On Fri, Feb 27, 2026 at 10:36:53AM -0700, Eddie Kovsky wrote: > On 02/19/26, Tom Rini wrote: > > On Thu, Feb 19, 2026 at 09:51:05AM -0700, Eddie Kovsky wrote: > > > > > On 01/29/26, Mattijs Korpershoek wrote: > > > > Hi Eddie, > > > > > > > > Thank you for the patch. > > > > > > > > > > Hi Mattijs > > > > > > Thanks for the review. > > > > > > > On Tue, Jan 20, 2026 at 09:45, Eddie Kovsky <[email protected]> wrote: > > > > > > > > > The Engine API has been deprecated since the release of OpenSSL 3.0. > > > > > End > > > > > users have been advised to migrate to the new Provider interface. > > > > > Several distributions have already removed support for engines, which > > > > > is > > > > > preventing U-Boot from being compiled in those environments. > > > > > > > > > > Add support for the Provider API while continuing to support the > > > > > existing > > > > > Engine API on distros shipping older releases of OpenSSL. > > > > > > > > > > This is based on similar work contributed by Jan Stancek updating > > > > > Linux > > > > > to use the Provider interface. > > > > > > > > > > commit 558bdc45dfb2669e1741384a0c80be9c82fa052c > > > > > Author: Jan Stancek <[email protected]> > > > > > Date: Fri Sep 20 19:52:48 2024 +0300 > > > > > > > > > > sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR > > > > > >= 3 > > > > > > > > > > The changes have been tested with the FIT signature verification vboot > > > > > tests on Fedora 42 and Debian 13. All 30 tests pass with both the > > > > > legacy > > > > > Engine library installed and with the Provider API. > > > > > > > > > > Signed-off-by: Eddie Kovsky <[email protected]> > > [snip] > > > Sure, I can update the comment for v4. > > Hi Tom > > > > > Since we're talking about v4, can you please make sure that for v4 it: > > - Passes CI https://docs.u-boot.org/en/latest/develop/ci_testing.html as > > that will cover some non-Linux host builds. > > I don't have resources available to set up a Gitlab runner. Based on the > documentation you provided it seems like this wouldn't be effective for > me as a non-custodian.
Yes, correct, today using Azure is the easy option. > I did use GitHub to trigger an Azure pipeline. There was one failure and > several errors in the binman Command Line test. > > https://github.com/u-boot/u-boot/pull/875/checks?check_run_id=65015204887 And the full log is: https://dev.azure.com/u-boot/u-boot/_build/results?buildId=12893&view=logs&j=c59aff74-743b-5f08-f408-4a608a489153&t=f2ea3536-b291-5a39-ad92-0220c9b8101a and so yes, it's from your changes. > These are PKCS11 errors, so of course I thought my patch was to blame. > But I'm seeing the same errors on Debian 13 running 'binman test' > manually on the master branch. Some of the tests are indeed more frustrating than others to run either outside of CI, or outside of the containers, or both. I would recommend looking at the portion of .azure-pipelines.yml for that job for the steps to replicate, and if it doesn't work inside of your host (and https://docs.u-boot.org/en/latest/build/gcc.html is still missing things) it's easiest to just pull and run the CI container. > > - See if you can get access to a FreeBSD or OpenBSD host and make sure > > the tools build still works there too? I was hoping Mark would have > > commented / tested-by v3 because I do want to make sure the libressl > > case still builds. At worst case, I have a freebie Oracle VM that's > > FreeBSD based, so you can maybe spin one of those up as well? > > > > I spent some time again setting up OpenBSD and FreeBSD virtual machines, but > I was > unable to reproduce the build environment for U-Boot. But thanks to > Enric and Mark's work it looks like we have the LibreSSL use case > covered now. Yes, thanks. -- Tom
signature.asc
Description: PGP signature
