* [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider
@ 2021-03-30 14:53 Denis Osterland-Heim
2021-03-31 7:22 ` Michael Olbrich
0 siblings, 1 reply; 4+ messages in thread
From: Denis Osterland-Heim @ 2021-03-30 14:53 UTC (permalink / raw)
To: ptxdist
[-- Attachment #1: Type: text/plain, Size: 1913 bytes --]
v1 -> v2:
- pass variables to CODE_SIGNING_ENV in favour of noproxy patch
- remove function extending patches, which seams easier to maintain
Denis Osterland-Heim (2):
host-libcurl: enable http(s) support
host-yubihsm-shell: new package
rules/host-libcurl.make | 4 ++--
rules/host-yubihsm-shell.in | 13 +++++++++++++
rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++++
rules/pre/030-yubihsm-shell.make | 11 +++++++++++
4 files changed, 63 insertions(+), 2 deletions(-)
base-commit: c33f9942d ("glib: version bump 2.66.6 -> 2.68.0")
Diehl Connectivity Solutions GmbH
Geschäftsführung: Horst Leonberger
Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
Nürnberg: HRB 32315
________________________________
Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
- Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
https://www.diehl.com/group/de/transparenz-und-informationspflichten/
The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
- For general information on data protection and your respective rights please visit:
https://www.diehl.com/group/en/transparency-and-information-obligations/
[-- Attachment #2: 1617115710.Vfd01Idfe513M709882.mbox --]
[-- Type: application/mbox, Size: 1418 bytes --]
[-- Attachment #3: 1617115710.Vfd01Idfe687M718182.mbox --]
[-- Type: application/mbox, Size: 3607 bytes --]
[-- Attachment #4: Type: text/plain, Size: 181 bytes --]
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider 2021-03-30 14:53 [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider Denis Osterland-Heim @ 2021-03-31 7:22 ` Michael Olbrich 2021-03-31 11:27 ` Denis Osterland-Heim 0 siblings, 1 reply; 4+ messages in thread From: Michael Olbrich @ 2021-03-31 7:22 UTC (permalink / raw) To: ptxdist On Tue, Mar 30, 2021 at 02:53:42PM +0000, Denis Osterland-Heim wrote: > v1 -> v2: > - pass variables to CODE_SIGNING_ENV in favour of noproxy patch > - remove function extending patches, which seams easier to maintain > > Denis Osterland-Heim (2): > host-libcurl: enable http(s) support > host-yubihsm-shell: new package > > rules/host-libcurl.make | 4 ++-- > rules/host-yubihsm-shell.in | 13 +++++++++++++ > rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++++ > rules/pre/030-yubihsm-shell.make | 11 +++++++++++ > 4 files changed, 63 insertions(+), 2 deletions(-) > > base-commit: c33f9942d ("glib: version bump 2.66.6 -> 2.68.0") > > Return-Path: <osterlad@cwpc1435.diehlako.local> > X-Original-To: ptxdist@pengutronix.de > Delivered-To: osterlad@cwpc1435.diehlako.local > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > id ABA433E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > From: Denis Osterland-Heim <denis.osterland@diehl.com> > To: ptxdist@pengutronix.de > Subject: [PATCH v2 1/2] host-libcurl: enable http(s) support > Date: Tue, 30 Mar 2021 16:48:27 +0200 > Message-Id: <20210330144828.15293-2-denis.osterland@diehl.com> > X-Mailer: git-send-email 2.31.1 > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > References: <20210330144828.15293-1-denis.osterland@diehl.com> > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com> > --- > rules/host-libcurl.make | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make > index dc28de778..1a2a1fcf5 100644 > --- a/rules/host-libcurl.make > +++ b/rules/host-libcurl.make > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT := \ > --without-librtmp \ > \ > --disable-ares \ > - --disable-http \ > + --enable-http \ > --disable-nghttp2 \ > --disable-cookies \ > --disable-ftp \ > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT := \ > --disable-file \ > --disable-crypto-auth \ > --disable-libssh2 \ > - --without-ssl > + --with-ssl still missing the openssl dependency. > > $(STATEDIR)/host-libcurl.install: > @$(call targetinfo) > -- > 2.31.1 > > Return-Path: <osterlad@cwpc1435.diehlako.local> > X-Original-To: ptxdist@pengutronix.de > Delivered-To: osterlad@cwpc1435.diehlako.local > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > id AE8CF3E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > From: Denis Osterland-Heim <denis.osterland@diehl.com> > To: ptxdist@pengutronix.de > Subject: [PATCH v2 2/2] host-yubihsm-shell: new package > Date: Tue, 30 Mar 2021 16:48:28 +0200 > Message-Id: <20210330144828.15293-3-denis.osterland@diehl.com> > X-Mailer: git-send-email 2.31.1 > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > References: <20210330144828.15293-1-denis.osterland@diehl.com> > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > > This package provides the pkcs11 plugin for yubi HSMs, > which allows to create a signing provider for it. > > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com> > --- > rules/host-yubihsm-shell.in | 13 +++++++++++ > rules/host-yubihsm-shell.make | 37 ++++++++++++++++++++++++++++++++ > rules/pre/030-yubihsm-shell.make | 11 ++++++++++ > 3 files changed, 61 insertions(+) > create mode 100644 rules/host-yubihsm-shell.in > create mode 100644 rules/host-yubihsm-shell.make > create mode 100644 rules/pre/030-yubihsm-shell.make > > diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in > new file mode 100644 > index 000000000..3b17a2e98 > --- /dev/null > +++ b/rules/host-yubihsm-shell.in > @@ -0,0 +1,13 @@ > +## SECTION=hosttools_noprompt > + > +config HOST_YUBIHSM_SHELL > + tristate > + default ALLYES > + select HOST_CMAKE > + select HOST_OPENSSL > + select HOST_LIBCURL > + select HOST_LIBUSB > + select HOST_GENGETOPT > + select HOST_LIBEDIT > + select HOST_PCSC_LITE > + select HOST_LIBP11 > diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make > new file mode 100644 > index 000000000..3ebfc8c1f > --- /dev/null > +++ b/rules/host-yubihsm-shell.make > @@ -0,0 +1,37 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2021 by Denis Osterland-Heim <Denis.Osterland@diehl.com> > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) += host-yubihsm-shell > + > +# > +# Paths and names > +# > +HOST_YUBIHSM_SHELL_VERSION := 2.1.0 > +HOST_YUBIHSM_SHELL_MD5 := 7363c0bc4ed037e262474beaa6e1407b > +HOST_YUBIHSM_SHELL := yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION) > +HOST_YUBIHSM_SHELL_SUFFIX := tar.gz > +HOST_YUBIHSM_SHELL_URL := https://github.com/Yubico/yubihsm-shell/archive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX) > +HOST_YUBIHSM_SHELL_SOURCE := $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YUBIHSM_SHELL_SUFFIX) > +HOST_YUBIHSM_SHELL_DIR := $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL) > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +# > +# cmake > +# > +HOST_YUBIHSM_SHELL_CONF_TOOL := cmake > +HOST_YUBIHSM_SHELL_CONF_OPT := \ > + $(HOST_CMAKE_OPT) \ > + -DBUILD_ONLY_LIB=OFF \ > + -DENABLE_COVERAGE=OFF \ > + -DSUPRESS_MSVC_WARNINGS=ON \ > + -DWITHOUT_MANPAGES=1 > + > +# vim: syntax=make > diff --git a/rules/pre/030-yubihsm-shell.make b/rules/pre/030-yubihsm-shell.make > new file mode 100644 > index 000000000..fbfc48f2d > --- /dev/null > +++ b/rules/pre/030-yubihsm-shell.make > @@ -0,0 +1,11 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2021 by Denis Osterland-Heim <denis.osterland@diehl.com> > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +ifdef PTXCONF_HOST_YUBIHSM_SHELL > +CODE_SIGNING_ENV += HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= > +endif Could you add a comment, why this is needed? Hmmm, in general, I'd prefer to ifdef based on the provider and not the package. But that will be some custom stuff and I don't want to require this kind of thing in the BSP. The proxy stuff is just a bit of a sanity check anyways. The packages that use CODE_SIGNING_ENV are bootloaders, images, etc. I'm not too worried about those. It's stuff like python packages that try to download missing dependencies at build-time. So this is fine, even if it's not 100 percent correct. Regards, Michael > -- > 2.31.1 > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider 2021-03-31 7:22 ` Michael Olbrich @ 2021-03-31 11:27 ` Denis Osterland-Heim 2021-03-31 12:34 ` Michael Olbrich 0 siblings, 1 reply; 4+ messages in thread From: Denis Osterland-Heim @ 2021-03-31 11:27 UTC (permalink / raw) To: ptxdist Hi, Am Mittwoch, den 31.03.2021, 09:22 +0200 schrieb Michael Olbrich: > On Tue, Mar 30, 2021 at 02:53:42PM +0000, Denis Osterland-Heim wrote: > > v1 -> v2: > > - pass variables to CODE_SIGNING_ENV in favour of noproxy patch > > - remove function extending patches, which seams easier to maintain > > > > Denis Osterland-Heim (2): > > host-libcurl: enable http(s) support > > host-yubihsm-shell: new package > > > > rules/host-libcurl.make | 4 ++-- > > rules/host-yubihsm-shell.in | 13 +++++++++++++ > > rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++++ > > rules/pre/030-yubihsm-shell.make | 11 +++++++++++ > > 4 files changed, 63 insertions(+), 2 deletions(-) > > > > base-commit: c33f9942d ("glib: version bump 2.66.6 -> 2.68.0") > > > > Return-Path: <osterlad@cwpc1435.diehlako.local> > > X-Original-To: ptxdist@pengutronix.de > > Delivered-To: osterlad@cwpc1435.diehlako.local > > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > > id ABA433E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > > From: Denis Osterland-Heim <denis.osterland@diehl.com> > > To: ptxdist@pengutronix.de > > Subject: [PATCH v2 1/2] host-libcurl: enable http(s) support > > Date: Tue, 30 Mar 2021 16:48:27 +0200 > > Message-Id: <20210330144828.15293-2-denis.osterland@diehl.com> > > X-Mailer: git-send-email 2.31.1 > > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > > References: <20210330144828.15293-1-denis.osterland@diehl.com> > > MIME-Version: 1.0 > > Content-Transfer-Encoding: 8bit > > > > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com> > > --- > > rules/host-libcurl.make | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make > > index dc28de778..1a2a1fcf5 100644 > > --- a/rules/host-libcurl.make > > +++ b/rules/host-libcurl.make > > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT:= \ > > --without-librtmp \ > > \ > > --disable-ares \ > > ---disable-http \ > > +--enable-http \ > > --disable-nghttp2 \ > > --disable-cookies \ > > --disable-ftp \ > > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT:= \ > > --disable-file \ > > --disable-crypto-auth \ > > --disable-libssh2 \ > > ---without-ssl > > +--with-ssl > > still missing the openssl dependency. sorry, will be in next version > > > > > > $(STATEDIR)/host-libcurl.install: > > @$(call targetinfo) > > -- > > 2.31.1 > > > > Return-Path: <osterlad@cwpc1435.diehlako.local> > > X-Original-To: ptxdist@pengutronix.de > > Delivered-To: osterlad@cwpc1435.diehlako.local > > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > > id AE8CF3E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > > From: Denis Osterland-Heim <denis.osterland@diehl.com> > > To: ptxdist@pengutronix.de > > Subject: [PATCH v2 2/2] host-yubihsm-shell: new package > > Date: Tue, 30 Mar 2021 16:48:28 +0200 > > Message-Id: <20210330144828.15293-3-denis.osterland@diehl.com> > > X-Mailer: git-send-email 2.31.1 > > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > > References: <20210330144828.15293-1-denis.osterland@diehl.com> > > MIME-Version: 1.0 > > Content-Transfer-Encoding: 8bit > > > > This package provides the pkcs11 plugin for yubi HSMs, > > which allows to create a signing provider for it. > > > > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com> > > --- > > rules/host-yubihsm-shell.in | 13 +++++++++++ > > rules/host-yubihsm-shell.make | 37 ++++++++++++++++++++++++++++++++ > > rules/pre/030-yubihsm-shell.make | 11 ++++++++++ > > 3 files changed, 61 insertions(+) > > create mode 100644 rules/host-yubihsm-shell.in > > create mode 100644 rules/host-yubihsm-shell.make > > create mode 100644 rules/pre/030-yubihsm-shell.make > > > > diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in > > new file mode 100644 > > index 000000000..3b17a2e98 > > --- /dev/null > > +++ b/rules/host-yubihsm-shell.in > > @@ -0,0 +1,13 @@ > > +## SECTION=hosttools_noprompt > > + > > +config HOST_YUBIHSM_SHELL > > +tristate > > +default ALLYES > > +select HOST_CMAKE > > +select HOST_OPENSSL > > +select HOST_LIBCURL > > +select HOST_LIBUSB > > +select HOST_GENGETOPT > > +select HOST_LIBEDIT > > +select HOST_PCSC_LITE > > +select HOST_LIBP11 > > diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make > > new file mode 100644 > > index 000000000..3ebfc8c1f > > --- /dev/null > > +++ b/rules/host-yubihsm-shell.make > > @@ -0,0 +1,37 @@ > > +# -*-makefile-*- > > +# > > +# Copyright (C) 2021 by Denis Osterland-Heim <Denis.Osterland@diehl.com> > > +# > > +# For further information about the PTXdist project and license conditions > > +# see the README file. > > +# > > + > > +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) += host-yubihsm-shell > > + > > +# > > +# Paths and names > > +# > > +HOST_YUBIHSM_SHELL_VERSION:= 2.1.0 > > +HOST_YUBIHSM_SHELL_MD5:= 7363c0bc4ed037e262474beaa6e1407b > > +HOST_YUBIHSM_SHELL:= yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION) > > +HOST_YUBIHSM_SHELL_SUFFIX:= tar.gz > > +HOST_YUBIHSM_SHELL_URL:= https://github.com/Yubico/yubihsm-shell/archive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX) > > +HOST_YUBIHSM_SHELL_SOURCE:= $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YUBIHSM_SHELL_SUFFIX) > > +HOST_YUBIHSM_SHELL_DIR:= $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL) > > + > > +# ---------------------------------------------------------------------------- > > +# Prepare > > +# ---------------------------------------------------------------------------- > > + > > +# > > +# cmake > > +# > > +HOST_YUBIHSM_SHELL_CONF_TOOL:= cmake > > +HOST_YUBIHSM_SHELL_CONF_OPT:= \ > > +$(HOST_CMAKE_OPT) \ > > +-DBUILD_ONLY_LIB=OFF \ > > +-DENABLE_COVERAGE=OFF \ > > +-DSUPRESS_MSVC_WARNINGS=ON \ > > +-DWITHOUT_MANPAGES=1 > > + > > +# vim: syntax=make > > diff --git a/rules/pre/030-yubihsm-shell.make b/rules/pre/030-yubihsm-shell.make > > new file mode 100644 > > index 000000000..fbfc48f2d > > --- /dev/null > > +++ b/rules/pre/030-yubihsm-shell.make > > @@ -0,0 +1,11 @@ > > +# -*-makefile-*- > > +# > > +# Copyright (C) 2021 by Denis Osterland-Heim <denis.osterland@diehl.com> > > +# > > +# For further information about the PTXdist project and license conditions > > +# see the README file. > > +# > > + > > +ifdef PTXCONF_HOST_YUBIHSM_SHELL > > +CODE_SIGNING_ENV += HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= > > +endif > > Could you add a comment, why this is needed? > > Hmmm, in general, I'd prefer to ifdef based on the provider and not the > package. But that will be some custom stuff and I don't want to require > this kind of thing in the BSP. > > The proxy stuff is just a bit of a sanity check anyways. The packages that > use CODE_SIGNING_ENV are bootloaders, images, etc. I'm not too worried > about those. It's stuff like python packages that try to download missing > dependencies at build-time. > > So this is fine, even if it's not 100 percent correct. I know what you mean. What do you think about adding it to the template? I guess we should not copy this to x providers but define a macro. I would think about: --- a/rules/pre/010-code-signing.make +++ b/rules/pre/010-code-signing.make @@ -11,4 +11,7 @@ CODE_SIGNING_ENV = \ OPENSSL_CONF="$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \ OPENSSL_ENGINES="$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1" +ptx/online-code-signing-poriver = CODE_SIGNING_ENV += \ + HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= + # vim: syntax=make --- a/rules/templates/template-code-signing-provider-pre-make +++ b/rules/templates/template-code-signing-provider-pre-make @@ -9,6 +9,10 @@ ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@ CODE_SIGNING_ENV += \ PKCS11_MODULE_PATH=@MODULE_PATH@ + +# if your provider communicates to a server uncomment the following lines +# to allow network requests outside of get stage +#$(call ptx/online-code-signing-poriver) endif # vim: syntax=make Regard, Denis > > Regards, > Michael > > > > -- > > 2.31.1 > > > > _______________________________________________ > > ptxdist mailing list > > ptxdist@pengutronix.de > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > > Diehl Connectivity Solutions GmbH Geschäftsführung: Horst Leonberger Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht Nürnberg: HRB 32315 ________________________________ Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht. Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt. - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter: https://www.diehl.com/group/de/transparenz-und-informationspflichten/ The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited. - For general information on data protection and your respective rights please visit: https://www.diehl.com/group/en/transparency-and-information-obligations/ _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider 2021-03-31 11:27 ` Denis Osterland-Heim @ 2021-03-31 12:34 ` Michael Olbrich 0 siblings, 0 replies; 4+ messages in thread From: Michael Olbrich @ 2021-03-31 12:34 UTC (permalink / raw) To: ptxdist On Wed, Mar 31, 2021 at 11:27:58AM +0000, Denis Osterland-Heim wrote: > Hi, > > Am Mittwoch, den 31.03.2021, 09:22 +0200 schrieb Michael Olbrich: > > On Tue, Mar 30, 2021 at 02:53:42PM +0000, Denis Osterland-Heim wrote: > > > v1 -> v2: > > > - pass variables to CODE_SIGNING_ENV in favour of noproxy patch > > > - remove function extending patches, which seams easier to maintain > > > > > > Denis Osterland-Heim (2): > > > host-libcurl: enable http(s) support > > > host-yubihsm-shell: new package > > > > > > rules/host-libcurl.make | 4 ++-- > > > rules/host-yubihsm-shell.in | 13 +++++++++++++ > > > rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++++ > > > rules/pre/030-yubihsm-shell.make | 11 +++++++++++ > > > 4 files changed, 63 insertions(+), 2 deletions(-) > > > > > > base-commit: c33f9942d ("glib: version bump 2.66.6 -> 2.68.0") > > > > > > Return-Path: <osterlad@cwpc1435.diehlako.local> > > > X-Original-To: ptxdist@pengutronix.de > > > Delivered-To: osterlad@cwpc1435.diehlako.local > > > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > > > id ABA433E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > > > From: Denis Osterland-Heim <denis.osterland@diehl.com> > > > To: ptxdist@pengutronix.de > > > Subject: [PATCH v2 1/2] host-libcurl: enable http(s) support > > > Date: Tue, 30 Mar 2021 16:48:27 +0200 > > > Message-Id: <20210330144828.15293-2-denis.osterland@diehl.com> > > > X-Mailer: git-send-email 2.31.1 > > > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > > > References: <20210330144828.15293-1-denis.osterland@diehl.com> > > > MIME-Version: 1.0 > > > Content-Transfer-Encoding: 8bit > > > > > > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com> > > > --- > > > rules/host-libcurl.make | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make > > > index dc28de778..1a2a1fcf5 100644 > > > --- a/rules/host-libcurl.make > > > +++ b/rules/host-libcurl.make > > > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT:= \ > > > --without-librtmp \ > > > \ > > > --disable-ares \ > > > ---disable-http \ > > > +--enable-http \ > > > --disable-nghttp2 \ > > > --disable-cookies \ > > > --disable-ftp \ > > > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT:= \ > > > --disable-file \ > > > --disable-crypto-auth \ > > > --disable-libssh2 \ > > > ---without-ssl > > > +--with-ssl > > > > still missing the openssl dependency. > sorry, will be in next version :-) > > > diff --git a/rules/pre/030-yubihsm-shell.make b/rules/pre/030-yubihsm-shell.make > > > new file mode 100644 > > > index 000000000..fbfc48f2d > > > --- /dev/null > > > +++ b/rules/pre/030-yubihsm-shell.make > > > @@ -0,0 +1,11 @@ > > > +# -*-makefile-*- > > > +# > > > +# Copyright (C) 2021 by Denis Osterland-Heim <denis.osterland@diehl.com> > > > +# > > > +# For further information about the PTXdist project and license conditions > > > +# see the README file. > > > +# > > > + > > > +ifdef PTXCONF_HOST_YUBIHSM_SHELL > > > +CODE_SIGNING_ENV += HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= > > > +endif > > > > Could you add a comment, why this is needed? > > > > Hmmm, in general, I'd prefer to ifdef based on the provider and not the > > package. But that will be some custom stuff and I don't want to require > > this kind of thing in the BSP. > > > > The proxy stuff is just a bit of a sanity check anyways. The packages that > > use CODE_SIGNING_ENV are bootloaders, images, etc. I'm not too worried > > about those. It's stuff like python packages that try to download missing > > dependencies at build-time. > > > > So this is fine, even if it's not 100 percent correct. > I know what you mean. > What do you think about adding it to the template? > I guess we should not copy this to x providers but define a macro. > I would think about: Yes, that's a good idea. Michael > --- a/rules/pre/010-code-signing.make > +++ b/rules/pre/010-code-signing.make > @@ -11,4 +11,7 @@ CODE_SIGNING_ENV = \ > OPENSSL_CONF="$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \ > OPENSSL_ENGINES="$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1" > > +ptx/online-code-signing-poriver = CODE_SIGNING_ENV += \ > + HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= > + > # vim: syntax=make > --- a/rules/templates/template-code-signing-provider-pre-make > +++ b/rules/templates/template-code-signing-provider-pre-make > @@ -9,6 +9,10 @@ > ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@ > CODE_SIGNING_ENV += \ > PKCS11_MODULE_PATH=@MODULE_PATH@ > + > +# if your provider communicates to a server uncomment the following lines > +# to allow network requests outside of get stage > +#$(call ptx/online-code-signing-poriver) > endif > > # vim: syntax=make -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-31 12:34 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-30 14:53 [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider Denis Osterland-Heim 2021-03-31 7:22 ` Michael Olbrich 2021-03-31 11:27 ` Denis Osterland-Heim 2021-03-31 12:34 ` Michael Olbrich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox