From: Denis Osterland-Heim <denis.osterland@diehl.com>
To: "m.olbrich@pengutronix.de" <m.olbrich@pengutronix.de>
Cc: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Subject: Re: [ptxdist] [PATCH v3 0/3] yubi HSM pkcs11 plugin for signing provider
Date: Fri, 23 Apr 2021 09:34:00 +0000 [thread overview]
Message-ID: <9332ff316e6113ef76aaee090721ab46c6ae2dfc.camel@diehl.com> (raw)
In-Reply-To: <20210423075748.GI4162561@pengutronix.de>
Hi Michael,
Thanks for the info.
I know and I will do so.
I am already happy that you are able to work with this workaround so smooth.
In life nothing comes without a cost.
As long as we are not able to send simple plain text e-mails, I have to invest this extra effort.
Regards, Denis
Am Freitag, den 23.04.2021, 09:57 +0200 schrieb Michael Olbrich:
> On Wed, Apr 07, 2021 at 12:03:46PM +0000, Denis Osterland-Heim wrote:
> > v2 -> v3:
> > - add host-openssl dependency to host-libcurl
> > - remove 030-yubihsm-shell.make with code singing env change
> > - add macro for code signing env change and add it to template
> >
> > Denis Osterland-Heim (3):
> > host-libcurl: enable http(s) support
> > host-yubihsm-shell: new package
> > code-signing: add macro to mark a online code signing provider
>
> FYI, I did apply these patches. But as they are attachments neither my
> tooling to detect patches that I still need to review/apply nor the git
> hook that sends the 'applied' message can track your patches.
> So you need to keep track of those yourself and remind me if anything gets
> lost.
>
> Michael
>
> > rules/host-libcurl.in | 1 +
> > rules/host-libcurl.make | 4 +--
> > rules/host-yubihsm-shell.in | 13 ++++++++
> > rules/host-yubihsm-shell.make | 37 ++++++++++++++++++++++
> > rules/pre/010-code-signing.make | 7 ++++
> > .../template-code-signing-provider-pre-make | 4 +++
> > 6 files changed, 64 insertions(+), 2 deletions(-)
> >
> > base-commit: c3361e082 ("wpewebkit: add runtime logging support")
> > Diehl Connectivity Solutions GmbH
> > Geschäftsführung: Horst Leonberger
> > Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
> > Nürnberg: HRB 32315
> >
> > ________________________________
> >
> > Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
> > Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
> > Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
> >
> > - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
> >
> > https://www.diehl.com/group/de/transparenz-und-informationspflichten/
> >
> > The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
> > mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
> >
> > - For general information on data protection and your respective rights please visit:
> >
> > https://www.diehl.com/group/en/transparency-and-information-obligations/
> >
> >
> > Return-Path: <osterlad@cwpc1435.diehlako.local>
> > X-Original-To: ptxdist@pengutronix.de
> > Delivered-To: osterlad@cwpc1435.diehlako.local
> > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> > id 729313E432A; Wed, 7 Apr 2021 13:54:50 +0200 (CEST)
> > From: Denis Osterland-Heim <denis.osterland@diehl.com>
> > To: ptxdist@pengutronix.de
> > Subject: [PATCH v3 2/3] host-yubihsm-shell: new package
> > Date: Wed, 7 Apr 2021 13:54:49 +0200
> > Message-Id: <20210407115450.21355-2-denis.osterland@diehl.com>
> > X-Mailer: git-send-email 2.31.1
> > In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> > References: <20210407115450.21355-1-denis.osterland@diehl.com>
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 8bit
> >
> > This package provides the pkcs11 plugin for yubi HSMs,
> > which allows to create a signing provider for it.
> >
> > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> > ---
> > rules/host-yubihsm-shell.in | 13 ++++++++++++
> > rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++
> > 2 files changed, 50 insertions(+)
> > create mode 100644 rules/host-yubihsm-shell.in
> > create mode 100644 rules/host-yubihsm-shell.make
> >
> > diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in
> > new file mode 100644
> > index 000000000..65d68fcce
> > --- /dev/null
> > +++ b/rules/host-yubihsm-shell.in
> > @@ -0,0 +1,13 @@
> > +## SECTION=hosttools_noprompt
> > +
> > +config HOST_YUBIHSM_SHELL
> > +tristate
> > +default y if ALLYES
> > +select HOST_CMAKE
> > +select HOST_OPENSSL
> > +select HOST_LIBCURL
> > +select HOST_LIBUSB
> > +select HOST_GENGETOPT
> > +select HOST_LIBEDIT
> > +select HOST_PCSC_LITE
> > +select HOST_LIBP11
> > diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make
> > new file mode 100644
> > index 000000000..3ebfc8c1f
> > --- /dev/null
> > +++ b/rules/host-yubihsm-shell.make
> > @@ -0,0 +1,37 @@
> > +# -*-makefile-*-
> > +#
> > +# Copyright (C) 2021 by Denis Osterland-Heim <Denis.Osterland@diehl.com>
> > +#
> > +# For further information about the PTXdist project and license conditions
> > +# see the README file.
> > +#
> > +
> > +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) += host-yubihsm-shell
> > +
> > +#
> > +# Paths and names
> > +#
> > +HOST_YUBIHSM_SHELL_VERSION:= 2.1.0
> > +HOST_YUBIHSM_SHELL_MD5:= 7363c0bc4ed037e262474beaa6e1407b
> > +HOST_YUBIHSM_SHELL:= yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION)
> > +HOST_YUBIHSM_SHELL_SUFFIX:= tar.gz
> > +HOST_YUBIHSM_SHELL_URL:= https://github.com/Yubico/yubihsm-shell/archive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX)
> > +HOST_YUBIHSM_SHELL_SOURCE:= $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YUBIHSM_SHELL_SUFFIX)
> > +HOST_YUBIHSM_SHELL_DIR:= $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL)
> > +
> > +# ----------------------------------------------------------------------------
> > +# Prepare
> > +# ----------------------------------------------------------------------------
> > +
> > +#
> > +# cmake
> > +#
> > +HOST_YUBIHSM_SHELL_CONF_TOOL:= cmake
> > +HOST_YUBIHSM_SHELL_CONF_OPT:= \
> > +$(HOST_CMAKE_OPT) \
> > +-DBUILD_ONLY_LIB=OFF \
> > +-DENABLE_COVERAGE=OFF \
> > +-DSUPRESS_MSVC_WARNINGS=ON \
> > +-DWITHOUT_MANPAGES=1
> > +
> > +# vim: syntax=make
> > --
> > 2.31.1
> >
> > Return-Path: <osterlad@cwpc1435.diehlako.local>
> > X-Original-To: ptxdist@pengutronix.de
> > Delivered-To: osterlad@cwpc1435.diehlako.local
> > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> > id 735273E64BB; Wed, 7 Apr 2021 13:54:50 +0200 (CEST)
> > From: Denis Osterland-Heim <denis.osterland@diehl.com>
> > To: ptxdist@pengutronix.de
> > Subject: [PATCH v3 3/3] code-signing: add macro to mark a online code signing provider
> > Date: Wed, 7 Apr 2021 13:54:50 +0200
> > Message-Id: <20210407115450.21355-3-denis.osterland@diehl.com>
> > X-Mailer: git-send-email 2.31.1
> > In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> > References: <20210407115450.21355-1-denis.osterland@diehl.com>
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 8bit
> >
> > Normally server interaction is only allowed in get stage,
> > but a code signing provider may have to communicate with a CA
> > server for a signature. This macro enables all code signing
> > user packages (kernel-fit, barebox, ...) to interact with a
> > server outside the get stage.
> >
> > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> > ---
> > rules/pre/010-code-signing.make | 7 +++++++
> > rules/templates/template-code-signing-provider-pre-make | 4 ++++
> > 2 files changed, 11 insertions(+)
> >
> > diff --git a/rules/pre/010-code-signing.make b/rules/pre/010-code-signing.make
> > index ac3bdbc56..370595600 100644
> > --- a/rules/pre/010-code-signing.make
> > +++ b/rules/pre/010-code-signing.make
> > @@ -11,4 +11,11 @@ CODE_SIGNING_ENV = \
> > OPENSSL_CONF="$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \
> > OPENSSL_ENGINES="$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1"
> >
> > +#
> > +# This macro is used to allow a code signing provider
> > +# to communicate with a server in an other stage than get
> > +#
> > +ptx/online-code-signing-provider = $(eval CODE_SIGNING_ENV += \
> > +HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy=)
> > +
> > # vim: syntax=make
> > diff --git a/rules/templates/template-code-signing-provider-pre-make b/rules/templates/template-code-signing-provider-pre-make
> > index 6050cd149..90b58d2c2 100644
> > --- a/rules/templates/template-code-signing-provider-pre-make
> > +++ b/rules/templates/template-code-signing-provider-pre-make
> > @@ -9,6 +9,10 @@
> > ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@
> > CODE_SIGNING_ENV += \
> > PKCS11_MODULE_PATH=@MODULE_PATH@
> > +
> > +# if your provider communicates to a server uncomment the following lines
> > +# to allow network requests outside of get stage
> > +#$(call ptx/online-code-signing-provider)
> > endif
> >
> > # vim: syntax=make
> > --
> > 2.31.1
> >
> > Return-Path: <osterlad@cwpc1435.diehlako.local>
> > X-Original-To: ptxdist@pengutronix.de
> > Delivered-To: osterlad@cwpc1435.diehlako.local
> > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> > id 6E9243E64BC; Wed, 7 Apr 2021 13:54:50 +0200 (CEST)
> > From: Denis Osterland-Heim <denis.osterland@diehl.com>
> > To: ptxdist@pengutronix.de
> > Subject: [PATCH v3 1/3] host-libcurl: enable http(s) support
> > Date: Wed, 7 Apr 2021 13:54:48 +0200
> > Message-Id: <20210407115450.21355-1-denis.osterland@diehl.com>
> > X-Mailer: git-send-email 2.31.1
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 8bit
> >
> > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> > ---
> > rules/host-libcurl.in | 1 +
> > rules/host-libcurl.make | 4 ++--
> > 2 files changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/rules/host-libcurl.in b/rules/host-libcurl.in
> > index dfce3ab95..cd4b4ceb0 100644
> > --- a/rules/host-libcurl.in
> > +++ b/rules/host-libcurl.in
> > @@ -2,4 +2,5 @@
> >
> > config HOST_LIBCURL
> > tristate
> > +select HOST_OPENSSL
> > default y if ALLYES
> > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
> > index dc28de778..1a2a1fcf5 100644
> > --- a/rules/host-libcurl.make
> > +++ b/rules/host-libcurl.make
> > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT:= \
> > --without-librtmp \
> > \
> > --disable-ares \
> > ---disable-http \
> > +--enable-http \
> > --disable-nghttp2 \
> > --disable-cookies \
> > --disable-ftp \
> > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT:= \
> > --disable-file \
> > --disable-crypto-auth \
> > --disable-libssh2 \
> > ---without-ssl
> > +--with-ssl
> >
> > $(STATEDIR)/host-libcurl.install:
> > @$(call targetinfo)
> > --
> > 2.31.1
> >
> > _______________________________________________
> > ptxdist mailing list
> > ptxdist@pengutronix.de
> > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
Diehl Connectivity Solutions GmbH
Geschäftsführung: Horst Leonberger
Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
Nürnberg: HRB 32315
________________________________
Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
- Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
https://www.diehl.com/group/de/transparenz-und-informationspflichten/
The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
- For general information on data protection and your respective rights please visit:
https://www.diehl.com/group/en/transparency-and-information-obligations/
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
prev parent reply other threads:[~2021-04-23 9:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 12:03 Denis Osterland-Heim
2021-04-23 7:57 ` Michael Olbrich
2021-04-23 9:34 ` Denis Osterland-Heim [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9332ff316e6113ef76aaee090721ab46c6ae2dfc.camel@diehl.com \
--to=denis.osterland@diehl.com \
--cc=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox