From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01A59C433F5 for ; Fri, 15 Oct 2021 14:35:55 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D25ED6127B for ; Fri, 15 Oct 2021 14:35:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D25ED6127B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id ACA3D8362B; Fri, 15 Oct 2021 16:35:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="on/ZeOJZ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AC40D83656; Fri, 15 Oct 2021 16:35:49 +0200 (CEST) Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4723782F03 for ; Fri, 15 Oct 2021 16:35:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-oi1-x22e.google.com with SMTP id o4so13322571oia.10 for ; Fri, 15 Oct 2021 07:35:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Xyb5UR6yKmoaxR87zsBKyH+z1VfbUsAZpZWRe5eYMw4=; b=on/ZeOJZsqnAqbeuJcgRzOQvMtrLhLYg86DHCCBxnVp2L1ayXt/Z/R+ZJbm4QxAOjZ qDuG+M+ifjiff9VrZwQwYmc1doDhKA94i+YM6Viy5fIfAnFIPPYgcg/mNzae4rwnCIay w0nS83DCKVMuy2Hq/G1pTlENlny1eiHAxoXx8k3XfNoRHtr8XpUdIaGKB9D8pCdZgRta V3p0U2toLeuvr8h2IFkIRjuQgR5wb0sMI+I69hd/XtHrebgyFXdYzmFF2g42tMcMvEWG JNv+UFgEAQ5QtOWZBLp2l9vp6n7jaOEFBSP3RqoG6DoY4XPKZx7OqukyhMc+SuRI9fyL 6iPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Xyb5UR6yKmoaxR87zsBKyH+z1VfbUsAZpZWRe5eYMw4=; b=7gES1qipz74llY5nWRgT1I+ZikKCn5jaCR/CgJvB9VqCHfVJqR99ECagtHfzDEYsot iMEldU19EQInQ2dBnpyz7xA2SP9XPlADOb0GILPmpmyW2d2qrCPJXUywNXtuNMIXmC+6 6p0tjBsMzk1ENl8q3ihYL9ND7mKg4GuK930apOsfz5BVYPk/NwTJTeD5mUH01S44Mbx4 cj23JXV9Bh3utS9uFzwdpG6VDW9e0WLwHKrG8ZyprzaaDPHc/j3NGQx80xLuuwM9K+s/ ISiPCyL2B+ae1R0L0WbSidHkMvjapkCkHJ4DP7Lcq0BiLfHwT/zfdbR/iBDSA3rU/3TY ls+g== X-Gm-Message-State: AOAM5304e97YsVUmqPU2MOwPc+6TreFXm+67GjazISfnY8j6EHEUwuUF bziruhNJqpvfyeM26sIgE33CZI4uMfY= X-Google-Smtp-Source: ABdhPJy2uyt1Xrnd3maoZnDSJo55FTyEhBw3NBVBk1z61m+ILJgHvNWom8zp/dLANkvIz+HAF64vug== X-Received: by 2002:aca:e141:: with SMTP id y62mr18310642oig.124.1634308544555; Fri, 15 Oct 2021 07:35:44 -0700 (PDT) Received: from nuclearis3.gtech (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id g12sm1036242oof.6.2021.10.15.07.35.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Oct 2021 07:35:44 -0700 (PDT) Subject: Re: Broken build with disabling OpenSSL crypto To: =?UTF-8?Q?Pali_Roh=c3=a1r?= Cc: =?UTF-8?Q?Jernej_=c5=a0krabec?= , u-boot@lists.denx.de References: <18564205.Z0HQFNUZ9R@kista> <544c0c86-ca3f-036e-2523-3f973105410a@gmail.com> <20211015113411.t2jltrmjggw7arb2@pali> From: "Alex G." Message-ID: <04979a7d-3f1b-9493-ba8c-39a0d893e5b4@gmail.com> Date: Fri, 15 Oct 2021 09:35:43 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <20211015113411.t2jltrmjggw7arb2@pali> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 10/15/21 6:34 AM, Pali Rohár wrote: > On Wednesday 06 October 2021 17:05:24 Alex G. wrote: >> Hi Jernej, >> >> On 10/6/21 4:27 PM, Jernej Škrabec wrote: >>> Hi everyone! >>> >>> Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable >>> OpenSSL") recently introduced option to disable usage of OpenSSL via >>> CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9 >>> ("tools: kwbimage: Do not hide usage of secure header under >>> CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally >>> defeats the purpose of first commit. I suggest that it gets reverted. >>> >>> I would like disable OpenSSL for my usage, since it gives me troubles when >>> cross-compiling U-Boot inside LibreELEC build system. It's not needed for our >>> case anyway. >>> >>> Best regards, >>> >> >> Can you please give the following diff a try, and if it works for you, submit as patch? > > This change is incorrect and will break mvebu builds. mvebu requires > kwbimage for building boot images and so you cannot disable it or make > it optional. > If kwbimage is required and missing the CI builds and tests don't catch that. I ran buildman with the change, and nothing broke. Sounds like that needs to be addressed. That being said, I'm not okay with making everyone a slave to OpenSSL because of any given platform. I propose to revert commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X"), and rework it such that it doesn't force libcrypto on everyone. And we very likely need a CI test against libcrypto linkage when TOOLS_LIBCRYPTO is not set. Alex >> >> diff --git a/tools/Makefile b/tools/Makefile >> index 4a86321f64..7f72ff9645 100644 >> --- a/tools/Makefile >> +++ b/tools/Makefile >> @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \ >> >> # Cryptographic helpers that depend on openssl/libcrypto >> LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \ >> - fdt-libcrypto.o) >> + fdt-libcrypto.o) \ >> + kwbimage.o >> >> ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o >> >> @@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \ >> imximage.o \ >> imx8image.o \ >> imx8mimage.o \ >> - kwbimage.o \ >> lib/md5.o \ >> lpc32xximage.o \ >> mxsimage.o \ >> @@ -169,8 +169,8 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff >> HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER >> endif >> >> -# MXSImage needs LibSSL >> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) >> +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top >> +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),) >> HOSTCFLAGS_kwbimage.o += \ >> $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") >> HOSTLDLIBS_mkimage += \