Hi Vitaly,
On 7/17/21 10:22 PM, Vitaly Chikunov wrote:
Tianjia, Mimi,
On Sat, Jul 17, 2021 at 09:48:10AM +0800, Tianjia Zhang wrote:
On 7/17/21 12:39 AM, Mimi Zohar wrote:
On Fri, 2021-07-16 at 17:22 +0800, Tianjia Zhang wrote:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 088c041..17407ff 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,6 +17,7 @@ jobs:
ARCH: i386
TSS: tpm2-tss
VARIANT: i386
+ OPENSSL3: true
# cross compilation builds
- container: "debian:stable"
@@ -51,6 +52,7 @@ jobs:
env:
CC: clang
TSS: ibmtss
+ OPENSSL3: true
I haven't had a chance to look at the entire patch, but defining
OPENSSL3 kind of stood out. Just as "CC" and "TSS" are generic, I'd
prefer something more generic here. In the past there was a request
to support Libressl, which never materialized.
I agree that it is appropriate to use a generic variable name. I am thinking
of 'CRYPTOGRAPHY' or 'CRYPPTO_LIBRARY'. Are there any better suggestions?
Perhaps, OPENSSL with tag name. If present, it's git cloned from
upstream, checked out appropriate tag, compiled, installed, and env set
to use it to compile ima-evm-utils. If not present (the default) native
OS OpenSSL is used.
Just use openssl 3.0 to assist in generating keys in the test case,
evmctl still relies on the default version on the release, which is no
problem on the mainstream openssl 1.1.1. Secondly, many functions used
by evmctl have been marked as deprecated in openssl 3.0. There may be a
major change, maybe it will be better to wait until openssl 3.0 is
officially released before considering this issue.
Cheers,
Tianjia
