| Message ID | 20250531113252.3889951-6-johannes.schneider@leica-geosystems.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | signing.bbclass: add certificate chain handling | expand |
On Sat, 2025-05-31 at 13:32 +0200, Johannes Schneider via lists.openembedded.org wrote: > Add extract-cert wrapping helper functions, to easily extract > certificates again that had been previously imported into the softhsm. > > Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> > --- > meta-oe/classes/signing.bbclass | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) > > diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass > index 7bc3e7cb12..1f50e89d1e 100644 > --- a/meta-oe/classes/signing.bbclass > +++ b/meta-oe/classes/signing.bbclass > @@ -54,7 +54,7 @@ > SIGNING_PKCS11_URI ?= "" > SIGNING_PKCS11_MODULE ?= "" > > -DEPENDS += "softhsm-native libp11-native opensc-native openssl-native" > +DEPENDS += "softhsm-native libp11-native opensc-native openssl-native extract-cert-native" > > def signing_class_prepare(d): > import os.path > @@ -439,6 +439,30 @@ signing_get_module() { > fi > } > > +# signing_extract_cert_der <role> <der> > +# > +# Export a certificate attached to a role into a DER file. > +# To be used with SoftHSM. > +signing_extract_cert_der() { > + local role="${1}" > + local output="${2}" > + > + extract-cert "$(signing_get_uri $role)" "${output}" > +} > + > +# signing_extract_cert_pem <role> <pem> > +# > +# Export a certificate attached to a role into a PEM file. > +# To be used with SoftHSM. > +signing_extract_cert_pem() { > + local role="${1}" > + local output="${2}" > + > + extract-cert "$(signing_get_uri $role)" "${output}.tmp-der" > + openssl x509 -inform der -in "${output}.tmp-der" -out "${output}" > + rm "${output}.tmp-der" > +} > + > python () { > signing_class_prepare(d) > } Reviewed-by: Jan Luebbe <jlu@pengutronix.de> > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#117685): https://lists.openembedded.org/g/openembedded-devel/message/117685 > Mute This Topic: https://lists.openembedded.org/mt/113394165/2167243 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [jlu@pengutronix.de] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 7bc3e7cb12..1f50e89d1e 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass @@ -54,7 +54,7 @@ SIGNING_PKCS11_URI ?= "" SIGNING_PKCS11_MODULE ?= "" -DEPENDS += "softhsm-native libp11-native opensc-native openssl-native" +DEPENDS += "softhsm-native libp11-native opensc-native openssl-native extract-cert-native" def signing_class_prepare(d): import os.path @@ -439,6 +439,30 @@ signing_get_module() { fi } +# signing_extract_cert_der <role> <der> +# +# Export a certificate attached to a role into a DER file. +# To be used with SoftHSM. +signing_extract_cert_der() { + local role="${1}" + local output="${2}" + + extract-cert "$(signing_get_uri $role)" "${output}" +} + +# signing_extract_cert_pem <role> <pem> +# +# Export a certificate attached to a role into a PEM file. +# To be used with SoftHSM. +signing_extract_cert_pem() { + local role="${1}" + local output="${2}" + + extract-cert "$(signing_get_uri $role)" "${output}.tmp-der" + openssl x509 -inform der -in "${output}.tmp-der" -out "${output}" + rm "${output}.tmp-der" +} + python () { signing_class_prepare(d) }
Add extract-cert wrapping helper functions, to easily extract certificates again that had been previously imported into the softhsm. Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> --- meta-oe/classes/signing.bbclass | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-)