* [ptxdist] [PATCH v2 2/7] ptxd_lib_code_signing: introduce role groups
2021-06-27 23:11 [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Roland Hieber
@ 2021-06-27 23:11 ` Roland Hieber
2021-06-27 23:11 ` [ptxdist] [PATCH v2 3/7] templates/code-signing-provider: set up the 'imx-habv4-srk' role group Roland Hieber
` (5 subsequent siblings)
6 siblings, 0 replies; 18+ messages in thread
From: Roland Hieber @ 2021-06-27 23:11 UTC (permalink / raw)
To: ptxdist; +Cc: Marc Kleine-Budde, Roland Hieber
From: Marc Kleine-Budde <mkl@pengutronix.de>
A role group consists of one or more roles. It should be used where more
than one role is needed, but the exact names and/or number of roles
depend on the used code signing provider.
For example the generation of the imx HABv4 fuse table can use 1 to 4
SRK keys as input. If the signing provider is an HSM, the current
mechanism with continuous numbered URI may not work – role groups to the
rescue.
To make use of role groups, define roles as usual:
| r="imx-habv4-srk1"
| cs_define_role "${r}"
| cs_set_uri "${r}" "pkcs11:object=SRK CA 0"
| cs_append_ca_from_uri "${r}"
|
| r="imx-habv4-srk2"
| cs_define_role "${r}"
| cs_set_uri "${r}" "pkcs11:object=SRK CA 1"
| cs_append_ca_from_uri "${r}"
Now define a role group and add the roles to the group:
| g="imx-habv4-srk"
| cs_define_group "${g}"
| cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2"
Use the function cs_group_get_roles() to get the roles of a group.
In a later patch the function ptxd_make_imx_habv4_gen_table() is
converted to make use $(cs_group_get_roles imx-habv4-srk) to get the
roles of the imx-habv4-srk group.
Co-authored-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2 (rhi):
- reorder from PATCH 1/n to PATCH 2/n
- be more concise and call the new concept "role groups" instead of the
(less expressive) "code signing groups" or "key groups"
- add API docs for new shell functions (feedback from myself)
- rephrase and fix typos in commit message
PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-1-mkl@pengutronix.de
---
doc/dev_code_signing.rst | 5 ++
doc/ref_code_signing_helpers.rst | 79 ++++++++++++++++++++++++++++
scripts/lib/ptxd_lib_code_signing.sh | 45 ++++++++++++++++
3 files changed, 129 insertions(+)
diff --git a/doc/dev_code_signing.rst b/doc/dev_code_signing.rst
index 56ac0e3b3217..1f43f2b60ade 100644
--- a/doc/dev_code_signing.rst
+++ b/doc/dev_code_signing.rst
@@ -19,6 +19,11 @@ development) the URIs are usually not hardcoded in the package configuration.
Instead, PTXdist has the idea of **roles** which are string identifiers used to
access a single private/public key pair and a certificate.
+Roles can be grouped into **role groups**.
+Role groups should be used where more than one role is needed, but the exact
+names and/or number of roles depend on the concrete code signing provider.
+For example, an i.MX HABv4 fuse table can contain up to four keys.
+
Finally, one or several **code signing providers** supply the mapping from
roles to the respective key material or even provide it themselves for
development.
diff --git a/doc/ref_code_signing_helpers.rst b/doc/ref_code_signing_helpers.rst
index f7928f52ebef..99a395b287c9 100644
--- a/doc/ref_code_signing_helpers.rst
+++ b/doc/ref_code_signing_helpers.rst
@@ -215,6 +215,85 @@ Preconditions:
- when used with SoftHSM, certificates must have been imported before
(see :ref:`cs_import_cert_from_der`, :ref:`cs_import_cert_from_pem`)
+.. _cs_define_group:
+
+cs_define_group
+^^^^^^^^^^^^^^^
+
+Usage:
+
+.. code-block:: bash
+
+ cs_define_group <group>
+
+Define a new role group.
+
+See :ref:`cs_group_add_roles` for an example.
+
+.. _cs_group_add_roles:
+
+cs_group_add_roles
+^^^^^^^^^^^^^^^^^^
+
+Usage:
+
+.. code-block:: bash
+
+ cs_group_add_roles <group> <roles...>
+
+Add all given roles to a role group.
+
+Preconditions:
+
+- the group must have been defined (see :ref:`cs_define_group`)
+- the role(s) must have been defined (see :ref:`cs_define_role`)
+
+Example:
+
+.. code-block:: bash
+
+ # define two roles named imx-habv4-srk1 and imx-habv4-srk2
+ r="imx-habv4-srk1"
+ cs_define_role "${r}"
+ cs_set_uri "${r}" "pkcs11:object=SRK CA 0"
+ cs_append_ca_from_uri "${r}"
+ r="imx-habv4-srk2"
+ cs_define_role "${r}"
+ cs_set_uri "${r}" "pkcs11:object=SRK CA 1"
+ cs_append_ca_from_uri "${r}"
+
+ # define a group and add the roles
+ g="imx-habv4-srk"
+ cs_define_group "${g}"
+ cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2"
+
+.. _cs_group_get_roles:
+
+cs_group_get_roles
+^^^^^^^^^^^^^^^^^^
+
+Usage:
+
+.. code-block:: bash
+
+ cs_group_get_roles <group>
+
+Get a list of all roles that have been added to the role group.
+
+Example:
+
+.. code-block:: bash
+
+ # iterate over role names in a role group, and print their name and URI
+ for role in $(cs_group_get_roles "imx-habv4-srk"); do
+ echo "role '${role}' has URI '$(cs_get_uri "${role}")'"
+ done
+
+In the example given in :ref:`cs_group_add_roles` above, this would print::
+
+ role 'imx-habv4-srk1' has URI 'pkcs11:object=SRK CA 0'
+ role 'imx-habv4-srk2' has URI 'pkcs11:object=SRK CA 1'
+
Consumer Functions
~~~~~~~~~~~~~~~~~~
diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
index 0026cdc4dec0..ca101d635574 100644
--- a/scripts/lib/ptxd_lib_code_signing.sh
+++ b/scripts/lib/ptxd_lib_code_signing.sh
@@ -99,6 +99,51 @@ cs_define_role() {
}
export -f cs_define_role
+#
+# cs_define_group <group>
+#
+# Define a new role group.
+#
+cs_define_group() {
+ local group="${1}"
+ cs_init_variables
+
+ mkdir -p "${keydir}/${group}.group" &&
+ rm -f "${keydir}/${group}.group/roles"
+}
+export -f cs_define_group
+
+#
+# cs_group_add_roles <group> <role> ... <role>
+#
+# Set the roles for a group
+#
+cs_group_add_roles() {
+ local group="${1}"
+ shift
+ cs_init_variables
+
+ local orig_IFS="${IFS}"
+ IFS="
+"
+ echo "${*}" >> "${keydir}/${group}.group/roles" &&
+ IFS=${orig_IFS}
+}
+export -f cs_group_add_roles
+
+#
+# cs_group_get_roles <group>
+#
+# Gets the roles of a group
+#
+cs_group_get_roles() {
+ local group="${1}"
+ cs_init_variables
+
+ cat "${keydir}/${group}.group/roles"
+}
+export -f cs_group_get_roles
+
#
# cs_set_uri <role> <uri>
#
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* [ptxdist] [PATCH v2 3/7] templates/code-signing-provider: set up the 'imx-habv4-srk' role group
2021-06-27 23:11 [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Roland Hieber
2021-06-27 23:11 ` [ptxdist] [PATCH v2 2/7] ptxd_lib_code_signing: introduce role groups Roland Hieber
@ 2021-06-27 23:11 ` Roland Hieber
2021-06-27 23:11 ` [ptxdist] [PATCH v2 4/7] templates/barebox-imx-habv4: use " Roland Hieber
` (4 subsequent siblings)
6 siblings, 0 replies; 18+ messages in thread
From: Roland Hieber @ 2021-06-27 23:11 UTC (permalink / raw)
To: ptxdist; +Cc: Marc Kleine-Budde, Roland Hieber
From: Marc Kleine-Budde <mkl@pengutronix.de>
Existing barebox-imx-habv4 recipes can still use the indexed
'imx-habv4-srk%d ' roles to fetch the SRK keys, but for compatibility
with HSM use cases that don't supported indexed role names, set up a new
role group that contains the roles.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2 (rhi):
- split off code signing provider template changes from library and
consumer changes (see next patch) to make patches easier to port to
existing code signing providers
PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-2-mkl@pengutronix.de
---
.../templates/code-signing-provider/ptxdist-set-keys-hsm.sh | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh
index bcd531d69572..b94eff049eac 100755
--- a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh
+++ b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh
@@ -18,7 +18,7 @@ set_rauc_keys() {
}
set_imx_habv4_keys() {
- local r
+ local r g
# HSM use case, assuming it contains only 1st CSF/IMG key
for i in 1 2 3 4; do
@@ -28,6 +28,10 @@ set_imx_habv4_keys() {
cs_append_ca_from_uri "${r}"
done
+ g="imx-habv4-srk"
+ cs_define_group "${g}"
+ cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" "imx-habv4-srk3" "imx-habv4-srk4"
+
r="imx-habv4-csf1"
cs_define_role ${r}
cs_set_uri "${r}" "pkcs11:token=foo;object=csf1"
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* [ptxdist] [PATCH v2 4/7] templates/barebox-imx-habv4: use the 'imx-habv4-srk' role group
2021-06-27 23:11 [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Roland Hieber
2021-06-27 23:11 ` [ptxdist] [PATCH v2 2/7] ptxd_lib_code_signing: introduce role groups Roland Hieber
2021-06-27 23:11 ` [ptxdist] [PATCH v2 3/7] templates/code-signing-provider: set up the 'imx-habv4-srk' role group Roland Hieber
@ 2021-06-27 23:11 ` Roland Hieber
2021-06-27 23:11 ` [ptxdist] [PATCH v2 5/7] host-ptx-code-signing-dev: version bump 0.4 -> 0.5 Roland Hieber
` (3 subsequent siblings)
6 siblings, 0 replies; 18+ messages in thread
From: Roland Hieber @ 2021-06-27 23:11 UTC (permalink / raw)
To: ptxdist; +Cc: Marc Kleine-Budde, Roland Hieber
From: Marc Kleine-Budde <mkl@pengutronix.de>
The previous patch taught new code signing providers to set up the
'imx-habv4-srk' role group. This patch uses it for the barebox-imx-habv4
recipe.
Keep backwards compatibility with the old way of using indexed role
names in the library part, so existing recipes can still work with
ptxd_make_imx_habv4_gen_table() if their code signing provider sets up
the roles appropriately.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2 (rhi):
- split up code signing provider template changes (see previous patch)
from lib and consumer changes
- fix ptxd_make_imx_habv4_gen_table() documentation comments
PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-2-mkl@pengutronix.de
---
.../templates/template-barebox-imx-habv4-make | 2 +-
scripts/lib/ptxd_lib_imx_hab.sh | 49 ++++++++++++++-----
2 files changed, 37 insertions(+), 14 deletions(-)
diff --git a/rules/templates/template-barebox-imx-habv4-make b/rules/templates/template-barebox-imx-habv4-make
index eb752c8349d9..cc825dc90292 100644
--- a/rules/templates/template-barebox-imx-habv4-make
+++ b/rules/templates/template-barebox-imx-habv4-make
@@ -74,7 +74,7 @@ $(STATEDIR)/barebox-@package@.compile:
@$(call targetinfo)
@$(call world/env, BAREBOX_@PACKAGE@) \
- ptxd_make_imx_habv4_gen_table "imx-habv4-srk%d" 4
+ ptxd_make_imx_habv4_gen_table imx-habv4-srk
@$(call world/compile, BAREBOX_@PACKAGE@)
diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
index d1e2aba99fab..fa5b3e2c1439 100644
--- a/scripts/lib/ptxd_lib_imx_hab.sh
+++ b/scripts/lib/ptxd_lib_imx_hab.sh
@@ -9,12 +9,14 @@
#
# ptxd_make_imx_habv4_gen_table - generate the srk fuse file and srk table for i.MX HABv4
#
-# usage: ptxd_make_imx_habv4_gen_table <template> [<srk_count>]
+# usage: ptxd_make_imx_habv4_gen_table <role group>
+# ptxd_make_imx_habv4_gen_table <template> [<srk_count>]
#
+# role group: the group that specifies all roles to access the keys
# template: the role template to access the keys. Must contain a "%d" which is
# used as index
-# srk_count: the number of keys (keys with index 1..srk_count will be used),
-# defaults to 4
+# srk_count: only when using <template>: the number of keys (keys with index
+# 1..srk_count will be used), defaults to 4
#
# The output files are generated in the package build dir:
#
@@ -25,25 +27,46 @@
# This will contain the srk hash which must be written to the fuses
#
ptxd_make_imx_habv4_gen_table_impl() {
+ local group="${1}"
local template="${1}"
local srk_count="${2}"
local table_bin="${pkg_build_dir}/imx-srk-table.bin"
local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
local -a certs
+ local i
- if [ -z "${srk_count}" ]; then
- srk_count=4
- fi
+ case "${template}" in
+ *%d*) # <template> [<srk_count>]
+ if [ -z "${srk_count}" ]; then
+ srk_count=4
+ fi
- if [ "${srk_count}" -gt 4 ]; then
- ptxd_bailout "HABv4 allows only 4 certificates"
- fi
+ if [ "${srk_count}" -gt 4 ]; then
+ ptxd_bailout "HABv4 allows only 4 certificates"
+ fi
- echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
+ for i in $(seq ${srk_count}); do
+ certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
+ done
+ ;;
+
+ *) # <role group>
+ local -a roles=( $(cs_group_get_roles "${group}") )
+
+ if [ "${#roles[@]}" -eq 0 ]; then
+ ptxd_bailout "Failed to get roles for group '${group}'"
+ fi
- for i in $(seq ${srk_count}); do
- certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
- done
+ if [ "${#roles[@]}" -gt 4 ]; then
+ ptxd_bailout "HABv4 allows only 4 certificates"
+ fi
+
+ for i in "${roles[@]}"; do
+ certs[${#certs[*]}]="$(cs_get_ca "${i}")"
+ done
+ esac
+
+ echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
local orig_IFS="${IFS}"
IFS=","
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* [ptxdist] [PATCH v2 5/7] host-ptx-code-signing-dev: version bump 0.4 -> 0.5
2021-06-27 23:11 [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Roland Hieber
` (2 preceding siblings ...)
2021-06-27 23:11 ` [ptxdist] [PATCH v2 4/7] templates/barebox-imx-habv4: use " Roland Hieber
@ 2021-06-27 23:11 ` Roland Hieber
2021-06-27 23:11 ` [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation Roland Hieber
` (2 subsequent siblings)
6 siblings, 0 replies; 18+ messages in thread
From: Roland Hieber @ 2021-06-27 23:11 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
With this version, host-ptx-code-signing-dev sets up the new role groups
imx-habv4-srk, imx-habv4-csf and imx-habv4-img.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2 (rhi):
- new patch in v2 (feedback from Michael Olbrich)
---
rules/host-ptx-code-signing-dev.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/host-ptx-code-signing-dev.make b/rules/host-ptx-code-signing-dev.make
index af7a774bc9a4..2314f88c2d88 100644
--- a/rules/host-ptx-code-signing-dev.make
+++ b/rules/host-ptx-code-signing-dev.make
@@ -14,8 +14,8 @@ HOST_PACKAGES-$(PTXCONF_HOST_PTX_CODE_SIGNING_DEV) += host-ptx-code-signing-dev
#
# Paths and names
#
-HOST_PTX_CODE_SIGNING_DEV_VERSION := 0.4
-HOST_PTX_CODE_SIGNING_DEV_MD5 := 853ac0147adc0b46dc695e16a7101aaa
+HOST_PTX_CODE_SIGNING_DEV_VERSION := 0.5
+HOST_PTX_CODE_SIGNING_DEV_MD5 := ec83c9225c520932b515a7c3b353d149
HOST_PTX_CODE_SIGNING_DEV := ptx-code-signing-dev-$(HOST_PTX_CODE_SIGNING_DEV_VERSION)
HOST_PTX_CODE_SIGNING_DEV_SUFFIX := tar.gz
HOST_PTX_CODE_SIGNING_DEV_URL := https://git.pengutronix.de/cgit/ptx-code-signing-dev/snapshot/$(HOST_PTX_CODE_SIGNING_DEV).$(HOST_PTX_CODE_SIGNING_DEV_SUFFIX)
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation
2021-06-27 23:11 [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Roland Hieber
` (3 preceding siblings ...)
2021-06-27 23:11 ` [ptxdist] [PATCH v2 5/7] host-ptx-code-signing-dev: version bump 0.4 -> 0.5 Roland Hieber
@ 2021-06-27 23:11 ` Roland Hieber
2021-06-28 6:42 ` Michael Olbrich
2021-06-27 23:11 ` [ptxdist] [PATCH v2 7/7] ptxd_lib_code_signing: " Roland Hieber
2021-06-28 6:38 ` [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Michael Olbrich
6 siblings, 1 reply; 18+ messages in thread
From: Roland Hieber @ 2021-06-27 23:11 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
and spaces.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2 (rhi):
- new patch in v2
- not essential, but slowly start fixing indentation in scripts/lib
- git show -w is empty
---
scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++-----------------
1 file changed, 43 insertions(+), 43 deletions(-)
diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
index fa5b3e2c1439..7af2b1112855 100644
--- a/scripts/lib/ptxd_lib_imx_hab.sh
+++ b/scripts/lib/ptxd_lib_imx_hab.sh
@@ -27,64 +27,64 @@
# This will contain the srk hash which must be written to the fuses
#
ptxd_make_imx_habv4_gen_table_impl() {
- local group="${1}"
- local template="${1}"
- local srk_count="${2}"
- local table_bin="${pkg_build_dir}/imx-srk-table.bin"
- local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
- local -a certs
- local i
+ local group="${1}"
+ local template="${1}"
+ local srk_count="${2}"
+ local table_bin="${pkg_build_dir}/imx-srk-table.bin"
+ local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
+ local -a certs
+ local i
- case "${template}" in
- *%d*) # <template> [<srk_count>]
- if [ -z "${srk_count}" ]; then
- srk_count=4
- fi
+ case "${template}" in
+ *%d*) # <template> [<srk_count>]
+ if [ -z "${srk_count}" ]; then
+ srk_count=4
+ fi
- if [ "${srk_count}" -gt 4 ]; then
- ptxd_bailout "HABv4 allows only 4 certificates"
- fi
+ if [ "${srk_count}" -gt 4 ]; then
+ ptxd_bailout "HABv4 allows only 4 certificates"
+ fi
- for i in $(seq ${srk_count}); do
- certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
- done
- ;;
+ for i in $(seq ${srk_count}); do
+ certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
+ done
+ ;;
- *) # <role group>
- local -a roles=( $(cs_group_get_roles "${group}") )
+ *) # <role group>
+ local -a roles=( $(cs_group_get_roles "${group}") )
- if [ "${#roles[@]}" -eq 0 ]; then
- ptxd_bailout "Failed to get roles for group '${group}'"
- fi
+ if [ "${#roles[@]}" -eq 0 ]; then
+ ptxd_bailout "Failed to get roles for group '${group}'"
+ fi
- if [ "${#roles[@]}" -gt 4 ]; then
- ptxd_bailout "HABv4 allows only 4 certificates"
- fi
+ if [ "${#roles[@]}" -gt 4 ]; then
+ ptxd_bailout "HABv4 allows only 4 certificates"
+ fi
- for i in "${roles[@]}"; do
- certs[${#certs[*]}]="$(cs_get_ca "${i}")"
- done
- esac
+ for i in "${roles[@]}"; do
+ certs[${#certs[*]}]="$(cs_get_ca "${i}")"
+ done
+ esac
- echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
+ echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
- local orig_IFS="${IFS}"
- IFS=","
- certs="${certs[*]}"
- IFS="${orig_IFS}"
+ local orig_IFS="${IFS}"
+ IFS=","
+ certs="${certs[*]}"
+ IFS="${orig_IFS}"
- ptxd_exec srktool --hab_ver 4 \
- --table "${table_bin}" \
- --efuses "${srk_fuse_bin}" \
- --digest sha256 \
- --certs "${certs}"
+ ptxd_exec srktool --hab_ver 4 \
+ --table "${table_bin}" \
+ --efuses "${srk_fuse_bin}" \
+ --digest sha256 \
+ --certs "${certs}"
}
export -f ptxd_make_imx_habv4_gen_table_impl
ptxd_make_imx_habv4_gen_table() {
- ptxd_make_world_init &&
+ ptxd_make_world_init &&
- ptxd_eval \
+ ptxd_eval \
"${pkg_make_env}" \
ptxd_make_imx_habv4_gen_table_impl "${@}"
}
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation
2021-06-27 23:11 ` [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation Roland Hieber
@ 2021-06-28 6:42 ` Michael Olbrich
2021-07-08 20:02 ` Roland Hieber
` (2 more replies)
0 siblings, 3 replies; 18+ messages in thread
From: Michael Olbrich @ 2021-06-28 6:42 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote:
> Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
> and spaces.
No. Everything is scripts is indented this way: Indention is 4 Spaces
tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way
:-).
Michael
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
> PATCH v2 (rhi):
> - new patch in v2
> - not essential, but slowly start fixing indentation in scripts/lib
> - git show -w is empty
> ---
> scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++-----------------
> 1 file changed, 43 insertions(+), 43 deletions(-)
>
> diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
> index fa5b3e2c1439..7af2b1112855 100644
> --- a/scripts/lib/ptxd_lib_imx_hab.sh
> +++ b/scripts/lib/ptxd_lib_imx_hab.sh
> @@ -27,64 +27,64 @@
> # This will contain the srk hash which must be written to the fuses
> #
> ptxd_make_imx_habv4_gen_table_impl() {
> - local group="${1}"
> - local template="${1}"
> - local srk_count="${2}"
> - local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> - local -a certs
> - local i
> + local group="${1}"
> + local template="${1}"
> + local srk_count="${2}"
> + local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> + local -a certs
> + local i
>
> - case "${template}" in
> - *%d*) # <template> [<srk_count>]
> - if [ -z "${srk_count}" ]; then
> - srk_count=4
> - fi
> + case "${template}" in
> + *%d*) # <template> [<srk_count>]
> + if [ -z "${srk_count}" ]; then
> + srk_count=4
> + fi
>
> - if [ "${srk_count}" -gt 4 ]; then
> - ptxd_bailout "HABv4 allows only 4 certificates"
> - fi
> + if [ "${srk_count}" -gt 4 ]; then
> + ptxd_bailout "HABv4 allows only 4 certificates"
> + fi
>
> - for i in $(seq ${srk_count}); do
> - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> - done
> - ;;
> + for i in $(seq ${srk_count}); do
> + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> + done
> + ;;
>
> - *) # <role group>
> - local -a roles=( $(cs_group_get_roles "${group}") )
> + *) # <role group>
> + local -a roles=( $(cs_group_get_roles "${group}") )
>
> - if [ "${#roles[@]}" -eq 0 ]; then
> - ptxd_bailout "Failed to get roles for group '${group}'"
> - fi
> + if [ "${#roles[@]}" -eq 0 ]; then
> + ptxd_bailout "Failed to get roles for group '${group}'"
> + fi
>
> - if [ "${#roles[@]}" -gt 4 ]; then
> - ptxd_bailout "HABv4 allows only 4 certificates"
> - fi
> + if [ "${#roles[@]}" -gt 4 ]; then
> + ptxd_bailout "HABv4 allows only 4 certificates"
> + fi
>
> - for i in "${roles[@]}"; do
> - certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> - done
> - esac
> + for i in "${roles[@]}"; do
> + certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> + done
> + esac
>
> - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
> + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
>
> - local orig_IFS="${IFS}"
> - IFS=","
> - certs="${certs[*]}"
> - IFS="${orig_IFS}"
> + local orig_IFS="${IFS}"
> + IFS=","
> + certs="${certs[*]}"
> + IFS="${orig_IFS}"
>
> - ptxd_exec srktool --hab_ver 4 \
> - --table "${table_bin}" \
> - --efuses "${srk_fuse_bin}" \
> - --digest sha256 \
> - --certs "${certs}"
> + ptxd_exec srktool --hab_ver 4 \
> + --table "${table_bin}" \
> + --efuses "${srk_fuse_bin}" \
> + --digest sha256 \
> + --certs "${certs}"
> }
> export -f ptxd_make_imx_habv4_gen_table_impl
>
> ptxd_make_imx_habv4_gen_table() {
> - ptxd_make_world_init &&
> + ptxd_make_world_init &&
>
> - ptxd_eval \
> + ptxd_eval \
> "${pkg_make_env}" \
> ptxd_make_imx_habv4_gen_table_impl "${@}"
> }
> --
> 2.30.2
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation
2021-06-28 6:42 ` Michael Olbrich
@ 2021-07-08 20:02 ` Roland Hieber
2021-07-09 6:53 ` Michael Olbrich
2021-07-09 10:12 ` Alexander Dahl
2021-07-16 11:38 ` Marc Kleine-Budde
2 siblings, 1 reply; 18+ messages in thread
From: Roland Hieber @ 2021-07-08 20:02 UTC (permalink / raw)
To: ptxdist
On Mon, Jun 28, 2021 at 08:42:13AM +0200, Michael Olbrich wrote:
> On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote:
> > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
> > and spaces.
>
> No. Everything is scripts is indented this way: Indention is 4 Spaces
> tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way
> :-).
So because it started this way it can never be changed?
- Roland
>
> Michael
>
> > Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> > ---
> > PATCH v2 (rhi):
> > - new patch in v2
> > - not essential, but slowly start fixing indentation in scripts/lib
> > - git show -w is empty
> > ---
> > scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++-----------------
> > 1 file changed, 43 insertions(+), 43 deletions(-)
> >
> > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
> > index fa5b3e2c1439..7af2b1112855 100644
> > --- a/scripts/lib/ptxd_lib_imx_hab.sh
> > +++ b/scripts/lib/ptxd_lib_imx_hab.sh
> > @@ -27,64 +27,64 @@
> > # This will contain the srk hash which must be written to the fuses
> > #
> > ptxd_make_imx_habv4_gen_table_impl() {
> > - local group="${1}"
> > - local template="${1}"
> > - local srk_count="${2}"
> > - local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> > - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> > - local -a certs
> > - local i
> > + local group="${1}"
> > + local template="${1}"
> > + local srk_count="${2}"
> > + local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> > + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> > + local -a certs
> > + local i
> >
> > - case "${template}" in
> > - *%d*) # <template> [<srk_count>]
> > - if [ -z "${srk_count}" ]; then
> > - srk_count=4
> > - fi
> > + case "${template}" in
> > + *%d*) # <template> [<srk_count>]
> > + if [ -z "${srk_count}" ]; then
> > + srk_count=4
> > + fi
> >
> > - if [ "${srk_count}" -gt 4 ]; then
> > - ptxd_bailout "HABv4 allows only 4 certificates"
> > - fi
> > + if [ "${srk_count}" -gt 4 ]; then
> > + ptxd_bailout "HABv4 allows only 4 certificates"
> > + fi
> >
> > - for i in $(seq ${srk_count}); do
> > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> > - done
> > - ;;
> > + for i in $(seq ${srk_count}); do
> > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> > + done
> > + ;;
> >
> > - *) # <role group>
> > - local -a roles=( $(cs_group_get_roles "${group}") )
> > + *) # <role group>
> > + local -a roles=( $(cs_group_get_roles "${group}") )
> >
> > - if [ "${#roles[@]}" -eq 0 ]; then
> > - ptxd_bailout "Failed to get roles for group '${group}'"
> > - fi
> > + if [ "${#roles[@]}" -eq 0 ]; then
> > + ptxd_bailout "Failed to get roles for group '${group}'"
> > + fi
> >
> > - if [ "${#roles[@]}" -gt 4 ]; then
> > - ptxd_bailout "HABv4 allows only 4 certificates"
> > - fi
> > + if [ "${#roles[@]}" -gt 4 ]; then
> > + ptxd_bailout "HABv4 allows only 4 certificates"
> > + fi
> >
> > - for i in "${roles[@]}"; do
> > - certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> > - done
> > - esac
> > + for i in "${roles[@]}"; do
> > + certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> > + done
> > + esac
> >
> > - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
> > + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
> >
> > - local orig_IFS="${IFS}"
> > - IFS=","
> > - certs="${certs[*]}"
> > - IFS="${orig_IFS}"
> > + local orig_IFS="${IFS}"
> > + IFS=","
> > + certs="${certs[*]}"
> > + IFS="${orig_IFS}"
> >
> > - ptxd_exec srktool --hab_ver 4 \
> > - --table "${table_bin}" \
> > - --efuses "${srk_fuse_bin}" \
> > - --digest sha256 \
> > - --certs "${certs}"
> > + ptxd_exec srktool --hab_ver 4 \
> > + --table "${table_bin}" \
> > + --efuses "${srk_fuse_bin}" \
> > + --digest sha256 \
> > + --certs "${certs}"
> > }
> > export -f ptxd_make_imx_habv4_gen_table_impl
> >
> > ptxd_make_imx_habv4_gen_table() {
> > - ptxd_make_world_init &&
> > + ptxd_make_world_init &&
> >
> > - ptxd_eval \
> > + ptxd_eval \
> > "${pkg_make_env}" \
> > ptxd_make_imx_habv4_gen_table_impl "${@}"
> > }
> > --
> > 2.30.2
> >
> >
> > _______________________________________________
> > ptxdist mailing list
> > ptxdist@pengutronix.de
> > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> >
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
--
Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de |
Steuerwalder Str. 21 | https://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation
2021-07-08 20:02 ` Roland Hieber
@ 2021-07-09 6:53 ` Michael Olbrich
0 siblings, 0 replies; 18+ messages in thread
From: Michael Olbrich @ 2021-07-09 6:53 UTC (permalink / raw)
To: ptxdist
On Thu, Jul 08, 2021 at 10:02:31PM +0200, Roland Hieber wrote:
> On Mon, Jun 28, 2021 at 08:42:13AM +0200, Michael Olbrich wrote:
> > On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote:
> > > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
> > > and spaces.
> >
> > No. Everything is scripts is indented this way: Indention is 4 Spaces
> > tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way
> > :-).
>
> So because it started this way it can never be changed?
If we change it, then everything and not a single file. And we should
coordinate this, so that there are no pending patches somewhere.
And I'm not convinced it's a good idea in general. I prefer indenting with
just tabs as well, but it's more important for me that 'git blame' works
well.
Michael
> > > Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> > > ---
> > > PATCH v2 (rhi):
> > > - new patch in v2
> > > - not essential, but slowly start fixing indentation in scripts/lib
> > > - git show -w is empty
> > > ---
> > > scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++-----------------
> > > 1 file changed, 43 insertions(+), 43 deletions(-)
> > >
> > > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
> > > index fa5b3e2c1439..7af2b1112855 100644
> > > --- a/scripts/lib/ptxd_lib_imx_hab.sh
> > > +++ b/scripts/lib/ptxd_lib_imx_hab.sh
> > > @@ -27,64 +27,64 @@
> > > # This will contain the srk hash which must be written to the fuses
> > > #
> > > ptxd_make_imx_habv4_gen_table_impl() {
> > > - local group="${1}"
> > > - local template="${1}"
> > > - local srk_count="${2}"
> > > - local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> > > - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> > > - local -a certs
> > > - local i
> > > + local group="${1}"
> > > + local template="${1}"
> > > + local srk_count="${2}"
> > > + local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> > > + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> > > + local -a certs
> > > + local i
> > >
> > > - case "${template}" in
> > > - *%d*) # <template> [<srk_count>]
> > > - if [ -z "${srk_count}" ]; then
> > > - srk_count=4
> > > - fi
> > > + case "${template}" in
> > > + *%d*) # <template> [<srk_count>]
> > > + if [ -z "${srk_count}" ]; then
> > > + srk_count=4
> > > + fi
> > >
> > > - if [ "${srk_count}" -gt 4 ]; then
> > > - ptxd_bailout "HABv4 allows only 4 certificates"
> > > - fi
> > > + if [ "${srk_count}" -gt 4 ]; then
> > > + ptxd_bailout "HABv4 allows only 4 certificates"
> > > + fi
> > >
> > > - for i in $(seq ${srk_count}); do
> > > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> > > - done
> > > - ;;
> > > + for i in $(seq ${srk_count}); do
> > > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> > > + done
> > > + ;;
> > >
> > > - *) # <role group>
> > > - local -a roles=( $(cs_group_get_roles "${group}") )
> > > + *) # <role group>
> > > + local -a roles=( $(cs_group_get_roles "${group}") )
> > >
> > > - if [ "${#roles[@]}" -eq 0 ]; then
> > > - ptxd_bailout "Failed to get roles for group '${group}'"
> > > - fi
> > > + if [ "${#roles[@]}" -eq 0 ]; then
> > > + ptxd_bailout "Failed to get roles for group '${group}'"
> > > + fi
> > >
> > > - if [ "${#roles[@]}" -gt 4 ]; then
> > > - ptxd_bailout "HABv4 allows only 4 certificates"
> > > - fi
> > > + if [ "${#roles[@]}" -gt 4 ]; then
> > > + ptxd_bailout "HABv4 allows only 4 certificates"
> > > + fi
> > >
> > > - for i in "${roles[@]}"; do
> > > - certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> > > - done
> > > - esac
> > > + for i in "${roles[@]}"; do
> > > + certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> > > + done
> > > + esac
> > >
> > > - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
> > > + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
> > >
> > > - local orig_IFS="${IFS}"
> > > - IFS=","
> > > - certs="${certs[*]}"
> > > - IFS="${orig_IFS}"
> > > + local orig_IFS="${IFS}"
> > > + IFS=","
> > > + certs="${certs[*]}"
> > > + IFS="${orig_IFS}"
> > >
> > > - ptxd_exec srktool --hab_ver 4 \
> > > - --table "${table_bin}" \
> > > - --efuses "${srk_fuse_bin}" \
> > > - --digest sha256 \
> > > - --certs "${certs}"
> > > + ptxd_exec srktool --hab_ver 4 \
> > > + --table "${table_bin}" \
> > > + --efuses "${srk_fuse_bin}" \
> > > + --digest sha256 \
> > > + --certs "${certs}"
> > > }
> > > export -f ptxd_make_imx_habv4_gen_table_impl
> > >
> > > ptxd_make_imx_habv4_gen_table() {
> > > - ptxd_make_world_init &&
> > > + ptxd_make_world_init &&
> > >
> > > - ptxd_eval \
> > > + ptxd_eval \
> > > "${pkg_make_env}" \
> > > ptxd_make_imx_habv4_gen_table_impl "${@}"
> > > }
> > > --
> > > 2.30.2
> > >
> > >
> > > _______________________________________________
> > > ptxdist mailing list
> > > ptxdist@pengutronix.de
> > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> > >
> >
> > --
> > Pengutronix e.K. | |
> > Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
> >
>
> --
> Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de |
> Steuerwalder Str. 21 | https://www.pengutronix.de/ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation
2021-06-28 6:42 ` Michael Olbrich
2021-07-08 20:02 ` Roland Hieber
@ 2021-07-09 10:12 ` Alexander Dahl
2021-07-09 10:41 ` Michael Olbrich
2021-07-16 11:38 ` Marc Kleine-Budde
2 siblings, 1 reply; 18+ messages in thread
From: Alexander Dahl @ 2021-07-09 10:12 UTC (permalink / raw)
To: ptxdist; +Cc: Michael Olbrich, Roland Hieber
Hei hei,
Am Montag, 28. Juni 2021, 08:42:13 CEST schrieb Michael Olbrich:
> On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote:
> > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
> > and spaces.
>
> No. Everything is scripts is indented this way: Indention is 4 Spaces
> tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way
Maybe someone wants to craft an .editorconfig file to reflect that? ;-)
https://editorconfig.org/
(Can also be project wide with a section for scripts with those special
settings.)
Greets
Alex
>
> :-).
>
> Michael
>
> > Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> > ---
> >
> > PATCH v2 (rhi):
> > - new patch in v2
> > - not essential, but slowly start fixing indentation in scripts/lib
> > - git show -w is empty
> >
> > ---
> >
> > scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++-----------------
> > 1 file changed, 43 insertions(+), 43 deletions(-)
> >
> > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh
> > b/scripts/lib/ptxd_lib_imx_hab.sh index fa5b3e2c1439..7af2b1112855 100644
> > --- a/scripts/lib/ptxd_lib_imx_hab.sh
> > +++ b/scripts/lib/ptxd_lib_imx_hab.sh
> > @@ -27,64 +27,64 @@
> >
> > # This will contain the srk hash which must be written to the fuses
> > #
> > ptxd_make_imx_habv4_gen_table_impl() {
> >
> > - local group="${1}"
> > - local template="${1}"
> > - local srk_count="${2}"
> > - local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> > - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> > - local -a certs
> > - local i
> > + local group="${1}"
> > + local template="${1}"
> > + local srk_count="${2}"
> > + local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> > + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> > + local -a certs
> > + local i
> >
> > - case "${template}" in
> > - *%d*) # <template> [<srk_count>]
> > - if [ -z "${srk_count}" ]; then
> > - srk_count=4
> > - fi
> > + case "${template}" in
> > + *%d*) # <template> [<srk_count>]
> > + if [ -z "${srk_count}" ]; then
> > + srk_count=4
> > + fi
> >
> > - if [ "${srk_count}" -gt 4 ]; then
> > - ptxd_bailout "HABv4 allows only 4 certificates"
> > - fi
> > + if [ "${srk_count}" -gt 4 ]; then
> > + ptxd_bailout "HABv4 allows only 4 certificates"
> > + fi
> >
> > - for i in $(seq ${srk_count}); do
> > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> > - done
> > - ;;
> > + for i in $(seq ${srk_count}); do
> > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" $
{i})")"
> > + done
> > + ;;
> >
> > - *) # <role group>
> > - local -a roles=( $(cs_group_get_roles "${group}") )
> > + *) # <role group>
> > + local -a roles=( $(cs_group_get_roles "${group}") )
> >
> > - if [ "${#roles[@]}" -eq 0 ]; then
> > - ptxd_bailout "Failed to get roles for group '${group}'"
> > - fi
> > + if [ "${#roles[@]}" -eq 0 ]; then
> > + ptxd_bailout "Failed to get roles for group '${group}'"
> > + fi
> >
> > - if [ "${#roles[@]}" -gt 4 ]; then
> > - ptxd_bailout "HABv4 allows only 4 certificates"
> > - fi
> > + if [ "${#roles[@]}" -gt 4 ]; then
> > + ptxd_bailout "HABv4 allows only 4 certificates"
> > + fi
> >
> > - for i in "${roles[@]}"; do
> > - certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> > - done
> > - esac
> > + for i in "${roles[@]}"; do
> > + certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> > + done
> > + esac
> >
> > - echo -e "generating $(basename ${table_bin}) and $(basename
> > ${srk_fuse_bin})\n" + echo -e "generating $(basename ${table_bin}) and
> > $(basename ${srk_fuse_bin})\n"
> >
> > - local orig_IFS="${IFS}"
> > - IFS=","
> > - certs="${certs[*]}"
> > - IFS="${orig_IFS}"
> > + local orig_IFS="${IFS}"
> > + IFS=","
> > + certs="${certs[*]}"
> > + IFS="${orig_IFS}"
> >
> > - ptxd_exec srktool --hab_ver 4 \
> > - --table "${table_bin}" \
> > - --efuses "${srk_fuse_bin}" \
> > - --digest sha256 \
> > - --certs "${certs}"
> > + ptxd_exec srktool --hab_ver 4 \
> > + --table "${table_bin}" \
> > + --efuses "${srk_fuse_bin}" \
> > + --digest sha256 \
> > + --certs "${certs}"
> >
> > }
> > export -f ptxd_make_imx_habv4_gen_table_impl
> >
> > ptxd_make_imx_habv4_gen_table() {
> >
> > - ptxd_make_world_init &&
> > + ptxd_make_world_init &&
> >
> > - ptxd_eval \
> > + ptxd_eval \
> >
> > "${pkg_make_env}" \
> > ptxd_make_imx_habv4_gen_table_impl "${@}"
> >
> > }
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation
2021-07-09 10:12 ` Alexander Dahl
@ 2021-07-09 10:41 ` Michael Olbrich
0 siblings, 0 replies; 18+ messages in thread
From: Michael Olbrich @ 2021-07-09 10:41 UTC (permalink / raw)
To: Alexander Dahl; +Cc: ptxdist, Roland Hieber
On Fri, Jul 09, 2021 at 12:12:19PM +0200, Alexander Dahl wrote:
> Hei hei,
>
> Am Montag, 28. Juni 2021, 08:42:13 CEST schrieb Michael Olbrich:
> > On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote:
> > > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
> > > and spaces.
> >
> > No. Everything is scripts is indented this way: Indention is 4 Spaces
> > tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way
>
> Maybe someone wants to craft an .editorconfig file to reflect that? ;-)
>
> https://editorconfig.org/
>
> (Can also be project wide with a section for scripts with those special
> settings.)
Maybe I should just commit the file that I already use for this :-)...
Michael
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation
2021-06-28 6:42 ` Michael Olbrich
2021-07-08 20:02 ` Roland Hieber
2021-07-09 10:12 ` Alexander Dahl
@ 2021-07-16 11:38 ` Marc Kleine-Budde
2 siblings, 0 replies; 18+ messages in thread
From: Marc Kleine-Budde @ 2021-07-16 11:38 UTC (permalink / raw)
To: ptxdist, Roland Hieber
[-- Attachment #1.1: Type: text/plain, Size: 695 bytes --]
On 28.06.2021 08:42:13, Michael Olbrich wrote:
> On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote:
> > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
> > and spaces.
>
> No. Everything is scripts is indented this way: Indention is 4 Spaces
> tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way
> :-).
It's emacs default settings for scripts :)
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung West/Dortmund | Phone: +49-231-2826-924 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 181 bytes --]
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* [ptxdist] [PATCH v2 7/7] ptxd_lib_code_signing: fix indentation
2021-06-27 23:11 [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Roland Hieber
` (4 preceding siblings ...)
2021-06-27 23:11 ` [ptxdist] [PATCH v2 6/7] ptxd_lib_imx_hab: fix indentation Roland Hieber
@ 2021-06-27 23:11 ` Roland Hieber
2021-06-28 6:38 ` [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Michael Olbrich
6 siblings, 0 replies; 18+ messages in thread
From: Roland Hieber @ 2021-06-27 23:11 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
and spaces.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2 (rhi):
- new patch in v2
- not essential, but slowly start fixing indentation in scripts/lib
- git show -w is empty
---
scripts/lib/ptxd_lib_code_signing.sh | 278 +++++++++++++--------------
1 file changed, 139 insertions(+), 139 deletions(-)
diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
index ca101d635574..4056ee15080e 100644
--- a/scripts/lib/ptxd_lib_code_signing.sh
+++ b/scripts/lib/ptxd_lib_code_signing.sh
@@ -12,18 +12,18 @@
#
cs_check_env() {
- if [ -z "${SOFTHSM2_CONF}" ]; then
- ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe \$(CODE_SIGNING_ENV) is not used."
- fi
- if [ ! -e "${SOFTHSM2_CONF}" ]; then
- ptxd_bailout "'${SOFTHSM2_CONF}' is missing."
- fi
- if [ -z "${PKCS11_MODULE_PATH}" ]; then
- ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe \$(CODE_SIGNING_ENV) is not used."
- fi
- if [ ! -e "${PKCS11_MODULE_PATH}" ]; then
- ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing."
- fi
+ if [ -z "${SOFTHSM2_CONF}" ]; then
+ ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe \$(CODE_SIGNING_ENV) is not used."
+ fi
+ if [ ! -e "${SOFTHSM2_CONF}" ]; then
+ ptxd_bailout "'${SOFTHSM2_CONF}' is missing."
+ fi
+ if [ -z "${PKCS11_MODULE_PATH}" ]; then
+ ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe \$(CODE_SIGNING_ENV) is not used."
+ fi
+ if [ ! -e "${PKCS11_MODULE_PATH}" ]; then
+ ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing."
+ fi
}
export -f cs_check_env
@@ -34,8 +34,8 @@ export -f cs_check_env
# and --pin options shall not be set.
#
softhsm_pkcs11_tool_init() {
- cs_check_env
- pkcs11-tool --module "${PKCS11_MODULE_PATH}" $*
+ cs_check_env
+ pkcs11-tool --module "${PKCS11_MODULE_PATH}" $*
}
export -f softhsm_pkcs11_tool_init
@@ -45,7 +45,7 @@ export -f softhsm_pkcs11_tool_init
# Wrapper around pkcs11-tool. Adds --login and --pin options
#
softhsm_pkcs11_tool() {
- softhsm_pkcs11_tool_init --login --pin 1111 $*
+ softhsm_pkcs11_tool_init --login --pin 1111 $*
}
export -f softhsm_pkcs11_tool
@@ -55,9 +55,9 @@ export -f softhsm_pkcs11_tool
# Initialize variables used in the code signing functions. Internal.
#
cs_init_variables() {
- sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)"
- keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)"
- keydir="${sysroot}/var/lib/keys/${keyprovider}"
+ sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)"
+ keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)"
+ keydir="${sysroot}/var/lib/keys/${keyprovider}"
}
export -f cs_init_variables
@@ -67,20 +67,20 @@ export -f cs_init_variables
# Initialize SoftHSM and set the initial pin
#
cs_init_softhsm() {
- cs_check_env
- cs_init_variables
- local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"
+ cs_check_env
+ cs_init_variables
+ local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"
- rm -rf "${shsm_keys}" &&
- rm -rf "${keydir}" &&
+ rm -rf "${shsm_keys}" &&
+ rm -rf "${keydir}" &&
- sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \
- ${SOFTHSM2_CONF} &&
+ sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \
+ ${SOFTHSM2_CONF} &&
- mkdir -p "${shsm_keys}" &&
+ mkdir -p "${shsm_keys}" &&
- softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin 0000 &&
- softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin
+ softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin 0000 &&
+ softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin
}
export -f cs_init_softhsm
@@ -90,12 +90,12 @@ export -f cs_init_softhsm
# Define a new key role.
#
cs_define_role() {
- local role="${1}"
- cs_init_variables
+ local role="${1}"
+ cs_init_variables
- mkdir -p "${keydir}/${role}" &&
- # default for SoftHSM
- cs_set_uri "${role}" "pkcs11:token=${keyprovider};object=${role};pin-value=1111"
+ mkdir -p "${keydir}/${role}" &&
+ # default for SoftHSM
+ cs_set_uri "${role}" "pkcs11:token=${keyprovider};object=${role};pin-value=1111"
}
export -f cs_define_role
@@ -105,11 +105,11 @@ export -f cs_define_role
# Define a new role group.
#
cs_define_group() {
- local group="${1}"
- cs_init_variables
+ local group="${1}"
+ cs_init_variables
- mkdir -p "${keydir}/${group}.group" &&
- rm -f "${keydir}/${group}.group/roles"
+ mkdir -p "${keydir}/${group}.group" &&
+ rm -f "${keydir}/${group}.group/roles"
}
export -f cs_define_group
@@ -119,15 +119,15 @@ export -f cs_define_group
# Set the roles for a group
#
cs_group_add_roles() {
- local group="${1}"
- shift
- cs_init_variables
+ local group="${1}"
+ shift
+ cs_init_variables
- local orig_IFS="${IFS}"
- IFS="
+ local orig_IFS="${IFS}"
+ IFS="
"
- echo "${*}" >> "${keydir}/${group}.group/roles" &&
- IFS=${orig_IFS}
+ echo "${*}" >> "${keydir}/${group}.group/roles" &&
+ IFS=${orig_IFS}
}
export -f cs_group_add_roles
@@ -137,10 +137,10 @@ export -f cs_group_add_roles
# Gets the roles of a group
#
cs_group_get_roles() {
- local group="${1}"
- cs_init_variables
+ local group="${1}"
+ cs_init_variables
- cat "${keydir}/${group}.group/roles"
+ cat "${keydir}/${group}.group/roles"
}
export -f cs_group_get_roles
@@ -150,11 +150,11 @@ export -f cs_group_get_roles
# Set the uri for a role
#
cs_set_uri() {
- local role="${1}"
- local uri="${2}"
- cs_init_variables
+ local role="${1}"
+ local uri="${2}"
+ cs_init_variables
- echo "${uri}" > "${keydir}/${role}/uri"
+ echo "${uri}" > "${keydir}/${role}/uri"
}
export -f cs_set_uri
@@ -164,22 +164,22 @@ export -f cs_set_uri
# Get the uri from a role
#
cs_get_uri() {
- local role="${1}"
- cs_init_variables
-
- if [ ! -f "${keydir}/${role}/uri" ]; then
- if [ ${#FUNCNAME[*]} -gt 1 ]; then
- ptxd_bailout "No PKCS#11 URI for role ${role}"
- else
- # cs_get_uri was called directly from make prior to cs_set_uri,
- # which may not be an error if it is evaluated early *and* later
- # again - return a unique error string in case it is not expected
- # and a user stumbles upon this
- echo "ERROR_URI_NOT_YET_SET"
- return
+ local role="${1}"
+ cs_init_variables
+
+ if [ ! -f "${keydir}/${role}/uri" ]; then
+ if [ ${#FUNCNAME[*]} -gt 1 ]; then
+ ptxd_bailout "No PKCS#11 URI for role ${role}"
+ else
+ # cs_get_uri was called directly from make prior to cs_set_uri,
+ # which may not be an error if it is evaluated early *and* later
+ # again - return a unique error string in case it is not expected
+ # and a user stumbles upon this
+ echo "ERROR_URI_NOT_YET_SET"
+ return
+ fi
fi
- fi
- cat "${keydir}/${role}/uri"
+ cat "${keydir}/${role}/uri"
}
export -f cs_get_uri
@@ -190,11 +190,11 @@ export -f cs_get_uri
# with SoftHSM.
#
cs_import_cert_from_der() {
- local role="${1}"
- local der="${2}"
- cs_init_variables
+ local role="${1}"
+ local der="${2}"
+ cs_init_variables
- softhsm_pkcs11_tool --type cert --write-object "${der}" --label "${role}"
+ softhsm_pkcs11_tool --type cert --write-object "${der}" --label "${role}"
}
export -f cs_import_cert_from_der
@@ -205,14 +205,14 @@ export -f cs_import_cert_from_der
# with SoftHSM.
#
cs_import_cert_from_pem() {
- local role="${1}"
- local pem="${2}"
- cs_init_variables
-
- openssl x509 \
- "${openssl_keyopt[@]}" \
- -in "${pem}" -inform pem -outform der |
- softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}"
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
+
+ openssl x509 \
+ "${openssl_keyopt[@]}" \
+ -in "${pem}" -inform pem -outform der |
+ softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}"
}
export -f cs_import_cert_from_pem
@@ -223,20 +223,20 @@ export -f cs_import_cert_from_pem
# with SoftHSM.
#
cs_import_pubkey_from_pem() {
- local -a openssl_keyopt
- local role="${1}"
- local pem="${2}"
- cs_init_variables
-
- if [ -n "${OPENSSL_KEYPASS}" ]; then
- openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
- fi
-
- openssl rsa \
- "${openssl_keyopt[@]}" \
- -in "${pem}" -inform pem -pubout -outform der |
- softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label "${role}"
- check_pipe_status
+ local -a openssl_keyopt
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
+
+ if [ -n "${OPENSSL_KEYPASS}" ]; then
+ openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
+ fi
+
+ openssl rsa \
+ "${openssl_keyopt[@]}" \
+ -in "${pem}" -inform pem -pubout -outform der |
+ softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label "${role}"
+ check_pipe_status
}
export -f cs_import_pubkey_from_pem
@@ -247,20 +247,20 @@ export -f cs_import_pubkey_from_pem
# with SoftHSM.
#
cs_import_privkey_from_pem() {
- local -a openssl_keyopt
- local role="${1}"
- local pem="${2}"
- cs_init_variables
-
- if [ -n "${OPENSSL_KEYPASS}" ]; then
- openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
- fi
-
- openssl rsa \
- "${openssl_keyopt[@]}" \
- -in "${pem}" -inform pem -outform der |
- softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label "${role}"
- check_pipe_status
+ local -a openssl_keyopt
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
+
+ if [ -n "${OPENSSL_KEYPASS}" ]; then
+ openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
+ fi
+
+ openssl rsa \
+ "${openssl_keyopt[@]}" \
+ -in "${pem}" -inform pem -outform der |
+ softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label "${role}"
+ check_pipe_status
}
export -f cs_import_privkey_from_pem
@@ -271,11 +271,11 @@ export -f cs_import_privkey_from_pem
# with SoftHSM.
#
cs_import_key_from_pem() {
- local role="${1}"
- local pem="${2}"
+ local role="${1}"
+ local pem="${2}"
- cs_import_pubkey_from_pem "${role}" "${pem}"
- cs_import_privkey_from_pem "${role}" "${pem}"
+ cs_import_pubkey_from_pem "${role}" "${pem}"
+ cs_import_privkey_from_pem "${role}" "${pem}"
}
export -f cs_import_key_from_pem
@@ -285,16 +285,16 @@ export -f cs_import_key_from_pem
# Get the path to the CA in pem format from a role
#
cs_get_ca() {
- local role="${1}"
- cs_init_variables
+ local role="${1}"
+ cs_init_variables
- local ca="${keydir}/${role}/ca.pem"
+ local ca="${keydir}/${role}/ca.pem"
- if [ ! -e "${ca}" ]; then
- echo "ERROR_CA_NOT_YET_SET"
- return 1
- fi
- echo "${ca}"
+ if [ ! -e "${ca}" ]; then
+ echo "ERROR_CA_NOT_YET_SET"
+ return 1
+ fi
+ echo "${ca}"
}
export -f cs_get_ca
@@ -304,13 +304,13 @@ export -f cs_get_ca
# Append PEM to CA for a role
#
cs_append_ca_from_pem() {
- local role="${1}"
- local pem="${2}"
- cs_init_variables
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
- cat "${pem}" >> "${keydir}/${role}/ca.pem"
- # add new line in case ${pem} does not end with an EOL
- echo >> "${keydir}/${role}/ca.pem"
+ cat "${pem}" >> "${keydir}/${role}/ca.pem"
+ # add new line in case ${pem} does not end with an EOL
+ echo >> "${keydir}/${role}/ca.pem"
}
export -f cs_append_ca_from_pem
@@ -320,13 +320,13 @@ export -f cs_append_ca_from_pem
# Append DER to CA for a role
#
cs_append_ca_from_der() {
- local role="${1}"
- local der="${2}"
- cs_init_variables
+ local role="${1}"
+ local der="${2}"
+ cs_init_variables
- ptxd_exec openssl x509 -inform der -in "${der}" \
- -out "${tmpdir}/ca.pem" &&
- cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem"
+ ptxd_exec openssl x509 -inform der -in "${der}" \
+ -out "${tmpdir}/ca.pem" &&
+ cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem"
}
export -f cs_append_ca_from_der
@@ -336,16 +336,16 @@ export -f cs_append_ca_from_der
# Append certificate specified by URI or by already set URI to CA for a role
#
cs_append_ca_from_uri() {
- local role="${1}"
- local uri="${2}"
- local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")"
- cs_init_variables
+ local role="${1}"
+ local uri="${2}"
+ local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")"
+ cs_init_variables
- if [ -z "${uri}" ]; then
- uri=$(cs_get_uri "${role}")
- fi
+ if [ -z "${uri}" ]; then
+ uri=$(cs_get_uri "${role}")
+ fi
- ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" &&
- cs_append_ca_from_der "${role}" "${tmpdir}/ca.der"
+ ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" &&
+ cs_append_ca_from_der "${role}" "${tmpdir}/ca.der"
}
export -f cs_append_ca_from_uri
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling
2021-06-27 23:11 [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Roland Hieber
` (5 preceding siblings ...)
2021-06-27 23:11 ` [ptxdist] [PATCH v2 7/7] ptxd_lib_code_signing: " Roland Hieber
@ 2021-06-28 6:38 ` Michael Olbrich
2021-07-08 20:16 ` Roland Hieber
6 siblings, 1 reply; 18+ messages in thread
From: Michael Olbrich @ 2021-06-28 6:38 UTC (permalink / raw)
To: ptxdist
On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote:
> From: Marc Kleine-Budde <mkl@pengutronix.de>
>
> This patch changes cs_get_ca() to only output the CA if it actually
> exists, or print an error and return 1 instead. This makes it possible
> to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
> conditional.
>
> Co-authored-by: Roland Hieber <rhi@pengutronix.de>
> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
> PATCH v2 (rhi):
> - reorder from PATCH 3/n to PATCH 1/n
> - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael
> Olbrich) and also return 1
>
> PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de
> ---
> scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
> index 3e1654bb36e4..0026cdc4dec0 100644
> --- a/scripts/lib/ptxd_lib_code_signing.sh
> +++ b/scripts/lib/ptxd_lib_code_signing.sh
> @@ -243,7 +243,13 @@ cs_get_ca() {
> local role="${1}"
> cs_init_variables
>
> - echo "${keydir}/${role}/ca.pem"
> + local ca="${keydir}/${role}/ca.pem"
> +
> + if [ ! -e "${ca}" ]; then
This is not what I suggested. I think this breaks the use-case described in
the patch description:
An empty string should be returned when the key setup is done but nothing
was added to the CA. I'm quite certain, that the file does not exist in
this case. You need to check for '[ ! -d "${keydir}" ]'.
Michael
> + echo "ERROR_CA_NOT_YET_SET"
> + return 1
> + fi
> + echo "${ca}"
> }
> export -f cs_get_ca
>
> --
> 2.30.2
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling
2021-06-28 6:38 ` [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling Michael Olbrich
@ 2021-07-08 20:16 ` Roland Hieber
2021-07-09 7:42 ` Michael Olbrich
0 siblings, 1 reply; 18+ messages in thread
From: Roland Hieber @ 2021-07-08 20:16 UTC (permalink / raw)
To: ptxdist
On Mon, Jun 28, 2021 at 08:38:25AM +0200, Michael Olbrich wrote:
> On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote:
> > From: Marc Kleine-Budde <mkl@pengutronix.de>
> >
> > This patch changes cs_get_ca() to only output the CA if it actually
> > exists, or print an error and return 1 instead. This makes it possible
> > to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
> > conditional.
> >
> > Co-authored-by: Roland Hieber <rhi@pengutronix.de>
> > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> > Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> > ---
> > PATCH v2 (rhi):
> > - reorder from PATCH 3/n to PATCH 1/n
> > - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael
> > Olbrich) and also return 1
> >
> > PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de
> > ---
> > scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
> > index 3e1654bb36e4..0026cdc4dec0 100644
> > --- a/scripts/lib/ptxd_lib_code_signing.sh
> > +++ b/scripts/lib/ptxd_lib_code_signing.sh
> > @@ -243,7 +243,13 @@ cs_get_ca() {
> > local role="${1}"
> > cs_init_variables
> >
> > - echo "${keydir}/${role}/ca.pem"
> > + local ca="${keydir}/${role}/ca.pem"
> > +
> > + if [ ! -e "${ca}" ]; then
>
> This is not what I suggested. I think this breaks the use-case described in
> the patch description:
> An empty string should be returned when the key setup is done but nothing
> was added to the CA. I'm quite certain, that the file does not exist in
> this case. You need to check for '[ ! -d "${keydir}" ]'.
Hmm yes, my bad, that's even what you suggested in
<https://lore.ptxdist.org/ptxdist/20210423063320.GE4162561@pengutronix.de/>…
will fix it in v2.
BTW, I like to get feedback mail as Cc into my inbox so I can keep a
simple backlog of my still-to-be-done patches in addition to the
PTXdist list mails, which go to a separate folder. (You often keep me in
Cc, but somehow not always, but I think mutt should do this by default
with the list-reply key binding …)
- Roland
>
> Michael
>
> > + echo "ERROR_CA_NOT_YET_SET"
> > + return 1
> > + fi
> > + echo "${ca}"
> > }
> > export -f cs_get_ca
> >
> > --
> > 2.30.2
> >
> >
> > _______________________________________________
> > ptxdist mailing list
> > ptxdist@pengutronix.de
> > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> >
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
--
Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de |
Steuerwalder Str. 21 | https://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling
2021-07-08 20:16 ` Roland Hieber
@ 2021-07-09 7:42 ` Michael Olbrich
2021-07-09 11:26 ` Roland Hieber
0 siblings, 1 reply; 18+ messages in thread
From: Michael Olbrich @ 2021-07-09 7:42 UTC (permalink / raw)
To: Roland Hieber; +Cc: ptxdist
On Thu, Jul 08, 2021 at 10:16:24PM +0200, Roland Hieber wrote:
> On Mon, Jun 28, 2021 at 08:38:25AM +0200, Michael Olbrich wrote:
> > On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote:
> > > From: Marc Kleine-Budde <mkl@pengutronix.de>
> > >
> > > This patch changes cs_get_ca() to only output the CA if it actually
> > > exists, or print an error and return 1 instead. This makes it possible
> > > to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
> > > conditional.
> > >
> > > Co-authored-by: Roland Hieber <rhi@pengutronix.de>
> > > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> > > Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> > > ---
> > > PATCH v2 (rhi):
> > > - reorder from PATCH 3/n to PATCH 1/n
> > > - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael
> > > Olbrich) and also return 1
> > >
> > > PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de
> > > ---
> > > scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++-
> > > 1 file changed, 7 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
> > > index 3e1654bb36e4..0026cdc4dec0 100644
> > > --- a/scripts/lib/ptxd_lib_code_signing.sh
> > > +++ b/scripts/lib/ptxd_lib_code_signing.sh
> > > @@ -243,7 +243,13 @@ cs_get_ca() {
> > > local role="${1}"
> > > cs_init_variables
> > >
> > > - echo "${keydir}/${role}/ca.pem"
> > > + local ca="${keydir}/${role}/ca.pem"
> > > +
> > > + if [ ! -e "${ca}" ]; then
> >
> > This is not what I suggested. I think this breaks the use-case described in
> > the patch description:
> > An empty string should be returned when the key setup is done but nothing
> > was added to the CA. I'm quite certain, that the file does not exist in
> > this case. You need to check for '[ ! -d "${keydir}" ]'.
>
> Hmm yes, my bad, that's even what you suggested in
> <https://lore.ptxdist.org/ptxdist/20210423063320.GE4162561@pengutronix.de/>…
> will fix it in v2.
>
> BTW, I like to get feedback mail as Cc into my inbox so I can keep a
> simple backlog of my still-to-be-done patches in addition to the
> PTXdist list mails, which go to a separate folder. (You often keep me in
> Cc, but somehow not always, but I think mutt should do this by default
> with the list-reply key binding …)
Not it doesn't. I mostly use 'list-reply'. This means relying to the list
and to any addresses in 'Mail-Followup-To'. An you don't add a
'Mail-Followup-To' header.
If I remember it, I add you to Cc manually. For this mail I've used
'group-reply'. As you can see, now the list in Cc and in my experience,
this increases the change that the list get's dropped at some point.
So I'd like to avoid doing that.
Newer versions of mutt have a 'group-chat-reply'. That would put both you
and the list in the 'To' field. But I'll need to wait until the servers
where I do most of my mail, are upgraded to bullseye.
But you should be able to add the Mail-Followup-To header. Mutt should
detect the mailing-list and add the header. I'd expect neomutt to do the
same. Maybe you have followup_to disabled?
Michael
> > > + echo "ERROR_CA_NOT_YET_SET"
> > > + return 1
> > > + fi
> > > + echo "${ca}"
> > > }
> > > export -f cs_get_ca
> > >
> > > --
> > > 2.30.2
> > >
> > >
> > > _______________________________________________
> > > ptxdist mailing list
> > > ptxdist@pengutronix.de
> > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> > >
> >
> > --
> > Pengutronix e.K. | |
> > Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
> >
> > _______________________________________________
> > ptxdist mailing list
> > ptxdist@pengutronix.de
> > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> >
>
> --
> Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de |
> Steuerwalder Str. 21 | https://www.pengutronix.de/ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling
2021-07-09 7:42 ` Michael Olbrich
@ 2021-07-09 11:26 ` Roland Hieber
2021-07-09 11:41 ` Michael Olbrich
0 siblings, 1 reply; 18+ messages in thread
From: Roland Hieber @ 2021-07-09 11:26 UTC (permalink / raw)
To: ptxdist
On Fri, Jul 09, 2021 at 09:42:09AM +0200, Michael Olbrich wrote:
> On Thu, Jul 08, 2021 at 10:16:24PM +0200, Roland Hieber wrote:
> > BTW, I like to get feedback mail as Cc into my inbox so I can keep a
> > simple backlog of my still-to-be-done patches in addition to the
> > PTXdist list mails, which go to a separate folder. (You often keep me in
> > Cc, but somehow not always, but I think mutt should do this by default
> > with the list-reply key binding …)
>
> Not it doesn't. I mostly use 'list-reply'. This means relying to the list
> and to any addresses in 'Mail-Followup-To'. An you don't add a
> 'Mail-Followup-To' header.
>
> If I remember it, I add you to Cc manually. For this mail I've used
> 'group-reply'. As you can see, now the list in Cc and in my experience,
> this increases the change that the list get's dropped at some point.
> So I'd like to avoid doing that.
Yes, I think having myself in To and list in Cc is semantically correct.
I always use 'group-reply' on lists and it never caused any problems,
so I don't understand how you think the Cc address gets lost…?
> Newer versions of mutt have a 'group-chat-reply'. That would put both you
> and the list in the 'To' field. But I'll need to wait until the servers
> where I do most of my mail, are upgraded to bullseye.
>
> But you should be able to add the Mail-Followup-To header. Mutt should
> detect the mailing-list and add the header. I'd expect neomutt to do the
> same. Maybe you have followup_to disabled?
Strange, I have followup_to set, but it doesn't generate the header.
But I'm sending the mails via git-send-email anyways, which of course
doesn't respect the mutt settings. So I guess I'll add it in the
format.headers setting in my ptxdist/.git/config.
- Roland
--
Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de |
Steuerwalder Str. 21 | https://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca(): improve error handling
2021-07-09 11:26 ` Roland Hieber
@ 2021-07-09 11:41 ` Michael Olbrich
0 siblings, 0 replies; 18+ messages in thread
From: Michael Olbrich @ 2021-07-09 11:41 UTC (permalink / raw)
To: Roland Hieber; +Cc: ptxdist
On Fri, Jul 09, 2021 at 01:26:32PM +0200, Roland Hieber wrote:
> On Fri, Jul 09, 2021 at 09:42:09AM +0200, Michael Olbrich wrote:
> > On Thu, Jul 08, 2021 at 10:16:24PM +0200, Roland Hieber wrote:
> > > BTW, I like to get feedback mail as Cc into my inbox so I can keep a
> > > simple backlog of my still-to-be-done patches in addition to the
> > > PTXdist list mails, which go to a separate folder. (You often keep me in
> > > Cc, but somehow not always, but I think mutt should do this by default
> > > with the list-reply key binding …)
> >
> > Not it doesn't. I mostly use 'list-reply'. This means relying to the list
> > and to any addresses in 'Mail-Followup-To'. An you don't add a
> > 'Mail-Followup-To' header.
> >
> > If I remember it, I add you to Cc manually. For this mail I've used
> > 'group-reply'. As you can see, now the list in Cc and in my experience,
> > this increases the change that the list get's dropped at some point.
> > So I'd like to avoid doing that.
>
> Yes, I think having myself in To and list in Cc is semantically correct.
> I always use 'group-reply' on lists and it never caused any problems,
> so I don't understand how you think the Cc address gets lost…?
I've had the problem in the past, that everything in Cc got lost.
But I have to admit, that it's been a while and I think it didn't happen on
community mailing-lists...
> > Newer versions of mutt have a 'group-chat-reply'. That would put both you
> > and the list in the 'To' field. But I'll need to wait until the servers
> > where I do most of my mail, are upgraded to bullseye.
> >
> > But you should be able to add the Mail-Followup-To header. Mutt should
> > detect the mailing-list and add the header. I'd expect neomutt to do the
> > same. Maybe you have followup_to disabled?
>
> Strange, I have followup_to set, but it doesn't generate the header.
> But I'm sending the mails via git-send-email anyways, which of course
> doesn't respect the mutt settings. So I guess I'll add it in the
> format.headers setting in my ptxdist/.git/config.
Good point about git. Let me try the group-reply for now. We'll see how
this goes. I just need to unmap the list-reply binding in the ptxdist
folder so I don't actually forget about this... :-).
Michael
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 18+ messages in thread