* [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL @ 2023-04-05 1:37 Yao, Jiewen 2023-04-05 11:39 ` [edk2-devel] " Gerd Hoffmann 0 siblings, 1 reply; 7+ messages in thread From: Yao, Jiewen @ 2023-04-05 1:37 UTC (permalink / raw) To: devel@edk2.groups.io [-- Attachment #1: Type: text/plain, Size: 922 bytes --] Hi This is follow up for the "Openssl1.1 replacement proposal" https://edk2.groups.io/g/devel/topic/96741156. openssl 3.0 POC result is shown at https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md The size increase is reduced to ~10%. In order to achieve maximum size optimization for openssl 3.0, we updated openssl 3.0 branch and recorded to https://github.com/liyi77/openssl/tree/openssl-3.0-POC. To help the community review and feedback the openssl 3.0 change and plan to openssl upstream in the future, we should avoid personal branch usage. The proposal is to: 1. Create *an edk2 fork of openssl* under https://github.com/tianocore 2. Create *an edk2 branch* to hold all update for support https://github.com/tianocore/edk2-staging/tree/OpenSSL11_EOL 3. Add git submodule of the edk2 fork of openssl to the OpenSSL11_EOL. Thank you Yao, Jiewen [-- Attachment #2: Type: text/html, Size: 5545 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL 2023-04-05 1:37 [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL Yao, Jiewen @ 2023-04-05 11:39 ` Gerd Hoffmann 2023-04-05 18:31 ` Leif Lindholm 0 siblings, 1 reply; 7+ messages in thread From: Gerd Hoffmann @ 2023-04-05 11:39 UTC (permalink / raw) To: devel, jiewen.yao On Wed, Apr 05, 2023 at 01:37:23AM +0000, Yao, Jiewen wrote: > Hi > This is follow up for the "Openssl1.1 replacement proposal" https://edk2.groups.io/g/devel/topic/96741156. > openssl 3.0 POC result is shown at https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > The size increase is reduced to ~10%. > > In order to achieve maximum size optimization for openssl 3.0, we updated openssl 3.0 branch and recorded to https://github.com/liyi77/openssl/tree/openssl-3.0-POC. > To help the community review and feedback the openssl 3.0 change and plan to openssl upstream in the future, we should avoid personal branch usage. I fail to see the point. To get the openssl changes merged upstream you needed engage with the openssl community, and I don't see how a tianocore openssl repository helps with that. Now that the changes needed have been identified I'd strongly suggest to focus on getting the changes merged to upstream openssl instead of storing them in a tianocore fork. take care, Gerd ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL 2023-04-05 11:39 ` [edk2-devel] " Gerd Hoffmann @ 2023-04-05 18:31 ` Leif Lindholm 2023-04-06 3:00 ` Yao, Jiewen 0 siblings, 1 reply; 7+ messages in thread From: Leif Lindholm @ 2023-04-05 18:31 UTC (permalink / raw) To: devel, kraxel; +Cc: jiewen.yao On Wed, Apr 05, 2023 at 13:39:21 +0200, Gerd Hoffmann wrote: > On Wed, Apr 05, 2023 at 01:37:23AM +0000, Yao, Jiewen wrote: > > Hi > > This is follow up for the "Openssl1.1 replacement proposal" https://edk2.groups.io/g/devel/topic/96741156. > > openssl 3.0 POC result is shown at https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > > The size increase is reduced to ~10%. > > > > In order to achieve maximum size optimization for openssl 3.0, we > > updated openssl 3.0 branch and recorded to > > https://github.com/liyi77/openssl/tree/openssl-3.0-POC. > > To help the community review and feedback the openssl 3.0 change > > and plan to openssl upstream in the future, we should avoid > > personal branch usage. > > I fail to see the point. To get the openssl changes merged upstream > you needed engage with the openssl community, and I don't see how a > tianocore openssl repository helps with that. Here is my understanding: - There is a concern that this change may break existing use-cases, and the proposal is to collate current state of work - undergoing upstreaming to openssl - so that the tianocore community (and downstream consumers) can start testing it with minimal amount of faff. - There is *no* plan for the edk2 repository to switch to using this submodule. If that understanding is correct, as long as the README.md is updated to clearly state that this repository is for integration and verification purposes only - at the very top - I think this is a good thing. / Leif ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL 2023-04-05 18:31 ` Leif Lindholm @ 2023-04-06 3:00 ` Yao, Jiewen 2023-04-06 11:48 ` Gerd Hoffmann 2023-04-08 2:30 ` Michael D Kinney 0 siblings, 2 replies; 7+ messages in thread From: Yao, Jiewen @ 2023-04-06 3:00 UTC (permalink / raw) To: Leif Lindholm, devel@edk2.groups.io, kraxel@redhat.com; +Cc: Yao, Jiewen Thanks Leif. Your understanding is right. The openssl fork will be used by edk2-staging repo only. The openssl fork will NOT be by edk2 repo. Creating project specific fork is not unique. For example, we already have other fork in tianocore - https://github.com/tianocore/rust For example, we already have fork for openssl - https://github.com/open-quantum-safe/openssl The idea here is similar. Thank you Yao, Jiewen > -----Original Message----- > From: Leif Lindholm <quic_llindhol@quicinc.com> > Sent: Thursday, April 6, 2023 2:32 AM > To: devel@edk2.groups.io; kraxel@redhat.com > Cc: Yao, Jiewen <jiewen.yao@intel.com> > Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to > Tianocore to support OpenSSL11_EOL > > On Wed, Apr 05, 2023 at 13:39:21 +0200, Gerd Hoffmann wrote: > > On Wed, Apr 05, 2023 at 01:37:23AM +0000, Yao, Jiewen wrote: > > > Hi > > > This is follow up for the "Openssl1.1 replacement proposal" > https://edk2.groups.io/g/devel/topic/96741156. > > > openssl 3.0 POC result is shown at https://github.com/tianocore/edk2- > staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > > > The size increase is reduced to ~10%. > > > > > > In order to achieve maximum size optimization for openssl 3.0, we > > > updated openssl 3.0 branch and recorded to > > > https://github.com/liyi77/openssl/tree/openssl-3.0-POC. > > > To help the community review and feedback the openssl 3.0 change > > > and plan to openssl upstream in the future, we should avoid > > > personal branch usage. > > > > I fail to see the point. To get the openssl changes merged upstream > > you needed engage with the openssl community, and I don't see how a > > tianocore openssl repository helps with that. > > Here is my understanding: > - There is a concern that this change may break existing use-cases, > and the proposal is to collate current state of work - undergoing > upstreaming to openssl - so that the tianocore community (and > downstream consumers) can start testing it with minimal amount of > faff. > - There is *no* plan for the edk2 repository to switch to using this > submodule. > > If that understanding is correct, as long as the README.md is updated > to clearly state that this repository is for integration and > verification purposes only - at the very top - I think this is a good > thing. > > / > Leif ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL 2023-04-06 3:00 ` Yao, Jiewen @ 2023-04-06 11:48 ` Gerd Hoffmann 2023-04-08 2:30 ` Michael D Kinney 1 sibling, 0 replies; 7+ messages in thread From: Gerd Hoffmann @ 2023-04-06 11:48 UTC (permalink / raw) To: Yao, Jiewen; +Cc: Leif Lindholm, devel@edk2.groups.io On Thu, Apr 06, 2023 at 03:00:38AM +0000, Yao, Jiewen wrote: > Thanks Leif. Your understanding is right. > The openssl fork will be used by edk2-staging repo only. > The openssl fork will NOT be by edk2 repo. Ok, fine with me then. take care, Gerd ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL 2023-04-06 3:00 ` Yao, Jiewen 2023-04-06 11:48 ` Gerd Hoffmann @ 2023-04-08 2:30 ` Michael D Kinney 2023-04-08 3:00 ` Yao, Jiewen 1 sibling, 1 reply; 7+ messages in thread From: Michael D Kinney @ 2023-04-08 2:30 UTC (permalink / raw) To: devel@edk2.groups.io, Yao, Jiewen, Leif Lindholm, kraxel@redhat.com Cc: Kinney, Michael D Fork created https://github.com/tianocore/openssl I have given EDK II Maintainers write access. Let me know if there is any additional configuration required. Thanks, Mike > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen > Sent: Wednesday, April 5, 2023 8:01 PM > To: Leif Lindholm <quic_llindhol@quicinc.com>; devel@edk2.groups.io; kraxel@redhat.com > Cc: Yao, Jiewen <jiewen.yao@intel.com> > Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL > > Thanks Leif. Your understanding is right. > The openssl fork will be used by edk2-staging repo only. > The openssl fork will NOT be by edk2 repo. > > > Creating project specific fork is not unique. > For example, we already have other fork in tianocore - https://github.com/tianocore/rust > For example, we already have fork for openssl - https://github.com/open-quantum-safe/openssl > > The idea here is similar. > > Thank you > Yao, Jiewen > > > > -----Original Message----- > > From: Leif Lindholm <quic_llindhol@quicinc.com> > > Sent: Thursday, April 6, 2023 2:32 AM > > To: devel@edk2.groups.io; kraxel@redhat.com > > Cc: Yao, Jiewen <jiewen.yao@intel.com> > > Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to > > Tianocore to support OpenSSL11_EOL > > > > On Wed, Apr 05, 2023 at 13:39:21 +0200, Gerd Hoffmann wrote: > > > On Wed, Apr 05, 2023 at 01:37:23AM +0000, Yao, Jiewen wrote: > > > > Hi > > > > This is follow up for the "Openssl1.1 replacement proposal" > > https://edk2.groups.io/g/devel/topic/96741156. > > > > openssl 3.0 POC result is shown at https://github.com/tianocore/edk2- > > staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > > > > The size increase is reduced to ~10%. > > > > > > > > In order to achieve maximum size optimization for openssl 3.0, we > > > > updated openssl 3.0 branch and recorded to > > > > https://github.com/liyi77/openssl/tree/openssl-3.0-POC. > > > > To help the community review and feedback the openssl 3.0 change > > > > and plan to openssl upstream in the future, we should avoid > > > > personal branch usage. > > > > > > I fail to see the point. To get the openssl changes merged upstream > > > you needed engage with the openssl community, and I don't see how a > > > tianocore openssl repository helps with that. > > > > Here is my understanding: > > - There is a concern that this change may break existing use-cases, > > and the proposal is to collate current state of work - undergoing > > upstreaming to openssl - so that the tianocore community (and > > downstream consumers) can start testing it with minimal amount of > > faff. > > - There is *no* plan for the edk2 repository to switch to using this > > submodule. > > > > If that understanding is correct, as long as the README.md is updated > > to clearly state that this repository is for integration and > > verification purposes only - at the very top - I think this is a good > > thing. > > > > / > > Leif > > > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL 2023-04-08 2:30 ` Michael D Kinney @ 2023-04-08 3:00 ` Yao, Jiewen 0 siblings, 0 replies; 7+ messages in thread From: Yao, Jiewen @ 2023-04-08 3:00 UTC (permalink / raw) To: Kinney, Michael D, devel@edk2.groups.io, Leif Lindholm, kraxel@redhat.com, Li, Yi1 Thank you Mike. Appreciate that. Hi Yi I have created branch https://github.com/tianocore/openssl/tree/edk2-staging-openssl-3.0.8, from original openssl-3.0.8 tag. It matches what we have according to https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md. (I add "edk2-staging-" as prefix to indicate that this branch is for edk2-staging. Just avoid confusing.) I recommend doing followings: 1) Please submit all openssl 3.0 patches from https://github.com/liyi77/openssl/tree/openssl-3.0-POC to https://github.com/tianocore/openssl/tree/edk2-staging-openssl-3.0.8. As such, other people can review, comment or contribute the openssl work for edk2-staging in tianocore. 2) Once above is merged, please update https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL to submodule the https://github.com/tianocore/openssl. 3) In the future, if we need upgrade to a new openssl tag, please let me know. I will create new branch, such as edk2-staging-openssl-3.0.9, or edk2-staging-openssl-3.1.0, etc. for our work. Thank you Yao, Jiewen > -----Original Message----- > From: Kinney, Michael D <michael.d.kinney@intel.com> > Sent: Saturday, April 8, 2023 10:30 AM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Leif > Lindholm <quic_llindhol@quicinc.com>; kraxel@redhat.com > Cc: Kinney, Michael D <michael.d.kinney@intel.com> > Subject: RE: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to > Tianocore to support OpenSSL11_EOL > > Fork created > > https://github.com/tianocore/openssl > > I have given EDK II Maintainers write access. > > Let me know if there is any additional configuration required. > > Thanks, > > Mike > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, > Jiewen > > Sent: Wednesday, April 5, 2023 8:01 PM > > To: Leif Lindholm <quic_llindhol@quicinc.com>; devel@edk2.groups.io; > kraxel@redhat.com > > Cc: Yao, Jiewen <jiewen.yao@intel.com> > > Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo > to Tianocore to support OpenSSL11_EOL > > > > Thanks Leif. Your understanding is right. > > The openssl fork will be used by edk2-staging repo only. > > The openssl fork will NOT be by edk2 repo. > > > > > > Creating project specific fork is not unique. > > For example, we already have other fork in tianocore - > https://github.com/tianocore/rust > > For example, we already have fork for openssl - https://github.com/open- > quantum-safe/openssl > > > > The idea here is similar. > > > > Thank you > > Yao, Jiewen > > > > > > > -----Original Message----- > > > From: Leif Lindholm <quic_llindhol@quicinc.com> > > > Sent: Thursday, April 6, 2023 2:32 AM > > > To: devel@edk2.groups.io; kraxel@redhat.com > > > Cc: Yao, Jiewen <jiewen.yao@intel.com> > > > Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo > to > > > Tianocore to support OpenSSL11_EOL > > > > > > On Wed, Apr 05, 2023 at 13:39:21 +0200, Gerd Hoffmann wrote: > > > > On Wed, Apr 05, 2023 at 01:37:23AM +0000, Yao, Jiewen wrote: > > > > > Hi > > > > > This is follow up for the "Openssl1.1 replacement proposal" > > > https://edk2.groups.io/g/devel/topic/96741156. > > > > > openssl 3.0 POC result is shown at > https://github.com/tianocore/edk2- > > > staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > > > > > The size increase is reduced to ~10%. > > > > > > > > > > In order to achieve maximum size optimization for openssl 3.0, we > > > > > updated openssl 3.0 branch and recorded to > > > > > https://github.com/liyi77/openssl/tree/openssl-3.0-POC. > > > > > To help the community review and feedback the openssl 3.0 change > > > > > and plan to openssl upstream in the future, we should avoid > > > > > personal branch usage. > > > > > > > > I fail to see the point. To get the openssl changes merged upstream > > > > you needed engage with the openssl community, and I don't see how a > > > > tianocore openssl repository helps with that. > > > > > > Here is my understanding: > > > - There is a concern that this change may break existing use-cases, > > > and the proposal is to collate current state of work - undergoing > > > upstreaming to openssl - so that the tianocore community (and > > > downstream consumers) can start testing it with minimal amount of > > > faff. > > > - There is *no* plan for the edk2 repository to switch to using this > > > submodule. > > > > > > If that understanding is correct, as long as the README.md is updated > > > to clearly state that this repository is for integration and > > > verification purposes only - at the very top - I think this is a good > > > thing. > > > > > > / > > > Leif > > > > > > > > ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-04-08 3:00 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-04-05 1:37 [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL Yao, Jiewen 2023-04-05 11:39 ` [edk2-devel] " Gerd Hoffmann 2023-04-05 18:31 ` Leif Lindholm 2023-04-06 3:00 ` Yao, Jiewen 2023-04-06 11:48 ` Gerd Hoffmann 2023-04-08 2:30 ` Michael D Kinney 2023-04-08 3:00 ` Yao, Jiewen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox