1568061 – edk2-ovmf: decouple openssl from the build source

Bug 1568061 - edk2-ovmf: decouple openssl from the build source

Summary: edk2-ovmf: decouple openssl from the build source

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	edk2
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Paolo Bonzini
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-16 17:00 UTC by Ademar Reis
Modified:	2018-08-01 09:50 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1568060
Environment:
Last Closed:	2018-07-31 18:37:48 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ademar Reis 2018-04-16 17:00:42 UTC

In our current packages of OVMF, we've been embedding a specific version of OpenSSL which is used during the building process, just like upstream edk2 does.

We should implement a cleaner solution, using a version which is supported by the distribution and the security team.

Comment 2 Cole Robinson 2018-07-31 18:37:48 UTC

From the internal discussion it sounds like we are roughly keeping the current packaging state, but with a goal of improved tooling to simplify pulling in new openssl versions from fedora dist-git. That's just an optimization though and not something that needs to be explicitly tracked, so I think we can close this. Please reopen if I misunderstood

Comment 3 Paolo Bonzini 2018-08-01 09:50:37 UTC

Yeah, the specific version is now taken from Fedora and edk2 updates in Fedora are gated on the OpenSSL package having the desired version.  We're also applying Fedora patches.

Note You need to log in before you can comment on or make changes to this bug.