https://bugzilla.redhat.com/show_bug.cgi?id=2030595 --- Comment #6 from Paolo Bonzini <pbonzini@xxxxxxxxxx> --- The bundled 3rd party libraries cannot be replaced with the system libraries, because enclaves cannot use the system libraries (all code must be linked statically and signed). See for example ENCLAVE_CFLAGS and ENCLAVE_CXXFLAGS in buildenv.mk, which include -ffreestanding -nostdinc -nostdinc++, and ENCLAVE_LDFLAGS which includes the linker flag -eenclave_entry. However, these should be open source and limited to the minimum necessary. Based on my analysis of the build process: * the static binary-only libraries in external/ should be removed from the sources tarball and should not be used during the build process. * OpenSSL should be built from source, and the OpenSSL sources should be passed through the "hobble-openssl" script from the Fedora OpenSSL package. The script removes certain patented algorithms from the tarball. * No network access should be done during the build (see for example external/sgxssl/prepare_sgxssl.sh); all sources should be included in the tarball. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2030595 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure