[ptxdist] [PATCH v2 2/3] Add host-pkcs11-provider

[Sascha Hauer <s.hauer@pengutronix.de>]

Add host-pkcs11-provider in preparation to add provider support to the
ptxdist code signing infrastructure.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 ...x-provider-installation-path-with-DESTDIR.patch | 36 ++++++++++++++++++++++
 patches/pkcs11-provider-0.6/series                 |  1 +
 rules/host-pkcs11-provider.in                      | 10 ++++++
 rules/host-pkcs11-provider.make                    | 28 +++++++++++++++++
 4 files changed, 75 insertions(+)

diff --git a/patches/pkcs11-provider-0.6/0001-meson-fix-provider-installation-path-with-DESTDIR.patch b/patches/pkcs11-provider-0.6/0001-meson-fix-provider-installation-path-with-DESTDIR.patch
new file mode 100644
index 000000000..b75132ea3
--- /dev/null
+++ b/patches/pkcs11-provider-0.6/0001-meson-fix-provider-installation-path-with-DESTDIR.patch
@@ -0,0 +1,36 @@
+From fbbb2835505f45cc84c17def5bd0e9d0fc7fb271 Mon Sep 17 00:00:00 2001
+From: Sascha Hauer <s.hauer@pengutronix.de>
+Date: Thu, 23 Apr 2026 11:08:17 +0200
+Subject: [PATCH] meson: fix provider installation path with DESTDIR
+
+provider_path is set from the modulesdir pkg-config variable, which
+expands to an absolute path with the prefix baked in. When meson
+installs with DESTDIR set, it prepends DESTDIR to this absolute path,
+resulting in a doubled prefix in the install location.
+
+Fix this by passing pkgconfig_define to override ${prefix} during
+variable expansion, so modulesdir is re-evaluated relative to the
+current meson --prefix rather than whatever was recorded in the .pc
+file at the time OpenSSL was installed.
+
+Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index b3912cb..f54b52f 100644
+--- a/meson.build
++++ b/meson.build
+@@ -46,7 +46,7 @@ conf.set('PACKAGE_MAJOR', major_version)
+ conf.set('PACKAGE_MINOR', minor_version)
+ 
+ libcrypto = dependency('libcrypto', version: '>= 3.0.7')
+-provider_path = libcrypto.get_variable(pkgconfig: 'modulesdir')
++provider_path = libcrypto.get_variable(pkgconfig: 'modulesdir', pkgconfig_define: ['prefix', get_option('prefix')])
+ libssl = dependency('libssl', version: '>= 3.0.7')
+ 
+ host_system = host_machine.system()
+-- 
+2.47.3
+
diff --git a/patches/pkcs11-provider-0.6/series b/patches/pkcs11-provider-0.6/series
new file mode 100644
index 000000000..9750a31a6
--- /dev/null
+++ b/patches/pkcs11-provider-0.6/series
@@ -0,0 +1 @@
+0001-meson-fix-provider-installation-path-with-DESTDIR.patch
diff --git a/rules/host-pkcs11-provider.in b/rules/host-pkcs11-provider.in
new file mode 100644
index 000000000..7d37f401c
--- /dev/null
+++ b/rules/host-pkcs11-provider.in
@@ -0,0 +1,10 @@
+## SECTION=hosttools_noprompt
+
+config HOST_PKCS11_PROVIDER
+	tristate
+	default y if ALLYES
+	select HOST_MESON
+	select HOST_OPENSSL
+
+
+# vim: ft=kconfig tw=80
diff --git a/rules/host-pkcs11-provider.make b/rules/host-pkcs11-provider.make
new file mode 100644
index 000000000..f634e662b
--- /dev/null
+++ b/rules/host-pkcs11-provider.make
@@ -0,0 +1,28 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2026 by Sascha Hauer <s.hauer@pengutronix.de>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+HOST_PACKAGES-$(PTXCONF_HOST_PKCS11_PROVIDER) += host-pkcs11-provider
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+HOST_PKCS11_PROVIDER_CONF_ENV	:= \
+	$(HOST_ENV)
+
+#
+# meson
+#
+HOST_PKCS11_PROVIDER_CONF_TOOL	:= meson
+HOST_PKCS11_PROVIDER_CONF_OPT	:=  \
+	$(HOST_MESON_OPT)
+
+# vim: ft=make

-- 
2.47.3