Re: [ptxdist] [APPLIED] ptxd_lib_code_signing: introduce CA helper

Tue, 19 May 2020 05:25:11 -0700 

Thanks, applied as 2670bde257e1a0fd4f56ef6d983d770cf251b2dd.

Michael

[sent from post-receive hook]

On Tue, 19 May 2020 14:23:39 +0200, Bastian Krause <b...@pengutronix.de> wrote:
> These helpers allow key providers to append certificates to their CA.
> 'cs_get_ca <role>' then returns the path to the keyring allowing rules
> and other helpers to retrieve it easily.
> 
> Signed-off-by: Bastian Krause <b...@pengutronix.de>
> Message-Id: <20200515142641.812-5-...@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
> 
> diff --git a/scripts/lib/ptxd_lib_code_signing.sh 
> b/scripts/lib/ptxd_lib_code_signing.sh
> index f93f183df8e8..a7779f8212c6 100644
> --- a/scripts/lib/ptxd_lib_code_signing.sh
> +++ b/scripts/lib/ptxd_lib_code_signing.sh
> @@ -261,3 +261,68 @@ cs_import_key_from_pem() {
>      cs_import_privkey_from_pem "${role}" "${pem}"
>  }
>  export -f cs_import_key_from_pem
> +
> +#
> +# cs_get_ca <role>
> +#
> +# Get the path to the CA in pem format from a role
> +#
> +cs_get_ca() {
> +    local role="${1}"
> +    cs_init_variables
> +
> +    echo "${keydir}/${role}/ca.pem"
> +}
> +export -f cs_get_ca
> +
> +#
> +# cs_append_ca_from_pem <role> <pem>
> +#
> +# Append PEM to CA for a role
> +#
> +cs_append_ca_from_pem() {
> +    local role="${1}"
> +    local pem="${2}"
> +    cs_init_variables
> +
> +    cat "${pem}" >> "${keydir}/${role}/ca.pem"
> +    # add new line in case ${pem} does not end with an EOL
> +    echo >> "${keydir}/${role}/ca.pem"
> +}
> +export -f cs_append_ca_from_pem
> +
> +#
> +# cs_append_ca_from_der <role> <der>
> +#
> +# Append DER to CA for a role
> +#
> +cs_append_ca_from_der() {
> +    local role="${1}"
> +    local der="${2}"
> +    cs_init_variables
> +
> +    ptxd_exec openssl x509 -inform der -in "${der}" \
> +     -out "${tmpdir}/ca.pem" &&
> +    cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem"
> +}
> +export -f cs_append_ca_from_der
> +
> +#
> +# cs_append_ca_from_uri <role> [<uri>]
> +#
> +# Append certificate specified by URI or by already set URI to CA for a role
> +#
> +cs_append_ca_from_uri() {
> +    local role="${1}"
> +    local uri="${2}"
> +    local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")"
> +    cs_init_variables
> +
> +    if [ -z "${uri}" ]; then
> +     uri=$(cs_get_uri "${role}")
> +    fi
> +
> +    ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" &&
> +    cs_append_ca_from_der "${role}" "${tmpdir}/ca.der"
> +}
> +export -f cs_append_ca_from_uri

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Reply via email to