[ptxdist] [PATCH v3 0/3] yubi HSM pkcs11 plugin for signing provider

[ptxdist] [PATCH v3 0/3] yubi HSM pkcs11 plugin for signing provider

[Denis Osterland-Heim]

[-- Attachment #1: Type: text/plain, Size: 2192 bytes --]

v2 -> v3:
 - add host-openssl dependency to host-libcurl
 - remove 030-yubihsm-shell.make with code singing env change
 - add macro for code signing env change and add it to template

Denis Osterland-Heim (3):
      host-libcurl: enable http(s) support
      host-yubihsm-shell: new package
      code-signing: add macro to mark a online code signing provider

 rules/host-libcurl.in                              |  1 +
 rules/host-libcurl.make                            |  4 +--
 rules/host-yubihsm-shell.in                        | 13 ++++++++
 rules/host-yubihsm-shell.make                      | 37 ++++++++++++++++++++++
 rules/pre/010-code-signing.make                    |  7 ++++
 .../template-code-signing-provider-pre-make        |  4 +++
 6 files changed, 64 insertions(+), 2 deletions(-)

base-commit: c3361e082 ("wpewebkit: add runtime logging support")
Diehl Connectivity Solutions GmbH
Geschäftsführung: Horst Leonberger
Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
Nürnberg: HRB 32315

________________________________

Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.

- Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:

https://www.diehl.com/group/de/transparenz-und-informationspflichten/

The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.

- For general information on data protection and your respective rights please visit:

https://www.diehl.com/group/en/transparency-and-information-obligations/



[-- Attachment #2: 1617796490.Vfd01Ie71c04M493614.mbox --]
[-- Type: application/mbox, Size: 2993 bytes --]

[-- Attachment #3: 1617796490.Vfd01Ie71c05M493755.mbox --]
[-- Type: application/mbox, Size: 2472 bytes --]

[-- Attachment #4: 1617796490.Vfd01Ie721ebM490748.mbox --]
[-- Type: application/mbox, Size: 1566 bytes --]

[-- Attachment #5: Type: text/plain, Size: 181 bytes --]

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

Re: [ptxdist] [PATCH v3 0/3] yubi HSM pkcs11 plugin for signing provider

[Michael Olbrich]

On Wed, Apr 07, 2021 at 12:03:46PM +0000, Denis Osterland-Heim wrote:
> v2 -> v3:
>  - add host-openssl dependency to host-libcurl
>  - remove 030-yubihsm-shell.make with code singing env change
>  - add macro for code signing env change and add it to template
> 
> Denis Osterland-Heim (3):
>       host-libcurl: enable http(s) support
>       host-yubihsm-shell: new package
>       code-signing: add macro to mark a online code signing provider

FYI, I did apply these patches. But as they are attachments neither my
tooling to detect patches that I still need to review/apply nor the git
hook that sends the 'applied' message can track your patches.
So you need to keep track of those yourself and remind me if anything gets
lost.

Michael

>  rules/host-libcurl.in                              |  1 +
>  rules/host-libcurl.make                            |  4 +--
>  rules/host-yubihsm-shell.in                        | 13 ++++++++
>  rules/host-yubihsm-shell.make                      | 37 ++++++++++++++++++++++
>  rules/pre/010-code-signing.make                    |  7 ++++
>  .../template-code-signing-provider-pre-make        |  4 +++
>  6 files changed, 64 insertions(+), 2 deletions(-)
> 
> base-commit: c3361e082 ("wpewebkit: add runtime logging support")
> Diehl Connectivity Solutions GmbH
> Geschäftsführung: Horst Leonberger
> Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
> Nürnberg: HRB 32315
> 
> ________________________________
> 
> Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
> Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
> Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
> 
> - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
> 
> https://www.diehl.com/group/de/transparenz-und-informationspflichten/
> 
> The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
> mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
> 
> - For general information on data protection and your respective rights please visit:
> 
> https://www.diehl.com/group/en/transparency-and-information-obligations/
> 
> 

> Return-Path: <osterlad@cwpc1435.diehlako.local>
> X-Original-To: ptxdist@pengutronix.de
> Delivered-To: osterlad@cwpc1435.diehlako.local
> Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> 	id 729313E432A; Wed,  7 Apr 2021 13:54:50 +0200 (CEST)
> From: Denis Osterland-Heim <denis.osterland@diehl.com>
> To: ptxdist@pengutronix.de
> Subject: [PATCH v3 2/3] host-yubihsm-shell: new package
> Date: Wed,  7 Apr 2021 13:54:49 +0200
> Message-Id: <20210407115450.21355-2-denis.osterland@diehl.com>
> X-Mailer: git-send-email 2.31.1
> In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> References: <20210407115450.21355-1-denis.osterland@diehl.com>
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> 
> This package provides the pkcs11 plugin for yubi HSMs,
> which allows to create a signing provider for it.
> 
> Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> ---
>  rules/host-yubihsm-shell.in   | 13 ++++++++++++
>  rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++
>  2 files changed, 50 insertions(+)
>  create mode 100644 rules/host-yubihsm-shell.in
>  create mode 100644 rules/host-yubihsm-shell.make
> 
> diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in
> new file mode 100644
> index 000000000..65d68fcce
> --- /dev/null
> +++ b/rules/host-yubihsm-shell.in
> @@ -0,0 +1,13 @@
> +## SECTION=hosttools_noprompt
> +
> +config HOST_YUBIHSM_SHELL
> +	tristate
> +	default y if ALLYES
> +	select HOST_CMAKE
> +	select HOST_OPENSSL
> +	select HOST_LIBCURL
> +	select HOST_LIBUSB
> +	select HOST_GENGETOPT
> +	select HOST_LIBEDIT
> +	select HOST_PCSC_LITE
> +	select HOST_LIBP11
> diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make
> new file mode 100644
> index 000000000..3ebfc8c1f
> --- /dev/null
> +++ b/rules/host-yubihsm-shell.make
> @@ -0,0 +1,37 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2021 by Denis Osterland-Heim <Denis.Osterland@diehl.com>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) += host-yubihsm-shell
> +
> +#
> +# Paths and names
> +#
> +HOST_YUBIHSM_SHELL_VERSION	:= 2.1.0
> +HOST_YUBIHSM_SHELL_MD5		:= 7363c0bc4ed037e262474beaa6e1407b
> +HOST_YUBIHSM_SHELL		:= yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION)
> +HOST_YUBIHSM_SHELL_SUFFIX	:= tar.gz
> +HOST_YUBIHSM_SHELL_URL		:= https://github.com/Yubico/yubihsm-shell/archive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX)
> +HOST_YUBIHSM_SHELL_SOURCE	:= $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YUBIHSM_SHELL_SUFFIX)
> +HOST_YUBIHSM_SHELL_DIR		:= $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL)
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# cmake
> +#
> +HOST_YUBIHSM_SHELL_CONF_TOOL	:= cmake
> +HOST_YUBIHSM_SHELL_CONF_OPT	:=  \
> +	$(HOST_CMAKE_OPT) \
> +	-DBUILD_ONLY_LIB=OFF \
> +	-DENABLE_COVERAGE=OFF \
> +	-DSUPRESS_MSVC_WARNINGS=ON \
> +	-DWITHOUT_MANPAGES=1
> +
> +# vim: syntax=make
> -- 
> 2.31.1
> 

> Return-Path: <osterlad@cwpc1435.diehlako.local>
> X-Original-To: ptxdist@pengutronix.de
> Delivered-To: osterlad@cwpc1435.diehlako.local
> Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> 	id 735273E64BB; Wed,  7 Apr 2021 13:54:50 +0200 (CEST)
> From: Denis Osterland-Heim <denis.osterland@diehl.com>
> To: ptxdist@pengutronix.de
> Subject: [PATCH v3 3/3] code-signing: add macro to mark a online code signing provider
> Date: Wed,  7 Apr 2021 13:54:50 +0200
> Message-Id: <20210407115450.21355-3-denis.osterland@diehl.com>
> X-Mailer: git-send-email 2.31.1
> In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> References: <20210407115450.21355-1-denis.osterland@diehl.com>
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> 
> Normally server interaction is only allowed in get stage,
> but a code signing provider may have to communicate with a CA
> server for a signature. This macro enables all code signing
> user packages (kernel-fit, barebox, ...) to interact with a
> server outside the get stage.
> 
> Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> ---
>  rules/pre/010-code-signing.make                         | 7 +++++++
>  rules/templates/template-code-signing-provider-pre-make | 4 ++++
>  2 files changed, 11 insertions(+)
> 
> diff --git a/rules/pre/010-code-signing.make b/rules/pre/010-code-signing.make
> index ac3bdbc56..370595600 100644
> --- a/rules/pre/010-code-signing.make
> +++ b/rules/pre/010-code-signing.make
> @@ -11,4 +11,11 @@ CODE_SIGNING_ENV = \
>  	OPENSSL_CONF="$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \
>  	OPENSSL_ENGINES="$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1"
>  
> +#
> +# This macro is used to allow a code signing provider
> +# to communicate with a server in an other stage than get
> +#
> +ptx/online-code-signing-provider = $(eval CODE_SIGNING_ENV += \
> +	HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy=)
> +
>  # vim: syntax=make
> diff --git a/rules/templates/template-code-signing-provider-pre-make b/rules/templates/template-code-signing-provider-pre-make
> index 6050cd149..90b58d2c2 100644
> --- a/rules/templates/template-code-signing-provider-pre-make
> +++ b/rules/templates/template-code-signing-provider-pre-make
> @@ -9,6 +9,10 @@
>  ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@
>  CODE_SIGNING_ENV += \
>  	PKCS11_MODULE_PATH=@MODULE_PATH@
> +
> +# if your provider communicates to a server uncomment the following lines
> +# to allow network requests outside of get stage
> +#$(call ptx/online-code-signing-provider)
>  endif
>  
>  # vim: syntax=make
> -- 
> 2.31.1
> 

> Return-Path: <osterlad@cwpc1435.diehlako.local>
> X-Original-To: ptxdist@pengutronix.de
> Delivered-To: osterlad@cwpc1435.diehlako.local
> Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> 	id 6E9243E64BC; Wed,  7 Apr 2021 13:54:50 +0200 (CEST)
> From: Denis Osterland-Heim <denis.osterland@diehl.com>
> To: ptxdist@pengutronix.de
> Subject: [PATCH v3 1/3] host-libcurl: enable http(s) support
> Date: Wed,  7 Apr 2021 13:54:48 +0200
> Message-Id: <20210407115450.21355-1-denis.osterland@diehl.com>
> X-Mailer: git-send-email 2.31.1
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> 
> Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> ---
>  rules/host-libcurl.in   | 1 +
>  rules/host-libcurl.make | 4 ++--
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/host-libcurl.in b/rules/host-libcurl.in
> index dfce3ab95..cd4b4ceb0 100644
> --- a/rules/host-libcurl.in
> +++ b/rules/host-libcurl.in
> @@ -2,4 +2,5 @@
>  
>  config HOST_LIBCURL
>  	tristate
> +	select HOST_OPENSSL
>  	default y if ALLYES
> diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
> index dc28de778..1a2a1fcf5 100644
> --- a/rules/host-libcurl.make
> +++ b/rules/host-libcurl.make
> @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT	:= \
>  	--without-librtmp \
>  	\
>  	--disable-ares \
> -	--disable-http \
> +	--enable-http \
>  	--disable-nghttp2 \
>  	--disable-cookies \
>  	--disable-ftp \
> @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT	:= \
>  	--disable-file \
>  	--disable-crypto-auth \
>  	--disable-libssh2 \
> -	--without-ssl
> +	--with-ssl
>  
>  $(STATEDIR)/host-libcurl.install:
>  	@$(call targetinfo)
> -- 
> 2.31.1
> 

> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

Re: [ptxdist] [PATCH v3 0/3] yubi HSM pkcs11 plugin for signing provider

[Denis Osterland-Heim]

Hi Michael,

Thanks for the info.
I know and I will do so.
I am already happy that you are able to work with this workaround so smooth.
In life nothing comes without a cost.
As long as we are not able to send simple plain text e-mails, I have to invest this extra effort.

Regards, Denis

Am Freitag, den 23.04.2021, 09:57 +0200 schrieb Michael Olbrich:
> On Wed, Apr 07, 2021 at 12:03:46PM +0000, Denis Osterland-Heim wrote:
> > v2 -> v3:
> >  - add host-openssl dependency to host-libcurl
> >  - remove 030-yubihsm-shell.make with code singing env change
> >  - add macro for code signing env change and add it to template
> >
> > Denis Osterland-Heim (3):
> >       host-libcurl: enable http(s) support
> >       host-yubihsm-shell: new package
> >       code-signing: add macro to mark a online code signing provider
>
> FYI, I did apply these patches. But as they are attachments neither my
> tooling to detect patches that I still need to review/apply nor the git
> hook that sends the 'applied' message can track your patches.
> So you need to keep track of those yourself and remind me if anything gets
> lost.
>
> Michael
>
> >  rules/host-libcurl.in                              |  1 +
> >  rules/host-libcurl.make                            |  4 +--
> >  rules/host-yubihsm-shell.in                        | 13 ++++++++
> >  rules/host-yubihsm-shell.make                      | 37 ++++++++++++++++++++++
> >  rules/pre/010-code-signing.make                    |  7 ++++
> >  .../template-code-signing-provider-pre-make        |  4 +++
> >  6 files changed, 64 insertions(+), 2 deletions(-)
> >
> > base-commit: c3361e082 ("wpewebkit: add runtime logging support")
> > Diehl Connectivity Solutions GmbH
> > Geschäftsführung: Horst Leonberger
> > Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
> > Nürnberg: HRB 32315
> >
> > ________________________________
> >
> > Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
> > Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
> > Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
> >
> > - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
> >
> > https://www.diehl.com/group/de/transparenz-und-informationspflichten/
> >
> > The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
> > mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
> >
> > - For general information on data protection and your respective rights please visit:
> >
> > https://www.diehl.com/group/en/transparency-and-information-obligations/
> >
> >
> > Return-Path: <osterlad@cwpc1435.diehlako.local>
> > X-Original-To: ptxdist@pengutronix.de
> > Delivered-To: osterlad@cwpc1435.diehlako.local
> > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> > id 729313E432A; Wed,  7 Apr 2021 13:54:50 +0200 (CEST)
> > From: Denis Osterland-Heim <denis.osterland@diehl.com>
> > To: ptxdist@pengutronix.de
> > Subject: [PATCH v3 2/3] host-yubihsm-shell: new package
> > Date: Wed,  7 Apr 2021 13:54:49 +0200
> > Message-Id: <20210407115450.21355-2-denis.osterland@diehl.com>
> > X-Mailer: git-send-email 2.31.1
> > In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> > References: <20210407115450.21355-1-denis.osterland@diehl.com>
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 8bit
> >
> > This package provides the pkcs11 plugin for yubi HSMs,
> > which allows to create a signing provider for it.
> >
> > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> > ---
> >  rules/host-yubihsm-shell.in   | 13 ++++++++++++
> >  rules/host-yubihsm-shell.make | 37 +++++++++++++++++++++++++++++++++++
> >  2 files changed, 50 insertions(+)
> >  create mode 100644 rules/host-yubihsm-shell.in
> >  create mode 100644 rules/host-yubihsm-shell.make
> >
> > diff --git a/rules/host-yubihsm-shell.in b/rules/host-yubihsm-shell.in
> > new file mode 100644
> > index 000000000..65d68fcce
> > --- /dev/null
> > +++ b/rules/host-yubihsm-shell.in
> > @@ -0,0 +1,13 @@
> > +## SECTION=hosttools_noprompt
> > +
> > +config HOST_YUBIHSM_SHELL
> > +tristate
> > +default y if ALLYES
> > +select HOST_CMAKE
> > +select HOST_OPENSSL
> > +select HOST_LIBCURL
> > +select HOST_LIBUSB
> > +select HOST_GENGETOPT
> > +select HOST_LIBEDIT
> > +select HOST_PCSC_LITE
> > +select HOST_LIBP11
> > diff --git a/rules/host-yubihsm-shell.make b/rules/host-yubihsm-shell.make
> > new file mode 100644
> > index 000000000..3ebfc8c1f
> > --- /dev/null
> > +++ b/rules/host-yubihsm-shell.make
> > @@ -0,0 +1,37 @@
> > +# -*-makefile-*-
> > +#
> > +# Copyright (C) 2021 by Denis Osterland-Heim <Denis.Osterland@diehl.com>
> > +#
> > +# For further information about the PTXdist project and license conditions
> > +# see the README file.
> > +#
> > +
> > +HOST_PACKAGES-$(PTXCONF_HOST_YUBIHSM_SHELL) += host-yubihsm-shell
> > +
> > +#
> > +# Paths and names
> > +#
> > +HOST_YUBIHSM_SHELL_VERSION:= 2.1.0
> > +HOST_YUBIHSM_SHELL_MD5:= 7363c0bc4ed037e262474beaa6e1407b
> > +HOST_YUBIHSM_SHELL:= yubihsm-shell-$(HOST_YUBIHSM_SHELL_VERSION)
> > +HOST_YUBIHSM_SHELL_SUFFIX:= tar.gz
> > +HOST_YUBIHSM_SHELL_URL:= https://github.com/Yubico/yubihsm-shell/archive/$(HOST_YUBIHSM_SHELL_VERSION).$(HOST_YUBIHSM_SHELL_SUFFIX)
> > +HOST_YUBIHSM_SHELL_SOURCE:= $(SRCDIR)/$(HOST_YUBIHSM_SHELL).$(HOST_YUBIHSM_SHELL_SUFFIX)
> > +HOST_YUBIHSM_SHELL_DIR:= $(HOST_BUILDDIR)/$(HOST_YUBIHSM_SHELL)
> > +
> > +# ----------------------------------------------------------------------------
> > +# Prepare
> > +# ----------------------------------------------------------------------------
> > +
> > +#
> > +# cmake
> > +#
> > +HOST_YUBIHSM_SHELL_CONF_TOOL:= cmake
> > +HOST_YUBIHSM_SHELL_CONF_OPT:=  \
> > +$(HOST_CMAKE_OPT) \
> > +-DBUILD_ONLY_LIB=OFF \
> > +-DENABLE_COVERAGE=OFF \
> > +-DSUPRESS_MSVC_WARNINGS=ON \
> > +-DWITHOUT_MANPAGES=1
> > +
> > +# vim: syntax=make
> > --
> > 2.31.1
> >
> > Return-Path: <osterlad@cwpc1435.diehlako.local>
> > X-Original-To: ptxdist@pengutronix.de
> > Delivered-To: osterlad@cwpc1435.diehlako.local
> > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> > id 735273E64BB; Wed,  7 Apr 2021 13:54:50 +0200 (CEST)
> > From: Denis Osterland-Heim <denis.osterland@diehl.com>
> > To: ptxdist@pengutronix.de
> > Subject: [PATCH v3 3/3] code-signing: add macro to mark a online code signing provider
> > Date: Wed,  7 Apr 2021 13:54:50 +0200
> > Message-Id: <20210407115450.21355-3-denis.osterland@diehl.com>
> > X-Mailer: git-send-email 2.31.1
> > In-Reply-To: <20210407115450.21355-1-denis.osterland@diehl.com>
> > References: <20210407115450.21355-1-denis.osterland@diehl.com>
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 8bit
> >
> > Normally server interaction is only allowed in get stage,
> > but a code signing provider may have to communicate with a CA
> > server for a signature. This macro enables all code signing
> > user packages (kernel-fit, barebox, ...) to interact with a
> > server outside the get stage.
> >
> > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> > ---
> >  rules/pre/010-code-signing.make                         | 7 +++++++
> >  rules/templates/template-code-signing-provider-pre-make | 4 ++++
> >  2 files changed, 11 insertions(+)
> >
> > diff --git a/rules/pre/010-code-signing.make b/rules/pre/010-code-signing.make
> > index ac3bdbc56..370595600 100644
> > --- a/rules/pre/010-code-signing.make
> > +++ b/rules/pre/010-code-signing.make
> > @@ -11,4 +11,11 @@ CODE_SIGNING_ENV = \
> >  OPENSSL_CONF="$(PTXDIST_SYSROOT_HOST)/ssl/openssl.cnf" \
> >  OPENSSL_ENGINES="$(PTXDIST_SYSROOT_HOST)/lib/engines-1.1"
> >
> > +#
> > +# This macro is used to allow a code signing provider
> > +# to communicate with a server in an other stage than get
> > +#
> > +ptx/online-code-signing-provider = $(eval CODE_SIGNING_ENV += \
> > +HTTPS_PROXY= HTTP_PROXY= https_proxy= http_proxy=)
> > +
> >  # vim: syntax=make
> > diff --git a/rules/templates/template-code-signing-provider-pre-make b/rules/templates/template-code-signing-provider-pre-make
> > index 6050cd149..90b58d2c2 100644
> > --- a/rules/templates/template-code-signing-provider-pre-make
> > +++ b/rules/templates/template-code-signing-provider-pre-make
> > @@ -9,6 +9,10 @@
> >  ifdef PTXCONF_CODE_SIGNING_PROVIDER_@PACKAGE@
> >  CODE_SIGNING_ENV += \
> >  PKCS11_MODULE_PATH=@MODULE_PATH@
> > +
> > +# if your provider communicates to a server uncomment the following lines
> > +# to allow network requests outside of get stage
> > +#$(call ptx/online-code-signing-provider)
> >  endif
> >
> >  # vim: syntax=make
> > --
> > 2.31.1
> >
> > Return-Path: <osterlad@cwpc1435.diehlako.local>
> > X-Original-To: ptxdist@pengutronix.de
> > Delivered-To: osterlad@cwpc1435.diehlako.local
> > Received: by cwpc1435.diehlako.local (Postfix, from userid 1001)
> > id 6E9243E64BC; Wed,  7 Apr 2021 13:54:50 +0200 (CEST)
> > From: Denis Osterland-Heim <denis.osterland@diehl.com>
> > To: ptxdist@pengutronix.de
> > Subject: [PATCH v3 1/3] host-libcurl: enable http(s) support
> > Date: Wed,  7 Apr 2021 13:54:48 +0200
> > Message-Id: <20210407115450.21355-1-denis.osterland@diehl.com>
> > X-Mailer: git-send-email 2.31.1
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 8bit
> >
> > Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> > ---
> >  rules/host-libcurl.in   | 1 +
> >  rules/host-libcurl.make | 4 ++--
> >  2 files changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/rules/host-libcurl.in b/rules/host-libcurl.in
> > index dfce3ab95..cd4b4ceb0 100644
> > --- a/rules/host-libcurl.in
> > +++ b/rules/host-libcurl.in
> > @@ -2,4 +2,5 @@
> >
> >  config HOST_LIBCURL
> >  tristate
> > +select HOST_OPENSSL
> >  default y if ALLYES
> > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
> > index dc28de778..1a2a1fcf5 100644
> > --- a/rules/host-libcurl.make
> > +++ b/rules/host-libcurl.make
> > @@ -61,7 +61,7 @@ HOST_LIBCURL_CONF_OPT:= \
> >  --without-librtmp \
> >  \
> >  --disable-ares \
> > ---disable-http \
> > +--enable-http \
> >  --disable-nghttp2 \
> >  --disable-cookies \
> >  --disable-ftp \
> > @@ -69,7 +69,7 @@ HOST_LIBCURL_CONF_OPT:= \
> >  --disable-file \
> >  --disable-crypto-auth \
> >  --disable-libssh2 \
> > ---without-ssl
> > +--with-ssl
> >
> >  $(STATEDIR)/host-libcurl.install:
> >  @$(call targetinfo)
> > --
> > 2.31.1
> >
> > _______________________________________________
> > ptxdist mailing list
> > ptxdist@pengutronix.de
> > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
Diehl Connectivity Solutions GmbH
Geschäftsführung: Horst Leonberger
Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
Nürnberg: HRB 32315

________________________________

Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.

- Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:

https://www.diehl.com/group/de/transparenz-und-informationspflichten/

The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.

- For general information on data protection and your respective rights please visit:

https://www.diehl.com/group/en/transparency-and-information-obligations/


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de