From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
In-Reply-To: <20200515142641.812-7-bst@pengutronix.de>
MIME-Version: 1.0
Message-Id: <E1jb1HY-0001B4-Jl@dude02.lab.pengutronix.de>
From: Michael Olbrich <mol@pengutronix.de>
Date: Tue, 19 May 2020 14:23:40 +0200
Subject: Re: [ptxdist] [APPLIED]
 ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Bastian Krause <bst@pengutronix.de>

Thanks, applied as f67dc22691a8671ea3306f768712d3185f453077.

Michael

[sent from post-receive hook]

On Tue, 19 May 2020 14:23:40 +0200, Bastian Krause <bst@pengutronix.de> wrote:
> Key providers now take care of calling the CA helpers. This makes sure
> the CA is already present in pem format. Use that instead of extracting
> and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer
> a dependency of template-barebox-imx-habv4.
> 
> Note: requires ptx-code-signing-dev 0.4 or later
> 
> Signed-off-by: Bastian Krause <bst@pengutronix.de>
> Message-Id: <20200515142641.812-7-bst@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in
> index af3e599861bc..16258cbee833 100644
> --- a/rules/templates/template-barebox-imx-habv4-in
> +++ b/rules/templates/template-barebox-imx-habv4-in
> @@ -3,7 +3,6 @@
>  config BAREBOX_@PACKAGE@
>  	tristate
>  	select CODE_SIGNING
> -	select HOST_EXTRACT_CERT
>  	select HOST_IMX_CST
>  	prompt "Barebox (@package@)"
>  	help
> diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
> index 034bf82b232a..781c1b3f610e 100644
> --- a/scripts/lib/ptxd_lib_imx_hab.sh
> +++ b/scripts/lib/ptxd_lib_imx_hab.sh
> @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() {
>      local template="${1}"
>      local table_bin="${pkg_build_dir}/imx-srk-table.bin"
>      local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> -    local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")"
> +    local -a certs
>  
>      echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n"
>  
>      for i in 1 2 3 4; do
> -	local t=$(printf "${template}" "${i}")
> -	local uri=$(cs_get_uri "$t")
> +	certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> +    done
>  
> -	ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der &&
> -	ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \
> -	    -out ${tmpdir}/srk${i}.pem || break
> -    done &&
> +    local orig_IFS="${IFS}"
> +    IFS=","
> +    certs="${certs[*]}"
> +    IFS="${orig_IFS}"
>  
>      ptxd_exec srktool --hab_ver 4 \
>  	--table "${table_bin}" \
>  	--efuses "${srk_fuse_bin}" \
>  	--digest sha256 \
> -	--certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem
> +	--certs "${certs}"
>  }
>  export -f ptxd_make_imx_habv4_gen_table_impl
>  

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de