On 29.07.2021 02:43, Tom Rini wrote: > > Yes, true. And that's two 1-line if/else. That's a reasonable to me > level of effort to keep supporting older hosts. Your patch is adding in > 60 lines. I really do want to dig a bit more here.
For me, it doesn't matter how many lines of code were added if I can't build host tools with older OpenSSL versions. So what's the point of keeping OpenSSL backward compatibility? > And honestly, part of my concerns also go around "who is going to > maintain / test this area?". We don't have these older versions in CI > (or we would have seen the problem before merging). Are you > volunteering to support the relevant code areas here but on older > openssl/libressl ? We already have a nightly Jenkins CI job that tracks u-boot master and sends internal reports. The best way would be to testing in the upstream azure pipeline. You could add the following steps in your trini/u-boot-gitlab-ci-runner docker image: wget -O - https://www.openssl.org/source/old/1.0.2/openssl-1.0.2k.tar.gz | tar -C /opt -xz && \ cd /opt/openssl-1.0.2k/ && ./config shared && \ make && \ make install In azure pipeline add new job for testing with old OpenSSL: make tools-only_config tools-only NO_SDL=1 \ HOSTLDFLAGS="-ldl -L/usr/local/ssl/lib" \ HOSTCFLAGS="-I/usr/local/ssl/include" --- Artem
