Hi,
As you may know, the build system was changed, and the tip of master depends on Openssl3. This version is quite new and is not available in many old (or not so old) but still supported operating systems. (Ubuntu 18.04 is an example.)
I made a quick and dirty fix to allow building Opessl3 right from TF-A if the source is pre-fetched. You can find this change here:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16800 For our downstream project this is a perfect solution as the same component introducing the new dependency
carries the solution. Thus, my build environment is not becoming TF-A version specific.
From TF-A point of view the situation is not so simple. The above patch extends TF-A with "build environment provisioning" responsibility. Before this patch TF-A assumed, all "common" dependencies are available in the build environment, and this patch changes
that. Yes, some strongly TF-A specific components were owned and built by TF-A, but openssl is different.
Thus, my modification is a “game changer” in some ways. A few things to consider:
There are alternatives which might be considered better:
As I mentioned above, this is a "good enough" fix for my use-case, but not sure if this is the right approach from TF-A perspectives.
I am happy to tidy up this patch and push it trough the review, but the efforts needed to implement “other options” are beyond my capacity.
I am looking for feedback both from TF-A maintainers and from “build environment owners”. Thanks!
/George
Ps.: Apologies for not doing “my homework”. I know there is a ticket somewhere in Phabricator and I did not invest the needed time to find it.