From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Tue, 10 Aug 2021 12:00:22 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1mDOYY-0002yP-Nn
	for lore@lore.pengutronix.de; Tue, 10 Aug 2021 12:00:22 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1mDOYY-0000fh-9r; Tue, 10 Aug 2021 12:00:22 +0200
Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1mDOYK-0000PR-9o; Tue, 10 Aug 2021 12:00:08 +0200
Received: from rhi by dude.hi.pengutronix.de with local (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1mDOYK-0006w0-1e; Tue, 10 Aug 2021 12:00:08 +0200
From: Roland Hieber <rhi@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Tue, 10 Aug 2021 11:59:59 +0200
Message-Id: <20210810100000.26602-3-rhi@pengutronix.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210810100000.26602-1-rhi@pengutronix.de>
References: <20210810100000.26602-1-rhi@pengutronix.de>
MIME-Version: 1.0
Mail-Followup-To: Roland Hieber <rhi@pengutronix.de>, ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH v2 3/4] ptxd_lib_code_signing: let providers clean
 up their installed files
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Roland Hieber <rhi@pengutronix.de>, Bastian Krause <bst@pengutronix.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Currently, sysroot-host/var/lib/keys/${keyprovider} is left over even
when the provider package is cleaned, which could lead to
inconsistencies and leaked key material in the SoftHSM use case.
Introduce cs_clean and cs_clean_softhsm shell functions to clean up
those files. Call the cleanup functions in the clean stage of the
providers.

Reported-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v2:
 - spell Bastian's last name correctly (sorry!) (feedback from Bastian
   Krause)
 - split off and extend cs_init stuff into next patch

PATCH v1: https://lore.ptxdist.org/ptxdist/20210809144030.22764-3-rhi@pengutronix.de
---
 doc/ref_code_signing_helpers.rst              | 29 ++++++++++++++++
 rules/host-ptx-code-signing-dev.make          |  6 ++++
 .../template-code-signing-provider-make       |  6 ++++
 scripts/lib/ptxd_lib_code_signing.sh          | 34 ++++++++++++++++---
 4 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/doc/ref_code_signing_helpers.rst b/doc/ref_code_signing_helpers.rst
index fd16ca763557..e1ea5d981a89 100644
--- a/doc/ref_code_signing_helpers.rst
+++ b/doc/ref_code_signing_helpers.rst
@@ -29,6 +29,20 @@ Usage:
 
 Initialize SoftHSM, and set the initial pins.
 
+.. _cs_clean_softhsm:
+
+cs_clean_softhsm
+^^^^^^^^^^^^^^^^
+
+Usage:
+
+.. code-block:: bash
+
+    cs_clean_softhsm
+
+Clean up everything that was installed into the host sysroot.
+This function should be called by the provider during the ``clean`` stage.
+
 .. _cs_import_cert_from_der:
 
 cs_import_cert_from_der
@@ -125,6 +139,21 @@ These helpers allow to define roles, set PKCS#11 URIs and handle certificate
 authorities (CAs).
 HSM as well as SoftHSM code signing providers should use them.
 
+.. _cs_clean:
+
+cs_clean
+^^^^^^^^
+
+Usage:
+
+.. code-block:: bash
+
+    cs_clean
+
+Clean up everything that was installed into the host sysroot.
+This function should be called by the provider during the ``clean`` stage,
+For the SoftHSM workflow, call :ref:`cs_clean_softhsm` instead.
+
 .. _cs_define_role:
 
 cs_define_role
diff --git a/rules/host-ptx-code-signing-dev.make b/rules/host-ptx-code-signing-dev.make
index b242d65fc1be..d09049eaa71b 100644
--- a/rules/host-ptx-code-signing-dev.make
+++ b/rules/host-ptx-code-signing-dev.make
@@ -44,4 +44,10 @@ $(STATEDIR)/host-ptx-code-signing-dev.install:
 	@$(call targetinfo)
 	@$(call touch)
 
+$(STATEDIR)/host-ptx-code-signing-dev.clean:
+	@$(call targetinfo)
+	@$(call clean_pkg, HOST_PTX_CODE_SIGNING_DEV)
+	@$(HOST_PTX_CODE_SIGNING_DEV_MAKE_ENV) \
+		cs_clean_softhsm
+
 # vim: syntax=make
diff --git a/rules/templates/template-code-signing-provider-make b/rules/templates/template-code-signing-provider-make
index 4cf9cac358cf..a4bd4a1e74c5 100644
--- a/rules/templates/template-code-signing-provider-make
+++ b/rules/templates/template-code-signing-provider-make
@@ -39,4 +39,10 @@ $(STATEDIR)/host-@package@-code-signing.install:
 	@$(call targetinfo)
 	@$(call touch)
 
+$(STATEDIR)/host-@package@-code-signing.clean:
+	@$(call targetinfo)
+	@$(call clean_pkg, HOST_@PACKAGE@_CODE_SIGNING)
+	@$(HOST_@PACKAGE@_CODE_SIGNING_MAKE_ENV) \
+		cs_clean # FIXME: alternatively, call cs_clean_softhsm
+
 # vim: syntax=make
diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
index f012f8e194c7..b0d54f47f832 100644
--- a/scripts/lib/ptxd_lib_code_signing.sh
+++ b/scripts/lib/ptxd_lib_code_signing.sh
@@ -86,6 +86,8 @@ cs_init_variables() {
     sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)"
     keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)"
     keydir="${sysroot}/var/lib/keys/${keyprovider}"
+
+    shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"
 }
 export -f cs_init_variables
 
@@ -97,10 +99,7 @@ export -f cs_init_variables
 cs_init_softhsm() {
     cs_check_env_softhsm
     cs_init_variables
-    local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"
-
-    rm -rf "${shsm_keys}" &&
-    rm -rf "${keydir}" &&
+    cs_clean_softhsm &&
 
     sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \
 	${SOFTHSM2_CONF} &&
@@ -112,6 +111,33 @@ cs_init_softhsm() {
 }
 export -f cs_init_softhsm
 
+#
+# cs_clean
+#
+# Clean up all files that were installed to the sysroot (generic variant)
+#
+cs_clean() {
+    cs_check_env &&
+    cs_init_variables &&
+    echo "Cleaning up ${keydir}" &&
+    rm -rf "${keydir}"
+}
+export -f cs_clean
+
+#
+# cs_clean
+#
+# Clean up all files that were installed to the sysroot (SoftHSM variant).
+#
+cs_clean_softhsm() {
+    cs_check_env_softhsm &&
+    cs_init_variables &&
+    cs_clean &&
+    echo "Cleaning up ${shsm_keys}" &&
+    rm -rf "${shsm_keys}"
+}
+export -f cs_clean_softhsm
+
 #
 # cs_define_role <role>
 #
-- 
2.30.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de