[edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b

Xiaoyu lu xiaoyux.lu at intel.com
Tue May 14 15:52:14 UTC 2019 

Thank you, Laszlo.

I am very appreciate to you for being so patient with me .

(1) I cleaned the authored name.

(2) CryptoPkg/Library/Include/openssl/opensslconf.h This file is LF file, It copy from openssl, I think it should not be modified.

   Pushed my private repository to https://github.com/xiaoyuxlu/edk2/commits/bz_1089_patch_v4
   I have not finished yet. When I finish it, I will push v4 patches

(3) Thank you for explaining this clearly. I changed it back and added a patch.

(4) Now I know I should take R-b tags into commit message and the meaning to modify 'R-b tags patch'.
   If I modify it, should refer to R-b tags owner's opinion. I apologize for modify your R-b tags patch which makes you feel bad.

(5) Got it. 

I think it is very useful for me. 
[*] https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers
Thank you again.

Xiaoyu.

-----Original Message-----
From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of Laszlo Ersek
Sent: Tuesday, May 14, 2019 7:59 PM
To: Lu, XiaoyuX <xiaoyux.lu at intel.com>
Cc: devel at edk2.groups.io; Gary Lin <glin at suse.com>; Wang, Jian J <jian.j.wang at intel.com>; Ye, Ting <ting.ye at intel.com>
Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b

On 05/13/19 21:24, Laszlo Ersek wrote:
> On 05/13/19 15:25, Xiaoyu lu wrote:
>> (1) CryptoPkg/OpensslLib: Modify process_files.pl for  upgrading
>>   OpenSSL OpenSSL only support seeding NONE for UEFI(rand_unix.c line
>>   93). So add --with-rand-seed=none to process_files.pl.
>>
>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in 
>> process_files.pl
>>   When running process_files.py to configure OpenSSL, we can exclude
>>   some unnecessary files. This can reduce porting time, compiling
>>   time and library size.
>>
>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved  external symbol 
>> issue
>>
>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>   Disable warning for building OpenSSL_1_1_1b
>>
>> (5) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>   Update OpenSSL submodule to OpenSSL_1_1_1b
>>   OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
>>
>>   OpenSSL doesn't implement some rand_pool function for UEFI.
>>   Use EFI_RNG_PROTOCOL to generate random for entropy.
>>   If EFI_RNG_PROTOCOL is not avaliable, fall back to performance
>>   counter, but we not sure about the amount of randomness it
>>   provides.
>>
>> (6) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward  compatible
>>
>>   Note: Will be remove next update.
>>   Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1792
>>   Ref: https://github.com/openssl/openssl/pull/4338
>>
>>
>> Cc: Jian J Wang <jian.j.wang at intel.com>
>> Cc: Ting Ye <ting.ye at intel.com>
>
> I'm withdrawing from reviewing or testing this series.

To be clear, the reason I abandoned reviewing / testing this series is not due to the use of TimerLib as entropy source, in patch #5. I addressed that separately, stating that I wouldn't review patch #5, only regression-test it.

The reason I intend to leave upcoming reviews & testing of this series as a whole to others is that I've found a number of mistakes in relation to the development workflow. And, it's exhausting for me to repeat all the same guidelines, when I had documented them in the wiki [*].

At the same time, I realize that it may be difficult for a new edk2 contributor to adhere to everything described in [*] -- especially given that [*] is not an official edk2 document, just something that I personally distilled from experience.

In other words, my insisting on [*] in many repeated emails is exhausting for both new contributors, and myself as a reviewer. Which is why I thought I'd save us both some busywork, by withdrawing from this series.

If you'd like me to look over this series again, then a v4 will be necessary, just in order to remedy the following workflow-level problems. (Afterwards, a v5 may be necessary for further technical
fixes.)

(1) Some of your patches are authored by "Xiaoyu Lu", some others by
    "Xiaoyu lu" (lower case). This messes up the shortlog in the blurb
    (and other statistics collected from the git log); you are
    represented as two different people.

    Please pick *one* email address (name included), and stick with
    that. Rebase the series, and use

      git commit --amend --author=...

    for fixing up the authorship on the patches that need it.

    Make sure your Signed-off-by follows suit in the commit messages.

(2) The series is hard to apply for local testing, with "git am", due to
    patch #5 modifying both CRLF and LF files. That's not necessarily a
    problem with the patch itself, but the norm has been, for
    non-trivial patch series, to push a topic branch to a personal repo,
    and to reference that repo & branch in the blurb. It permits easy
    fetching and easy commenting both.

    This wasn't done in v2, and I struggled with "git am". It hasn't
    been done in v3 either. Please do it in v4 and further versions.

(3) In my review of the v1 series, I requested that the CC_FLAGS
    changes, for the "OpensslLib.inf" and "OpensslLibCrypto.inf" files,
    be isolated to their own standalone patch. In v2, this was nicely
    addressed in patch #4, and I gave my R-b. In v3 however, you
    squashed a totally unrelated -- but at the series level, necessary
    -- change into the same patch (namely "sys/syscall.h"). While that
    improved the end result of the series for sure, it *negated* the v2
    improvement in the specific patch.

    In my v2 review, this was how I asked for "sys/syscall.h":

        So please include a patch in the v3 series that adds
        "CryptoPkg/Library/Include/sys/syscall.h" like suggested above.

    *Separate patch*.

    If you disagree with my request, that's 100% part of the process,
    but then please respond under the request, rather than dumping an
    entire new version of the series on me that does not comply with my
    request.

(4) In version 3, you failed to pick up my Reviewed-by tags that I had
    given for v2 1/6 and v2 6/6.

    In more technical terms, this means that you should have run "git
    rebase -i", selected the "reword" action for patches v2 1/6 and v2
    6/6, and appended -- using the clipboard -- my R-b tags, from my
    review emails, to the commit messages.

    This is documented in detail, in [*] (contributor step 28).

    (Referring to the previous bullet, you also failed to pick up my R-b
    for patch v2 4/6. However, ultimately, that was the correct action
    for that patch, given that you modified the patch in v3. If a patch
    is modified significantly in a revision, then review tags garnered
    earlier should be dropped, so that reviewers check the patch again.)

(5) Jian had some questions still open under v2 5/6, when you posted v3.
    The questions were addressed to me. Sometimes I cannot answer on the
    next day, and yes, there was a weekend to.

    If you think a reviewer missed something, please wait one or two
    business days, and ping them off-list or on-list, before sending the
    next version.

    If there isn't enough time left to catch the upcoming stable tag
    with this work, then we should postpone this work to the next stable
    tag.

[*] https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers

Thanks
Laszlo




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40612): https://edk2.groups.io/g/devel/message/40612
Mute This Topic: https://groups.io/mt/31606972/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list