Thanks, applied as 2670bde257e1a0fd4f56ef6d983d770cf251b2dd. Michael
[sent from post-receive hook] On Tue, 19 May 2020 14:23:39 +0200, Bastian Krause <b...@pengutronix.de> wrote: > These helpers allow key providers to append certificates to their CA. > 'cs_get_ca <role>' then returns the path to the keyring allowing rules > and other helpers to retrieve it easily. > > Signed-off-by: Bastian Krause <b...@pengutronix.de> > Message-Id: <20200515142641.812-5-...@pengutronix.de> > Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de> > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh > b/scripts/lib/ptxd_lib_code_signing.sh > index f93f183df8e8..a7779f8212c6 100644 > --- a/scripts/lib/ptxd_lib_code_signing.sh > +++ b/scripts/lib/ptxd_lib_code_signing.sh > @@ -261,3 +261,68 @@ cs_import_key_from_pem() { > cs_import_privkey_from_pem "${role}" "${pem}" > } > export -f cs_import_key_from_pem > + > +# > +# cs_get_ca <role> > +# > +# Get the path to the CA in pem format from a role > +# > +cs_get_ca() { > + local role="${1}" > + cs_init_variables > + > + echo "${keydir}/${role}/ca.pem" > +} > +export -f cs_get_ca > + > +# > +# cs_append_ca_from_pem <role> <pem> > +# > +# Append PEM to CA for a role > +# > +cs_append_ca_from_pem() { > + local role="${1}" > + local pem="${2}" > + cs_init_variables > + > + cat "${pem}" >> "${keydir}/${role}/ca.pem" > + # add new line in case ${pem} does not end with an EOL > + echo >> "${keydir}/${role}/ca.pem" > +} > +export -f cs_append_ca_from_pem > + > +# > +# cs_append_ca_from_der <role> <der> > +# > +# Append DER to CA for a role > +# > +cs_append_ca_from_der() { > + local role="${1}" > + local der="${2}" > + cs_init_variables > + > + ptxd_exec openssl x509 -inform der -in "${der}" \ > + -out "${tmpdir}/ca.pem" && > + cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem" > +} > +export -f cs_append_ca_from_der > + > +# > +# cs_append_ca_from_uri <role> [<uri>] > +# > +# Append certificate specified by URI or by already set URI to CA for a role > +# > +cs_append_ca_from_uri() { > + local role="${1}" > + local uri="${2}" > + local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")" > + cs_init_variables > + > + if [ -z "${uri}" ]; then > + uri=$(cs_get_uri "${role}") > + fi > + > + ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" && > + cs_append_ca_from_der "${role}" "${tmpdir}/ca.der" > +} > +export -f cs_append_ca_from_uri _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de