From patchwork Fri Jun 27 05:40:20 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: SCHNEIDER Johannes
 <johannes.schneider@leica-geosystems.com>
X-Patchwork-Id: 65693
Return-Path: <johannes.schneider@leica-geosystems.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 337D7C7EE39
	for <webhook@archiver.kernel.org>; Fri, 27 Jun 2025 05:40:34 +0000 (UTC)
Received: from AS8PR03CU001.outbound.protection.outlook.com
 (AS8PR03CU001.outbound.protection.outlook.com [52.101.71.25])
 by mx.groups.io with SMTP id smtpd.web10.6809.1751002827340400205
 for <openembedded-devel@lists.openembedded.org>;
 Thu, 26 Jun 2025 22:40:27 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@leica-geosystems.com header.s=selector1
 header.b=faEt4oTE;
 spf=permerror,
 err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}:
 invalid domain name (domain: leica-geosystems.com, ip: 52.101.71.25,
 mailfrom: johannes.schneider@leica-geosystems.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=GAXDwk0BbI/nvHntfyv19EtfHyPxNsW3wLftLuYWnGqdVUS4BK/RXw5cYITlw062G6cnJv+vxe0XVhQRnpQW2hXOS5uIDyYl+lWxnTNUOvUXLpZE3JXRyqC+xoRj/crveg9R0/1S1AD7H6oE09x9SgUsYKksN+ZcnXNwY8ymvH9hscjlzVd6mqBoCcpqrn/3ipa/Z7AfBPjv+HS3gE4pvYVtqZ8GgXqdyI0gbA5Qf98x731M3E2eXXjgvlY+CClLXUYDMzHA+hW/k0lnz596h0efJCVYxGvLxryMfgk5+ULhaMtrmZnYRc32D1nhKLQ5280DAkLaF9vr9RPbFD2S+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=/Pz0KBrpt6XhOwefffJ9Z2noBIDY+W4HKY9YWrIQcFI=;
 b=aNJeC05GAMQqPEMOTwSi5lglLioYHrJvaKmZOVVPru9fNZx2JVClVRPvoilj3Gx8/k6ofwy96evIU1Y+6G//YR4TLLvpv4NVH1juC4/X+jH2L/qDf3xt0YsDkV+4nN7FTU0DPQ2q4IMNBkaNYa+P1sWb1QoV/OgJHV7wD77lO7zd8febgVJ4y8C7oYi4qVnDRiOlPXaRd8eOzRhI0nfNQxrHXEQa8R2OZSGnrzFUAqMmVoVJThIdXIaxAsJXeJgIE/aROZXetMRugx6SiUNRRy53BswfDhKrdTkPEsI6+Oo8k8b30TDysURqCHSx9MYkT7lHsqAHqizwpnatbInqFQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org
 smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100)
 action=none header.from=leica-geosystems.com; dkim=none (message not signed);
 arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=/Pz0KBrpt6XhOwefffJ9Z2noBIDY+W4HKY9YWrIQcFI=;
 b=faEt4oTEFjQT6XevH2sRuW9qR5+99ykMQeTcXLp/NZyut/aaPBaaYve1IZsYlYRuBNGTgLirbck9cyC8vUIue7LaLDIyMizmBu31HUczfhqX09np2LGzTsbjWLl7hyiNiXBzWuc0MSkTyfzqeOb/XpByuNXiKd2mBrB0uesNonc=
Received: from PR1P264CA0100.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:2cf::17)
 by GV4PR06MB10039.eurprd06.prod.outlook.com (2603:10a6:150:296::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.30; Fri, 27 Jun
 2025 05:40:21 +0000
Received: from AM4PEPF00025F95.EURPRD83.prod.outlook.com
 (2603:10a6:102:2cf:cafe::61) by PR1P264CA0100.outlook.office365.com
 (2603:10a6:102:2cf::17) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.20.8880.21 via Frontend Transport; Fri,
 27 Jun 2025 05:40:21 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94)
 smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=leica-geosystems.com;
Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com
 designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com;
 client-ip=193.8.40.94; helo=hexagon.com; pr=C
Received: from hexagon.com (193.8.40.94) by
 AM4PEPF00025F95.mail.protection.outlook.com (10.167.16.4) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.8901.1 via Frontend Transport; Fri, 27 Jun 2025 05:40:20 +0000
Received: from [127.0.1.1] ([10.60.34.121]) by hexagon.com with Microsoft
 SMTPSVC(10.0.17763.1697);
	 Fri, 27 Jun 2025 07:40:17 +0200
From: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Date: Fri, 27 Jun 2025 07:40:20 +0200
Subject: [PATCH meta-oe v3 6/6] signing.bbclass: remove
 signing_import_cert_chain_from_pem
MIME-Version: 1.0
Message-Id: <20250627-signing-set-ca-v3-6-030812797c6a@leica-geosystems.com>
References: <20250627-signing-set-ca-v3-0-030812797c6a@leica-geosystems.com>
In-Reply-To: <20250627-signing-set-ca-v3-0-030812797c6a@leica-geosystems.com>
To: jlu@pengutronix.de
Cc: bsp-development.geo@leica-geosystems.com,
 openembedded-devel@lists.openembedded.org, raj.khem@gmail.com,
 Johannes Schneider <johannes.schneider@leica-geosystems.com>
X-Mailer: b4 0.13.0
X-OriginalArrivalTime: 27 Jun 2025 05:40:17.0594 (UTC)
 FILETIME=[F6AD99A0:01DBE725]
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM4PEPF00025F95:EE_|GV4PR06MB10039:EE_
X-MS-Office365-Filtering-Correlation-Id: b2d7267b-ff62-4cd6-ce1f-08ddb53d1b16
X-SET-LOWER-SCL-SCANNER: YES
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|36860700013|82310400026|376014|1800799024;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?2KSLQQ45RoZ4uC1DLYM0HpoPDHMgCX2?=
	=?utf-8?q?iaB5nN1jX6TAyZ64la/WKW1cbmTe4bQQpWoNQUhq9jTVLhZDU3gZdN713HRMoKnxZ?=
	=?utf-8?q?H0KPVErgpltJORgGEfhOlnS0Y+IytkHaLr3rvrPtb78QgJiiepaFSwZrGurqNYBZ8?=
	=?utf-8?q?hhoPMMvM1Iz0BOAC+4wgWKXF1G6raiTRcXR9k/mQiJtt6hhY9gYo4FAU20g6/5aPH?=
	=?utf-8?q?ABabpLfOgDkb/I7Y1v6ieTdPFPccXzCfcITSIKsYpOXgUGAmLQb6dd3d4iOxiVSOO?=
	=?utf-8?q?Avp/LWNhoRChbQc/Y46bMOBWXbv3zXx2BDjtwrWEYsoaUO4IKW2It5u981/uG8wr0?=
	=?utf-8?q?Y4m9B+IpfeaC+i7+fEdFLCKZMhL6qcxp3cuu48TUnHjvqleHKFLUaGEFAMMpjJGU1?=
	=?utf-8?q?QtRm2aJHHgezL9VP/jrjGtClH7PNVXZkJw0l5t63nBsjoYDOM+XayU/upmHdpVbYc?=
	=?utf-8?q?qH+eJvhgNhD1WEpq/BrYbueXCKU2MWltdxb/jOaI3pk6ThIZPpjtVaVhlrBbHH9He?=
	=?utf-8?q?IdqNQVTmVFbEEuqj+WIoqNIxEFbYgC6HSdQl/oM8mf6DitNZXA79JI4XACyxeGJFS?=
	=?utf-8?q?aPcRG55PDKBjs4qZy/WqZa+NOf7NHRDJq7JufI++rCoFYfvafmt3M1U2znBs0Jp8z?=
	=?utf-8?q?fMmUyNhRRTBm10mGDSXQmmMJDJDd9q9Tx7Abdp9e3BoHLrC+t6nPw7MyyYypm84ap?=
	=?utf-8?q?bloGyhih2lhIqUI3BIAxbbKpLX2mbUPK6tfSK81CwT9pTtlH2tRJySVTgYgJkfq7R?=
	=?utf-8?q?SNLzHqLdccwgS8F4gFZXo6iWm2uHvuxccrYsVTiemKqUJUYdfyjm2R9P/eUoEmsi9?=
	=?utf-8?q?S5yat+QisF52ezzPnVQ3ygLrsNA/lxd8Gz2GpYnrW5ZiLeloak7nm+i4LXJijBWKA?=
	=?utf-8?q?oeCJyON/ddkbBOZ9scsakLHPIyEHUq+DpNpLUgDrL/6IvW6qd1O8+pdIMJAQZnETJ?=
	=?utf-8?q?w3s7smp4STl9TrlwDFF10kR3L+/eGlr9Ywkl++i4q0zgJ+p4mAyU9dNYSlKVvACu0?=
	=?utf-8?q?5oyuviLET4X+9/r8Vf+jA/aqfpBsPOYKJvQMpZ02XpXXacukhGrU14ClVOUGHIAhe?=
	=?utf-8?q?fsG4P7mAjGQ7YEwooW2sEbfAiEKHnO1+Z3OJbXzC9etb8BW61qnfR1IHGR7LGG0Kr?=
	=?utf-8?q?J2uKpXmK8YXLNwgb2O/jkYx8z6PeJ9QXefsLo5VHtkF9JRMlnaqTguk8Uq25apT/P?=
	=?utf-8?q?KtzDPVB1rq2QEpDDzwW263K1ZIRBADQkYXdURhuJAAGnyI3jyYYhifwqds/+kM7yU?=
	=?utf-8?q?KtGPzuan646M8XhmkXexl45yPr11U4JNRGPaJQjcWrdsLTntmavge3xc8Iw8hy+x9?=
	=?utf-8?q?GD6P5bd394Rrnh66j8nem5SBT1RpUwzMyGb5fHDYUW5vXv6X8T+nUniXo429bfdL6?=
	=?utf-8?q?8lnRfrtBy+fJleqbehhVI5vfw1fhY7q1bKpSLag3ucCm6M4auKsdj0ivPsANJIKG9?=
	=?utf-8?q?JaYVg6ARzH?=
X-Forefront-Antispam-Report: 
	CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(1800799024);DIR:OUT;SFP:1101;
X-OriginatorOrg: leica-geosystems.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2025 05:40:20.8248
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b2d7267b-ff62-4cd6-ce1f-08ddb53d1b16
X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	AM4PEPF00025F95.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV4PR06MB10039
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Jun 2025 05:40:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/118137

With the now available set|get|has_ca functions to establish a CA link
between roles during their import, the
signing_import_cert_chain_from_pem can now be removed.  As it had the
shortcoming of dynamically creating roles, which are harder to handle
then the manually/specifically setup CA roles.

This effectively reverts:
a825b853634 signing.bbclass: add certificate ca-chain handling

Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
---
 meta-oe/classes/signing.bbclass | 29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git meta-oe/classes/signing.bbclass meta-oe/classes/signing.bbclass
index 6fde22bf22..5068360ca7 100644
--- meta-oe/classes/signing.bbclass
+++ meta-oe/classes/signing.bbclass
@@ -231,35 +231,6 @@ signing_get_root_cert() {
     echo "${cert_name}"
 }
 
-# signing_import_cert_chain_from_pem <role> <pem>
-#
-# Import a certificate *chain* from a PEM file to a role.
-# (e.g. multiple ones concatenated in one file)
-#
-# Due to limitations in the toolchain:
-#   signing class -> softhsm -> 'extract-cert'
-# the input certificate is split into a sequentially numbered list of roles,
-# starting at <role>_1
-#
-# (The limitations are the conversion step from x509 to a plain .der, and
-# extract-cert expecting a x509 and then producing only plain .der again)
-signing_import_cert_chain_from_pem() {
-    local role="${1}"
-    local pem="${2}"
-    local i=1
-
-    cat "${pem}" | \
-        while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do
-            signing_import_define_role "${role}_${i}"
-            signing_pkcs11_tool --type cert \
-                                --write-object  ${B}/temp_${i}.der \
-                                --label "${role}_${i}"
-            rm ${B}/temp_${i}.der
-            echo "imported ${pem} under role: ${role}_${i}"
-            i=$(awk "BEGIN {print $i+1}")
-        done
-}
-
 # signing_import_cert_from_pem <cert_name> <pem>
 #
 # Import a certificate from PEM file to a cert_name.