as patch?
Alex
Hi Alex,
I can confirm the patch does work as expected.
https://github.com/LibreELEC/LibreELEC.tv/pull/5719/files
Setting the CONFIG_TOOLS_LIBCRYPTO=n - now results in a successful build. It fixes the must have SSL regression introduced in b4f3cc2c42d9.
Regards Rudi
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
fdt-libcrypto.o)
fdt-libcrypto.o) \kwbimage.oROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \
kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \@@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \
Hi Alex!
Dne četrtek, 07. oktober 2021 ob 00:05:24 CEST je Alex G. napisal(a):
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to
enable
OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit
b4f3cc2c42d9
("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That
totally
defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for
our
case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit
as patch?
This works, I'll submit it as a patch. Should I keep you as original author and add your SoB tag?
Best regards, Jernej
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/,
\
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
fdt-libcrypto.o)
fdt-libcrypto.o) \kwbimage.oROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \
kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \@@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -
DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$
(CONFIG_TOOLS_LIBCRYPTO),)
+# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo
"")
HOSTLDLIBS_mkimage += \
On 10/10/21 6:06 AM, Jernej Škrabec wrote:
Dne četrtek, 07. oktober 2021 ob 00:05:24 CEST je Alex G. napisal(a):
Can you please give the following diff a try, and if it works for you, submit
as patch?
This works, I'll submit it as a patch. Should I keep you as original author and add your SoB tag?
You can take authorship.
Alex
Best regards, Jernej
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/,
\
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
fdt-libcrypto.o)
fdt-libcrypto.o) \kwbimage.oROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \
kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \@@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -
DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$
(CONFIG_TOOLS_LIBCRYPTO),)
+# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo
"")
HOSTLDLIBS_mkimage += \
Hi,
On 07/10/2021 00:05, Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit as patch?
it looks like this is still required, as this fixes it for me too ;)
Thanks, Andre
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \ - fdt-libcrypto.o) + fdt-libcrypto.o) \ + kwbimage.o
ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \ - kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \ @@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),)
+# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \
On Wednesday 06 October 2021 17:05:24 Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit as patch?
This change is incorrect and will break mvebu builds. mvebu requires kwbimage for building boot images and so you cannot disable it or make it optional.
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
fdt-libcrypto.o)
fdt-libcrypto.o) \kwbimage.oROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \
kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \@@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \
On 10/15/21 6:34 AM, Pali Rohár wrote:
On Wednesday 06 October 2021 17:05:24 Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit as patch?
This change is incorrect and will break mvebu builds. mvebu requires kwbimage for building boot images and so you cannot disable it or make it optional.
If kwbimage is required and missing the CI builds and tests don't catch that. I ran buildman with the change, and nothing broke. Sounds like that needs to be addressed.
That being said, I'm not okay with making everyone a slave to OpenSSL because of any given platform.
I propose to revert commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X"), and rework it such that it doesn't force libcrypto on everyone. And we very likely need a CI test against libcrypto linkage when TOOLS_LIBCRYPTO is not set.
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
fdt-libcrypto.o)
fdt-libcrypto.o) \kwbimage.oROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \
kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \@@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \
On Friday 15 October 2021 09:35:43 Alex G. wrote:
On 10/15/21 6:34 AM, Pali Rohár wrote:
On Wednesday 06 October 2021 17:05:24 Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit as patch?
This change is incorrect and will break mvebu builds. mvebu requires kwbimage for building boot images and so you cannot disable it or make it optional.
If kwbimage is required and missing the CI builds and tests don't catch that. I ran buildman with the change, and nothing broke. Sounds like that needs to be addressed.
It is possible that tests do not covert all scenarios.
That being said, I'm not okay with making everyone a slave to OpenSSL because of any given platform.
I propose to revert commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X"), and rework it such that it doesn't force libcrypto on everyone. And we very likely need a CI test against libcrypto linkage when TOOLS_LIBCRYPTO is not set.
Reverting that commit is not a solution as it can lead to broken kwbimage (when crypto stuff is not enabled). Plus there is lot of other changes and fixes in kwboot and kwbimage...
Some information with another approach how to solve build issues are in this email: https://lore.kernel.org/u-boot/20211015114735.rig3e4cuc7mn6a7e@pali/
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
fdt-libcrypto.o)
fdt-libcrypto.o) \kwbimage.oROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \
kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \@@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \
On 10/15/21 3:30 PM, Pali Rohár wrote:
On Friday 15 October 2021 09:35:43 Alex G. wrote:
On 10/15/21 6:34 AM, Pali Rohár wrote:
On Wednesday 06 October 2021 17:05:24 Alex G. wrote:
Hi Jernej,
On 10/6/21 4:27 PM, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
Best regards,
Can you please give the following diff a try, and if it works for you, submit as patch?
This change is incorrect and will break mvebu builds. mvebu requires kwbimage for building boot images and so you cannot disable it or make it optional.
If kwbimage is required and missing the CI builds and tests don't catch that. I ran buildman with the change, and nothing broke. Sounds like that needs to be addressed.
It is possible that tests do not covert all scenarios.
That being said, I'm not okay with making everyone a slave to OpenSSL because of any given platform.
I propose to revert commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X"), and rework it such that it doesn't force libcrypto on everyone. And we very likely need a CI test against libcrypto linkage when TOOLS_LIBCRYPTO is not set.
Reverting that commit is not a solution as it can lead to broken kwbimage (when crypto stuff is not enabled). Plus there is lot of other changes and fixes in kwboot and kwbimage...
There are lots of CI tests that do not build usable images. I caution against conflating testability with usability, as anyone who intends to run images on hardware will likely have done their diligence and enabled TOOLS_LIBCRYPTO.
Alex
Some information with another approach how to solve build issues are in this email: https://lore.kernel.org/u-boot/20211015114735.rig3e4cuc7mn6a7e@pali/
Alex
diff --git a/tools/Makefile b/tools/Makefile index 4a86321f64..7f72ff9645 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
# Cryptographic helpers that depend on openssl/libcrypto LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
fdt-libcrypto.o)
fdt-libcrypto.o) \kwbimage.oROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
@@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \
kwbimage.o \ lib/md5.o \ lpc32xximage.o \ mxsimage.o \@@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif
-# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \
On Wed, Oct 06, 2021 at 11:27:43PM +0200, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for our case anyway.
How hard is it to specify openssl as a dependency for U-Boot, in the LibreELEC build system? I assume openssl is being used in other parts of the build anyhow. Thanks!
Hi!
Dne četrtek, 07. oktober 2021 ob 21:41:00 CEST je Tom Rini napisal(a):
On Wed, Oct 06, 2021 at 11:27:43PM +0200, Jernej Škrabec wrote:
Hi everyone!
Commit cb9faa6f98ae ("tools: Use a single target-independent config to
enable
OpenSSL") recently introduced option to disable usage of OpenSSL via CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit
b4f3cc2c42d9
("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That
totally
defeats the purpose of first commit. I suggest that it gets reverted.
I would like disable OpenSSL for my usage, since it gives me troubles when cross-compiling U-Boot inside LibreELEC build system. It's not needed for
our
case anyway.
How hard is it to specify openssl as a dependency for U-Boot, in the LibreELEC build system? I assume openssl is being used in other parts of the build anyhow. Thanks!
Sure, OpenSSL package is present and we fixed issue with pkg-config in the meantime (it picked target paths instead for the host). However, that doesn't change anything. CONFIG_TOOLS_LIBCRYPTO is still borked and should be either fixed or dropped. I prefer first option because OpenSSL dependency can be removed and that allows more concurrency (multiple packages are built at the same time).
Best regards, Jernej
participants (6)
-
Alex G. -
Andre Heider -
Jernej Škrabec -
Pali Rohár -
Rudi Heitbaum -
Tom Rini