From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 23 Apr 2026 11:26:06 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wFqJy-00FRJI-1V for lore@lore.pengutronix.de; Thu, 23 Apr 2026 11:26:06 +0200 Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1wFqJy-0003R8-AH; Thu, 23 Apr 2026 11:26:06 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1wFqJh-0003CG-IX; Thu, 23 Apr 2026 11:25:49 +0200 Received: from dude02.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::28]) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wFqJh-006o3S-13; Thu, 23 Apr 2026 11:25:49 +0200 Received: from [::1] (helo=dude02.red.stw.pengutronix.de) by dude02.red.stw.pengutronix.de with esmtp (Exim 4.98.2) (envelope-from ) id 1wFqJh-00000007LmO-0yQ2; Thu, 23 Apr 2026 11:25:49 +0200 From: Sascha Hauer Date: Thu, 23 Apr 2026 11:25:45 +0200 Message-Id: <20260423-code-signing-provider-v2-0-be62a422e84a@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAJnl6WkC/4WNQQ6CMBBFr0Jm7Rg6ViKuvIdhQdqxzKYlU2wwh LtbuYDL95L//gaZVTjDvdlAuUiWFCvQqQE3jTEwiq8M1FLXWiJ0yTNmCVFiwFlTEc+Kl96SsR3 RaB3U7az8kvXoPofKk+Ql6ee4KeZn/xWLwRYd97fOGOuu1j9mjuG9aIqynj3DsO/7FyL0KGe/A AAA X-Change-ID: 20260422-code-signing-provider-394214622a4c To: ptxdist@pengutronix.de X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1776936349; l=1490; i=s.hauer@pengutronix.de; s=20230412; h=from:subject:message-id; bh=kMlyhRyjE8YQE/rWZYVZst+R2QuB1ZRBICcGBDIvGR4=; b=e8+phPGK+w5d3PzXPdUdof2J65wBYKDPoAhUlWa3adiDiWsxfDi3Uqk5yOkM65lk1iXAeLMMs Gw5FJp9KEl8BeFP5gmHVNbPNVz+xQ/f64I1SGUrzKcrvi7SX8cRP0xu X-Developer-Key: i=s.hauer@pengutronix.de; a=ed25519; pk=4kuc9ocmECiBJKWxYgqyhtZOHj5AWi7+d0n/UjhkwTg= Subject: [ptxdist] [PATCH v2 0/3] code-signing: add provider support X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false openssl engines have been deprecated for a long time. Add provider support to the ptxdist code signing infrastructure. Signed-off-by: Sascha Hauer --- Changes in v2: - Add patch for pkcs11-provider to install pkcs11.so in correct directory - remove debug prepare stage in rules/host-pkcs11-provider.in - Link to v1: https://lore.kernel.org/r/20260422-code-signing-provider-v1-0-ce986114c54d@pengutronix.de --- Sascha Hauer (3): host-libp11: use correct path for ossl-modules Add host-pkcs11-provider code-signing: enable provider support ...x-provider-installation-path-with-DESTDIR.patch | 36 ++++++++++++++++++++++ patches/pkcs11-provider-0.6/series | 1 + platforms/code-signing.in | 1 + rules/host-libp11.make | 1 + rules/host-pkcs11-provider.in | 10 ++++++ rules/host-pkcs11-provider.make | 28 +++++++++++++++++ rules/host-softhsm.in | 1 + rules/host-softhsm.make | 27 ++++++++++++++++ rules/pre/010-code-signing.make | 2 +- rules/pre/020-code-signing-softhsm.make | 3 +- 10 files changed, 108 insertions(+), 2 deletions(-) --- base-commit: 9e28c99dd6a5b30c578b75deb71bd82d41fda429 change-id: 20260422-code-signing-provider-394214622a4c Best regards, -- Sascha Hauer