From: Andre Przywara <andre.przywara@arm.com>
To: Vagrant Cascadian <vagrant@debian.org>
Cc: "Tom Rini" <trini@konsulko.com>,
"Marek Behún" <marek.behun@nic.cz>,
"Peter Robinson" <pbrobinson@gmail.com>,
"Matthias Brugger" <mbrugger@suse.com>,
"Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>,
"Samuel Holland" <samuel@sholland.org>,
"Pali Rohár" <pali@kernel.org>,
u-boot@lists.denx.de, "Jagan Teki" <jagan@amarulasolutions.com>,
"Alex G ." <mr.nuke.me@gmail.com>,
"Artem Lapkin" <email2tema@gmail.com>,
"Priyanka Jain" <priyanka.jain@nxp.com>,
"Sughosh Ganu" <sughosh.ganu@linaro.org>
Subject: Re: [PATCH v4 1/4] tools: Separate image types which depend on OpenSSL
Date: Fri, 22 Oct 2021 18:20:49 +0100 [thread overview]
Message-ID: <20211022182049.2ff35e08@donnerap.cambridge.arm.com> (raw)
In-Reply-To: <87v91pnh08.fsf@yucca>
On Fri, 22 Oct 2021 09:47:35 -0700
Vagrant Cascadian <vagrant@debian.org> wrote:
Hi,
> On 2021-10-22, Tom Rini wrote:
> > On Fri, Oct 22, 2021 at 04:56:09PM +0100, Andre Przywara wrote:
> >> On Fri, 22 Oct 2021 11:09:27 -0400
> >> Tom Rini <trini@konsulko.com> wrote:
>
> >> > On Fri, Oct 22, 2021 at 04:59:22PM +0200, Marek Behún wrote:
> >> > > On Fri, 22 Oct 2021 12:09:19 +0200
> >> > > Heinrich Schuchardt <heinrich.schuchardt@canonical.com> wrote:
> >> > >
> >> > > > On 10/21/21 15:00, Marek Behún wrote:
> >> > > > > BTW, wouldn't it be enough to simply imply TOOLS_LIBCRYPTO for mvebu
> >> > > > > platform in Kconfig?
> >> > > > >
> >> > > >
> >> > > > We should only use 'imply' for suggested settings and never for hard
> >> > > > requirements. TOOLS_LIBCRYPTO already defaults to 'Y'. So implying it
> >> > > > for mvebu would be redundant.
> >> > > >
> >> > > > In an OS distribution we only want to ship a single version of mkimage.
> >> > > > So it is good to elimate symbol CONFIG_MXS.
> >> > > >
> >> > > > How mkimage is built should not depend on CONFIG_TOOLS_LIBCRYPTO.
> >> > > >
> >> > > > Tom wrote regarding this aspect in
> >> > > > https://lists.denx.de/pipermail/u-boot/2021-September/460251.html:
> >> > > >
> >> > > > "if we're building a generically useful tool, we don't want another
> >> > > > symbol for it."
> >> > >
> >> > > OK, so mkimage and dumpimage should be always generic and always
> >> > > support all platforms, that makes sense, since the tools can be
> >> > > installed as a distribution package.
> >> > >
> >> > > But I still think it should be possible to cripple these tools if the
> >> > > developer wants to disable libcrypto due to embedded environment.
> >>
> >> Well, I don't think this is the real question here, is it?
> >> I think the tools part is clear: distros want to build just mkimage,
> >> supporting as many platforms as possible, and might need to avoid OpenSSL.
> >> This should be covered by TOOLS_LIBCRYPTO=[yn] and "make
> >> tools-only_defconfg && make tools", and Samuel's patch actually fixes the
> >> build (at least somewhat, I still get link errors).
> >
> > The problem is, are distros doing a tools-only build, for tools, or are
> > they doing it per board? Like, hey, ugh, OpenEmbedded uses
> > sandbox_defconfig and cross_tools as the targets. That's not quite what
> > I was hoping to see. So I want to know everyone else is doing, rather
> > than we hope they're doing.
>
> Thanks for bringing this to my attention!
>
> In Debian, the u-boot-tools package is built using tools-only, and for
> each of the board-specific targets, it still ends up building the
> relevent tools, but we throw them away and do not ship them in any
> packages.
>
> With 2021.10, the board-specific builds made it harder to avoid openssl
> with the corresponding tools, and I reluctantly added a dependency on
> openssl... (which is technically permitted in Debian, having declared
> openssl as a system library to avoid the GPL incompatibilities, but
> ... meh.)
But this is purely a *build-time* dependency only, right? The resulting
images do not have any openssl code in them, they were just *created*
(signed) using that code.
I don't think this a legal issue? The problems are about *shipping*
openssl code, which you only do for u-boot-tools - where it now can be
disabled.
> I also have been doing some packaging of u-boot for GNU Guix, where I
> suspect the stance wouldn't be as willing to accept such a compromise...
>
> So... I would *love* an option to be able to build a board-only config
> without any of the tools;
Why is this a problem (see above)? Who is building board builds? It's
either the maintainer when creating the binary package, or a curious user,
right? And they can surely *use* OpenSSL during build time - if it's
needed by the board.
Cheers,
Andre
> do some boards use board-specific tools as
> part of their build processes?
>
>
> live well,
> vagrant
next prev parent reply other threads:[~2021-10-22 17:21 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-20 2:44 [PATCH v4 0/4] sunxi: TOC0 image type support Samuel Holland
2021-10-20 2:44 ` [PATCH v4 1/4] tools: Separate image types which depend on OpenSSL Samuel Holland
2021-10-20 7:29 ` Pali Rohár
2021-10-20 13:29 ` Andre Przywara
2021-10-20 13:47 ` Pali Rohár
2021-10-20 14:14 ` Samuel Holland
2021-10-21 12:33 ` Marek Behún
2021-10-21 13:00 ` Marek Behún
2021-10-21 13:01 ` Pali Rohár
2021-10-22 1:25 ` Samuel Holland
2021-10-22 10:09 ` Heinrich Schuchardt
2021-10-22 14:59 ` Marek Behún
2021-10-22 15:09 ` Tom Rini
2021-10-22 15:56 ` Andre Przywara
2021-10-22 16:22 ` Tom Rini
2021-10-22 16:47 ` Vagrant Cascadian
2021-10-22 17:11 ` Pali Rohár
2021-10-22 17:20 ` Andre Przywara [this message]
2021-10-22 19:46 ` Vagrant Cascadian
2021-10-27 17:11 ` Tom Rini
2021-10-27 20:11 ` Peter Robinson
2021-10-28 15:44 ` Matthias Brugger
2021-10-20 2:44 ` [PATCH v4 2/4] tools: mkimage: Add Allwinner TOC0 support Samuel Holland
2021-10-20 23:49 ` Andre Przywara
2021-10-20 2:44 ` [PATCH v4 3/4] sunxi: Support SPL in both eGON and TOC0 images Samuel Holland
2021-10-20 23:49 ` Andre Przywara
2021-10-20 2:44 ` [PATCH v4 4/4] sunxi: Support building a SPL as a TOC0 image Samuel Holland
2021-10-20 23:50 ` Andre Przywara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211022182049.2ff35e08@donnerap.cambridge.arm.com \
--to=andre.przywara@arm.com \
--cc=email2tema@gmail.com \
--cc=heinrich.schuchardt@canonical.com \
--cc=jagan@amarulasolutions.com \
--cc=marek.behun@nic.cz \
--cc=mbrugger@suse.com \
--cc=mr.nuke.me@gmail.com \
--cc=pali@kernel.org \
--cc=pbrobinson@gmail.com \
--cc=priyanka.jain@nxp.com \
--cc=samuel@sholland.org \
--cc=sughosh.ganu@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=vagrant@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox