Re: [ptxdist] [PATCH v2 3/4] ptxd_lib_code_signing: let providers clean up their installed files

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Bastian Krause <bst@pengutronix.de>
Cc: ptxdist@pengutronix.de, Roland Hieber <rhi@pengutronix.de>
Subject: Re: [ptxdist] [PATCH v2 3/4] ptxd_lib_code_signing: let providers clean up their installed files
Date: Fri, 3 Sep 2021 15:53:27 +0200	[thread overview]
Message-ID: <20210903135327.GE4027748@pengutronix.de> (raw)
In-Reply-To: <edc1d04b-4cdd-3e45-870f-dd1193e70cf2@pengutronix.de>

On Tue, Aug 24, 2021 at 04:54:57PM +0200, Bastian Krause wrote:
> On 8/10/21 11:59 AM, Roland Hieber wrote:
> > Currently, sysroot-host/var/lib/keys/${keyprovider} is left over even
> > when the provider package is cleaned, which could lead to
> > inconsistencies and leaked key material in the SoftHSM use case.
> > Introduce cs_clean and cs_clean_softhsm shell functions to clean up
> > those files. Call the cleanup functions in the clean stage of the
> > providers.
> > 
> > Reported-by: Bastian Krause <bst@pengutronix.de>
> > Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> > ---
> > PATCH v2:
> >  - spell Bastian's last name correctly (sorry!) (feedback from Bastian
> >    Krause)
> >  - split off and extend cs_init stuff into next patch
> > 
> > PATCH v1: https://lore.ptxdist.org/ptxdist/20210809144030.22764-3-rhi@pengutronix.de
> > ---
> >  doc/ref_code_signing_helpers.rst              | 29 ++++++++++++++++
> >  rules/host-ptx-code-signing-dev.make          |  6 ++++
> >  .../template-code-signing-provider-make       |  6 ++++
> >  scripts/lib/ptxd_lib_code_signing.sh          | 34 ++++++++++++++++---
> >  4 files changed, 71 insertions(+), 4 deletions(-)
> > 
> > diff --git a/doc/ref_code_signing_helpers.rst b/doc/ref_code_signing_helpers.rst
> > index fd16ca763557..e1ea5d981a89 100644
> > --- a/doc/ref_code_signing_helpers.rst
> > +++ b/doc/ref_code_signing_helpers.rst
> > @@ -29,6 +29,20 @@ Usage:
> >  
> >  Initialize SoftHSM, and set the initial pins.
> >  
> > +.. _cs_clean_softhsm:
> > +
> > +cs_clean_softhsm
> > +^^^^^^^^^^^^^^^^
> > +
> > +Usage:
> > +
> > +.. code-block:: bash
> > +
> > +    cs_clean_softhsm
> > +
> > +Clean up everything that was installed into the host sysroot.
> > +This function should be called by the provider during the ``clean`` stage.
> > +
> >  .. _cs_import_cert_from_der:
> >  
> >  cs_import_cert_from_der
> > @@ -125,6 +139,21 @@ These helpers allow to define roles, set PKCS#11 URIs and handle certificate
> >  authorities (CAs).
> >  HSM as well as SoftHSM code signing providers should use them.
> >  
> > +.. _cs_clean:
> > +
> > +cs_clean
> > +^^^^^^^^
> > +
> > +Usage:
> > +
> > +.. code-block:: bash
> > +
> > +    cs_clean
> > +
> > +Clean up everything that was installed into the host sysroot.
> > +This function should be called by the provider during the ``clean`` stage,
> > +For the SoftHSM workflow, call :ref:`cs_clean_softhsm` instead.
> > +
> >  .. _cs_define_role:
> >  
> >  cs_define_role
> > diff --git a/rules/host-ptx-code-signing-dev.make b/rules/host-ptx-code-signing-dev.make
> > index b242d65fc1be..d09049eaa71b 100644
> > --- a/rules/host-ptx-code-signing-dev.make
> > +++ b/rules/host-ptx-code-signing-dev.make
> > @@ -44,4 +44,10 @@ $(STATEDIR)/host-ptx-code-signing-dev.install:
> >  	@$(call targetinfo)
> >  	@$(call touch)
> >  
> > +$(STATEDIR)/host-ptx-code-signing-dev.clean:
> > +	@$(call targetinfo)
> > +	@$(call clean_pkg, HOST_PTX_CODE_SIGNING_DEV)
> > +	@$(HOST_PTX_CODE_SIGNING_DEV_MAKE_ENV) \
> > +		cs_clean_softhsm
> > +
> >  # vim: syntax=make
> > diff --git a/rules/templates/template-code-signing-provider-make b/rules/templates/template-code-signing-provider-make
> > index 4cf9cac358cf..a4bd4a1e74c5 100644
> > --- a/rules/templates/template-code-signing-provider-make
> > +++ b/rules/templates/template-code-signing-provider-make
> > @@ -39,4 +39,10 @@ $(STATEDIR)/host-@package@-code-signing.install:
> >  	@$(call targetinfo)
> >  	@$(call touch)
> >  
> > +$(STATEDIR)/host-@package@-code-signing.clean:
> > +	@$(call targetinfo)
> > +	@$(call clean_pkg, HOST_@PACKAGE@_CODE_SIGNING)
> > +	@$(HOST_@PACKAGE@_CODE_SIGNING_MAKE_ENV) \
> > +		cs_clean # FIXME: alternatively, call cs_clean_softhsm
> 
> We can distinguish the HSM from the SoftHSM case, see
> scripts/lib/ptxd_lib_template.sh . We should be able to set the correct
> function here.
> 
> > +
> >  # vim: syntax=make
> > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
> > index f012f8e194c7..b0d54f47f832 100644
> > --- a/scripts/lib/ptxd_lib_code_signing.sh
> > +++ b/scripts/lib/ptxd_lib_code_signing.sh
> > @@ -86,6 +86,8 @@ cs_init_variables() {
> >      sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)"
> >      keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)"
> >      keydir="${sysroot}/var/lib/keys/${keyprovider}"
> > +
> > +    shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"

This path is unique to each provider...

> >  }
> >  export -f cs_init_variables
> >  
> > @@ -97,10 +99,7 @@ export -f cs_init_variables
> >  cs_init_softhsm() {
> >      cs_check_env_softhsm
> >      cs_init_variables
> > -    local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"
> > -
> > -    rm -rf "${shsm_keys}" &&
> > -    rm -rf "${keydir}" &&
> > +    cs_clean_softhsm &&
> >  
> >      sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \
> >  	${SOFTHSM2_CONF} &&
> > @@ -112,6 +111,33 @@ cs_init_softhsm() {
> >  }
> >  export -f cs_init_softhsm
> >  
> > +#
> > +# cs_clean
> > +#
> > +# Clean up all files that were installed to the sysroot (generic variant)
> > +#
> > +cs_clean() {
> > +    cs_check_env &&
> > +    cs_init_variables &&
> > +    echo "Cleaning up ${keydir}" &&
> > +    rm -rf "${keydir}"

... so we can just check here if ${shsm_keys} exists and remove it.

No need for a separate function.

Or maybe we can create all this stuff in pkgdir and let install.post copy
it to sysroot. Then the regular package cleanup handling will remove it.
But I'm not sure how to handle the softshm storage in this case.

Michael

> > +}
> > +export -f cs_clean
> > +
> > +#
> > +# cs_clean
> 
> Shouldn't this be "cs_clean_softhsm"?
> 
> Regards,
> Bastian
> 
> > +#
> > +# Clean up all files that were installed to the sysroot (SoftHSM variant).
> > +#
> > +cs_clean_softhsm() {
> > +    cs_check_env_softhsm &&
> > +    cs_init_variables &&
> > +    cs_clean &&
> > +    echo "Cleaning up ${shsm_keys}" &&
> > +    rm -rf "${shsm_keys}"
> > +}
> > +export -f cs_clean_softhsm
> > +
> >  #
> >  # cs_define_role <role>
> >  #
> > 
> 
> 
> -- 
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

next prev parent reply	other threads:[~2021-09-03 13:53 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-10  9:59 [ptxdist] [PATCH v2 1/4] ptxd_lib_code_signing: take PKCS#11 PIN from the environment Roland Hieber
2021-08-10  9:59 ` [ptxdist] [PATCH v2 2/4] ptxd_lib_code_signing: refactor cs_check_env for SoftHSM workflow Roland Hieber
2021-08-10  9:59 ` [ptxdist] [PATCH v2 3/4] ptxd_lib_code_signing: let providers clean up their installed files Roland Hieber
2021-08-24 14:54   ` Bastian Krause
2021-09-03 13:53     ` Michael Olbrich [this message]
2021-08-10 10:00 ` [ptxdist] [PATCH v2 4/4] ptxd_lib_code_signing: enforce cleaning up on init Roland Hieber
2021-08-24 14:54   ` Bastian Krause
2021-09-03 14:01   ` Michael Olbrich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210903135327.GE4027748@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=bst@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    --cc=rhi@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox