From patchwork Fri Jun 27 05:40:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: SCHNEIDER Johannes X-Patchwork-Id: 65696 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BA54C83000 for ; Fri, 27 Jun 2025 05:40:34 +0000 (UTC) Received: from AM0PR83CU005.outbound.protection.outlook.com (AM0PR83CU005.outbound.protection.outlook.com [52.101.69.57]) by mx.groups.io with SMTP id smtpd.web11.6720.1751002824875521010 for ; Thu, 26 Jun 2025 22:40:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@leica-geosystems.com header.s=selector1 header.b=IRraICbq; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: leica-geosystems.com, ip: 52.101.69.57, mailfrom: johannes.schneider@leica-geosystems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=iWY1zE51xi7bJKKooPvm+ZUmOhHF0jzmQtkPgY3XQgMddbMu9bee38erhfSdGCuL3+znCSe4wVn7iPQrpJHh9Ox1Ndzf53hMsJin85ntG4kUH/CeI3Cp/KBegA3GVWeb2RnKQ11jdP2ALMxtzHCO0TpscTKSf8W/6OVmPlowzKeaHdy/l1dyxrKMTs0Ih29dCpJ5Pdi35VodiHm+pqJVAm1orgJViPYOgr6d6rpuV/NjawKtf85ehir6I7kNC5BlgUchTrv1cnDZ/xlvsYv2/K3cNGf66/m3A191rn2hal7u5RdjBwLvMC4lY6D0KkAMnjXi0u0DlIpE120qbbFeqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mrIJ8R5u1SR1VFVeVowntyvoGrhrIKJisI6lVy/ROe8=; b=ixbXtgLgPVHvoA8Q0hIKV0uGFvCX2aT5gTY3OVPVu3EXJE2SCaHijYpCrrTJvqH0W5bsV33zMXpvZYk1MyhXKhSeizC4TeX7pnfEji1wegoZaGG/+GLJwpTiOUpxkUKh05ZqrHg2SYSecz6aIrK/bCBAGqB+qc6bz2PzRu21onevkY8psPY6r5i1nQKlmtzOTwD47ykPsqsozYtI5agcV+i8xf4fdbKhwf6NHOYqc4iUh0my/nrwhMwod/TOVpvqqhz/w6Hck3y27bnW0+ITh09ixX4v0IVfaFDn6Hw5OtXb8tOwIk8rOLqfYO4AHF2Gp2T4hVYSfC1UIYsml+v1GA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=leica-geosystems.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mrIJ8R5u1SR1VFVeVowntyvoGrhrIKJisI6lVy/ROe8=; b=IRraICbqpOghK36Ft1aYD0ZMA9rm48CbrE1nIMuY2PPkgXzHUcQmF8VO9ulVJK0UKOAT4jVAk7J8BoiR6TiQIRA1FOdR2wtqUqDyWvJsp5JxflotUPXvJAwr2dUFXTzfsyDp6Piy6XKm64xz/8NQu/VMd658hoVEyvovs73h+Hc= Received: from PR1P264CA0103.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:2cf::10) by AM8PR06MB7700.eurprd06.prod.outlook.com (2603:10a6:20b:316::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8880.23; Fri, 27 Jun 2025 05:40:20 +0000 Received: from AM4PEPF00025F95.EURPRD83.prod.outlook.com (2603:10a6:102:2cf:cafe::61) by PR1P264CA0103.outlook.office365.com (2603:10a6:102:2cf::10) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8880.21 via Frontend Transport; Fri, 27 Jun 2025 05:40:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94) smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=leica-geosystems.com; Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com; client-ip=193.8.40.94; helo=hexagon.com; pr=C Received: from hexagon.com (193.8.40.94) by AM4PEPF00025F95.mail.protection.outlook.com (10.167.16.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8901.1 via Frontend Transport; Fri, 27 Jun 2025 05:40:20 +0000 Received: from [127.0.1.1] ([10.60.34.121]) by hexagon.com with Microsoft SMTPSVC(10.0.17763.1697); Fri, 27 Jun 2025 07:40:17 +0200 From: Johannes Schneider Date: Fri, 27 Jun 2025 07:40:19 +0200 Subject: [PATCH meta-oe v3 5/6] signing.bbclass: add signing_extract_cert helpers MIME-Version: 1.0 Message-Id: <20250627-signing-set-ca-v3-5-030812797c6a@leica-geosystems.com> References: <20250627-signing-set-ca-v3-0-030812797c6a@leica-geosystems.com> In-Reply-To: <20250627-signing-set-ca-v3-0-030812797c6a@leica-geosystems.com> To: jlu@pengutronix.de Cc: bsp-development.geo@leica-geosystems.com, openembedded-devel@lists.openembedded.org, raj.khem@gmail.com, Johannes Schneider X-Mailer: b4 0.13.0 X-OriginalArrivalTime: 27 Jun 2025 05:40:17.0594 (UTC) FILETIME=[F6AD99A0:01DBE725] X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM4PEPF00025F95:EE_|AM8PR06MB7700:EE_ X-MS-Office365-Filtering-Correlation-Id: 4053028f-3bf9-4c3e-5973-08ddb53d1aeb X-SET-LOWER-SCL-SCANNER: YES X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: =?utf-8?q?J7IGqxcQtle3V1CBQSgWkZUX5SdSK3p?= =?utf-8?q?LS5W6xy1zO19wu9MqaFBoZUmGBe1CPHYdcgxKGxtWBzPV8CSlWGAnBLabzrDwUdAG?= =?utf-8?q?xuFNg8JlKetaTUOj8J9WeQSDVNtrU8yt3vrkZU8CTO0LSTPuewS27xJhNIENCOz1E?= =?utf-8?q?O6tmqX5WY0zMsbtLWNnsGrcIsaA2buRcrdgO7PE1qVR8rWZzeWsdQ2+VxERFAa7rp?= =?utf-8?q?huPx+8z8uNBfYJTLGWDm0d5fdZVaVrJqjCxpx/NXCSwxVJ12Rqbap87jVVhppNg/R?= =?utf-8?q?MQzFIVyqI7Si8Hye1266ei+WJRAwMITGAu3u1/+CLV45ZpxqfC65DJq0h8aIK/JSI?= =?utf-8?q?rlKTH6bSp1SFFrFfAEpKvN0Hf0U7v3Hz2VshWW4EqGbLwH1Rvo3TrEiRWHZrrybgK?= =?utf-8?q?CR25vn6JJsK3CyFihOPhzgflm4tVpADYEv59wmrNx+KgxZkfZ6ys2TnaAeB+8g3Pl?= =?utf-8?q?HEJFjlHtxfpvAA7RlBi74KnbDD11MCLKRcyGp5YrpS8XJE9c0RV1Wg1vN/XsK/7v/?= =?utf-8?q?hKwem3d3vCKU79ydqDYKam1SHga7b8RZfqHCqFrwa4t1m75/EZXhNieQSl84vP8Zb?= =?utf-8?q?MexFLiLgYX4lNOOkKPvHAI1oBXJ1HHP2pQe1ioHq9UKOkc1QJFGZw6zjhL7H6s2i7?= =?utf-8?q?qMRnRlRx0wCMLiij1DsfX8yHuWOoogHNzZLuoO5NRnWIn9boqkXJ9D7UM0jCWCWKz?= =?utf-8?q?90CZcWkMuHKilMyVaEBANuezUncXZwg++0nxyrZEPd9FsxZFEtPlerdQ6CZhJzcKC?= =?utf-8?q?iQRrpPDvBWzwgQOJ4nuD/iM1X62lnGVf6V02TrPxmqnBlgEjp/TPgJ949cLfuQhgH?= =?utf-8?q?WFgJmc6Zp2hYklmzi6cCD8KgDuEMpbdA1W4Jx6s31VHQQiuxVJTNVrHX6w4F77sll?= =?utf-8?q?U/dCsMuvCdPio5jx7EsC1qqaJVkGfN1T0KpZBBLJbzqQzBDtxqVy1H1kyUbx4V9D6?= =?utf-8?q?0qkM5yPj1luaEeEYnH5oc/QuzkaOmqeOmNGi6woBllWG7Qj+JXyQOjusBN9a1Y3YE?= =?utf-8?q?k/edGaoPJqws4zX7N9QjiiiNQaKTONxRf+jrRRXs7EAYjsLrzb6dWQsTOiaXw9vTj?= =?utf-8?q?oS23JFdXqWgc03C9hxE6qpAJTgGdgeIPieDxd7GUOGDSufSoLKmLH/zmYSK/CKy4A?= =?utf-8?q?NuBM5cid94SAEKmglULEt14rMOiv3Dq0LerxzMbw6l36QKqTmx/ypblapfdSpjfSw?= =?utf-8?q?YTwZYjkRS47vwETVX3E3YOyyvcrnkLQDnag28fMYU3cqCwbZgoPVouPoQfdy9aNxY?= =?utf-8?q?1TNeujYhc39jUjs15ElZKj78U2PCUHfkmxUdeOBPY20FgRuOlJBfWCiTBnTyRN1OI?= =?utf-8?q?Zg5K6yWlrnXR4/Ma0iPErjjg0LlIMzXlcd9C1lS6aVDTGiIkgaDOhExkwrjiMyN82?= =?utf-8?q?ZDgOO72GhezwRBsHxYBefbrAAvQg217qRwPyDYpY2ECA1eCqHpVWJ8WhTK5hJC8N7?= =?utf-8?q?rzttI04ZX3?= X-Forefront-Antispam-Report: CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(376014)(82310400026)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: leica-geosystems.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2025 05:40:20.5400 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4053028f-3bf9-4c3e-5973-08ddb53d1aeb X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com] X-MS-Exchange-CrossTenant-AuthSource: AM4PEPF00025F95.EURPRD83.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR06MB7700 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 27 Jun 2025 05:40:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/118135 Add extract-cert wrapping helper functions, to easily extract certificates again that had been previously imported into the softhsm. Reviewed-by: Jan Luebbe Signed-off-by: Johannes Schneider --- meta-oe/classes/signing.bbclass | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git meta-oe/classes/signing.bbclass meta-oe/classes/signing.bbclass index 248c6400ed..6fde22bf22 100644 --- meta-oe/classes/signing.bbclass +++ meta-oe/classes/signing.bbclass @@ -54,7 +54,7 @@ SIGNING_PKCS11_URI ?= "" SIGNING_PKCS11_MODULE ?= "" -DEPENDS += "softhsm-native libp11-native opensc-native openssl-native" +DEPENDS += "softhsm-native libp11-native opensc-native openssl-native extract-cert-native" def signing_class_prepare(d): import os.path @@ -453,6 +453,30 @@ signing_get_module() { fi } +# signing_extract_cert_der +# +# Export a certificate attached to a role into a DER file. +# To be used with SoftHSM. +signing_extract_cert_der() { + local role="${1}" + local output="${2}" + + extract-cert "$(signing_get_uri $role)" "${output}" +} + +# signing_extract_cert_pem +# +# Export a certificate attached to a role into a PEM file. +# To be used with SoftHSM. +signing_extract_cert_pem() { + local role="${1}" + local output="${2}" + + extract-cert "$(signing_get_uri $role)" "${output}.tmp-der" + openssl x509 -inform der -in "${output}.tmp-der" -out "${output}" + rm "${output}.tmp-der" +} + python () { signing_class_prepare(d) }