From: Marc Kleine-Budde <mkl@pengutronix.de> This patch changes cs_get_ca() to only output the CA if it actually exists, or print an error and return 1 instead. This makes it possible to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...)) conditional. Co-authored-by: Roland Hieber <rhi@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- PATCH v2 (rhi): - reorder from PATCH 3/n to PATCH 1/n - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael Olbrich) and also return 1 PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de --- scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index 3e1654bb36e4..0026cdc4dec0 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -243,7 +243,13 @@ cs_get_ca() { local role="${1}" cs_init_variables - echo "${keydir}/${role}/ca.pem" + local ca="${keydir}/${role}/ca.pem" + + if [ ! -e "${ca}" ]; then + echo "ERROR_CA_NOT_YET_SET" + return 1 + fi + echo "${ca}" } export -f cs_get_ca -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
From: Marc Kleine-Budde <mkl@pengutronix.de> A role group consists of one or more roles. It should be used where more than one role is needed, but the exact names and/or number of roles depend on the used code signing provider. For example the generation of the imx HABv4 fuse table can use 1 to 4 SRK keys as input. If the signing provider is an HSM, the current mechanism with continuous numbered URI may not work – role groups to the rescue. To make use of role groups, define roles as usual: | r="imx-habv4-srk1" | cs_define_role "${r}" | cs_set_uri "${r}" "pkcs11:object=SRK CA 0" | cs_append_ca_from_uri "${r}" | | r="imx-habv4-srk2" | cs_define_role "${r}" | cs_set_uri "${r}" "pkcs11:object=SRK CA 1" | cs_append_ca_from_uri "${r}" Now define a role group and add the roles to the group: | g="imx-habv4-srk" | cs_define_group "${g}" | cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" Use the function cs_group_get_roles() to get the roles of a group. In a later patch the function ptxd_make_imx_habv4_gen_table() is converted to make use $(cs_group_get_roles imx-habv4-srk) to get the roles of the imx-habv4-srk group. Co-authored-by: Roland Hieber <rhi@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- PATCH v2 (rhi): - reorder from PATCH 1/n to PATCH 2/n - be more concise and call the new concept "role groups" instead of the (less expressive) "code signing groups" or "key groups" - add API docs for new shell functions (feedback from myself) - rephrase and fix typos in commit message PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-1-mkl@pengutronix.de --- doc/dev_code_signing.rst | 5 ++ doc/ref_code_signing_helpers.rst | 79 ++++++++++++++++++++++++++++ scripts/lib/ptxd_lib_code_signing.sh | 45 ++++++++++++++++ 3 files changed, 129 insertions(+) diff --git a/doc/dev_code_signing.rst b/doc/dev_code_signing.rst index 56ac0e3b3217..1f43f2b60ade 100644 --- a/doc/dev_code_signing.rst +++ b/doc/dev_code_signing.rst @@ -19,6 +19,11 @@ development) the URIs are usually not hardcoded in the package configuration. Instead, PTXdist has the idea of **roles** which are string identifiers used to access a single private/public key pair and a certificate. +Roles can be grouped into **role groups**. +Role groups should be used where more than one role is needed, but the exact +names and/or number of roles depend on the concrete code signing provider. +For example, an i.MX HABv4 fuse table can contain up to four keys. + Finally, one or several **code signing providers** supply the mapping from roles to the respective key material or even provide it themselves for development. diff --git a/doc/ref_code_signing_helpers.rst b/doc/ref_code_signing_helpers.rst index f7928f52ebef..99a395b287c9 100644 --- a/doc/ref_code_signing_helpers.rst +++ b/doc/ref_code_signing_helpers.rst @@ -215,6 +215,85 @@ Preconditions: - when used with SoftHSM, certificates must have been imported before (see :ref:`cs_import_cert_from_der`, :ref:`cs_import_cert_from_pem`) +.. _cs_define_group: + +cs_define_group +^^^^^^^^^^^^^^^ + +Usage: + +.. code-block:: bash + + cs_define_group <group> + +Define a new role group. + +See :ref:`cs_group_add_roles` for an example. + +.. _cs_group_add_roles: + +cs_group_add_roles +^^^^^^^^^^^^^^^^^^ + +Usage: + +.. code-block:: bash + + cs_group_add_roles <group> <roles...> + +Add all given roles to a role group. + +Preconditions: + +- the group must have been defined (see :ref:`cs_define_group`) +- the role(s) must have been defined (see :ref:`cs_define_role`) + +Example: + +.. code-block:: bash + + # define two roles named imx-habv4-srk1 and imx-habv4-srk2 + r="imx-habv4-srk1" + cs_define_role "${r}" + cs_set_uri "${r}" "pkcs11:object=SRK CA 0" + cs_append_ca_from_uri "${r}" + r="imx-habv4-srk2" + cs_define_role "${r}" + cs_set_uri "${r}" "pkcs11:object=SRK CA 1" + cs_append_ca_from_uri "${r}" + + # define a group and add the roles + g="imx-habv4-srk" + cs_define_group "${g}" + cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" + +.. _cs_group_get_roles: + +cs_group_get_roles +^^^^^^^^^^^^^^^^^^ + +Usage: + +.. code-block:: bash + + cs_group_get_roles <group> + +Get a list of all roles that have been added to the role group. + +Example: + +.. code-block:: bash + + # iterate over role names in a role group, and print their name and URI + for role in $(cs_group_get_roles "imx-habv4-srk"); do + echo "role '${role}' has URI '$(cs_get_uri "${role}")'" + done + +In the example given in :ref:`cs_group_add_roles` above, this would print:: + + role 'imx-habv4-srk1' has URI 'pkcs11:object=SRK CA 0' + role 'imx-habv4-srk2' has URI 'pkcs11:object=SRK CA 1' + Consumer Functions ~~~~~~~~~~~~~~~~~~ diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index 0026cdc4dec0..ca101d635574 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -99,6 +99,51 @@ cs_define_role() { } export -f cs_define_role +# +# cs_define_group <group> +# +# Define a new role group. +# +cs_define_group() { + local group="${1}" + cs_init_variables + + mkdir -p "${keydir}/${group}.group" && + rm -f "${keydir}/${group}.group/roles" +} +export -f cs_define_group + +# +# cs_group_add_roles <group> <role> ... <role> +# +# Set the roles for a group +# +cs_group_add_roles() { + local group="${1}" + shift + cs_init_variables + + local orig_IFS="${IFS}" + IFS=" +" + echo "${*}" >> "${keydir}/${group}.group/roles" && + IFS=${orig_IFS} +} +export -f cs_group_add_roles + +# +# cs_group_get_roles <group> +# +# Gets the roles of a group +# +cs_group_get_roles() { + local group="${1}" + cs_init_variables + + cat "${keydir}/${group}.group/roles" +} +export -f cs_group_get_roles + # # cs_set_uri <role> <uri> # -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
From: Marc Kleine-Budde <mkl@pengutronix.de> Existing barebox-imx-habv4 recipes can still use the indexed 'imx-habv4-srk%d ' roles to fetch the SRK keys, but for compatibility with HSM use cases that don't supported indexed role names, set up a new role group that contains the roles. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- PATCH v2 (rhi): - split off code signing provider template changes from library and consumer changes (see next patch) to make patches easier to port to existing code signing providers PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-2-mkl@pengutronix.de --- .../templates/code-signing-provider/ptxdist-set-keys-hsm.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh index bcd531d69572..b94eff049eac 100755 --- a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh +++ b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh @@ -18,7 +18,7 @@ set_rauc_keys() { } set_imx_habv4_keys() { - local r + local r g # HSM use case, assuming it contains only 1st CSF/IMG key for i in 1 2 3 4; do @@ -28,6 +28,10 @@ set_imx_habv4_keys() { cs_append_ca_from_uri "${r}" done + g="imx-habv4-srk" + cs_define_group "${g}" + cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" "imx-habv4-srk3" "imx-habv4-srk4" + r="imx-habv4-csf1" cs_define_role ${r} cs_set_uri "${r}" "pkcs11:token=foo;object=csf1" -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
From: Marc Kleine-Budde <mkl@pengutronix.de> The previous patch taught new code signing providers to set up the 'imx-habv4-srk' role group. This patch uses it for the barebox-imx-habv4 recipe. Keep backwards compatibility with the old way of using indexed role names in the library part, so existing recipes can still work with ptxd_make_imx_habv4_gen_table() if their code signing provider sets up the roles appropriately. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- PATCH v2 (rhi): - split up code signing provider template changes (see previous patch) from lib and consumer changes - fix ptxd_make_imx_habv4_gen_table() documentation comments PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-2-mkl@pengutronix.de --- .../templates/template-barebox-imx-habv4-make | 2 +- scripts/lib/ptxd_lib_imx_hab.sh | 49 ++++++++++++++----- 2 files changed, 37 insertions(+), 14 deletions(-) diff --git a/rules/templates/template-barebox-imx-habv4-make b/rules/templates/template-barebox-imx-habv4-make index eb752c8349d9..cc825dc90292 100644 --- a/rules/templates/template-barebox-imx-habv4-make +++ b/rules/templates/template-barebox-imx-habv4-make @@ -74,7 +74,7 @@ $(STATEDIR)/barebox-@package@.compile: @$(call targetinfo) @$(call world/env, BAREBOX_@PACKAGE@) \ - ptxd_make_imx_habv4_gen_table "imx-habv4-srk%d" 4 + ptxd_make_imx_habv4_gen_table imx-habv4-srk @$(call world/compile, BAREBOX_@PACKAGE@) diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh index d1e2aba99fab..fa5b3e2c1439 100644 --- a/scripts/lib/ptxd_lib_imx_hab.sh +++ b/scripts/lib/ptxd_lib_imx_hab.sh @@ -9,12 +9,14 @@ # # ptxd_make_imx_habv4_gen_table - generate the srk fuse file and srk table for i.MX HABv4 # -# usage: ptxd_make_imx_habv4_gen_table <template> [<srk_count>] +# usage: ptxd_make_imx_habv4_gen_table <role group> +# ptxd_make_imx_habv4_gen_table <template> [<srk_count>] # +# role group: the group that specifies all roles to access the keys # template: the role template to access the keys. Must contain a "%d" which is # used as index -# srk_count: the number of keys (keys with index 1..srk_count will be used), -# defaults to 4 +# srk_count: only when using <template>: the number of keys (keys with index +# 1..srk_count will be used), defaults to 4 # # The output files are generated in the package build dir: # @@ -25,25 +27,46 @@ # This will contain the srk hash which must be written to the fuses # ptxd_make_imx_habv4_gen_table_impl() { + local group="${1}" local template="${1}" local srk_count="${2}" local table_bin="${pkg_build_dir}/imx-srk-table.bin" local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" local -a certs + local i - if [ -z "${srk_count}" ]; then - srk_count=4 - fi + case "${template}" in + *%d*) # <template> [<srk_count>] + if [ -z "${srk_count}" ]; then + srk_count=4 + fi - if [ "${srk_count}" -gt 4 ]; then - ptxd_bailout "HABv4 allows only 4 certificates" - fi + if [ "${srk_count}" -gt 4 ]; then + ptxd_bailout "HABv4 allows only 4 certificates" + fi - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" + for i in $(seq ${srk_count}); do + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" + done + ;; + + *) # <role group> + local -a roles=( $(cs_group_get_roles "${group}") ) + + if [ "${#roles[@]}" -eq 0 ]; then + ptxd_bailout "Failed to get roles for group '${group}'" + fi - for i in $(seq ${srk_count}); do - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" - done + if [ "${#roles[@]}" -gt 4 ]; then + ptxd_bailout "HABv4 allows only 4 certificates" + fi + + for i in "${roles[@]}"; do + certs[${#certs[*]}]="$(cs_get_ca "${i}")" + done + esac + + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" local orig_IFS="${IFS}" IFS="," -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
With this version, host-ptx-code-signing-dev sets up the new role groups imx-habv4-srk, imx-habv4-csf and imx-habv4-img. Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- PATCH v2 (rhi): - new patch in v2 (feedback from Michael Olbrich) --- rules/host-ptx-code-signing-dev.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/host-ptx-code-signing-dev.make b/rules/host-ptx-code-signing-dev.make index af7a774bc9a4..2314f88c2d88 100644 --- a/rules/host-ptx-code-signing-dev.make +++ b/rules/host-ptx-code-signing-dev.make @@ -14,8 +14,8 @@ HOST_PACKAGES-$(PTXCONF_HOST_PTX_CODE_SIGNING_DEV) += host-ptx-code-signing-dev # # Paths and names # -HOST_PTX_CODE_SIGNING_DEV_VERSION := 0.4 -HOST_PTX_CODE_SIGNING_DEV_MD5 := 853ac0147adc0b46dc695e16a7101aaa +HOST_PTX_CODE_SIGNING_DEV_VERSION := 0.5 +HOST_PTX_CODE_SIGNING_DEV_MD5 := ec83c9225c520932b515a7c3b353d149 HOST_PTX_CODE_SIGNING_DEV := ptx-code-signing-dev-$(HOST_PTX_CODE_SIGNING_DEV_VERSION) HOST_PTX_CODE_SIGNING_DEV_SUFFIX := tar.gz HOST_PTX_CODE_SIGNING_DEV_URL := https://git.pengutronix.de/cgit/ptx-code-signing-dev/snapshot/$(HOST_PTX_CODE_SIGNING_DEV).$(HOST_PTX_CODE_SIGNING_DEV_SUFFIX) -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs and spaces. Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- PATCH v2 (rhi): - new patch in v2 - not essential, but slowly start fixing indentation in scripts/lib - git show -w is empty --- scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++----------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh index fa5b3e2c1439..7af2b1112855 100644 --- a/scripts/lib/ptxd_lib_imx_hab.sh +++ b/scripts/lib/ptxd_lib_imx_hab.sh @@ -27,64 +27,64 @@ # This will contain the srk hash which must be written to the fuses # ptxd_make_imx_habv4_gen_table_impl() { - local group="${1}" - local template="${1}" - local srk_count="${2}" - local table_bin="${pkg_build_dir}/imx-srk-table.bin" - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" - local -a certs - local i + local group="${1}" + local template="${1}" + local srk_count="${2}" + local table_bin="${pkg_build_dir}/imx-srk-table.bin" + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" + local -a certs + local i - case "${template}" in - *%d*) # <template> [<srk_count>] - if [ -z "${srk_count}" ]; then - srk_count=4 - fi + case "${template}" in + *%d*) # <template> [<srk_count>] + if [ -z "${srk_count}" ]; then + srk_count=4 + fi - if [ "${srk_count}" -gt 4 ]; then - ptxd_bailout "HABv4 allows only 4 certificates" - fi + if [ "${srk_count}" -gt 4 ]; then + ptxd_bailout "HABv4 allows only 4 certificates" + fi - for i in $(seq ${srk_count}); do - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" - done - ;; + for i in $(seq ${srk_count}); do + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" + done + ;; - *) # <role group> - local -a roles=( $(cs_group_get_roles "${group}") ) + *) # <role group> + local -a roles=( $(cs_group_get_roles "${group}") ) - if [ "${#roles[@]}" -eq 0 ]; then - ptxd_bailout "Failed to get roles for group '${group}'" - fi + if [ "${#roles[@]}" -eq 0 ]; then + ptxd_bailout "Failed to get roles for group '${group}'" + fi - if [ "${#roles[@]}" -gt 4 ]; then - ptxd_bailout "HABv4 allows only 4 certificates" - fi + if [ "${#roles[@]}" -gt 4 ]; then + ptxd_bailout "HABv4 allows only 4 certificates" + fi - for i in "${roles[@]}"; do - certs[${#certs[*]}]="$(cs_get_ca "${i}")" - done - esac + for i in "${roles[@]}"; do + certs[${#certs[*]}]="$(cs_get_ca "${i}")" + done + esac - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" - local orig_IFS="${IFS}" - IFS="," - certs="${certs[*]}" - IFS="${orig_IFS}" + local orig_IFS="${IFS}" + IFS="," + certs="${certs[*]}" + IFS="${orig_IFS}" - ptxd_exec srktool --hab_ver 4 \ - --table "${table_bin}" \ - --efuses "${srk_fuse_bin}" \ - --digest sha256 \ - --certs "${certs}" + ptxd_exec srktool --hab_ver 4 \ + --table "${table_bin}" \ + --efuses "${srk_fuse_bin}" \ + --digest sha256 \ + --certs "${certs}" } export -f ptxd_make_imx_habv4_gen_table_impl ptxd_make_imx_habv4_gen_table() { - ptxd_make_world_init && + ptxd_make_world_init && - ptxd_eval \ + ptxd_eval \ "${pkg_make_env}" \ ptxd_make_imx_habv4_gen_table_impl "${@}" } -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs and spaces. Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- PATCH v2 (rhi): - new patch in v2 - not essential, but slowly start fixing indentation in scripts/lib - git show -w is empty --- scripts/lib/ptxd_lib_code_signing.sh | 278 +++++++++++++-------------- 1 file changed, 139 insertions(+), 139 deletions(-) diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index ca101d635574..4056ee15080e 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -12,18 +12,18 @@ # cs_check_env() { - if [ -z "${SOFTHSM2_CONF}" ]; then - ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." - fi - if [ ! -e "${SOFTHSM2_CONF}" ]; then - ptxd_bailout "'${SOFTHSM2_CONF}' is missing." - fi - if [ -z "${PKCS11_MODULE_PATH}" ]; then - ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." - fi - if [ ! -e "${PKCS11_MODULE_PATH}" ]; then - ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing." - fi + if [ -z "${SOFTHSM2_CONF}" ]; then + ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." + fi + if [ ! -e "${SOFTHSM2_CONF}" ]; then + ptxd_bailout "'${SOFTHSM2_CONF}' is missing." + fi + if [ -z "${PKCS11_MODULE_PATH}" ]; then + ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe \$(CODE_SIGNING_ENV) is not used." + fi + if [ ! -e "${PKCS11_MODULE_PATH}" ]; then + ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing." + fi } export -f cs_check_env @@ -34,8 +34,8 @@ export -f cs_check_env # and --pin options shall not be set. # softhsm_pkcs11_tool_init() { - cs_check_env - pkcs11-tool --module "${PKCS11_MODULE_PATH}" $* + cs_check_env + pkcs11-tool --module "${PKCS11_MODULE_PATH}" $* } export -f softhsm_pkcs11_tool_init @@ -45,7 +45,7 @@ export -f softhsm_pkcs11_tool_init # Wrapper around pkcs11-tool. Adds --login and --pin options # softhsm_pkcs11_tool() { - softhsm_pkcs11_tool_init --login --pin 1111 $* + softhsm_pkcs11_tool_init --login --pin 1111 $* } export -f softhsm_pkcs11_tool @@ -55,9 +55,9 @@ export -f softhsm_pkcs11_tool # Initialize variables used in the code signing functions. Internal. # cs_init_variables() { - sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)" - keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)" - keydir="${sysroot}/var/lib/keys/${keyprovider}" + sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)" + keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)" + keydir="${sysroot}/var/lib/keys/${keyprovider}" } export -f cs_init_variables @@ -67,20 +67,20 @@ export -f cs_init_variables # Initialize SoftHSM and set the initial pin # cs_init_softhsm() { - cs_check_env - cs_init_variables - local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}" + cs_check_env + cs_init_variables + local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}" - rm -rf "${shsm_keys}" && - rm -rf "${keydir}" && + rm -rf "${shsm_keys}" && + rm -rf "${keydir}" && - sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \ - ${SOFTHSM2_CONF} && + sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \ + ${SOFTHSM2_CONF} && - mkdir -p "${shsm_keys}" && + mkdir -p "${shsm_keys}" && - softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin 0000 && - softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin + softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin 0000 && + softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin } export -f cs_init_softhsm @@ -90,12 +90,12 @@ export -f cs_init_softhsm # Define a new key role. # cs_define_role() { - local role="${1}" - cs_init_variables + local role="${1}" + cs_init_variables - mkdir -p "${keydir}/${role}" && - # default for SoftHSM - cs_set_uri "${role}" "pkcs11:token=${keyprovider};object=${role};pin-value=1111" + mkdir -p "${keydir}/${role}" && + # default for SoftHSM + cs_set_uri "${role}" "pkcs11:token=${keyprovider};object=${role};pin-value=1111" } export -f cs_define_role @@ -105,11 +105,11 @@ export -f cs_define_role # Define a new role group. # cs_define_group() { - local group="${1}" - cs_init_variables + local group="${1}" + cs_init_variables - mkdir -p "${keydir}/${group}.group" && - rm -f "${keydir}/${group}.group/roles" + mkdir -p "${keydir}/${group}.group" && + rm -f "${keydir}/${group}.group/roles" } export -f cs_define_group @@ -119,15 +119,15 @@ export -f cs_define_group # Set the roles for a group # cs_group_add_roles() { - local group="${1}" - shift - cs_init_variables + local group="${1}" + shift + cs_init_variables - local orig_IFS="${IFS}" - IFS=" + local orig_IFS="${IFS}" + IFS=" " - echo "${*}" >> "${keydir}/${group}.group/roles" && - IFS=${orig_IFS} + echo "${*}" >> "${keydir}/${group}.group/roles" && + IFS=${orig_IFS} } export -f cs_group_add_roles @@ -137,10 +137,10 @@ export -f cs_group_add_roles # Gets the roles of a group # cs_group_get_roles() { - local group="${1}" - cs_init_variables + local group="${1}" + cs_init_variables - cat "${keydir}/${group}.group/roles" + cat "${keydir}/${group}.group/roles" } export -f cs_group_get_roles @@ -150,11 +150,11 @@ export -f cs_group_get_roles # Set the uri for a role # cs_set_uri() { - local role="${1}" - local uri="${2}" - cs_init_variables + local role="${1}" + local uri="${2}" + cs_init_variables - echo "${uri}" > "${keydir}/${role}/uri" + echo "${uri}" > "${keydir}/${role}/uri" } export -f cs_set_uri @@ -164,22 +164,22 @@ export -f cs_set_uri # Get the uri from a role # cs_get_uri() { - local role="${1}" - cs_init_variables - - if [ ! -f "${keydir}/${role}/uri" ]; then - if [ ${#FUNCNAME[*]} -gt 1 ]; then - ptxd_bailout "No PKCS#11 URI for role ${role}" - else - # cs_get_uri was called directly from make prior to cs_set_uri, - # which may not be an error if it is evaluated early *and* later - # again - return a unique error string in case it is not expected - # and a user stumbles upon this - echo "ERROR_URI_NOT_YET_SET" - return + local role="${1}" + cs_init_variables + + if [ ! -f "${keydir}/${role}/uri" ]; then + if [ ${#FUNCNAME[*]} -gt 1 ]; then + ptxd_bailout "No PKCS#11 URI for role ${role}" + else + # cs_get_uri was called directly from make prior to cs_set_uri, + # which may not be an error if it is evaluated early *and* later + # again - return a unique error string in case it is not expected + # and a user stumbles upon this + echo "ERROR_URI_NOT_YET_SET" + return + fi fi - fi - cat "${keydir}/${role}/uri" + cat "${keydir}/${role}/uri" } export -f cs_get_uri @@ -190,11 +190,11 @@ export -f cs_get_uri # with SoftHSM. # cs_import_cert_from_der() { - local role="${1}" - local der="${2}" - cs_init_variables + local role="${1}" + local der="${2}" + cs_init_variables - softhsm_pkcs11_tool --type cert --write-object "${der}" --label "${role}" + softhsm_pkcs11_tool --type cert --write-object "${der}" --label "${role}" } export -f cs_import_cert_from_der @@ -205,14 +205,14 @@ export -f cs_import_cert_from_der # with SoftHSM. # cs_import_cert_from_pem() { - local role="${1}" - local pem="${2}" - cs_init_variables - - openssl x509 \ - "${openssl_keyopt[@]}" \ - -in "${pem}" -inform pem -outform der | - softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}" + local role="${1}" + local pem="${2}" + cs_init_variables + + openssl x509 \ + "${openssl_keyopt[@]}" \ + -in "${pem}" -inform pem -outform der | + softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}" } export -f cs_import_cert_from_pem @@ -223,20 +223,20 @@ export -f cs_import_cert_from_pem # with SoftHSM. # cs_import_pubkey_from_pem() { - local -a openssl_keyopt - local role="${1}" - local pem="${2}" - cs_init_variables - - if [ -n "${OPENSSL_KEYPASS}" ]; then - openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) - fi - - openssl rsa \ - "${openssl_keyopt[@]}" \ - -in "${pem}" -inform pem -pubout -outform der | - softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label "${role}" - check_pipe_status + local -a openssl_keyopt + local role="${1}" + local pem="${2}" + cs_init_variables + + if [ -n "${OPENSSL_KEYPASS}" ]; then + openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) + fi + + openssl rsa \ + "${openssl_keyopt[@]}" \ + -in "${pem}" -inform pem -pubout -outform der | + softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label "${role}" + check_pipe_status } export -f cs_import_pubkey_from_pem @@ -247,20 +247,20 @@ export -f cs_import_pubkey_from_pem # with SoftHSM. # cs_import_privkey_from_pem() { - local -a openssl_keyopt - local role="${1}" - local pem="${2}" - cs_init_variables - - if [ -n "${OPENSSL_KEYPASS}" ]; then - openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) - fi - - openssl rsa \ - "${openssl_keyopt[@]}" \ - -in "${pem}" -inform pem -outform der | - softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label "${role}" - check_pipe_status + local -a openssl_keyopt + local role="${1}" + local pem="${2}" + cs_init_variables + + if [ -n "${OPENSSL_KEYPASS}" ]; then + openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" ) + fi + + openssl rsa \ + "${openssl_keyopt[@]}" \ + -in "${pem}" -inform pem -outform der | + softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label "${role}" + check_pipe_status } export -f cs_import_privkey_from_pem @@ -271,11 +271,11 @@ export -f cs_import_privkey_from_pem # with SoftHSM. # cs_import_key_from_pem() { - local role="${1}" - local pem="${2}" + local role="${1}" + local pem="${2}" - cs_import_pubkey_from_pem "${role}" "${pem}" - cs_import_privkey_from_pem "${role}" "${pem}" + cs_import_pubkey_from_pem "${role}" "${pem}" + cs_import_privkey_from_pem "${role}" "${pem}" } export -f cs_import_key_from_pem @@ -285,16 +285,16 @@ export -f cs_import_key_from_pem # Get the path to the CA in pem format from a role # cs_get_ca() { - local role="${1}" - cs_init_variables + local role="${1}" + cs_init_variables - local ca="${keydir}/${role}/ca.pem" + local ca="${keydir}/${role}/ca.pem" - if [ ! -e "${ca}" ]; then - echo "ERROR_CA_NOT_YET_SET" - return 1 - fi - echo "${ca}" + if [ ! -e "${ca}" ]; then + echo "ERROR_CA_NOT_YET_SET" + return 1 + fi + echo "${ca}" } export -f cs_get_ca @@ -304,13 +304,13 @@ export -f cs_get_ca # Append PEM to CA for a role # cs_append_ca_from_pem() { - local role="${1}" - local pem="${2}" - cs_init_variables + local role="${1}" + local pem="${2}" + cs_init_variables - cat "${pem}" >> "${keydir}/${role}/ca.pem" - # add new line in case ${pem} does not end with an EOL - echo >> "${keydir}/${role}/ca.pem" + cat "${pem}" >> "${keydir}/${role}/ca.pem" + # add new line in case ${pem} does not end with an EOL + echo >> "${keydir}/${role}/ca.pem" } export -f cs_append_ca_from_pem @@ -320,13 +320,13 @@ export -f cs_append_ca_from_pem # Append DER to CA for a role # cs_append_ca_from_der() { - local role="${1}" - local der="${2}" - cs_init_variables + local role="${1}" + local der="${2}" + cs_init_variables - ptxd_exec openssl x509 -inform der -in "${der}" \ - -out "${tmpdir}/ca.pem" && - cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem" + ptxd_exec openssl x509 -inform der -in "${der}" \ + -out "${tmpdir}/ca.pem" && + cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem" } export -f cs_append_ca_from_der @@ -336,16 +336,16 @@ export -f cs_append_ca_from_der # Append certificate specified by URI or by already set URI to CA for a role # cs_append_ca_from_uri() { - local role="${1}" - local uri="${2}" - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")" - cs_init_variables + local role="${1}" + local uri="${2}" + local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")" + cs_init_variables - if [ -z "${uri}" ]; then - uri=$(cs_get_uri "${role}") - fi + if [ -z "${uri}" ]; then + uri=$(cs_get_uri "${role}") + fi - ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" && - cs_append_ca_from_der "${role}" "${tmpdir}/ca.der" + ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" && + cs_append_ca_from_der "${role}" "${tmpdir}/ca.der" } export -f cs_append_ca_from_uri -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote: > From: Marc Kleine-Budde <mkl@pengutronix.de> > > This patch changes cs_get_ca() to only output the CA if it actually > exists, or print an error and return 1 instead. This makes it possible > to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...)) > conditional. > > Co-authored-by: Roland Hieber <rhi@pengutronix.de> > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > --- > PATCH v2 (rhi): > - reorder from PATCH 3/n to PATCH 1/n > - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael > Olbrich) and also return 1 > > PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de > --- > scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh > index 3e1654bb36e4..0026cdc4dec0 100644 > --- a/scripts/lib/ptxd_lib_code_signing.sh > +++ b/scripts/lib/ptxd_lib_code_signing.sh > @@ -243,7 +243,13 @@ cs_get_ca() { > local role="${1}" > cs_init_variables > > - echo "${keydir}/${role}/ca.pem" > + local ca="${keydir}/${role}/ca.pem" > + > + if [ ! -e "${ca}" ]; then This is not what I suggested. I think this breaks the use-case described in the patch description: An empty string should be returned when the key setup is done but nothing was added to the CA. I'm quite certain, that the file does not exist in this case. You need to check for '[ ! -d "${keydir}" ]'. Michael > + echo "ERROR_CA_NOT_YET_SET" > + return 1 > + fi > + echo "${ca}" > } > export -f cs_get_ca > > -- > 2.30.2 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote: > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs > and spaces. No. Everything is scripts is indented this way: Indention is 4 Spaces tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way :-). Michael > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > --- > PATCH v2 (rhi): > - new patch in v2 > - not essential, but slowly start fixing indentation in scripts/lib > - git show -w is empty > --- > scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++----------------- > 1 file changed, 43 insertions(+), 43 deletions(-) > > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > index fa5b3e2c1439..7af2b1112855 100644 > --- a/scripts/lib/ptxd_lib_imx_hab.sh > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > @@ -27,64 +27,64 @@ > # This will contain the srk hash which must be written to the fuses > # > ptxd_make_imx_habv4_gen_table_impl() { > - local group="${1}" > - local template="${1}" > - local srk_count="${2}" > - local table_bin="${pkg_build_dir}/imx-srk-table.bin" > - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > - local -a certs > - local i > + local group="${1}" > + local template="${1}" > + local srk_count="${2}" > + local table_bin="${pkg_build_dir}/imx-srk-table.bin" > + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > + local -a certs > + local i > > - case "${template}" in > - *%d*) # <template> [<srk_count>] > - if [ -z "${srk_count}" ]; then > - srk_count=4 > - fi > + case "${template}" in > + *%d*) # <template> [<srk_count>] > + if [ -z "${srk_count}" ]; then > + srk_count=4 > + fi > > - if [ "${srk_count}" -gt 4 ]; then > - ptxd_bailout "HABv4 allows only 4 certificates" > - fi > + if [ "${srk_count}" -gt 4 ]; then > + ptxd_bailout "HABv4 allows only 4 certificates" > + fi > > - for i in $(seq ${srk_count}); do > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > - done > - ;; > + for i in $(seq ${srk_count}); do > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > + done > + ;; > > - *) # <role group> > - local -a roles=( $(cs_group_get_roles "${group}") ) > + *) # <role group> > + local -a roles=( $(cs_group_get_roles "${group}") ) > > - if [ "${#roles[@]}" -eq 0 ]; then > - ptxd_bailout "Failed to get roles for group '${group}'" > - fi > + if [ "${#roles[@]}" -eq 0 ]; then > + ptxd_bailout "Failed to get roles for group '${group}'" > + fi > > - if [ "${#roles[@]}" -gt 4 ]; then > - ptxd_bailout "HABv4 allows only 4 certificates" > - fi > + if [ "${#roles[@]}" -gt 4 ]; then > + ptxd_bailout "HABv4 allows only 4 certificates" > + fi > > - for i in "${roles[@]}"; do > - certs[${#certs[*]}]="$(cs_get_ca "${i}")" > - done > - esac > + for i in "${roles[@]}"; do > + certs[${#certs[*]}]="$(cs_get_ca "${i}")" > + done > + esac > > - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > - local orig_IFS="${IFS}" > - IFS="," > - certs="${certs[*]}" > - IFS="${orig_IFS}" > + local orig_IFS="${IFS}" > + IFS="," > + certs="${certs[*]}" > + IFS="${orig_IFS}" > > - ptxd_exec srktool --hab_ver 4 \ > - --table "${table_bin}" \ > - --efuses "${srk_fuse_bin}" \ > - --digest sha256 \ > - --certs "${certs}" > + ptxd_exec srktool --hab_ver 4 \ > + --table "${table_bin}" \ > + --efuses "${srk_fuse_bin}" \ > + --digest sha256 \ > + --certs "${certs}" > } > export -f ptxd_make_imx_habv4_gen_table_impl > > ptxd_make_imx_habv4_gen_table() { > - ptxd_make_world_init && > + ptxd_make_world_init && > > - ptxd_eval \ > + ptxd_eval \ > "${pkg_make_env}" \ > ptxd_make_imx_habv4_gen_table_impl "${@}" > } > -- > 2.30.2 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Mon, Jun 28, 2021 at 08:42:13AM +0200, Michael Olbrich wrote: > On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote: > > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs > > and spaces. > > No. Everything is scripts is indented this way: Indention is 4 Spaces > tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way > :-). So because it started this way it can never be changed? - Roland > > Michael > > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > --- > > PATCH v2 (rhi): > > - new patch in v2 > > - not essential, but slowly start fixing indentation in scripts/lib > > - git show -w is empty > > --- > > scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++----------------- > > 1 file changed, 43 insertions(+), 43 deletions(-) > > > > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > > index fa5b3e2c1439..7af2b1112855 100644 > > --- a/scripts/lib/ptxd_lib_imx_hab.sh > > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > > @@ -27,64 +27,64 @@ > > # This will contain the srk hash which must be written to the fuses > > # > > ptxd_make_imx_habv4_gen_table_impl() { > > - local group="${1}" > > - local template="${1}" > > - local srk_count="${2}" > > - local table_bin="${pkg_build_dir}/imx-srk-table.bin" > > - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > > - local -a certs > > - local i > > + local group="${1}" > > + local template="${1}" > > + local srk_count="${2}" > > + local table_bin="${pkg_build_dir}/imx-srk-table.bin" > > + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > > + local -a certs > > + local i > > > > - case "${template}" in > > - *%d*) # <template> [<srk_count>] > > - if [ -z "${srk_count}" ]; then > > - srk_count=4 > > - fi > > + case "${template}" in > > + *%d*) # <template> [<srk_count>] > > + if [ -z "${srk_count}" ]; then > > + srk_count=4 > > + fi > > > > - if [ "${srk_count}" -gt 4 ]; then > > - ptxd_bailout "HABv4 allows only 4 certificates" > > - fi > > + if [ "${srk_count}" -gt 4 ]; then > > + ptxd_bailout "HABv4 allows only 4 certificates" > > + fi > > > > - for i in $(seq ${srk_count}); do > > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > > - done > > - ;; > > + for i in $(seq ${srk_count}); do > > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > > + done > > + ;; > > > > - *) # <role group> > > - local -a roles=( $(cs_group_get_roles "${group}") ) > > + *) # <role group> > > + local -a roles=( $(cs_group_get_roles "${group}") ) > > > > - if [ "${#roles[@]}" -eq 0 ]; then > > - ptxd_bailout "Failed to get roles for group '${group}'" > > - fi > > + if [ "${#roles[@]}" -eq 0 ]; then > > + ptxd_bailout "Failed to get roles for group '${group}'" > > + fi > > > > - if [ "${#roles[@]}" -gt 4 ]; then > > - ptxd_bailout "HABv4 allows only 4 certificates" > > - fi > > + if [ "${#roles[@]}" -gt 4 ]; then > > + ptxd_bailout "HABv4 allows only 4 certificates" > > + fi > > > > - for i in "${roles[@]}"; do > > - certs[${#certs[*]}]="$(cs_get_ca "${i}")" > > - done > > - esac > > + for i in "${roles[@]}"; do > > + certs[${#certs[*]}]="$(cs_get_ca "${i}")" > > + done > > + esac > > > > - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > > > - local orig_IFS="${IFS}" > > - IFS="," > > - certs="${certs[*]}" > > - IFS="${orig_IFS}" > > + local orig_IFS="${IFS}" > > + IFS="," > > + certs="${certs[*]}" > > + IFS="${orig_IFS}" > > > > - ptxd_exec srktool --hab_ver 4 \ > > - --table "${table_bin}" \ > > - --efuses "${srk_fuse_bin}" \ > > - --digest sha256 \ > > - --certs "${certs}" > > + ptxd_exec srktool --hab_ver 4 \ > > + --table "${table_bin}" \ > > + --efuses "${srk_fuse_bin}" \ > > + --digest sha256 \ > > + --certs "${certs}" > > } > > export -f ptxd_make_imx_habv4_gen_table_impl > > > > ptxd_make_imx_habv4_gen_table() { > > - ptxd_make_world_init && > > + ptxd_make_world_init && > > > > - ptxd_eval \ > > + ptxd_eval \ > > "${pkg_make_env}" \ > > ptxd_make_imx_habv4_gen_table_impl "${@}" > > } > > -- > > 2.30.2 > > > > > > _______________________________________________ > > ptxdist mailing list > > ptxdist@pengutronix.de > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > > > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Mon, Jun 28, 2021 at 08:38:25AM +0200, Michael Olbrich wrote: > On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote: > > From: Marc Kleine-Budde <mkl@pengutronix.de> > > > > This patch changes cs_get_ca() to only output the CA if it actually > > exists, or print an error and return 1 instead. This makes it possible > > to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...)) > > conditional. > > > > Co-authored-by: Roland Hieber <rhi@pengutronix.de> > > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > --- > > PATCH v2 (rhi): > > - reorder from PATCH 3/n to PATCH 1/n > > - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael > > Olbrich) and also return 1 > > > > PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de > > --- > > scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh > > index 3e1654bb36e4..0026cdc4dec0 100644 > > --- a/scripts/lib/ptxd_lib_code_signing.sh > > +++ b/scripts/lib/ptxd_lib_code_signing.sh > > @@ -243,7 +243,13 @@ cs_get_ca() { > > local role="${1}" > > cs_init_variables > > > > - echo "${keydir}/${role}/ca.pem" > > + local ca="${keydir}/${role}/ca.pem" > > + > > + if [ ! -e "${ca}" ]; then > > This is not what I suggested. I think this breaks the use-case described in > the patch description: > An empty string should be returned when the key setup is done but nothing > was added to the CA. I'm quite certain, that the file does not exist in > this case. You need to check for '[ ! -d "${keydir}" ]'. Hmm yes, my bad, that's even what you suggested in <https://lore.ptxdist.org/ptxdist/20210423063320.GE4162561@pengutronix.de/>… will fix it in v2. BTW, I like to get feedback mail as Cc into my inbox so I can keep a simple backlog of my still-to-be-done patches in addition to the PTXdist list mails, which go to a separate folder. (You often keep me in Cc, but somehow not always, but I think mutt should do this by default with the list-reply key binding …) - Roland > > Michael > > > + echo "ERROR_CA_NOT_YET_SET" > > + return 1 > > + fi > > + echo "${ca}" > > } > > export -f cs_get_ca > > > > -- > > 2.30.2 > > > > > > _______________________________________________ > > ptxdist mailing list > > ptxdist@pengutronix.de > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > > > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Thu, Jul 08, 2021 at 10:02:31PM +0200, Roland Hieber wrote: > On Mon, Jun 28, 2021 at 08:42:13AM +0200, Michael Olbrich wrote: > > On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote: > > > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs > > > and spaces. > > > > No. Everything is scripts is indented this way: Indention is 4 Spaces > > tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way > > :-). > > So because it started this way it can never be changed? If we change it, then everything and not a single file. And we should coordinate this, so that there are no pending patches somewhere. And I'm not convinced it's a good idea in general. I prefer indenting with just tabs as well, but it's more important for me that 'git blame' works well. Michael > > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > > --- > > > PATCH v2 (rhi): > > > - new patch in v2 > > > - not essential, but slowly start fixing indentation in scripts/lib > > > - git show -w is empty > > > --- > > > scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++----------------- > > > 1 file changed, 43 insertions(+), 43 deletions(-) > > > > > > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > > > index fa5b3e2c1439..7af2b1112855 100644 > > > --- a/scripts/lib/ptxd_lib_imx_hab.sh > > > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > > > @@ -27,64 +27,64 @@ > > > # This will contain the srk hash which must be written to the fuses > > > # > > > ptxd_make_imx_habv4_gen_table_impl() { > > > - local group="${1}" > > > - local template="${1}" > > > - local srk_count="${2}" > > > - local table_bin="${pkg_build_dir}/imx-srk-table.bin" > > > - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > > > - local -a certs > > > - local i > > > + local group="${1}" > > > + local template="${1}" > > > + local srk_count="${2}" > > > + local table_bin="${pkg_build_dir}/imx-srk-table.bin" > > > + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > > > + local -a certs > > > + local i > > > > > > - case "${template}" in > > > - *%d*) # <template> [<srk_count>] > > > - if [ -z "${srk_count}" ]; then > > > - srk_count=4 > > > - fi > > > + case "${template}" in > > > + *%d*) # <template> [<srk_count>] > > > + if [ -z "${srk_count}" ]; then > > > + srk_count=4 > > > + fi > > > > > > - if [ "${srk_count}" -gt 4 ]; then > > > - ptxd_bailout "HABv4 allows only 4 certificates" > > > - fi > > > + if [ "${srk_count}" -gt 4 ]; then > > > + ptxd_bailout "HABv4 allows only 4 certificates" > > > + fi > > > > > > - for i in $(seq ${srk_count}); do > > > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > > > - done > > > - ;; > > > + for i in $(seq ${srk_count}); do > > > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > > > + done > > > + ;; > > > > > > - *) # <role group> > > > - local -a roles=( $(cs_group_get_roles "${group}") ) > > > + *) # <role group> > > > + local -a roles=( $(cs_group_get_roles "${group}") ) > > > > > > - if [ "${#roles[@]}" -eq 0 ]; then > > > - ptxd_bailout "Failed to get roles for group '${group}'" > > > - fi > > > + if [ "${#roles[@]}" -eq 0 ]; then > > > + ptxd_bailout "Failed to get roles for group '${group}'" > > > + fi > > > > > > - if [ "${#roles[@]}" -gt 4 ]; then > > > - ptxd_bailout "HABv4 allows only 4 certificates" > > > - fi > > > + if [ "${#roles[@]}" -gt 4 ]; then > > > + ptxd_bailout "HABv4 allows only 4 certificates" > > > + fi > > > > > > - for i in "${roles[@]}"; do > > > - certs[${#certs[*]}]="$(cs_get_ca "${i}")" > > > - done > > > - esac > > > + for i in "${roles[@]}"; do > > > + certs[${#certs[*]}]="$(cs_get_ca "${i}")" > > > + done > > > + esac > > > > > > - echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > > + echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" > > > > > > - local orig_IFS="${IFS}" > > > - IFS="," > > > - certs="${certs[*]}" > > > - IFS="${orig_IFS}" > > > + local orig_IFS="${IFS}" > > > + IFS="," > > > + certs="${certs[*]}" > > > + IFS="${orig_IFS}" > > > > > > - ptxd_exec srktool --hab_ver 4 \ > > > - --table "${table_bin}" \ > > > - --efuses "${srk_fuse_bin}" \ > > > - --digest sha256 \ > > > - --certs "${certs}" > > > + ptxd_exec srktool --hab_ver 4 \ > > > + --table "${table_bin}" \ > > > + --efuses "${srk_fuse_bin}" \ > > > + --digest sha256 \ > > > + --certs "${certs}" > > > } > > > export -f ptxd_make_imx_habv4_gen_table_impl > > > > > > ptxd_make_imx_habv4_gen_table() { > > > - ptxd_make_world_init && > > > + ptxd_make_world_init && > > > > > > - ptxd_eval \ > > > + ptxd_eval \ > > > "${pkg_make_env}" \ > > > ptxd_make_imx_habv4_gen_table_impl "${@}" > > > } > > > -- > > > 2.30.2 > > > > > > > > > _______________________________________________ > > > ptxdist mailing list > > > ptxdist@pengutronix.de > > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > > > > > > > -- > > Pengutronix e.K. | | > > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > > > -- > Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | > Steuerwalder Str. 21 | https://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Thu, Jul 08, 2021 at 10:16:24PM +0200, Roland Hieber wrote: > On Mon, Jun 28, 2021 at 08:38:25AM +0200, Michael Olbrich wrote: > > On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote: > > > From: Marc Kleine-Budde <mkl@pengutronix.de> > > > > > > This patch changes cs_get_ca() to only output the CA if it actually > > > exists, or print an error and return 1 instead. This makes it possible > > > to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...)) > > > conditional. > > > > > > Co-authored-by: Roland Hieber <rhi@pengutronix.de> > > > Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > > --- > > > PATCH v2 (rhi): > > > - reorder from PATCH 3/n to PATCH 1/n > > > - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael > > > Olbrich) and also return 1 > > > > > > PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de > > > --- > > > scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++- > > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh > > > index 3e1654bb36e4..0026cdc4dec0 100644 > > > --- a/scripts/lib/ptxd_lib_code_signing.sh > > > +++ b/scripts/lib/ptxd_lib_code_signing.sh > > > @@ -243,7 +243,13 @@ cs_get_ca() { > > > local role="${1}" > > > cs_init_variables > > > > > > - echo "${keydir}/${role}/ca.pem" > > > + local ca="${keydir}/${role}/ca.pem" > > > + > > > + if [ ! -e "${ca}" ]; then > > > > This is not what I suggested. I think this breaks the use-case described in > > the patch description: > > An empty string should be returned when the key setup is done but nothing > > was added to the CA. I'm quite certain, that the file does not exist in > > this case. You need to check for '[ ! -d "${keydir}" ]'. > > Hmm yes, my bad, that's even what you suggested in > <https://lore.ptxdist.org/ptxdist/20210423063320.GE4162561@pengutronix.de/>… > will fix it in v2. > > BTW, I like to get feedback mail as Cc into my inbox so I can keep a > simple backlog of my still-to-be-done patches in addition to the > PTXdist list mails, which go to a separate folder. (You often keep me in > Cc, but somehow not always, but I think mutt should do this by default > with the list-reply key binding …) Not it doesn't. I mostly use 'list-reply'. This means relying to the list and to any addresses in 'Mail-Followup-To'. An you don't add a 'Mail-Followup-To' header. If I remember it, I add you to Cc manually. For this mail I've used 'group-reply'. As you can see, now the list in Cc and in my experience, this increases the change that the list get's dropped at some point. So I'd like to avoid doing that. Newer versions of mutt have a 'group-chat-reply'. That would put both you and the list in the 'To' field. But I'll need to wait until the servers where I do most of my mail, are upgraded to bullseye. But you should be able to add the Mail-Followup-To header. Mutt should detect the mailing-list and add the header. I'd expect neomutt to do the same. Maybe you have followup_to disabled? Michael > > > + echo "ERROR_CA_NOT_YET_SET" > > > + return 1 > > > + fi > > > + echo "${ca}" > > > } > > > export -f cs_get_ca > > > > > > -- > > > 2.30.2 > > > > > > > > > _______________________________________________ > > > ptxdist mailing list > > > ptxdist@pengutronix.de > > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > > > > > > > -- > > Pengutronix e.K. | | > > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > > > _______________________________________________ > > ptxdist mailing list > > ptxdist@pengutronix.de > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > > > > -- > Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | > Steuerwalder Str. 21 | https://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
Hei hei, Am Montag, 28. Juni 2021, 08:42:13 CEST schrieb Michael Olbrich: > On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote: > > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs > > and spaces. > > No. Everything is scripts is indented this way: Indention is 4 Spaces > tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way Maybe someone wants to craft an .editorconfig file to reflect that? ;-) https://editorconfig.org/ (Can also be project wide with a section for scripts with those special settings.) Greets Alex > > :-). > > Michael > > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > --- > > > > PATCH v2 (rhi): > > - new patch in v2 > > - not essential, but slowly start fixing indentation in scripts/lib > > - git show -w is empty > > > > --- > > > > scripts/lib/ptxd_lib_imx_hab.sh | 86 ++++++++++++++++----------------- > > 1 file changed, 43 insertions(+), 43 deletions(-) > > > > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh > > b/scripts/lib/ptxd_lib_imx_hab.sh index fa5b3e2c1439..7af2b1112855 100644 > > --- a/scripts/lib/ptxd_lib_imx_hab.sh > > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > > @@ -27,64 +27,64 @@ > > > > # This will contain the srk hash which must be written to the fuses > > # > > ptxd_make_imx_habv4_gen_table_impl() { > > > > - local group="${1}" > > - local template="${1}" > > - local srk_count="${2}" > > - local table_bin="${pkg_build_dir}/imx-srk-table.bin" > > - local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > > - local -a certs > > - local i > > + local group="${1}" > > + local template="${1}" > > + local srk_count="${2}" > > + local table_bin="${pkg_build_dir}/imx-srk-table.bin" > > + local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > > + local -a certs > > + local i > > > > - case "${template}" in > > - *%d*) # <template> [<srk_count>] > > - if [ -z "${srk_count}" ]; then > > - srk_count=4 > > - fi > > + case "${template}" in > > + *%d*) # <template> [<srk_count>] > > + if [ -z "${srk_count}" ]; then > > + srk_count=4 > > + fi > > > > - if [ "${srk_count}" -gt 4 ]; then > > - ptxd_bailout "HABv4 allows only 4 certificates" > > - fi > > + if [ "${srk_count}" -gt 4 ]; then > > + ptxd_bailout "HABv4 allows only 4 certificates" > > + fi > > > > - for i in $(seq ${srk_count}); do > > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > > - done > > - ;; > > + for i in $(seq ${srk_count}); do > > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" $ {i})")" > > + done > > + ;; > > > > - *) # <role group> > > - local -a roles=( $(cs_group_get_roles "${group}") ) > > + *) # <role group> > > + local -a roles=( $(cs_group_get_roles "${group}") ) > > > > - if [ "${#roles[@]}" -eq 0 ]; then > > - ptxd_bailout "Failed to get roles for group '${group}'" > > - fi > > + if [ "${#roles[@]}" -eq 0 ]; then > > + ptxd_bailout "Failed to get roles for group '${group}'" > > + fi > > > > - if [ "${#roles[@]}" -gt 4 ]; then > > - ptxd_bailout "HABv4 allows only 4 certificates" > > - fi > > + if [ "${#roles[@]}" -gt 4 ]; then > > + ptxd_bailout "HABv4 allows only 4 certificates" > > + fi > > > > - for i in "${roles[@]}"; do > > - certs[${#certs[*]}]="$(cs_get_ca "${i}")" > > - done > > - esac > > + for i in "${roles[@]}"; do > > + certs[${#certs[*]}]="$(cs_get_ca "${i}")" > > + done > > + esac > > > > - echo -e "generating $(basename ${table_bin}) and $(basename > > ${srk_fuse_bin})\n" + echo -e "generating $(basename ${table_bin}) and > > $(basename ${srk_fuse_bin})\n" > > > > - local orig_IFS="${IFS}" > > - IFS="," > > - certs="${certs[*]}" > > - IFS="${orig_IFS}" > > + local orig_IFS="${IFS}" > > + IFS="," > > + certs="${certs[*]}" > > + IFS="${orig_IFS}" > > > > - ptxd_exec srktool --hab_ver 4 \ > > - --table "${table_bin}" \ > > - --efuses "${srk_fuse_bin}" \ > > - --digest sha256 \ > > - --certs "${certs}" > > + ptxd_exec srktool --hab_ver 4 \ > > + --table "${table_bin}" \ > > + --efuses "${srk_fuse_bin}" \ > > + --digest sha256 \ > > + --certs "${certs}" > > > > } > > export -f ptxd_make_imx_habv4_gen_table_impl > > > > ptxd_make_imx_habv4_gen_table() { > > > > - ptxd_make_world_init && > > + ptxd_make_world_init && > > > > - ptxd_eval \ > > + ptxd_eval \ > > > > "${pkg_make_env}" \ > > ptxd_make_imx_habv4_gen_table_impl "${@}" > > > > } _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Fri, Jul 09, 2021 at 12:12:19PM +0200, Alexander Dahl wrote: > Hei hei, > > Am Montag, 28. Juni 2021, 08:42:13 CEST schrieb Michael Olbrich: > > On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote: > > > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs > > > and spaces. > > > > No. Everything is scripts is indented this way: Indention is 4 Spaces > > tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way > > Maybe someone wants to craft an .editorconfig file to reflect that? ;-) > > https://editorconfig.org/ > > (Can also be project wide with a section for scripts with those special > settings.) Maybe I should just commit the file that I already use for this :-)... Michael -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Fri, Jul 09, 2021 at 09:42:09AM +0200, Michael Olbrich wrote: > On Thu, Jul 08, 2021 at 10:16:24PM +0200, Roland Hieber wrote: > > BTW, I like to get feedback mail as Cc into my inbox so I can keep a > > simple backlog of my still-to-be-done patches in addition to the > > PTXdist list mails, which go to a separate folder. (You often keep me in > > Cc, but somehow not always, but I think mutt should do this by default > > with the list-reply key binding …) > > Not it doesn't. I mostly use 'list-reply'. This means relying to the list > and to any addresses in 'Mail-Followup-To'. An you don't add a > 'Mail-Followup-To' header. > > If I remember it, I add you to Cc manually. For this mail I've used > 'group-reply'. As you can see, now the list in Cc and in my experience, > this increases the change that the list get's dropped at some point. > So I'd like to avoid doing that. Yes, I think having myself in To and list in Cc is semantically correct. I always use 'group-reply' on lists and it never caused any problems, so I don't understand how you think the Cc address gets lost…? > Newer versions of mutt have a 'group-chat-reply'. That would put both you > and the list in the 'To' field. But I'll need to wait until the servers > where I do most of my mail, are upgraded to bullseye. > > But you should be able to add the Mail-Followup-To header. Mutt should > detect the mailing-list and add the header. I'd expect neomutt to do the > same. Maybe you have followup_to disabled? Strange, I have followup_to set, but it doesn't generate the header. But I'm sending the mails via git-send-email anyways, which of course doesn't respect the mutt settings. So I guess I'll add it in the format.headers setting in my ptxdist/.git/config. - Roland -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
On Fri, Jul 09, 2021 at 01:26:32PM +0200, Roland Hieber wrote: > On Fri, Jul 09, 2021 at 09:42:09AM +0200, Michael Olbrich wrote: > > On Thu, Jul 08, 2021 at 10:16:24PM +0200, Roland Hieber wrote: > > > BTW, I like to get feedback mail as Cc into my inbox so I can keep a > > > simple backlog of my still-to-be-done patches in addition to the > > > PTXdist list mails, which go to a separate folder. (You often keep me in > > > Cc, but somehow not always, but I think mutt should do this by default > > > with the list-reply key binding …) > > > > Not it doesn't. I mostly use 'list-reply'. This means relying to the list > > and to any addresses in 'Mail-Followup-To'. An you don't add a > > 'Mail-Followup-To' header. > > > > If I remember it, I add you to Cc manually. For this mail I've used > > 'group-reply'. As you can see, now the list in Cc and in my experience, > > this increases the change that the list get's dropped at some point. > > So I'd like to avoid doing that. > > Yes, I think having myself in To and list in Cc is semantically correct. > I always use 'group-reply' on lists and it never caused any problems, > so I don't understand how you think the Cc address gets lost…? I've had the problem in the past, that everything in Cc got lost. But I have to admit, that it's been a while and I think it didn't happen on community mailing-lists... > > Newer versions of mutt have a 'group-chat-reply'. That would put both you > > and the list in the 'To' field. But I'll need to wait until the servers > > where I do most of my mail, are upgraded to bullseye. > > > > But you should be able to add the Mail-Followup-To header. Mutt should > > detect the mailing-list and add the header. I'd expect neomutt to do the > > same. Maybe you have followup_to disabled? > > Strange, I have followup_to set, but it doesn't generate the header. > But I'm sending the mails via git-send-email anyways, which of course > doesn't respect the mutt settings. So I guess I'll add it in the > format.headers setting in my ptxdist/.git/config. Good point about git. Let me try the group-reply for now. We'll see how this goes. I just need to unmap the list-reply binding in the ptxdist folder so I don't actually forget about this... :-). Michael -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
[-- Attachment #1.1: Type: text/plain, Size: 695 bytes --] On 28.06.2021 08:42:13, Michael Olbrich wrote: > On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote: > > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs > > and spaces. > > No. Everything is scripts is indented this way: Indention is 4 Spaces > tabwidth is 8 and tabs are not expanded. Blame Marc he started it this way > :-). It's emacs default settings for scripts :) Marc -- Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung West/Dortmund | Phone: +49-231-2826-924 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] [-- Attachment #2: Type: text/plain, Size: 181 bytes --] _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de