From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Denis Osterland-Heim <denis.osterland@diehl.com>
Cc: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Subject: Re: [ptxdist] [PATCH v3 0/3] yubi HSM pkcs11 plugin for signing provider
Date: Fri, 23 Apr 2021 09:57:48 +0200 [thread overview]
Message-ID: <20210423075748.GI4162561@pengutronix.de> (raw)
In-Reply-To: <86212c83ccffff0dffdb5f61444a3367a05c5fff.camel@diehl.com>
On Wed, Apr 07, 2021 at 12:03:46PM +0000, Denis Osterland-Heim wrote:
> v2 -> v3:
> - add host-openssl dependency to host-libcurl
> - remove 030-yubihsm-shell.make with code singing env change
> - add macro for code signing env change and add it to template
>
> Denis Osterland-Heim (3):
> host-libcurl: enable http(s) support
> host-yubihsm-shell: new package
> code-signing: add macro to mark a online code signing provider
FYI, I did apply these patches. But as they are attachments neither my
tooling to detect patches that I still need to review/apply nor the git
hook that sends the 'applied' message can track your patches.
So you need to keep track of those yourself and remind me if anything gets
lost.
Michael
> rules/host-libcurl.in | 1 +
> rules/host-libcurl.make | 4 +--
> rules/host-yubihsm-shell.in | 13 ++++++++
> rules/host-yubihsm-shell.make | 37 ++++++++++++++++++++++
> rules/pre/010-code-signing.make | 7 ++++
> .../template-code-signing-provider-pre-make | 4 +++
> 6 files changed, 64 insertions(+), 2 deletions(-)
>
> base-commit: c3361e082 ("wpewebkit: add runtime logging support")
> Diehl Connectivity Solutions GmbH
> Geschäftsführung: Horst Leonberger
> Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
> Nürnberg: HRB 32315
>
> ________________________________
>
> Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
> Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
> Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
>
> - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
>
> https://www.diehl.com/group/de/transparenz-und-informationspflichten/
>
> The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
> mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
>
> - For general information on data protection and your respective rights please visit:
>
> https://www.diehl.com/group/en/transparency-and-information-obligations/
>
>
> Return-Path: <osterlad@cwpc1435.diehlako.local>
> X-Original-To: ptxdist@pengutronix.de
> Delivered-To: osterlad@cwpc1435.diehlako.local
> Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> id 729313E432A; Wed, 7 Apr 2021 13:54:50 +0200 (CEST)
> From: Denis Osterland-Heim <denis.osterland@diehl.com>
> To: ptxdist@pengutronix.de
> Subject: [PATCH v3 2/3] host-yubihsm-shell: new package
> Date: Wed, 7 Apr 2021 13:54:49 +0200
> Message-Id: <20210407115450.21355-2-denis.osterland@diehl.com>
> X-Mailer: git-send-email 2.31.1
> In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> References: <20210407115450.21355-1-denis.osterland@diehl.com>
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
>
> This package provides the pkcs11 plugin for yubi HSMs,
> which allows to create a signing provider for it.
>
> Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> ---
> rules/host-yubihsm-shell.in | 13 ++++++++++++
> rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++
> 2 files changed, 50 insertions(+)
> create mode 100644 rules/host-yubihsm-shell.in
> create mode 100644 rules/host-yubihsm-shell.make
>
> diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in
> new file mode 100644
> index 000000000..65d68fcce
> --- /dev/null
> +++ b/rules/host-yubihsm-shell.in
> @@ -0,0 +1,13 @@
> +## SECTION=hosttools_noprompt
> +
> +config HOST_YUBIHSM_SHELL
> + tristate
> + default y if ALLYES
> + select HOST_CMAKE
> + select HOST_OPENSSL
> + select HOST_LIBCURL
> + select HOST_LIBUSB
> + select HOST_GENGETOPT
> + select HOST_LIBEDIT
> + select HOST_PCSC_LITE
> + select HOST_LIBP11
> diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make
> new file mode 100644
> index 000000000..3ebfc8c1f
> --- /dev/null
> +++ b/rules/host-yubihsm-shell.make
> @@ -0,0 +1,37 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2021 by Denis Osterland-Heim <Denis.Osterland@diehl.com>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) += host-yubihsm-shell
> +
> +#
> +# Paths and names
> +#
> +HOST_YUBIHSM_SHELL_VERSION := 2.1.0
> +HOST_YUBIHSM_SHELL_MD5 := 7363c0bc4ed037e262474beaa6e1407b
> +HOST_YUBIHSM_SHELL := yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION)
> +HOST_YUBIHSM_SHELL_SUFFIX := tar.gz
> +HOST_YUBIHSM_SHELL_URL := https://github.com/Yubico/yubihsm-shell/archive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX)
> +HOST_YUBIHSM_SHELL_SOURCE := $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YUBIHSM_SHELL_SUFFIX)
> +HOST_YUBIHSM_SHELL_DIR := $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL)
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# cmake
> +#
> +HOST_YUBIHSM_SHELL_CONF_TOOL := cmake
> +HOST_YUBIHSM_SHELL_CONF_OPT := \
> + $(HOST_CMAKE_OPT) \
> + -DBUILD_ONLY_LIB=OFF \
> + -DENABLE_COVERAGE=OFF \
> + -DSUPRESS_MSVC_WARNINGS=ON \
> + -DWITHOUT_MANPAGES=1
> +
> +# vim: syntax=make
> --
> 2.31.1
>
> Return-Path: <osterlad@cwpc1435.diehlako.local>
> X-Original-To: ptxdist@pengutronix.de
> Delivered-To: osterlad@cwpc1435.diehlako.local
> Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> id 735273E64BB; Wed, 7 Apr 2021 13:54:50 +0200 (CEST)
> From: Denis Osterland-Heim <denis.osterland@diehl.com>
> To: ptxdist@pengutronix.de
> Subject: [PATCH v3 3/3] code-signing: add macro to mark a online code signing provider
> Date: Wed, 7 Apr 2021 13:54:50 +0200
> Message-Id: <20210407115450.21355-3-denis.osterland@diehl.com>
> X-Mailer: git-send-email 2.31.1
> In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> References: <20210407115450.21355-1-denis.osterland@diehl.com>
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
>
> Normally server interaction is only allowed in get stage,
> but a code signing provider may have to communicate with a CA
> server for a signature. This macro enables all code signing
> user packages (kernel-fit, barebox, ...) to interact with a
> server outside the get stage.
>
> Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> ---
> rules/pre/010-code-signing.make | 7 +++++++
> rules/templates/template-code-signing-provider-pre-make | 4 ++++
> 2 files changed, 11 insertions(+)
>
> diff --git a/rules/pre/010-code-signing.make b/rules/pre/010-code-signing.make
> index ac3bdbc56..370595600 100644
> --- a/rules/pre/010-code-signing.make
> +++ b/rules/pre/010-code-signing.make
> @@ -11,4 +11,11 @@ CODE_SIGNING_ENV = \
> OPENSSL_CONF="$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \
> OPENSSL_ENGINES="$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1"
>
> +#
> +# This macro is used to allow a code signing provider
> +# to communicate with a server in an other stage than get
> +#
> +ptx/online-code-signing-provider = $(eval CODE_SIGNING_ENV += \
> + HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy=)
> +
> # vim: syntax=make
> diff --git a/rules/templates/template-code-signing-provider-pre-make b/rules/templates/template-code-signing-provider-pre-make
> index 6050cd149..90b58d2c2 100644
> --- a/rules/templates/template-code-signing-provider-pre-make
> +++ b/rules/templates/template-code-signing-provider-pre-make
> @@ -9,6 +9,10 @@
> ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@
> CODE_SIGNING_ENV += \
> PKCS11_MODULE_PATH=@MODULE_PATH@
> +
> +# if your provider communicates to a server uncomment the following lines
> +# to allow network requests outside of get stage
> +#$(call ptx/online-code-signing-provider)
> endif
>
> # vim: syntax=make
> --
> 2.31.1
>
> Return-Path: <osterlad@cwpc1435.diehlako.local>
> X-Original-To: ptxdist@pengutronix.de
> Delivered-To: osterlad@cwpc1435.diehlako.local
> Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> id 6E9243E64BC; Wed, 7 Apr 2021 13:54:50 +0200 (CEST)
> From: Denis Osterland-Heim <denis.osterland@diehl.com>
> To: ptxdist@pengutronix.de
> Subject: [PATCH v3 1/3] host-libcurl: enable http(s) support
> Date: Wed, 7 Apr 2021 13:54:48 +0200
> Message-Id: <20210407115450.21355-1-denis.osterland@diehl.com>
> X-Mailer: git-send-email 2.31.1
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
>
> Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> ---
> rules/host-libcurl.in | 1 +
> rules/host-libcurl.make | 4 ++--
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/rules/host-libcurl.in b/rules/host-libcurl.in
> index dfce3ab95..cd4b4ceb0 100644
> --- a/rules/host-libcurl.in
> +++ b/rules/host-libcurl.in
> @@ -2,4 +2,5 @@
>
> config HOST_LIBCURL
> tristate
> + select HOST_OPENSSL
> default y if ALLYES
> diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
> index dc28de778..1a2a1fcf5 100644
> --- a/rules/host-libcurl.make
> +++ b/rules/host-libcurl.make
> @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT := \
> --without-librtmp \
> \
> --disable-ares \
> - --disable-http \
> + --enable-http \
> --disable-nghttp2 \
> --disable-cookies \
> --disable-ftp \
> @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT := \
> --disable-file \
> --disable-crypto-auth \
> --disable-libssh2 \
> - --without-ssl
> + --with-ssl
>
> $(STATEDIR)/host-libcurl.install:
> @$(call targetinfo)
> --
> 2.31.1
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
next prev parent reply other threads:[~2021-04-23 7:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 12:03 Denis Osterland-Heim
2021-04-23 7:57 ` Michael Olbrich [this message]
2021-04-23 9:34 ` Denis Osterland-Heim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210423075748.GI4162561@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=denis.osterland@diehl.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox