From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Sat, 17 May 2025 00:03:17 +0200
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1uG39B-006JOP-0R
	for lore@lore.pengutronix.de;
	Sat, 17 May 2025 00:03:17 +0200
Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1uG39A-0003jO-Es; Sat, 17 May 2025 00:03:16 +0200
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.whiteo.stw.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1uG38n-0002co-Ch; Sat, 17 May 2025 00:02:53 +0200
Received: from dude05.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::54])
 by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96)
 (envelope-from <mol@pengutronix.de>) id 1uG38m-0036WU-2R;
 Sat, 17 May 2025 00:02:53 +0200
Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.96)
 (envelope-from <mol@pengutronix.de>) id 1uG38n-000veS-0U;
 Sat, 17 May 2025 00:02:53 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Sat, 17 May 2025 00:02:53 +0200
Message-Id: <20250516220253.221605-1-m.olbrich@pengutronix.de>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250513140641.4075870-2-ada@thorsis.com>
References: <20250513140641.4075870-2-ada@thorsis.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: Re: [ptxdist] [APPLIED] u-boot-tools: Version bump 2020.07 ->
 2025.04
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Alexander Dahl <ada@thorsis.com>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

Thanks, applied as 0ed30d1e9f2d7270830cd207a1e05c09273997d6.

Michael

[sent from post-receive hook]

On Sat, 17 May 2025 00:02:53 +0200, Alexander Dahl <ada@thorsis.com> wrote:
> Apart from bugfixes this is mostly interesting for mkimage ability to
> image signing.  Option -o for specifying the signing algorithm was added
> with v2022.04.  Signing 'auto' FITs was added with v2022.10, support for
> signed configurations in 'auto' FIT was added in v2023.04, proper pkcs11
> uri support was added with v2024.01 and fixed with v2024.04, and finally
> ability to auto sign scripts in fit images came with v2024.10.
> 
> Note, without the fix to ptxd_make_fit_image we would get a lot of
> warnings like this:
> 
>     WARNING: Legacy URI specified. Please add 'pkcs11:'.
>     WARNING: Legacy URI specified. Please add 'pkcs11:'.
>     WARNING: Legacy URI specified. Please add 'pkcs11:'.
> 
> Noteworthy changes:
> 
> - v2021.10-rc1-59-g62b27a561c2 ("mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine")
> - v2021.10-730-g6b7b9ff14da ("configs: add mkeficapsule to tools-only_defconfig")
> - v2022.01-705-g5902a397d02 ("mkimage: Allow to specify the signature algorithm on the command line")
> - v2022.01-818-g2d2384bbaff ("tools: mkimage: Show where signatures/keys are written")
> - v2022.04-rc1-326-g9af16cc8f1a ("tools: build mkeficapsule with tools-only_defconfig")
> - v2022.04-rc3-43-g5017f9b595d ("mkimage: error handling for FIT image")
> - v2022.07-rc1-294-gdeb2638aa09 ("mkimage: Document misc options")
> - v2022.07-rc4-74-g87b0af9317c ("mkimage: Support signing 'auto' FITs")
> - v2023.01-892-gb93a65209c4 ("mkimage: fit: Support signed configurations in 'auto' FITs")
> - v2024.01-rc5-560-gece85cc0202 ("rsa: use pkcs11 uri as defined in rfc7512")
> - v2024.01-806-g03e598263e3 ("tools: fix build without LIBCRYPTO support")
> - v2024.01-958-g11ad2bbfa2d ("lib: rsa: Fix PKCS11 URI if one is not given in `keydir`)
> - v2024.01-959-gf055d6e8f0d ("lib: rsa: Allow legacy URI specification without "pkcs11:"")
> - v2024.07-677-g6074f6e8578 ("mkimage: Allow 'auto-conf' signing of scripts")
> 
> (zlib license text had one duplicate empty line remove with 2024.10.)
> 
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20250513140641.4075870-2-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/host-u-boot-tools.in b/rules/host-u-boot-tools.in
> index 55fc9f56e987..0cf37ed6614a 100644
> --- a/rules/host-u-boot-tools.in
> +++ b/rules/host-u-boot-tools.in
> @@ -2,5 +2,6 @@
>  
>  config HOST_U_BOOT_TOOLS
>  	tristate
> +	select HOST_GNUTLS
>  	select HOST_OPENSSL
>  	default y if ALLYES
> diff --git a/rules/u-boot-tools.make b/rules/u-boot-tools.make
> index 597ea5e30075..f71219d884b7 100644
> --- a/rules/u-boot-tools.make
> +++ b/rules/u-boot-tools.make
> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_U_BOOT_TOOLS) += u-boot-tools
>  #
>  # Paths and names
>  #
> -U_BOOT_TOOLS_VERSION	:= 2020.07
> -U_BOOT_TOOLS_MD5	:= 86e51eeccd15e658ad1df943a0edf622
> +U_BOOT_TOOLS_VERSION	:= 2025.04
> +U_BOOT_TOOLS_MD5	:= da2cd684d4aa6195015fecd3efb1d0f0
>  U_BOOT_TOOLS		:= u-boot-$(U_BOOT_TOOLS_VERSION)
>  U_BOOT_TOOLS_SUFFIX	:= tar.bz2
>  U_BOOT_TOOLS_URL	:= https://ftp.denx.de/pub/u-boot/$(U_BOOT_TOOLS).$(U_BOOT_TOOLS_SUFFIX)
> @@ -25,7 +25,7 @@ U_BOOT_TOOLS_PKGDIR	:= $(PKGDIR)/u-boot-tools-$(U_BOOT_TOOLS_VERSION)
>  U_BOOT_TOOLS_LICENSE	:= GPL-2.0-or-later AND Zlib
>  U_BOOT_TOOLS_LICENSE_FILES := \
>  	file://Licenses/gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> -	file://include/u-boot/zlib.h;startline=15;endline=43;md5=7c27ae0384929249664da410d539a1dc
> +	file://include/u-boot/zlib.h;startline=15;endline=42;md5=0ce30a522a630f7e637ea6d74422b320
>  
>  # ----------------------------------------------------------------------------
>  # Prepare
> diff --git a/scripts/lib/ptxd_make_fit_image.sh b/scripts/lib/ptxd_make_fit_image.sh
> index 4b99e6fbfec3..ad9e5bdd380a 100644
> --- a/scripts/lib/ptxd_make_fit_image.sh
> +++ b/scripts/lib/ptxd_make_fit_image.sh
> @@ -126,13 +126,6 @@ ptxd_make_image_fit() {
>  
>      if [ -n "${image_sign_role}" ]; then
>  	pkcs11_uri=$(cs_get_uri "${image_sign_role}")
> -
> -	#
> -	# It would have been too simple for mkimage to just take a
> -	# PKCS#11 URI. We must drop the "pkcs11:" prefix which U-Boot
> -	# then adds again.
> -	#
> -	pkcs11_uri=$(echo "${pkcs11_uri}" | sed "s/pkcs11://")
>  	sign_args=( -k "${pkcs11_uri}" )
>      fi
>