From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
From: Bastian Krause <bst@pengutronix.de>
Date: Fri, 15 May 2020 16:26:32 +0200
Message-Id: <20200515142641.812-7-bst@pengutronix.de>
In-Reply-To: <20200515142641.812-1-bst@pengutronix.de>
References: <20200515142641.812-1-bst@pengutronix.de>
MIME-Version: 1.0
Subject: [ptxdist] [PATCH v2 06/15]
 ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Bastian Krause <bst@pengutronix.de>

Key providers now take care of calling the CA helpers. This makes sure
the CA is already present in pem format. Use that instead of extracting
and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer
a dependency of template-barebox-imx-habv4.

Note: requires ptx-code-signing-dev 0.4 or later

Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
Changes since (implicit) v1:
  - clarify required version of ptx-code-signing-dev in commit message
---
 rules/templates/template-barebox-imx-habv4-in |  1 -
 scripts/lib/ptxd_lib_imx_hab.sh               | 16 ++++++++--------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in
index af3e59986..16258cbee 100644
--- a/rules/templates/template-barebox-imx-habv4-in
+++ b/rules/templates/template-barebox-imx-habv4-in
@@ -3,7 +3,6 @@
 config BAREBOX_@PACKAGE@
 	tristate
 	select CODE_SIGNING
-	select HOST_EXTRACT_CERT
 	select HOST_IMX_CST
 	prompt "Barebox (@package@)"
 	help
diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
index 034bf82b2..781c1b3f6 100644
--- a/scripts/lib/ptxd_lib_imx_hab.sh
+++ b/scripts/lib/ptxd_lib_imx_hab.sh
@@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() {
     local template="${1}"
     local table_bin="${pkg_build_dir}/imx-srk-table.bin"
     local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
-    local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")"
+    local -a certs
 
     echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
 
     for i in 1 2 3 4; do
-	local t=$(printf "${template}" "${i}")
-	local uri=$(cs_get_uri "$t")
+	certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
+    done
 
-	ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der &&
-	ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \
-	    -out ${tmpdir}/srk${i}.pem || break
-    done &&
+    local orig_IFS="${IFS}"
+    IFS=","
+    certs="${certs[*]}"
+    IFS="${orig_IFS}"
 
     ptxd_exec srktool --hab_ver 4 \
 	--table "${table_bin}" \
 	--efuses "${srk_fuse_bin}" \
 	--digest sha256 \
-	--certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem
+	--certs "${certs}"
 }
 export -f ptxd_make_imx_habv4_gen_table_impl
 
-- 
2.26.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de