edk2: re-vendor OpenSSL

This sucks, but 3.0 is too old, 3.5 is too new, and we're not
shipping 3.4 just for this.

pkgs/by-name/ed/edk2/package.nix

@@ -61,31 +61,10 @@ stdenv.mkDerivation (finalAttrs: {
       })
     ];
 
+    # FIXME: unvendor OpenSSL again once upstream updates
+    # to a compatible version.
+    # Upstream PR: https://github.com/tianocore/edk2/pull/10946
     postPatch = ''
-      # de-vendor OpenSSL
-      rm -r CryptoPkg/Library/OpensslLib/openssl
-      mkdir -p CryptoPkg/Library/OpensslLib/openssl
-      (
-      cd CryptoPkg/Library/OpensslLib/openssl
-      tar --strip-components=1 -xf ${buildPackages.openssl_3.src}
-
-      # Apply OpenSSL patches.
-      ${lib.pipe buildPackages.openssl_3.patches [
-        (builtins.filter (
-          patch:
-          !builtins.elem (baseNameOf patch) [
-            # Exclude patches not required in this context.
-            "nix-ssl-cert-file.patch"
-            "openssl-disable-kernel-detection.patch"
-            "use-etc-ssl-certs-darwin.patch"
-            "use-etc-ssl-certs.patch"
-          ]
-        ))
-        (map (patch: "patch -p1 < ${patch}\n"))
-        lib.concatStrings
-      ]}
-      )
-
       # enable compilation using Clang
       # https://bugzilla.tianocore.org/show_bug.cgi?id=4620
       substituteInPlace BaseTools/Conf/tools_def.template --replace-fail \