From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lRVBT-0002SJ-IU for ptxdist@pengutronix.de; Wed, 31 Mar 2021 09:22:35 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1lRVBT-0003Ss-8Q for ptxdist@pengutronix.de; Wed, 31 Mar 2021 09:22:35 +0200 Date: Wed, 31 Mar 2021 09:22:35 +0200 From: Michael Olbrich Message-ID: <20210331072235.GB8755@pengutronix.de> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Subject: Re: [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de On Tue, Mar 30, 2021 at 02:53:42PM +0000, Denis Osterland-Heim wrote: > v1 -> v2: > - pass variables to CODE_SIGNING_ENV in favour of noproxy patch > - remove function extending patches, which seams easier to maintain > > Denis Osterland-Heim (2): > host-libcurl: enable http(s) support > host-yubihsm-shell: new package > > rules/host-libcurl.make | 4 ++-- > rules/host-yubihsm-shell.in | 13 +++++++++++++ > rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++++ > rules/pre/030-yubihsm-shell.make | 11 +++++++++++ > 4 files changed, 63 insertions(+), 2 deletions(-) > > base-commit: c33f9942d ("glib: version bump 2.66.6 -> 2.68.0") > > Return-Path: > X-Original-To: ptxdist@pengutronix.de > Delivered-To: osterlad@cwpc1435.diehlako.local > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > id ABA433E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > From: Denis Osterland-Heim > To: ptxdist@pengutronix.de > Subject: [PATCH v2 1/2] host-libcurl: enable http(s) support > Date: Tue, 30 Mar 2021 16:48:27 +0200 > Message-Id: <20210330144828.15293-2-denis.osterland@diehl.com> > X-Mailer: git-send-email 2.31.1 > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > References: <20210330144828.15293-1-denis.osterland@diehl.com> > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > > Signed-off-by: Denis Osterland-Heim > --- > rules/host-libcurl.make | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make > index dc28de778..1a2a1fcf5 100644 > --- a/rules/host-libcurl.make > +++ b/rules/host-libcurl.make > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT := \ > --without-librtmp \ > \ > --disable-ares \ > - --disable-http \ > + --enable-http \ > --disable-nghttp2 \ > --disable-cookies \ > --disable-ftp \ > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT := \ > --disable-file \ > --disable-crypto-auth \ > --disable-libssh2 \ > - --without-ssl > + --with-ssl still missing the openssl dependency. > > $(STATEDIR)/host-libcurl.install: > @$(call targetinfo) > -- > 2.31.1 > > Return-Path: > X-Original-To: ptxdist@pengutronix.de > Delivered-To: osterlad@cwpc1435.diehlako.local > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > id AE8CF3E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > From: Denis Osterland-Heim > To: ptxdist@pengutronix.de > Subject: [PATCH v2 2/2] host-yubihsm-shell: new package > Date: Tue, 30 Mar 2021 16:48:28 +0200 > Message-Id: <20210330144828.15293-3-denis.osterland@diehl.com> > X-Mailer: git-send-email 2.31.1 > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > References: <20210330144828.15293-1-denis.osterland@diehl.com> > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > > This package provides the pkcs11 plugin for yubi HSMs, > which allows to create a signing provider for it. > > Signed-off-by: Denis Osterland-Heim > --- > rules/host-yubihsm-shell.in | 13 +++++++++++ > rules/host-yubihsm-shell.make | 37 ++++++++++++++++++++++++++++++++ > rules/pre/030-yubihsm-shell.make | 11 ++++++++++ > 3 files changed, 61 insertions(+) > create mode 100644 rules/host-yubihsm-shell.in > create mode 100644 rules/host-yubihsm-shell.make > create mode 100644 rules/pre/030-yubihsm-shell.make > > diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in > new file mode 100644 > index 000000000..3b17a2e98 > --- /dev/null > +++ b/rules/host-yubihsm-shell.in > @@ -0,0 +1,13 @@ > +## SECTION=hosttools_noprompt > + > +config HOST_YUBIHSM_SHELL > + tristate > + default ALLYES > + select HOST_CMAKE > + select HOST_OPENSSL > + select HOST_LIBCURL > + select HOST_LIBUSB > + select HOST_GENGETOPT > + select HOST_LIBEDIT > + select HOST_PCSC_LITE > + select HOST_LIBP11 > diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make > new file mode 100644 > index 000000000..3ebfc8c1f > --- /dev/null > +++ b/rules/host-yubihsm-shell.make > @@ -0,0 +1,37 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2021 by Denis Osterland-Heim > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) += host-yubihsm-shell > + > +# > +# Paths and names > +# > +HOST_YUBIHSM_SHELL_VERSION := 2.1.0 > +HOST_YUBIHSM_SHELL_MD5 := 7363c0bc4ed037e262474beaa6e1407b > +HOST_YUBIHSM_SHELL := yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION) > +HOST_YUBIHSM_SHELL_SUFFIX := tar.gz > +HOST_YUBIHSM_SHELL_URL := https://github.com/Yubico/yubihsm-shell/archive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX) > +HOST_YUBIHSM_SHELL_SOURCE := $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YUBIHSM_SHELL_SUFFIX) > +HOST_YUBIHSM_SHELL_DIR := $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL) > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +# > +# cmake > +# > +HOST_YUBIHSM_SHELL_CONF_TOOL := cmake > +HOST_YUBIHSM_SHELL_CONF_OPT := \ > + $(HOST_CMAKE_OPT) \ > + -DBUILD_ONLY_LIB=OFF \ > + -DENABLE_COVERAGE=OFF \ > + -DSUPRESS_MSVC_WARNINGS=ON \ > + -DWITHOUT_MANPAGES=1 > + > +# vim: syntax=make > diff --git a/rules/pre/030-yubihsm-shell.make b/rules/pre/030-yubihsm-shell.make > new file mode 100644 > index 000000000..fbfc48f2d > --- /dev/null > +++ b/rules/pre/030-yubihsm-shell.make > @@ -0,0 +1,11 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2021 by Denis Osterland-Heim > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +ifdef PTXCONF_HOST_YUBIHSM_SHELL > +CODE_SIGNING_ENV += HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= > +endif Could you add a comment, why this is needed? Hmmm, in general, I'd prefer to ifdef based on the provider and not the package. But that will be some custom stuff and I don't want to require this kind of thing in the BSP. The proxy stuff is just a bit of a sanity check anyways. The packages that use CODE_SIGNING_ENV are bootloaders, images, etc. I'm not too worried about those. It's stuff like python packages that try to download missing dependencies at build-time. So this is fine, even if it's not 100 percent correct. Regards, Michael > -- > 2.31.1 > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de