From patchwork Wed Jun 18 14:35:09 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Johannes Schneider
 <johannes.schneider@leica-geosystems.com>
X-Patchwork-Id: 65265
Return-Path: <johannes.schneider@leica-geosystems.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E3F8EC761AE
	for <webhook@archiver.kernel.org>; Wed, 18 Jun 2025 14:35:23 +0000 (UTC)
Received: from AS8PR04CU009.outbound.protection.outlook.com
 (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.0])
 by mx.groups.io with SMTP id smtpd.web10.363.1750257319344590877
 for <openembedded-devel@lists.openembedded.org>;
 Wed, 18 Jun 2025 07:35:19 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@leica-geosystems.com header.s=selector1
 header.b=br775Fxa;
 spf=permerror,
 err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}:
 invalid domain name (domain: leica-geosystems.com, ip: 52.101.70.0,
 mailfrom: johannes.schneider@leica-geosystems.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=r60W2owM0T283NjDKb3nkVbNyTRDnLzTHL6JbQ6WB1Lu6+Sh6cZlj6E6DBIpwBOmhuRfSXC6nLA0KC+ds1DjtpyRK5JRZ6zb7BA1YP1IP+g+TrVlbi7WxPnVUGCiuqob6iYq6ldeMJiKzqnTiQVkok4ZsZFjGEbCZ1kp2Hz6GbGVpJ/Hxmrgl+dZfCStvR2kCWLAJQTenoO4miU87wJ9UlBq4GC0IAJrHfFTdYT6PI85MFcnde9iZ8rG/0diVnpJ9+ReUWbHUXeVbLSDCnvMgkHQP2yjhxM3efxek/AV7HtVYFhvKNRmcmoeH93bgDGWWrJgDfQ2QSoeW2RfuazcIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=YgN+U2oyyBnEaXr20sIIgqDb7Qfcr6JvUcr9iNaZzaw=;
 b=Y3T+KQDJHErPZ+vFkAi7HBlQ8vva1bpybSRbMCsJ5OJU8J3C7u49HLU6aSnjNqeCthSWrwhDMLzy9TxsNvN4DXKDV1gkdfQZTHmWv543Gqu3u0BqJC5pi4TROLp82vO/7MikUf58Ogn8JdpC5f7ZB7gbUqAgCi7RT9NpAETgkkUwkG7/2FqJxKsgpTGQ3kUnnmCfb4w39K9foz7c/OE+w31MbR+8QU6mtcYf5hKKt9T+n34j8W9GlzOLFar/upg1/2XbNDZ6A4w3Xp4fxZOpgdbC2RCjbP4fkaI84ZQg0BjOu8jV9kQeoqYwPXrd9mCdr6Zh5U10PJB5c87IcinM6g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org
 smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100)
 action=none header.from=leica-geosystems.com; dkim=none (message not signed);
 arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=YgN+U2oyyBnEaXr20sIIgqDb7Qfcr6JvUcr9iNaZzaw=;
 b=br775FxaF9ix+RbZdwtzgbt81TtKk4o0VRCo/uhE6GeMbjl9V0JYOWGUqk2pLRav2WdrZ61UWYNS2gFW60ByB1+U4Pf9CcmcR2WmCJSxy0ei90zRa7auInLRSqlxGPhQdHU4qliKzVwodQZR7rHTk6QfW67czyCJoKVJhz91XR0=
Received: from DBBPR09CA0009.eurprd09.prod.outlook.com (2603:10a6:10:c0::21)
 by VI1PR06MB8615.eurprd06.prod.outlook.com (2603:10a6:800:1dc::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8835.28; Wed, 18 Jun
 2025 14:35:14 +0000
Received: from DU2PEPF00028D10.eurprd03.prod.outlook.com
 (2603:10a6:10:c0:cafe::99) by DBBPR09CA0009.outlook.office365.com
 (2603:10a6:10:c0::21) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.20.8835.29 via Frontend Transport; Wed,
 18 Jun 2025 14:35:12 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94)
 smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=leica-geosystems.com;
Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com
 designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com;
 client-ip=193.8.40.94; helo=hexagon.com; pr=C
Received: from hexagon.com (193.8.40.94) by
 DU2PEPF00028D10.mail.protection.outlook.com (10.167.242.24) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.8857.21 via Frontend Transport; Wed, 18 Jun 2025 14:35:12 +0000
Received: from aherlnxbspsrv01.lgs-net.com ([10.60.34.116]) by hexagon.com
 with Microsoft SMTPSVC(10.0.17763.1697);
	 Wed, 18 Jun 2025 16:35:07 +0200
From: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Date: Wed, 18 Jun 2025 16:35:09 +0200
Subject: [PATCH meta-oe v3 6/6] signing.bbclass: remove
 signing_import_cert_chain_from_pem
MIME-Version: 1.0
Message-Id: <20250618-signing-set-ca-v3-6-4ba014735f0e@leica-geosystems.com>
References: <20250618-signing-set-ca-v3-0-4ba014735f0e@leica-geosystems.com>
In-Reply-To: <20250618-signing-set-ca-v3-0-4ba014735f0e@leica-geosystems.com>
To: openembedded-devel@lists.openembedded.org, raj.khem@gmail.com,
 jlu@pengutronix.de
Cc: bsp-development.geo@leica-geosystems.com,
 Johannes Schneider <johannes.schneider@leica-geosystems.com>
X-Mailer: b4 0.14.2
X-OriginalArrivalTime: 18 Jun 2025 14:35:07.0560 (UTC)
 FILETIME=[30121280:01DBE05E]
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DU2PEPF00028D10:EE_|VI1PR06MB8615:EE_
X-MS-Office365-Filtering-Correlation-Id: 4b286f3c-c5d6-43e9-82e8-08ddae7555bd
X-SET-LOWER-SCL-SCANNER: YES
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?DedtxB9UnPaWeFcgDOBmpD+luEMfmX5?=
	=?utf-8?q?6K1t2Mq8OkRNDf+iBSs1WBeHtrMSlBkrhGo8Y6vO8k4KgYGYX8hIvkKz/QHD7qzde?=
	=?utf-8?q?x7zCzxMvta0ZlxAk8l3j3Yr8oj+hh2jRk8BTPLq3NtJ7K6bXpZ5UyRcTR877v3kvT?=
	=?utf-8?q?6WBXn/BpxdljG6HgBepgekVHwh+vL/865F8KJt9KdEu2QDJNHN6F4X6UJ32rTEOrl?=
	=?utf-8?q?Q1Jg+d4yUI0xNyjg61t/nU21d44ClGmoYl6vcTNyKg75Ku+l/nHnYolaOHZb+6QuI?=
	=?utf-8?q?jGnoZWlmatVZzoZVo8w9ZJCYTmhsJdBZd4BGAEnNej3m1hoQB0CKOC5dmjwnB+x8i?=
	=?utf-8?q?G3Z0shzCS1Q8vLVTel+7Re3CU3wApWUoJ3+p6ZWSEr6SlzMIkwhvMRu22vQlBYu2J?=
	=?utf-8?q?24ePInW6K4uofDXN2YGaeovrf64YWBQaVE2Fjbj4DwNlHcM0vU9tgchdr8DgQILsr?=
	=?utf-8?q?kw6AgUvFih4qyZH1LWkMH3DjfBiec2NrwjUZYVnljGzewd2QQdbJMzoI0cy71MSr5?=
	=?utf-8?q?dZYn100orhaIjYI21jQ93XbARqTm8CBqYOQZpIyMjBz+SQVITtY0YNwSHh2ZQRT4R?=
	=?utf-8?q?XtzfsSjd9MT4GqL8OrLMdqRaQ5p27gaTUB6hB66gXG8VcSkavYjCi4c3nZV5cudV+?=
	=?utf-8?q?OwpQioy/5SzsUzEmOPAbYaAkfnNM+ox0R6lrlYzlYgR5rnNr75siWrfYs53k/+Si/?=
	=?utf-8?q?lE4RlDFoCheMD6d+8VhPHw7soMw9RUcLcCEMAiQ7cp50m1CwhyOCOBN8oVwrgFQG3?=
	=?utf-8?q?okISDlbWzVZFSCKKyeOgu1iRainP+wITOqPHol9d1ZYCA1MXAWMUJ9Jxim2uYHqJZ?=
	=?utf-8?q?T4pzFZGOw5SmiupBqVJvzphKbDUhha8SUaf0lxS9w+kWERJ4/1eCmqPOIlugf4RGW?=
	=?utf-8?q?UVIPp3QMT55NBAmY1vmZ2fXH+tCeBA3Dcj29FX4Xv6zDYKSjSLvyHuqo6AHyLEmVq?=
	=?utf-8?q?3IZZ3mkaTKorb/CJrbe9izSfq11ZW8T5msdHayPzp21dnWeoLbgOQhnQpyJAF446+?=
	=?utf-8?q?U9b3wMT+1qSYAzXLD6IME7oeZ7XU0hP0GMaApo3zfGWCruw7d4UEdb4TZMlggIBTW?=
	=?utf-8?q?gdRqwFKG9tAU2WQHEr5jzONq81YWe0EHXrDdjmxhOi9KbUO9mgh3hvYTNXQtm9AFA?=
	=?utf-8?q?7FWGm2zQCCPUc4fQoEIIJHI4SYakiKPLB+pw9sfSBAQ5bLPiSVbsuuw6oQ0RpAtm/?=
	=?utf-8?q?9xX2GGdF9yuF9hFH+KaWgPWqkfubRBjEiYdF0Bxxr9R/+O8yeuefiTXNpZcuyjT30?=
	=?utf-8?q?Z/7pxNm6CciORIhAwXH6wpTA5J+c5MeqNiTFEOMSjoAmM1IB1u1qChjDqsOBZrIm0?=
	=?utf-8?q?WhopUmSkvh7pQu2ywFyL3QWZ9DqGHdHaKd9F4fcKxc1J5PDgfERfDxtcYTkaDgHUD?=
	=?utf-8?q?uYB6fCsLIY7MNptweVKTFyvLlmhFnVCO4N8UJpvOXzDsBym5MHlcXwzd01QcWcR6M?=
	=?utf-8?q?8yVHKUS7L1?=
X-Forefront-Antispam-Report: 
	CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: leica-geosystems.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jun 2025 14:35:12.8730
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 4b286f3c-c5d6-43e9-82e8-08ddae7555bd
X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	DU2PEPF00028D10.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB8615
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Wed, 18 Jun 2025 14:35:23 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/117942

With the now available set|get|has_ca functions to establish a CA link
between roles during their import, the
signing_import_cert_chain_from_pem can now be removed.  As it had the
shortcoming of dynamically creating roles, which are harder to handle
then the manually/specifically setup CA roles.

This effectively reverts:
a825b853634 signing.bbclass: add certificate ca-chain handling

Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
---
 meta-oe/classes/signing.bbclass | 29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index 6fde22bf22ace34ba720d7564caba176f4de4d39..5068360ca74d766c5d28da12219840bb560164a1 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -231,35 +231,6 @@ signing_get_root_cert() {
     echo "${cert_name}"
 }
 
-# signing_import_cert_chain_from_pem <role> <pem>
-#
-# Import a certificate *chain* from a PEM file to a role.
-# (e.g. multiple ones concatenated in one file)
-#
-# Due to limitations in the toolchain:
-#   signing class -> softhsm -> 'extract-cert'
-# the input certificate is split into a sequentially numbered list of roles,
-# starting at <role>_1
-#
-# (The limitations are the conversion step from x509 to a plain .der, and
-# extract-cert expecting a x509 and then producing only plain .der again)
-signing_import_cert_chain_from_pem() {
-    local role="${1}"
-    local pem="${2}"
-    local i=1
-
-    cat "${pem}" | \
-        while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do
-            signing_import_define_role "${role}_${i}"
-            signing_pkcs11_tool --type cert \
-                                --write-object  ${B}/temp_${i}.der \
-                                --label "${role}_${i}"
-            rm ${B}/temp_${i}.der
-            echo "imported ${pem} under role: ${role}_${i}"
-            i=$(awk "BEGIN {print $i+1}")
-        done
-}
-
 # signing_import_cert_from_pem <cert_name> <pem>
 #
 # Import a certificate from PEM file to a cert_name.