[gnome-continuous-yocto/gnomeostree-3.28-rocko: 6373/8267] ovmf: fix secureboot PACKAGECONFIG + OpenSSL update

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 6373/8267] ovmf: fix secureboot PACKAGECONFIG + OpenSSL update
Date: Sun, 17 Dec 2017 04:45:13 +0000 (UTC)

commit 9ea5a31776440abd6468f003c5e1905f079446d3
Author: Patrick Ohly <patrick ohly intel com>
Date:   Fri Jun 16 11:53:48 2017 +0200

    ovmf: fix secureboot PACKAGECONFIG + OpenSSL update
    
    The recent ovmf update broke secureboot because upstream changed the
    way how openssl gets compiled into ovmf. It's now integrated directly
    into the ovmf build process, without having to patch it first.
    
    In addition, more recent OpenSSL releases are supported. 1.1.0e was
    explicitly mentioned in the ovmf commits and because the current
    1.1.0f only has minor build enhancements, 1.1.0e is used here.
    
    (From OE-Core rev: 1d9a88f635549e68562de681e297b9270ad02d4e)
    
    Signed-off-by: Patrick Ohly <patrick ohly intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/recipes-core/ovmf/ovmf_git.bb |   13 ++++++-------
 1 files changed, 6 insertions(+), 7 deletions(-)
---
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 5d7216e..28f0cde 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -18,14 +18,16 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
        file://no-stack-protector-all-archs.patch \
         "
 
+OPENSSL_RELEASE = "openssl-1.1.0e"
+
 SRC_URI_append_class-target = " \
-       ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 
'http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', 
'', d)} \
+       ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 
'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib',
 '', d)} \
        file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \
 "
 
 SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3"
-SRC_URI[openssl.md5sum] = "96322138f0b69e61b7212bc53d5e912b"
-SRC_URI[openssl.sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
+SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6"
+SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c"
 
 inherit deploy
 
@@ -187,10 +189,7 @@ do_compile_class-target() {
         # building with Secure Boot enabled.
         bbnote "Building with Secure Boot."
         rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
-        if ! [ -f ${S}/CryptoPkg/Library/OpensslLib/openssl-*/edk2-patch-applied ]; then
-            ( cd ${S}/CryptoPkg/Library/OpensslLib/openssl-* && patch -p1 <$(echo ../EDKII_openssl-*.patch) 
&& touch edk2-patch-applied )
-        fi
-        ( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh )
+        ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl
         ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} 
${OVMF_SECURE_BOOT_FLAGS}
         ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd
         ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]