From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: From: Bastian Krause Date: Wed, 17 Jun 2020 16:31:19 +0200 Message-Id: <20200617143125.23999-1-bst@pengutronix.de> MIME-Version: 1.0 Subject: [ptxdist] [PATCH v3 0/6] Add code-signing-provider template, add code signing docs List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Bastian Krause The code signing infrastructure is available since 2019 in PTXdist. Now it's time to document it, especially since RAUC also uses it. Unfortunately this did not make it into ptxdist-2020.06.0. To make things easier introduce a code-signing-provider template. Changes since v2: - introduce ptxd_template_read_options letting the user decide between limited options - ask user about HSM type - split HSM/SoftHSM ptxdist-set-keys.sh cases into separate files - introduce wizard.sh to generate ptxdist-set-keys.sh HSM case specific - set dependencies HSM case specific - introduce pre rule template to extend CODE_SIGNING_ENV HSM case specific - rename srk object name for consistency reasons - adjust doc section "Creating Custom Code Signing Providers" to updated code signing provider templates - remove "necessary package dependencies for code signing provider" from ref_code_signing_helpers, generated code signing providers now select all necessary host tools by default Changes since (implicit) v1: - rebased on master - reference code signing consumers section in ref_code_signing_helpers - split into sections: {SoftHSM Provider,Generic Provider,Consumer} Functions - add introductory sentence for each section - added Reviewed-by Roland - added Tested-by Ladis Bastian Krause (6): ptxd_lib_template: add ptxd_template_read_options package templates: add code-signing-provider template doc: dev_manual: split up into multiple files doc: move code signing docs from scripts/ into doc/ doc: dev_code_signing: rework and extend code signing section doc: introduce ref_code_signing_helpers doc/dev_add_bin_only_files.rst | 105 + doc/dev_add_new_pkgs.rst | 1339 +++++++++++++ doc/dev_code_signing.rst | 138 ++ doc/dev_create_new_pkg_templates.rst | 77 + doc/dev_dir_hierarchy.rst | 108 + doc/dev_layers_in_ptxdist.rst | 111 ++ doc/dev_manual.rst | 1765 +---------------- doc/ref_code_signing_helpers.rst | 248 +++ doc/ref_manual.rst | 1 + .../ptxdist-set-keys-hsm.sh | 42 + .../ptxdist-set-keys-softhsm.sh | 58 + .../templates/code-signing-provider/wizard.sh | 10 + .../template-code-signing-provider-choice-in | 5 + .../template-code-signing-provider-in | 14 + .../template-code-signing-provider-make | 41 + .../template-code-signing-provider-pre-make | 15 + scripts/lib/ptxd_lib_code_signing.sh | 32 +- scripts/lib/ptxd_lib_template.sh | 57 + 18 files changed, 2381 insertions(+), 1785 deletions(-) create mode 100644 doc/dev_add_bin_only_files.rst create mode 100644 doc/dev_add_new_pkgs.rst create mode 100644 doc/dev_code_signing.rst create mode 100644 doc/dev_create_new_pkg_templates.rst create mode 100644 doc/dev_dir_hierarchy.rst create mode 100644 doc/dev_layers_in_ptxdist.rst create mode 100644 doc/ref_code_signing_helpers.rst create mode 100755 rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh create mode 100755 rules/templates/code-signing-provider/ptxdist-set-keys-softhsm.sh create mode 100644 rules/templates/code-signing-provider/wizard.sh create mode 100644 rules/templates/template-code-signing-provider-choice-in create mode 100644 rules/templates/template-code-signing-provider-in create mode 100644 rules/templates/template-code-signing-provider-make create mode 100644 rules/templates/template-code-signing-provider-pre-make -- 2.27.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de