From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 08 Jan 2025 11:27:58 +0100
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1tVTI5-000hRK-2t
	for lore@lore.pengutronix.de;
	Wed, 08 Jan 2025 11:27:58 +0100
Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1tVTI6-0004fo-6T; Wed, 08 Jan 2025 11:27:58 +0100
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.whiteo.stw.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <rcz@pengutronix.de>)
 id 1tVTHz-0004ew-VY; Wed, 08 Jan 2025 11:27:51 +0100
Received: from dude06.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::5c])
 by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96)
 (envelope-from <rcz@pengutronix.de>) id 1tVTHz-007V4R-04;
 Wed, 08 Jan 2025 11:27:51 +0100
Received: from rcz by dude06.red.stw.pengutronix.de with local (Exim 4.96)
 (envelope-from <rcz@pengutronix.de>) id 1tVTHz-00Gzxn-2O;
 Wed, 08 Jan 2025 11:27:51 +0100
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Wed,  8 Jan 2025 11:27:50 +0100
Message-Id: <20250108102750.4051249-1-r.czerwinski@pengutronix.de>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [ptxdist] [PATCH] pkcs11-provider: new package
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

Add pkcs11-provider as a new package to support PKCS11 in openssl.
Providers are the new interface for openssl to support this and replace
the old engine interface.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
 rules/pkcs11-provider.in   | 11 +++++++
 rules/pkcs11-provider.make | 59 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 rules/pkcs11-provider.in
 create mode 100644 rules/pkcs11-provider.make

diff --git a/rules/pkcs11-provider.in b/rules/pkcs11-provider.in
new file mode 100644
index 000000000..5f4d920ac
--- /dev/null
+++ b/rules/pkcs11-provider.in
@@ -0,0 +1,11 @@
+## SECTION=security
+
+config PKCS11_PROVIDER
+	tristate
+	select OPENSSL
+	select HOST_MESON
+	default y if ALLYES
+	prompt "PKCS11 Provider               "
+	help
+	  A pkcs#11 provider for OpenSSL 3.0+. This will require adjustments
+	  to the openssl configuration file.
diff --git a/rules/pkcs11-provider.make b/rules/pkcs11-provider.make
new file mode 100644
index 000000000..61a1d2940
--- /dev/null
+++ b/rules/pkcs11-provider.make
@@ -0,0 +1,59 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2024 by Rouven Czerwinski <r.czerwinski@pengutronix.de>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_PKCS11_PROVIDER) += pkcs11-provider
+
+#
+# Paths and names
+#
+PKCS11_PROVIDER_VERSION	:= 0.6
+PKCS11_PROVIDER_MD5	:= 7e5dc3c81d12c4670615dbd9a7342248
+PKCS11_PROVIDER		:= pkcs11-provider-$(PKCS11_PROVIDER_VERSION)
+PKCS11_PROVIDER_SUFFIX	:= tar.xz
+PKCS11_PROVIDER_URL	:= https://github.com/latchset/pkcs11-provider/releases/download/v$(PKCS11_PROVIDER_VERSION)/$(PKCS11_PROVIDER).$(PKCS11_PROVIDER_SUFFIX)
+PKCS11_PROVIDER_SOURCE	:= $(SRCDIR)/$(PKCS11_PROVIDER).$(PKCS11_PROVIDER_SUFFIX)
+PKCS11_PROVIDER_DIR	:= $(BUILDDIR)/$(PKCS11_PROVIDER)
+PKCS11_PROVIDER_LICENSE	:= Apache-2.0
+PKCS11_PROVIDER_LICENSE_FILES	:= file://LICENSES/Apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+PKCS11_PROVIDER_CONF_ENV := \
+	PTXDIST_PKG_CONFIG_VAR_NO_SYSROOT=modulesdir
+
+#
+# meson
+#
+PKCS11_PROVIDER_CONF_TOOL	:= meson
+PKCS11_PROVIDER_CONF_OPT	:= \
+	$(CROSS_MESON_USR) \
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/pkcs11-provider.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, pkcs11-provider)
+	@$(call install_fixup, pkcs11-provider,PRIORITY,optional)
+	@$(call install_fixup, pkcs11-provider,SECTION,base)
+	@$(call install_fixup, pkcs11-provider,AUTHOR,"Rouven Czerwinski <r.czerwinski@pengutronix.de>")
+	@$(call install_fixup, pkcs11-provider,DESCRIPTION,missing)
+
+	@$(call install_copy, pkcs11-provider, 0, 0, 0755, -, /usr/lib/ossl-modules/pkcs11.so)
+
+	@$(call install_finish, pkcs11-provider)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
2.39.5