Vagrant Cascadian schreef op vr 22-10-2021 om 14:15 [-0700]: > [...] > Though, it is *possible* that various u-boot-BOARD in some cases > doesn't > include any openssl code at all in the resulting binaries, but builds > some tools used during the build process, that are then used to > produce > various cryptographic signatures in the build: > >   https://lists.denx.de/pipermail/u-boot/2021-October/464533.html > > If that's true, it should be ok for various boards (though the > possibility of openssl code getting linked in would be hard to > catch). Add openssl to #:disallowed-references. Then the build will fail if the store item has a reference to openssl. This most likely won't catch uses of the _static_ OpenSSL libraries though, so the "openssl:static" input would need to be removed for this approach to work. Greetings, Maxime. -- not hacking on guix for a while, only occassionally looking at IRC logs and bug reports. E-mails are unsigned until backup is located.