Bug 1568061 - edk2-ovmf: decouple openssl from the build source
Summary: edk2-ovmf: decouple openssl from the build source
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Fedora
Classification: Fedora
Component: edk2
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paolo Bonzini
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-16 17:00 UTC by Ademar Reis
Modified: 2018-08-01 09:50 UTC (History)
6 users (show)

Fixed In Version:
Clone Of: 1568060
Environment:
Last Closed: 2018-07-31 18:37:48 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Ademar Reis 2018-04-16 17:00:42 UTC
In our current packages of OVMF, we've been embedding a specific version of OpenSSL which is used during the building process, just like upstream edk2 does.

We should implement a cleaner solution, using a version which is supported by the distribution and the security team.

Comment 2 Cole Robinson 2018-07-31 18:37:48 UTC
From the internal discussion it sounds like we are roughly keeping the current packaging state, but with a goal of improved tooling to simplify pulling in new openssl versions from fedora dist-git. That's just an optimization though and not something that needs to be explicitly tracked, so I think we can close this. Please reopen if I misunderstood

Comment 3 Paolo Bonzini 2018-08-01 09:50:37 UTC
Yeah, the specific version is now taken from Fedora and edk2 updates in Fedora are gated on the OpenSSL package having the desired version.  We're also applying Fedora patches.


Note You need to log in before you can comment on or make changes to this bug.