From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 28 Jun 2021 01:13:51 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lxdyJ-0002Ss-N0 for lore@lore.pengutronix.de; Mon, 28 Jun 2021 01:13:51 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lxdyJ-00075H-D1; Mon, 28 Jun 2021 01:13:51 +0200 Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lxdxF-0006o0-8c; Mon, 28 Jun 2021 01:12:45 +0200 Received: from rhi by dude.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1lxdxE-0007xy-RJ; Mon, 28 Jun 2021 01:12:44 +0200 From: Roland Hieber To: ptxdist@pengutronix.de Date: Mon, 28 Jun 2021 01:11:21 +0200 Message-Id: <20210627231121.28313-7-rhi@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210627231121.28313-1-rhi@pengutronix.de> References: <20210627231121.28313-1-rhi@pengutronix.de> MIME-Version: 1.0 Subject: [ptxdist] [PATCH v2 7/7] ptxd_lib_code_signing: fix indentation X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Roland Hieber Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs and spaces. Signed-off-by: Roland Hieber --- PATCH v2 (rhi): - new patch in v2 - not essential, but slowly start fixing indentation in scripts/lib - git show -w is empty --- scripts/lib/ptxd_lib_code_signing.sh | 278 +++++++++++++-------------- 1 file changed, 139 insertions(+), 139 deletions(-) diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index ca101d635574..4056ee15080e 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -12,18 +12,18 @@ # cs_check_env() { - if [ -z "${SOFTHSM2_CONF}" ]; then - ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." - fi - if [ ! -e "${SOFTHSM2_CONF}" ]; then - ptxd_bailout "'${SOFTHSM2_CONF}' is missing." - fi - if [ -z "${PKCS11_MODULE_PATH}" ]; then - ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." - fi - if [ ! -e "${PKCS11_MODULE_PATH}" ]; then - ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing." - fi + if [ -z "${SOFTHSM2_CONF}" ]; then + ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." + fi + if [ ! -e "${SOFTHSM2_CONF}" ]; then + ptxd_bailout "'${SOFTHSM2_CONF}' is missing." + fi + if [ -z "${PKCS11_MODULE_PATH}" ]; then + ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." + fi + if [ ! -e "${PKCS11_MODULE_PATH}" ]; then + ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing." + fi } export -f cs_check_env @@ -34,8 +34,8 @@ export -f cs_check_env # and --pin options shall not be set. # softhsm_pkcs11_tool_init() { - cs_check_env - pkcs11-tool --module "${PKCS11_MODULE_PATH}" $* + cs_check_env + pkcs11-tool --module "${PKCS11_MODULE_PATH}" $* } export -f softhsm_pkcs11_tool_init @@ -45,7 +45,7 @@ export -f softhsm_pkcs11_tool_init # Wrapper around pkcs11-tool. Adds --login and --pin options # softhsm_pkcs11_tool() { - softhsm_pkcs11_tool_init --login --pin 1111 $* + softhsm_pkcs11_tool_init --login --pin 1111 $* } export -f softhsm_pkcs11_tool @@ -55,9 +55,9 @@ export -f softhsm_pkcs11_tool # Initialize variables used in the code signing functions. Internal. # cs_init_variables() { - sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)" - keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)" - keydir="${sysroot}/var/lib/keys/${keyprovider}" + sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)" + keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)" + keydir="${sysroot}/var/lib/keys/${keyprovider}" } export -f cs_init_variables @@ -67,20 +67,20 @@ export -f cs_init_variables # Initialize SoftHSM and set the initial pin # cs_init_softhsm() { - cs_check_env - cs_init_variables - local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}" + cs_check_env + cs_init_variables + local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}" - rm -rf "${shsm_keys}" && - rm -rf "${keydir}" && + rm -rf "${shsm_keys}" && + rm -rf "${keydir}" && - sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \ - ${SOFTHSM2_CONF} && + sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \ + ${SOFTHSM2_CONF} && - mkdir -p "${shsm_keys}" && + mkdir -p "${shsm_keys}" && - softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin 0000 && - softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin + softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin 0000 && + softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin } export -f cs_init_softhsm @@ -90,12 +90,12 @@ export -f cs_init_softhsm # Define a new key role. # cs_define_role() { - local role="${1}" - cs_init_variables + local role="${1}" + cs_init_variables - mkdir -p "${keydir}/${role}" && - # default for SoftHSM - cs_set_uri "${role}" "pkcs11:token=${keyprovider};object=${role};pin-value=1111" + mkdir -p "${keydir}/${role}" && + # default for SoftHSM + cs_set_uri "${role}" "pkcs11:token=${keyprovider};object=${role};pin-value=1111" } export -f cs_define_role @@ -105,11 +105,11 @@ export -f cs_define_role # Define a new role group. # cs_define_group() { - local group="${1}" - cs_init_variables + local group="${1}" + cs_init_variables - mkdir -p "${keydir}/${group}.group" && - rm -f "${keydir}/${group}.group/roles" + mkdir -p "${keydir}/${group}.group" && + rm -f "${keydir}/${group}.group/roles" } export -f cs_define_group @@ -119,15 +119,15 @@ export -f cs_define_group # Set the roles for a group # cs_group_add_roles() { - local group="${1}" - shift - cs_init_variables + local group="${1}" + shift + cs_init_variables - local orig_IFS="${IFS}" - IFS=" + local orig_IFS="${IFS}" + IFS=" " - echo "${*}" >> "${keydir}/${group}.group/roles" && - IFS=${orig_IFS} + echo "${*}" >> "${keydir}/${group}.group/roles" && + IFS=${orig_IFS} } export -f cs_group_add_roles @@ -137,10 +137,10 @@ export -f cs_group_add_roles # Gets the roles of a group # cs_group_get_roles() { - local group="${1}" - cs_init_variables + local group="${1}" + cs_init_variables - cat "${keydir}/${group}.group/roles" + cat "${keydir}/${group}.group/roles" } export -f cs_group_get_roles @@ -150,11 +150,11 @@ export -f cs_group_get_roles # Set the uri for a role # cs_set_uri() { - local role="${1}" - local uri="${2}" - cs_init_variables + local role="${1}" + local uri="${2}" + cs_init_variables - echo "${uri}" > "${keydir}/${role}/uri" + echo "${uri}" > "${keydir}/${role}/uri" } export -f cs_set_uri @@ -164,22 +164,22 @@ export -f cs_set_uri # Get the uri from a role # cs_get_uri() { - local role="${1}" - cs_init_variables - - if [ ! -f "${keydir}/${role}/uri" ]; then - if [ ${#FUNCNAME[*]} -gt 1 ]; then - ptxd_bailout "No PKCS#11 URI for role ${role}" - else - # cs_get_uri was called directly from make prior to cs_set_uri, - # which may not be an error if it is evaluated early *and* later - # again - return a unique error string in case it is not expected - # and a user stumbles upon this - echo "ERROR_URI_NOT_YET_SET" - return + local role="${1}" + cs_init_variables + + if [ ! -f "${keydir}/${role}/uri" ]; then + if [ ${#FUNCNAME[*]} -gt 1 ]; then + ptxd_bailout "No PKCS#11 URI for role ${role}" + else + # cs_get_uri was called directly from make prior to cs_set_uri, + # which may not be an error if it is evaluated early *and* later + # again - return a unique error string in case it is not expected + # and a user stumbles upon this + echo "ERROR_URI_NOT_YET_SET" + return + fi fi - fi - cat "${keydir}/${role}/uri" + cat "${keydir}/${role}/uri" } export -f cs_get_uri @@ -190,11 +190,11 @@ export -f cs_get_uri # with SoftHSM. # cs_import_cert_from_der() { - local role="${1}" - local der="${2}" - cs_init_variables + local role="${1}" + local der="${2}" + cs_init_variables - softhsm_pkcs11_tool --type cert --write-object "${der}" --label "${role}" + softhsm_pkcs11_tool --type cert --write-object "${der}" --label "${role}" } export -f cs_import_cert_from_der @@ -205,14 +205,14 @@ export -f cs_import_cert_from_der # with SoftHSM. # cs_import_cert_from_pem() { - local role="${1}" - local pem="${2}" - cs_init_variables - - openssl x509 \ - "${openssl_keyopt[@]}" \ - -in "${pem}" -inform pem -outform der | - softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}" + local role="${1}" + local pem="${2}" + cs_init_variables + + openssl x509 \ + "${openssl_keyopt[@]}" \ + -in "${pem}" -inform pem -outform der | + softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}" } export -f cs_import_cert_from_pem @@ -223,20 +223,20 @@ export -f cs_import_cert_from_pem # with SoftHSM. # cs_import_pubkey_from_pem() { - local -a openssl_keyopt - local role="${1}" - local pem="${2}" - cs_init_variables - - if [ -n "${OPENSSL_KEYPASS}" ]; then - openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) - fi - - openssl rsa \ - "${openssl_keyopt[@]}" \ - -in "${pem}" -inform pem -pubout -outform der | - softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label "${role}" - check_pipe_status + local -a openssl_keyopt + local role="${1}" + local pem="${2}" + cs_init_variables + + if [ -n "${OPENSSL_KEYPASS}" ]; then + openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) + fi + + openssl rsa \ + "${openssl_keyopt[@]}" \ + -in "${pem}" -inform pem -pubout -outform der | + softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label "${role}" + check_pipe_status } export -f cs_import_pubkey_from_pem @@ -247,20 +247,20 @@ export -f cs_import_pubkey_from_pem # with SoftHSM. # cs_import_privkey_from_pem() { - local -a openssl_keyopt - local role="${1}" - local pem="${2}" - cs_init_variables - - if [ -n "${OPENSSL_KEYPASS}" ]; then - openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) - fi - - openssl rsa \ - "${openssl_keyopt[@]}" \ - -in "${pem}" -inform pem -outform der | - softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label "${role}" - check_pipe_status + local -a openssl_keyopt + local role="${1}" + local pem="${2}" + cs_init_variables + + if [ -n "${OPENSSL_KEYPASS}" ]; then + openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) + fi + + openssl rsa \ + "${openssl_keyopt[@]}" \ + -in "${pem}" -inform pem -outform der | + softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label "${role}" + check_pipe_status } export -f cs_import_privkey_from_pem @@ -271,11 +271,11 @@ export -f cs_import_privkey_from_pem # with SoftHSM. # cs_import_key_from_pem() { - local role="${1}" - local pem="${2}" + local role="${1}" + local pem="${2}" - cs_import_pubkey_from_pem "${role}" "${pem}" - cs_import_privkey_from_pem "${role}" "${pem}" + cs_import_pubkey_from_pem "${role}" "${pem}" + cs_import_privkey_from_pem "${role}" "${pem}" } export -f cs_import_key_from_pem @@ -285,16 +285,16 @@ export -f cs_import_key_from_pem # Get the path to the CA in pem format from a role # cs_get_ca() { - local role="${1}" - cs_init_variables + local role="${1}" + cs_init_variables - local ca="${keydir}/${role}/ca.pem" + local ca="${keydir}/${role}/ca.pem" - if [ ! -e "${ca}" ]; then - echo "ERROR_CA_NOT_YET_SET" - return 1 - fi - echo "${ca}" + if [ ! -e "${ca}" ]; then + echo "ERROR_CA_NOT_YET_SET" + return 1 + fi + echo "${ca}" } export -f cs_get_ca @@ -304,13 +304,13 @@ export -f cs_get_ca # Append PEM to CA for a role # cs_append_ca_from_pem() { - local role="${1}" - local pem="${2}" - cs_init_variables + local role="${1}" + local pem="${2}" + cs_init_variables - cat "${pem}" >> "${keydir}/${role}/ca.pem" - # add new line in case ${pem} does not end with an EOL - echo >> "${keydir}/${role}/ca.pem" + cat "${pem}" >> "${keydir}/${role}/ca.pem" + # add new line in case ${pem} does not end with an EOL + echo >> "${keydir}/${role}/ca.pem" } export -f cs_append_ca_from_pem @@ -320,13 +320,13 @@ export -f cs_append_ca_from_pem # Append DER to CA for a role # cs_append_ca_from_der() { - local role="${1}" - local der="${2}" - cs_init_variables + local role="${1}" + local der="${2}" + cs_init_variables - ptxd_exec openssl x509 -inform der -in "${der}" \ - -out "${tmpdir}/ca.pem" && - cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem" + ptxd_exec openssl x509 -inform der -in "${der}" \ + -out "${tmpdir}/ca.pem" && + cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem" } export -f cs_append_ca_from_der @@ -336,16 +336,16 @@ export -f cs_append_ca_from_der # Append certificate specified by URI or by already set URI to CA for a role # cs_append_ca_from_uri() { - local role="${1}" - local uri="${2}" - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")" - cs_init_variables + local role="${1}" + local uri="${2}" + local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")" + cs_init_variables - if [ -z "${uri}" ]; then - uri=$(cs_get_uri "${role}") - fi + if [ -z "${uri}" ]; then + uri=$(cs_get_uri "${role}") + fi - ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" && - cs_append_ca_from_der "${role}" "${tmpdir}/ca.der" + ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" && + cs_append_ca_from_der "${role}" "${tmpdir}/ca.der" } export -f cs_append_ca_from_uri -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de