Bug 1568061 - edk2-ovmf: decouple openssl from the build source
Summary: edk2-ovmf: decouple openssl from the build source
Alias: None
Product: Fedora
Classification: Fedora
Component: edk2
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Paolo Bonzini
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-16 17:00 UTC by Ademar Reis
Modified: 2018-08-01 09:50 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1568060
Last Closed: 2018-07-31 18:37:48 UTC
Type: Bug

Attachments (Terms of Use)

Description Ademar Reis 2018-04-16 17:00:42 UTC
In our current packages of OVMF, we've been embedding a specific version of OpenSSL which is used during the building process, just like upstream edk2 does.

We should implement a cleaner solution, using a version which is supported by the distribution and the security team.

Comment 2 Cole Robinson 2018-07-31 18:37:48 UTC
From the internal discussion it sounds like we are roughly keeping the current packaging state, but with a goal of improved tooling to simplify pulling in new openssl versions from fedora dist-git. That's just an optimization though and not something that needs to be explicitly tracked, so I think we can close this. Please reopen if I misunderstood

Comment 3 Paolo Bonzini 2018-08-01 09:50:37 UTC
Yeah, the specific version is now taken from Fedora and edk2 updates in Fedora are gated on the OpenSSL package having the desired version.  We're also applying Fedora patches.

Note You need to log in before you can comment on or make changes to this bug.