All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eddie Kovsky <ekovsky@redhat.com>
To: Tom Rini <trini@konsulko.com>
Cc: Eddie Kovsky <ekovsky@redhat.com>,
	Mattijs Korpershoek <mkorpershoek@kernel.org>,
	Tobias Olausson <tobias@eub.se>,
	Paul HENRYS <paul.henrys_ext@softathome.com>,
	Simon Glass <sjg@chromium.org>, Jan Stancek <jstancek@redhat.com>,
	Enric Balletbo i Serra <eballetb@redhat.com>,
	a.fatoum@pengutronix.de, mark.kettenis@xs4all.nl,
	u-boot@lists.denx.de
Subject: Re: [PATCH v3] Add support for OpenSSL Provider API
Date: Fri, 10 Apr 2026 19:02:57 -0600	[thread overview]
Message-ID: <admdwS1tuX_ZdPFF@daedalus> (raw)
In-Reply-To: <20260402162704.GG41863@bill-the-cat>

--->8
> > I finally got to the bottom of this. Debian/Ubuntu ship OpenSSL backends
> > separately. The CI environment is missing the 'pkcs11-provider'
> > package, which is causing the binman tests to fail.
> > 
> >     $ apt show pkcs11-provider
> >     Package: pkcs11-provider
> >     Version: 1.0-3
> >     Priority: optional
> >     Section: libs
> >     Maintainer: Luca Boccassi <bluca@debian.org>
> >     Installed-Size: 410 kB
> >     Depends: libc6 (>= 2.34), libssl3t64 (>= 3.0.7~)
> >     Homepage: https://github.com/latchset/pkcs11-provider
> >     Download-Size: 125 kB
> >     APT-Manual-Installed: yes
> >     APT-Sources: http://ftp.debian.org/debian stable/main amd64 Packages
> >     Description: OpenSSL 3 provider for PKCS11
> >     With this provider for OpenSSL you can use the OpenSSL library
> >     (version 3) and command line tools with any PKCS11 implementation as
> >     backend for the crypto operations.
> > 
> > With this package installed the SSL errors logged on Azure are no longer reproducible.
> > 
> > The results from the first pipeline expired while I was investigating
> > this. I reran the CI job so you can see the error messages.
> > 
> >     https://dev.azure.com/u-boot/u-boot/_build/results?buildId=13035&view=logs&j=c59aff74-743b-5f08-f408-4a608a489153&t=f2ea3536-b291-5a39-ad92-0220c9b8101a
> > 
> > I have looked into the .azure-pipelines.yml file, but it's not clear to
> > me how to configure the CI to install extra packages.
> 
> Ah, OK. So the package needs to be added to tools/docker/Dockerfile (and
> doc/build/gcc.rst). For testing changes out, you can then modify
> .azure-pipelines.yml to point at your image, rather than the default
> image. Or hack in a "sudo apt-get update && sudo apt-get install ..." to
> the job.
> 
> -- 
> Tom

Hi Tom

Updating the dockerfile and documentation was easy enough, but I was
still seeing the Azure pipeline fail with the same errors. It seems to
be ignoring the updated dockerfile.

After digging through the pipeline logs I noticed that Azure is using
the Windows Subsystem for Linux with Arch Linux to set up the test
environment. The package name 'pkcs11-provider' is even the same on
Arch, so I added that to .azure-pipelines.yml.

    https://archlinux.org/packages/extra/x86_64/pkcs11-provider/

And the Azure pipeline now fails because it reports the package doesn't
exist.

    https://dev.azure.com/u-boot/u-boot/_build/results?buildId=13066&view=logs&j=8222cf02-b5ce-5040-5def-6173bf341f71&t=5f6e674b-07e4-5ce5-77ac-ecaae7331dd8

I am not an expert in these CI systems, so I'm not sure what else can be
done to change the test environment.

Eddie


  reply	other threads:[~2026-04-11  7:12 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-20 16:45 [PATCH v3] Add support for OpenSSL Provider API Eddie Kovsky
2026-01-29 20:08 ` Mattijs Korpershoek
2026-02-19 16:51   ` Eddie Kovsky
2026-02-19 17:28     ` Tom Rini
2026-02-24 12:08       ` Enric Balletbo i Serra
2026-02-24 15:48         ` Tom Rini
2026-02-24 22:23         ` Mark Kettenis
2026-02-27 17:36       ` Eddie Kovsky
2026-02-27 17:47         ` Tom Rini
2026-04-01 22:05           ` Eddie Kovsky
2026-04-02 16:27             ` Tom Rini
2026-04-11  1:02               ` Eddie Kovsky [this message]
2026-04-13 18:12                 ` Tom Rini
2026-04-27 20:43                   ` Eddie Kovsky
2026-02-25 16:16     ` Mattijs Korpershoek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=admdwS1tuX_ZdPFF@daedalus \
    --to=ekovsky@redhat.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=eballetb@redhat.com \
    --cc=jstancek@redhat.com \
    --cc=mark.kettenis@xs4all.nl \
    --cc=mkorpershoek@kernel.org \
    --cc=paul.henrys_ext@softathome.com \
    --cc=sjg@chromium.org \
    --cc=tobias@eub.se \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.