From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 23 Apr 2026 11:26:05 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wFqJx-00FRIu-1Z for lore@lore.pengutronix.de; Thu, 23 Apr 2026 11:26:05 +0200 Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1wFqJx-0003NN-Bu; Thu, 23 Apr 2026 11:26:05 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1wFqJh-0003CD-IX; Thu, 23 Apr 2026 11:25:49 +0200 Received: from dude02.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::28]) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wFqJh-006o3U-14; Thu, 23 Apr 2026 11:25:49 +0200 Received: from [::1] (helo=dude02.red.stw.pengutronix.de) by dude02.red.stw.pengutronix.de with esmtp (Exim 4.98.2) (envelope-from ) id 1wFqJh-00000007LmO-10wK; Thu, 23 Apr 2026 11:25:49 +0200 From: Sascha Hauer Date: Thu, 23 Apr 2026 11:25:47 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20260423-code-signing-provider-v2-2-be62a422e84a@pengutronix.de> References: <20260423-code-signing-provider-v2-0-be62a422e84a@pengutronix.de> In-Reply-To: <20260423-code-signing-provider-v2-0-be62a422e84a@pengutronix.de> To: ptxdist@pengutronix.de X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1776936349; l=3876; i=s.hauer@pengutronix.de; s=20230412; h=from:subject:message-id; bh=2Od4BWakPrrVSVq6qOdc/GIe8rE7Yg2eqsDIGUIqMlA=; b=ZvZp3EJGQs0Uk2E4tfspVoRb4HS/vAR1AOZPQol7GYeFxNPQqcwz/MShVLhn4GOnldYmw73w6 3mR9zChYeMXB6LqUTCDWZ2p8aYx3SmLQD9xZj4bzHd2OW8xNiCXrt3P X-Developer-Key: i=s.hauer@pengutronix.de; a=ed25519; pk=4kuc9ocmECiBJKWxYgqyhtZOHj5AWi7+d0n/UjhkwTg= Subject: [ptxdist] [PATCH v2 2/3] Add host-pkcs11-provider X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Add host-pkcs11-provider in preparation to add provider support to the ptxdist code signing infrastructure. Signed-off-by: Sascha Hauer --- ...x-provider-installation-path-with-DESTDIR.patch | 36 ++++++++++++++++++++++ patches/pkcs11-provider-0.6/series | 1 + rules/host-pkcs11-provider.in | 10 ++++++ rules/host-pkcs11-provider.make | 28 +++++++++++++++++ 4 files changed, 75 insertions(+) diff --git a/patches/pkcs11-provider-0.6/0001-meson-fix-provider-installation-path-with-DESTDIR.patch b/patches/pkcs11-provider-0.6/0001-meson-fix-provider-installation-path-with-DESTDIR.patch new file mode 100644 index 000000000..b75132ea3 --- /dev/null +++ b/patches/pkcs11-provider-0.6/0001-meson-fix-provider-installation-path-with-DESTDIR.patch @@ -0,0 +1,36 @@ +From fbbb2835505f45cc84c17def5bd0e9d0fc7fb271 Mon Sep 17 00:00:00 2001 +From: Sascha Hauer +Date: Thu, 23 Apr 2026 11:08:17 +0200 +Subject: [PATCH] meson: fix provider installation path with DESTDIR + +provider_path is set from the modulesdir pkg-config variable, which +expands to an absolute path with the prefix baked in. When meson +installs with DESTDIR set, it prepends DESTDIR to this absolute path, +resulting in a doubled prefix in the install location. + +Fix this by passing pkgconfig_define to override ${prefix} during +variable expansion, so modulesdir is re-evaluated relative to the +current meson --prefix rather than whatever was recorded in the .pc +file at the time OpenSSL was installed. + +Signed-off-by: Sascha Hauer +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index b3912cb..f54b52f 100644 +--- a/meson.build ++++ b/meson.build +@@ -46,7 +46,7 @@ conf.set('PACKAGE_MAJOR', major_version) + conf.set('PACKAGE_MINOR', minor_version) + + libcrypto = dependency('libcrypto', version: '>= 3.0.7') +-provider_path = libcrypto.get_variable(pkgconfig: 'modulesdir') ++provider_path = libcrypto.get_variable(pkgconfig: 'modulesdir', pkgconfig_define: ['prefix', get_option('prefix')]) + libssl = dependency('libssl', version: '>= 3.0.7') + + host_system = host_machine.system() +-- +2.47.3 + diff --git a/patches/pkcs11-provider-0.6/series b/patches/pkcs11-provider-0.6/series new file mode 100644 index 000000000..9750a31a6 --- /dev/null +++ b/patches/pkcs11-provider-0.6/series @@ -0,0 +1 @@ +0001-meson-fix-provider-installation-path-with-DESTDIR.patch diff --git a/rules/host-pkcs11-provider.in b/rules/host-pkcs11-provider.in new file mode 100644 index 000000000..7d37f401c --- /dev/null +++ b/rules/host-pkcs11-provider.in @@ -0,0 +1,10 @@ +## SECTION=hosttools_noprompt + +config HOST_PKCS11_PROVIDER + tristate + default y if ALLYES + select HOST_MESON + select HOST_OPENSSL + + +# vim: ft=kconfig tw=80 diff --git a/rules/host-pkcs11-provider.make b/rules/host-pkcs11-provider.make new file mode 100644 index 000000000..f634e662b --- /dev/null +++ b/rules/host-pkcs11-provider.make @@ -0,0 +1,28 @@ +# -*-makefile-*- +# +# Copyright (C) 2026 by Sascha Hauer +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +HOST_PACKAGES-$(PTXCONF_HOST_PKCS11_PROVIDER) += host-pkcs11-provider + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +HOST_PKCS11_PROVIDER_CONF_ENV := \ + $(HOST_ENV) + +# +# meson +# +HOST_PKCS11_PROVIDER_CONF_TOOL := meson +HOST_PKCS11_PROVIDER_CONF_OPT := \ + $(HOST_MESON_OPT) + +# vim: ft=make -- 2.47.3