Date 1 - 8 of 8
[edk2-devel] EDK II Stable Tag release edk2-stable201905 completed
edk2 submodule are from github openssl and berkeley-softfloat-3. If you can access edk2, you can also access them. Why you system redirect github openssl to boringssl?
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of krishnaLee
Sent: Monday, June 10, 2019 5:07 PM
Cc: 'email@example.com' <firstname.lastname@example.org>; leif.lindholm@...; Kinney, Michael D <michael.d.kinney@...>; afish@...; Laszlo Ersek (lersek@...) <lersek@...>
Subject: Re: [edk2-devel] EDK II Stable Tag release edk2-stable201905 completed
I had download it (git clone -b edk2-stable201905 https://github.com/tianocore/edk2.git),
but update openssl failed by command (git submodule update --init --recursive)
Cloning into 'D:/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl'...
fatal: unable to access 'https://boringssl.googlesource.com/boringssl/': Failed to connect to boringssl.googlesource.com port 443: Timed out
I think many chinese people need "Climbing<https://www.bing.com/dict/search?q=Climbing&FORM=BDVSP6&mkt=zh-cn> over<https://www.bing.com/dict/search?q=over&FORM=BDVSP6&mkt=zh-cn> the<https://www.bing.com/dict/search?q=the&FORM=BDVSP6&mkt=zh-cn> Wall<https://www.bing.com/dict/search?q=Wall&FORM=BDVSP6&mkt=zh-cn>" to access 'https://boringssl.googlesource.com/boringssl/'.
I am sorry about this but is there any other idea to bypass it?
At 2019-06-06 17:54:48, "Liming Gao" <liming.gao@...<mailto:liming.gao@...>> wrote:
The tag edk2-stable201905 has been created. https://github.com/tianocore/edk2/releases/tag/edk2-stable201905
git clone -b edk2-stable201905 https://github.com/tianocore/edk2.git
The tag edk2-stable201905 has been added into the main EDK II Wiki page.
The quiet period has now ended. Thank you for your cooperation and patience. Normal commits can now be resumed.
Next edk2 stable tag (edk2-stable201908) planning has been added into wiki page.
If you have ideas for features in the next stable tag, please enter a Bugzilla for evaluation. Please let us know if there are existing open Bugzilla entries that should be targeted at this next stable tag.
On Mon, Jun 10, 2019 at 01:50:43PM +0000, Gao, Liming wrote:
edk2 submodule are from github openssl and berkeley-softfloat-3. If you can access edk2, you can also access them. Why you system redirect github openssl to boringssl?Argh, no. OpenSSL has boringssl as a git submodule.
edk2/CryptoPkg/Library/OpensslLib/openssl$ cat .gitmodules
path = boringssl
url = https://boringssl.googlesource.com/boringssl
toggle quoted message Show quoted text
-----Original Message-----I just notice openssl has its own submodule. https://github.com/google/boringssl is the mirror of boringssl.
Can you modify the .gitconfig with the below rule, and try again?
insteadOf = https://boringssl.googlesource.com/boringssl
On 06/10/19 16:00, Leif Lindholm wrote:
On Mon, Jun 10, 2019 at 01:50:43PM +0000, Gao, Liming wrote:That's right, but it shouldn't matter. In edk2, I always useedk2 submodule are from github openssl and berkeley-softfloat-3. If you can access edk2, you can also access them. Why you system redirect github openssl to boringssl?Argh, no. OpenSSL has boringssl as a git submodule.
$ git submodule update --init --force
and I never pass the "--recursive" flag. This is also how I tested the
upgrade to OpenSSL-1.1.1b, before edk2-stable201905 was tagged. The
boringssl sub-sub-module is not needed for edk2's purposes.
We might want to drop "--recursive" from "OpenSSL-HOWTO.txt", instead.
On Tue, Jun 11, 2019 at 12:08:34PM +0200, Laszlo Ersek wrote:
The instructions have spread to many other places (build instructionsArgh, no. OpenSSL has boringssl as a git submodule.That's right, but it shouldn't matter. In edk2, I always use
in wiki and edk2-platforms Readme.md being two of them).
That's not to say we shouldn't change it, but that we need to go
through and update those places too.
And frankly, if we've accepted the need to support submodules, we
need to document how edk2 interacts with submodules, not how each
individual submodule interacts with edk2 - so the git instructions in
OpenSSL-HOWTO.txt should probably be deleted.
This might be a good topic to bring to the next design meeting.
Presumably the above will be a useful workaround for the original
reporter in the meantime.
On 06/11/19 12:30, Leif Lindholm wrote:
On Tue, Jun 11, 2019 at 12:08:34PM +0200, Laszlo Ersek wrote:To be clear -- the problem *exists* only because the original reporterThe instructions have spread to many other places (build instructionsArgh, no. OpenSSL has boringssl as a git submodule.That's right, but it shouldn't matter. In edk2, I always use
is stuck behind a restrictive firewall. There is nothing *technically*
wrong with the current instructions in "OpenSSL-HOWTO.txt". There is
nothing particular in how "edk2 interacts with submodules". We're
discussing workarounds for a political problem.
On Tue, Jun 11, 2019 at 05:46:37PM +0200, Laszlo Ersek wrote:
At this point in time we are discussing a workaround for a politicalThe instructions have spread to many other places (build instructionsTo be clear -- the problem *exists* only because the original reporter
problem. But relying on submodules means relinquishing elements of
control and consistency (if github goes down, we're consistently
In this instance, we explicitly don't care about the submodule for
that other project (and I really hope this is the norm) - so we
shouldn't be documenting steps that rely on that additional
submodule existing. Whether its inaccessibility is for political (not
just this one, but "oh, someone told me there was pirated things on
that host"), technical ("server went down") or financial ("where is me
domain, me noggin' noggin' domain, it's all gone for beer and
(Why yes, I may be going slightly loopy from too much python.)
This is why I am referring to anything other than a central definition
of the relationship between edk2 and its submodules as a workaround. I
am not suggesting any shortcomings in the technical aspect.
On 06/11/19 18:08, Leif Lindholm wrote:
On Tue, Jun 11, 2019 at 05:46:37PM +0200, Laszlo Ersek wrote:Yes; this is why I suggested dropping "--recursive" from theAt this point in time we are discussing a workaround for a politicalThe instructions have spread to many other places (build instructionsTo be clear -- the problem *exists* only because the original reporter
instructions. As far as I remember, it was meant as a convenience for
users cloning the edk2 repo from zero.
Whether its inaccessibility is for political (notCan you provide an example definition then? I'm having trouble imagining
Or do you have QEMU in mind, as an example? AIUI, the QEMU project has
server-side jobs that continuously mirror all submodule repositories
from their primary locations to the QEMU git server. And then submodule
URLs in the main QEMU tree (the "superproject") point to the mirrored
subprojects on "git.qemu.org". This makes sure all submodules can be
cloned as long as QEMU itself can be cloned.
In edk2, the direct submodules (OpenSSL and SoftFloat) are both on
github, same as edk2 itself. OpenSSL seems to have three submodules,
"pyca-cryptography" (on github), "krb5" (ditto), and "boringssl" (on
"googlesource.com"). "boringssl" has a mirror at
- in order to change the URL in OpenSSL, we'd either have to convince
the OpenSSL developers to reference the github mirror rather than the
central boringssl repo, or we'd have to diverge from OpenSSL upstream in
our submodule (with a commit that updates the URL)
- we *really* don't need boringssl:
- Readme.md at <https://github.com/google/boringssl> states as much
up-front ("it is not intended for general use, as OpenSSL is. We
don't recommend that third parties depend upon it")
- In OpenSSL, the boringssl submodule was introduced in commit
ab29eca645cd ("Run BoringSSL tests on Travis", 2016-11-24). It looks
completely useless for superprojects (i.e. for communities that
don't actively develop OpenSSL itself).
In short I don't see how we can define a uniform / blanket relationship
between edk2 and all of its sub-sub-modules. We could provide a list
that discussed each case separately. And this list could change every
time we moved forward to a new OpenSSL (or other direct submodule) release.
I'm sorry if this is just wild speculation but I really don't understand
what you have in mind, for the definition. Can you please give an example?
|1 - 8 of 8|