On 5/17/21 8:23 PM, AKASHI Takahiro wrote:
On Mon, May 17, 2021 at 05:29:44PM -0500, Alex G. wrote:
On 5/12/21 12:14 PM, Tom Rini wrote:
On Wed, May 12, 2021 at 11:19:52AM -0500, Alex G. wrote:
On 5/12/21 10:52 AM, Simon Glass wrote:
[snip]
We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?
It could be a config option instead of an environment variable. I think it
can be independent of target options, since we don't sign images in the
buildsystem anyway -- we can enable FIT verification, but mkimage without
openssl.
As people point out from time to time, "NO_SDL" is very non-obvious and
doesn't fit with how the rest of U-Boot is configured. So I would
rather not see NO_SSL added.
FYI, I have a proof-of-concept for the NO_SSL idea using Kconfig [1] instead
of environment variahles. It's not yet ready for publication.
[1]
https://github.com/mrnuke/u-boot/commit/c054c546a8de54e41d3802fe60ad9389095e673b
FYI,
I have posted a patch[1] for a similar *signing* tool using OpenSSL.
Basically, I'd like to follow the way agreed here about how OpenSSL
be handled in host tools.
So please keep in mind that there can be another use case of this kind
of host Kconfig option.
[1] https://lists.denx.de/pipermail/u-boot/2021-May/449572.html
I can't ask you to change your patch based on my ideas, as I my changes
have not yet been submitted for review. However, should you want to
anticipate, make sure that there's one and only one variable that
determines if OpenSSL is linked.
I also suspect Tom would be quite thrilled if your patch started using
gnutls instead of openssl. I'm not sure how sane things would look
having both gnutls and openssl dependencies; however, I suspect it might
be acceptable as long as it's temporary.
These decisions haven't been made yet. I don't want to send you on a
wild goose refactoring chase, only to have the rug pulled from under you
later. I think it's okay to continue with your patch as submitted. I'll
update my patch accordingly when yours gets merged first -- looks easy
enough.
Alex
