Thanks, applied as f67dc22691a8671ea3306f768712d3185f453077. Michael
[sent from post-receive hook] On Tue, 19 May 2020 14:23:40 +0200, Bastian Krause <[email protected]> wrote: > Key providers now take care of calling the CA helpers. This makes sure > the CA is already present in pem format. Use that instead of extracting > and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer > a dependency of template-barebox-imx-habv4. > > Note: requires ptx-code-signing-dev 0.4 or later > > Signed-off-by: Bastian Krause <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/rules/templates/template-barebox-imx-habv4-in > b/rules/templates/template-barebox-imx-habv4-in > index af3e599861bc..16258cbee833 100644 > --- a/rules/templates/template-barebox-imx-habv4-in > +++ b/rules/templates/template-barebox-imx-habv4-in > @@ -3,7 +3,6 @@ > config BAREBOX_@PACKAGE@ > tristate > select CODE_SIGNING > - select HOST_EXTRACT_CERT > select HOST_IMX_CST > prompt "Barebox (@package@)" > help > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > index 034bf82b232a..781c1b3f610e 100644 > --- a/scripts/lib/ptxd_lib_imx_hab.sh > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() { > local template="${1}" > local table_bin="${pkg_build_dir}/imx-srk-table.bin" > local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")" > + local -a certs > > echo -e "generating $(basename ${table_bin}) and $(basename > ${srk_fuse_bin})\n" > > for i in 1 2 3 4; do > - local t=$(printf "${template}" "${i}") > - local uri=$(cs_get_uri "$t") > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > + done > > - ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der && > - ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \ > - -out ${tmpdir}/srk${i}.pem || break > - done && > + local orig_IFS="${IFS}" > + IFS="," > + certs="${certs[*]}" > + IFS="${orig_IFS}" > > ptxd_exec srktool --hab_ver 4 \ > --table "${table_bin}" \ > --efuses "${srk_fuse_bin}" \ > --digest sha256 \ > - --certs > ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem > + --certs "${certs}" > } > export -f ptxd_make_imx_habv4_gen_table_impl > _______________________________________________ ptxdist mailing list [email protected]
