From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 23 Apr 2021 09:58:12 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lZqhY-0005UD-FX for lore@lore.pengutronix.de; Fri, 23 Apr 2021 09:58:12 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lZqhY-0006tr-6W; Fri, 23 Apr 2021 09:58:12 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lZqhA-0006tj-SQ; Fri, 23 Apr 2021 09:57:48 +0200 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lZqhA-0000xs-A5; Fri, 23 Apr 2021 09:57:48 +0200 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1lZqhA-007VPP-75; Fri, 23 Apr 2021 09:57:48 +0200 Date: Fri, 23 Apr 2021 09:57:48 +0200 From: Michael Olbrich To: Denis Osterland-Heim Message-ID: <20210423075748.GI4162561@pengutronix.de> Mail-Followup-To: Denis Osterland-Heim , "ptxdist@pengutronix.de" References: <86212c83ccffff0dffdb5f61444a3367a05c5fff.camel@diehl.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <86212c83ccffff0dffdb5f61444a3367a05c5fff.camel@diehl.com> User-Agent: Mutt/1.10.1 (2018-07-13) Subject: Re: [ptxdist] [PATCH v3 0/3] yubi HSM pkcs11 plugin for signing provider X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: "ptxdist@pengutronix.de" Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Wed, Apr 07, 2021 at 12:03:46PM +0000, Denis Osterland-Heim wrote: > v2 -> v3: > - add host-openssl dependency to host-libcurl > - remove 030-yubihsm-shell.make with code singing env change > - add macro for code signing env change and add it to template > = > Denis Osterland-Heim (3): > host-libcurl: enable http(s) support > host-yubihsm-shell: new package > code-signing: add macro to mark a online code signing provider FYI, I did apply these patches. But as they are attachments neither my tooling to detect patches that I still need to review/apply nor the git hook that sends the 'applied' message can track your patches. So you need to keep track of those yourself and remind me if anything gets lost. Michael > rules/host-libcurl.in | 1 + > rules/host-libcurl.make | 4 +-- > rules/host-yubihsm-shell.in | 13 ++++++++ > rules/host-yubihsm-shell.make | 37 ++++++++++++++++= ++++++ > rules/pre/010-code-signing.make | 7 ++++ > .../template-code-signing-provider-pre-make | 4 +++ > 6 files changed, 64 insertions(+), 2 deletions(-) > = > base-commit: c3361e082 ("wpewebkit: add runtime logging support") > Diehl Connectivity Solutions GmbH > Gesch=E4ftsf=FChrung: Horst Leonberger > Sitz der Gesellschaft: N=FCrnberg - Registergericht: Amtsgericht > N=FCrnberg: HRB 32315 > = > ________________________________ > = > Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-M= ail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. > Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhal= ten haben. Bitte loeschen Sie in diesem Fall die Nachricht. > Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung= und/oder Publikation dieser E-Mail ist strengstens untersagt. > = > - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten = Sie unter: > = > https://www.diehl.com/group/de/transparenz-und-informationspflichten/ > = > The contents of the above mentioned e-mail is not legally binding. This e= -mail contains confidential and/or legally protected information. Please in= form us if you have received this e-mail by > mistake and delete it in such a case. Each unauthorized reproduction, dis= closure, alteration, distribution and/or publication of this e-mail is stri= ctly prohibited. > = > - For general information on data protection and your respective rights p= lease visit: > = > https://www.diehl.com/group/en/transparency-and-information-obligations/ > = > = > Return-Path: > X-Original-To: ptxdist@pengutronix.de > Delivered-To: osterlad@cwpc1435.diehlako.local > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > id 729313E432A; Wed, 7 Apr 2021 13:54:50 +0200 (CEST) > From: Denis Osterland-Heim > To: ptxdist@pengutronix.de > Subject: [PATCH v3 2/3] host-yubihsm-shell: new package > Date: Wed, 7 Apr 2021 13:54:49 +0200 > Message-Id: <20210407115450.21355-2-denis.osterland@diehl.com> > X-Mailer: git-send-email 2.31.1 > In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com> > References: <20210407115450.21355-1-denis.osterland@diehl.com> > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > = > This package provides the pkcs11 plugin for yubi HSMs, > which allows to create a signing provider for it. > = > Signed-off-by: Denis Osterland-Heim > --- > rules/host-yubihsm-shell.in | 13 ++++++++++++ > rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++ > 2 files changed, 50 insertions(+) > create mode 100644 rules/host-yubihsm-shell.in > create mode 100644 rules/host-yubihsm-shell.make > = > diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in > new file mode 100644 > index 000000000..65d68fcce > --- /dev/null > +++ b/rules/host-yubihsm-shell.in > @@ -0,0 +1,13 @@ > +## SECTION=3Dhosttools_noprompt > + > +config HOST_YUBIHSM_SHELL > + tristate > + default y if ALLYES > + select HOST_CMAKE > + select HOST_OPENSSL > + select HOST_LIBCURL > + select HOST_LIBUSB > + select HOST_GENGETOPT > + select HOST_LIBEDIT > + select HOST_PCSC_LITE > + select HOST_LIBP11 > diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make > new file mode 100644 > index 000000000..3ebfc8c1f > --- /dev/null > +++ b/rules/host-yubihsm-shell.make > @@ -0,0 +1,37 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2021 by Denis Osterland-Heim > +# > +# For further information about the PTXdist project and license conditio= ns > +# see the README file. > +# > + > +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) +=3D host-yubihsm-shell > + > +# > +# Paths and names > +# > +HOST_YUBIHSM_SHELL_VERSION :=3D 2.1.0 > +HOST_YUBIHSM_SHELL_MD5 :=3D 7363c0bc4ed037e262474beaa6e1407b > +HOST_YUBIHSM_SHELL :=3D yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION) > +HOST_YUBIHSM_SHELL_SUFFIX :=3D tar.gz > +HOST_YUBIHSM_SHELL_URL :=3D https://github.com/Yubico/yubihsm-shell/arc= hive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX) > +HOST_YUBIHSM_SHELL_SOURCE :=3D $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YU= BIHSM_SHELL_SUFFIX) > +HOST_YUBIHSM_SHELL_DIR :=3D $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL) > + > +# ----------------------------------------------------------------------= ------ > +# Prepare > +# ----------------------------------------------------------------------= ------ > + > +# > +# cmake > +# > +HOST_YUBIHSM_SHELL_CONF_TOOL :=3D cmake > +HOST_YUBIHSM_SHELL_CONF_OPT :=3D \ > + $(HOST_CMAKE_OPT) \ > + -DBUILD_ONLY_LIB=3DOFF \ > + -DENABLE_COVERAGE=3DOFF \ > + -DSUPRESS_MSVC_WARNINGS=3DON \ > + -DWITHOUT_MANPAGES=3D1 > + > +# vim: syntax=3Dmake > -- = > 2.31.1 > = > Return-Path: > X-Original-To: ptxdist@pengutronix.de > Delivered-To: osterlad@cwpc1435.diehlako.local > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > id 735273E64BB; Wed, 7 Apr 2021 13:54:50 +0200 (CEST) > From: Denis Osterland-Heim > To: ptxdist@pengutronix.de > Subject: [PATCH v3 3/3] code-signing: add macro to mark a online code sig= ning provider > Date: Wed, 7 Apr 2021 13:54:50 +0200 > Message-Id: <20210407115450.21355-3-denis.osterland@diehl.com> > X-Mailer: git-send-email 2.31.1 > In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com> > References: <20210407115450.21355-1-denis.osterland@diehl.com> > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > = > Normally server interaction is only allowed in get stage, > but a code signing provider may have to communicate with a CA > server for a signature. This macro enables all code signing > user packages (kernel-fit, barebox, ...) to interact with a > server outside the get stage. > = > Signed-off-by: Denis Osterland-Heim > --- > rules/pre/010-code-signing.make | 7 +++++++ > rules/templates/template-code-signing-provider-pre-make | 4 ++++ > 2 files changed, 11 insertions(+) > = > diff --git a/rules/pre/010-code-signing.make b/rules/pre/010-code-signing= .make > index ac3bdbc56..370595600 100644 > --- a/rules/pre/010-code-signing.make > +++ b/rules/pre/010-code-signing.make > @@ -11,4 +11,11 @@ CODE_SIGNING_ENV =3D \ > OPENSSL_CONF=3D"$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \ > OPENSSL_ENGINES=3D"$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1" > = > +# > +# This macro is used to allow a code signing provider > +# to communicate with a server in an other stage than get > +# > +ptx/online-code-signing-provider =3D $(eval CODE_SIGNING_ENV +=3D \ > + HTTPS_PROXY=3D HTTP_PROXY=3D https_proxy=3D http_proxy=3D) > + > # vim: syntax=3Dmake > diff --git a/rules/templates/template-code-signing-provider-pre-make b/ru= les/templates/template-code-signing-provider-pre-make > index 6050cd149..90b58d2c2 100644 > --- a/rules/templates/template-code-signing-provider-pre-make > +++ b/rules/templates/template-code-signing-provider-pre-make > @@ -9,6 +9,10 @@ > ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@ > CODE_SIGNING_ENV +=3D \ > PKCS11_MODULE_PATH=3D@MODULE_PATH@ > + > +# if your provider communicates to a server uncomment the following lines > +# to allow network requests outside of get stage > +#$(call ptx/online-code-signing-provider) > endif > = > # vim: syntax=3Dmake > -- = > 2.31.1 > = > Return-Path: > X-Original-To: ptxdist@pengutronix.de > Delivered-To: osterlad@cwpc1435.diehlako.local > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001) > id 6E9243E64BC; Wed, 7 Apr 2021 13:54:50 +0200 (CEST) > From: Denis Osterland-Heim > To: ptxdist@pengutronix.de > Subject: [PATCH v3 1/3] host-libcurl: enable http(s) support > Date: Wed, 7 Apr 2021 13:54:48 +0200 > Message-Id: <20210407115450.21355-1-denis.osterland@diehl.com> > X-Mailer: git-send-email 2.31.1 > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > = > Signed-off-by: Denis Osterland-Heim > --- > rules/host-libcurl.in | 1 + > rules/host-libcurl.make | 4 ++-- > 2 files changed, 3 insertions(+), 2 deletions(-) > = > diff --git a/rules/host-libcurl.in b/rules/host-libcurl.in > index dfce3ab95..cd4b4ceb0 100644 > --- a/rules/host-libcurl.in > +++ b/rules/host-libcurl.in > @@ -2,4 +2,5 @@ > = > config HOST_LIBCURL > tristate > + select HOST_OPENSSL > default y if ALLYES > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make > index dc28de778..1a2a1fcf5 100644 > --- a/rules/host-libcurl.make > +++ b/rules/host-libcurl.make > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT :=3D \ > --without-librtmp \ > \ > --disable-ares \ > - --disable-http \ > + --enable-http \ > --disable-nghttp2 \ > --disable-cookies \ > --disable-ftp \ > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT :=3D \ > --disable-file \ > --disable-crypto-auth \ > --disable-libssh2 \ > - --without-ssl > + --with-ssl > = > $(STATEDIR)/host-libcurl.install: > @$(call targetinfo) > -- = > 2.31.1 > = > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request= @pengutronix.de _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@p= engutronix.de