From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lRa2r-0007OK-6j for ptxdist@pengutronix.de; Wed, 31 Mar 2021 14:34:01 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1lRa2q-0005ej-T5 for ptxdist@pengutronix.de; Wed, 31 Mar 2021 14:34:00 +0200 Date: Wed, 31 Mar 2021 14:34:00 +0200 From: Michael Olbrich Message-ID: <20210331123400.GF8755@pengutronix.de> References: <20210331072235.GB8755@pengutronix.de> <301cec9b4825b5f6db8c69ec927bd2e0cb461477.camel@diehl.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <301cec9b4825b5f6db8c69ec927bd2e0cb461477.camel@diehl.com> Subject: Re: [ptxdist] [PATCH v2 0/2] yubi HSM pkcs11 plugin for signing provider List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de On Wed, Mar 31, 2021 at 11:27:58AM +0000, Denis Osterland-Heim wrote: > Hi, > > Am Mittwoch, den 31.03.2021, 09:22 +0200 schrieb Michael Olbrich: > > On Tue, Mar 30, 2021 at 02:53:42PM +0000, Denis Osterland-Heim wrote: > > > v1 -> v2: > > > - pass variables to CODE_SIGNING_ENV in favour of noproxy patch > > > - remove function extending patches, which seams easier to maintain > > > > > > Denis Osterland-Heim (2): > > > host-libcurl: enable http(s) support > > > host-yubihsm-shell: new package > > > > > > rules/host-libcurl.make | 4 ++-- > > > rules/host-yubihsm-shell.in | 13 +++++++++++++ > > > rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++++ > > > rules/pre/030-yubihsm-shell.make | 11 +++++++++++ > > > 4 files changed, 63 insertions(+), 2 deletions(-) > > > > > > base-commit: c33f9942d ("glib: version bump 2.66.6 -> 2.68.0") > > > > > > Return-Path: > > > X-Original-To: ptxdist@pengutronix.de > > > Delivered-To: osterlad@cwpc1435.diehlako.local > > > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > > > id ABA433E432B; Tue, 30 Mar 2021 16:48:30 +0200 (CEST) > > > From: Denis Osterland-Heim > > > To: ptxdist@pengutronix.de > > > Subject: [PATCH v2 1/2] host-libcurl: enable http(s) support > > > Date: Tue, 30 Mar 2021 16:48:27 +0200 > > > Message-Id: <20210330144828.15293-2-denis.osterland@diehl.com> > > > X-Mailer: git-send-email 2.31.1 > > > In-Reply-To: <20210330144828.15293-1-denis.osterland@diehl.com> > > > References: <20210330144828.15293-1-denis.osterland@diehl.com> > > > MIME-Version: 1.0 > > > Content-Transfer-Encoding: 8bit > > > > > > Signed-off-by: Denis Osterland-Heim > > > --- > > > rules/host-libcurl.make | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make > > > index dc28de778..1a2a1fcf5 100644 > > > --- a/rules/host-libcurl.make > > > +++ b/rules/host-libcurl.make > > > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT:= \ > > > --without-librtmp \ > > > \ > > > --disable-ares \ > > > ---disable-http \ > > > +--enable-http \ > > > --disable-nghttp2 \ > > > --disable-cookies \ > > > --disable-ftp \ > > > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT:= \ > > > --disable-file \ > > > --disable-crypto-auth \ > > > --disable-libssh2 \ > > > ---without-ssl > > > +--with-ssl > > > > still missing the openssl dependency. > sorry, will be in next version :-) > > > diff --git a/rules/pre/030-yubihsm-shell.make b/rules/pre/030-yubihsm-shell.make > > > new file mode 100644 > > > index 000000000..fbfc48f2d > > > --- /dev/null > > > +++ b/rules/pre/030-yubihsm-shell.make > > > @@ -0,0 +1,11 @@ > > > +# -*-makefile-*- > > > +# > > > +# Copyright (C) 2021 by Denis Osterland-Heim > > > +# > > > +# For further information about the PTXdist project and license conditions > > > +# see the README file. > > > +# > > > + > > > +ifdef PTXCONF_HOST_YUBIHSM_SHELL > > > +CODE_SIGNING_ENV += HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= > > > +endif > > > > Could you add a comment, why this is needed? > > > > Hmmm, in general, I'd prefer to ifdef based on the provider and not the > > package. But that will be some custom stuff and I don't want to require > > this kind of thing in the BSP. > > > > The proxy stuff is just a bit of a sanity check anyways. The packages that > > use CODE_SIGNING_ENV are bootloaders, images, etc. I'm not too worried > > about those. It's stuff like python packages that try to download missing > > dependencies at build-time. > > > > So this is fine, even if it's not 100 percent correct. > I know what you mean. > What do you think about adding it to the template? > I guess we should not copy this to x providers but define a macro. > I would think about: Yes, that's a good idea. Michael > --- a/rules/pre/010-code-signing.make > +++ b/rules/pre/010-code-signing.make > @@ -11,4 +11,7 @@ CODE_SIGNING_ENV = \ > OPENSSL_CONF="$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \ > OPENSSL_ENGINES="$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1" > > +ptx/online-code-signing-poriver = CODE_SIGNING_ENV += \ > + HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy= > + > # vim: syntax=make > --- a/rules/templates/template-code-signing-provider-pre-make > +++ b/rules/templates/template-code-signing-provider-pre-make > @@ -9,6 +9,10 @@ > ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@ > CODE_SIGNING_ENV += \ > PKCS11_MODULE_PATH=@MODULE_PATH@ > + > +# if your provider communicates to a server uncomment the following lines > +# to allow network requests outside of get stage > +#$(call ptx/online-code-signing-poriver) > endif > > # vim: syntax=make -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de