Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
and spaces.
Signed-off-by: Roland Hieber <r...@pengutronix.de>
---
PATCH v2 (rhi):
- new patch in v2
- not essential, but slowly start fixing indentation in scripts/lib
- git show -w is empty
---
scripts/lib/ptxd_lib_code_signing.sh | 278 +++++++++++++--------------
1 file changed, 139 insertions(+), 139 deletions(-)
diff --git a/scripts/lib/ptxd_lib_code_signing.sh
b/scripts/lib/ptxd_lib_code_signing.sh
index ca101d635574..4056ee15080e 100644
--- a/scripts/lib/ptxd_lib_code_signing.sh
+++ b/scripts/lib/ptxd_lib_code_signing.sh
@@ -12,18 +12,18 @@
#
cs_check_env() {
- if [ -z "${SOFTHSM2_CONF}" ]; then
- ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe \$(CODE_SIGNING_ENV)
is not used."
- fi
- if [ ! -e "${SOFTHSM2_CONF}" ]; then
- ptxd_bailout "'${SOFTHSM2_CONF}' is missing."
- fi
- if [ -z "${PKCS11_MODULE_PATH}" ]; then
- ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe
\$(CODE_SIGNING_ENV) is not used."
- fi
- if [ ! -e "${PKCS11_MODULE_PATH}" ]; then
- ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing."
- fi
+ if [ -z "${SOFTHSM2_CONF}" ]; then
+ ptxd_bailout "SOFTHSM2_CONF is not defined. Maybe
\$(CODE_SIGNING_ENV) is not used."
+ fi
+ if [ ! -e "${SOFTHSM2_CONF}" ]; then
+ ptxd_bailout "'${SOFTHSM2_CONF}' is missing."
+ fi
+ if [ -z "${PKCS11_MODULE_PATH}" ]; then
+ ptxd_bailout "PKCS11_MODULE_PATH is not defined. Maybe
\$(CODE_SIGNING_ENV) is not used."
+ fi
+ if [ ! -e "${PKCS11_MODULE_PATH}" ]; then
+ ptxd_bailout "'${PKCS11_MODULE_PATH}' is missing."
+ fi
}
export -f cs_check_env
@@ -34,8 +34,8 @@ export -f cs_check_env
# and --pin options shall not be set.
#
softhsm_pkcs11_tool_init() {
- cs_check_env
- pkcs11-tool --module "${PKCS11_MODULE_PATH}" $*
+ cs_check_env
+ pkcs11-tool --module "${PKCS11_MODULE_PATH}" $*
}
export -f softhsm_pkcs11_tool_init
@@ -45,7 +45,7 @@ export -f softhsm_pkcs11_tool_init
# Wrapper around pkcs11-tool. Adds --login and --pin options
#
softhsm_pkcs11_tool() {
- softhsm_pkcs11_tool_init --login --pin 1111 $*
+ softhsm_pkcs11_tool_init --login --pin 1111 $*
}
export -f softhsm_pkcs11_tool
@@ -55,9 +55,9 @@ export -f softhsm_pkcs11_tool
# Initialize variables used in the code signing functions. Internal.
#
cs_init_variables() {
- sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)"
- keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)"
- keydir="${sysroot}/var/lib/keys/${keyprovider}"
+ sysroot="$(ptxd_get_ptxconf PTXCONF_SYSROOT_HOST)"
+ keyprovider="$(ptxd_get_ptxconf PTXCONF_CODE_SIGNING_PROVIDER)"
+ keydir="${sysroot}/var/lib/keys/${keyprovider}"
}
export -f cs_init_variables
@@ -67,20 +67,20 @@ export -f cs_init_variables
# Initialize SoftHSM and set the initial pin
#
cs_init_softhsm() {
- cs_check_env
- cs_init_variables
- local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"
+ cs_check_env
+ cs_init_variables
+ local shsm_keys="${sysroot}/var/cache/softhsm/${keyprovider}"
- rm -rf "${shsm_keys}" &&
- rm -rf "${keydir}" &&
+ rm -rf "${shsm_keys}" &&
+ rm -rf "${keydir}" &&
- sed -i "s^directories.tokendir =.*^directories.tokendir = ${shsm_keys}^" \
- ${SOFTHSM2_CONF} &&
+ sed -i "s^directories.tokendir =.*^directories.tokendir =
${shsm_keys}^" \
+ ${SOFTHSM2_CONF} &&
- mkdir -p "${shsm_keys}" &&
+ mkdir -p "${shsm_keys}" &&
- softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin
0000 &&
- softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin
+ softhsm_pkcs11_tool_init --init-token --label "${keyprovider}" --so-pin
0000 &&
+ softhsm_pkcs11_tool_init -l --so-pin 0000 --new-pin 1111 --init-pin
}
export -f cs_init_softhsm
@@ -90,12 +90,12 @@ export -f cs_init_softhsm
# Define a new key role.
#
cs_define_role() {
- local role="${1}"
- cs_init_variables
+ local role="${1}"
+ cs_init_variables
- mkdir -p "${keydir}/${role}" &&
- # default for SoftHSM
- cs_set_uri "${role}"
"pkcs11:token=${keyprovider};object=${role};pin-value=1111"
+ mkdir -p "${keydir}/${role}" &&
+ # default for SoftHSM
+ cs_set_uri "${role}"
"pkcs11:token=${keyprovider};object=${role};pin-value=1111"
}
export -f cs_define_role
@@ -105,11 +105,11 @@ export -f cs_define_role
# Define a new role group.
#
cs_define_group() {
- local group="${1}"
- cs_init_variables
+ local group="${1}"
+ cs_init_variables
- mkdir -p "${keydir}/${group}.group" &&
- rm -f "${keydir}/${group}.group/roles"
+ mkdir -p "${keydir}/${group}.group" &&
+ rm -f "${keydir}/${group}.group/roles"
}
export -f cs_define_group
@@ -119,15 +119,15 @@ export -f cs_define_group
# Set the roles for a group
#
cs_group_add_roles() {
- local group="${1}"
- shift
- cs_init_variables
+ local group="${1}"
+ shift
+ cs_init_variables
- local orig_IFS="${IFS}"
- IFS="
+ local orig_IFS="${IFS}"
+ IFS="
"
- echo "${*}" >> "${keydir}/${group}.group/roles" &&
- IFS=${orig_IFS}
+ echo "${*}" >> "${keydir}/${group}.group/roles" &&
+ IFS=${orig_IFS}
}
export -f cs_group_add_roles
@@ -137,10 +137,10 @@ export -f cs_group_add_roles
# Gets the roles of a group
#
cs_group_get_roles() {
- local group="${1}"
- cs_init_variables
+ local group="${1}"
+ cs_init_variables
- cat "${keydir}/${group}.group/roles"
+ cat "${keydir}/${group}.group/roles"
}
export -f cs_group_get_roles
@@ -150,11 +150,11 @@ export -f cs_group_get_roles
# Set the uri for a role
#
cs_set_uri() {
- local role="${1}"
- local uri="${2}"
- cs_init_variables
+ local role="${1}"
+ local uri="${2}"
+ cs_init_variables
- echo "${uri}" > "${keydir}/${role}/uri"
+ echo "${uri}" > "${keydir}/${role}/uri"
}
export -f cs_set_uri
@@ -164,22 +164,22 @@ export -f cs_set_uri
# Get the uri from a role
#
cs_get_uri() {
- local role="${1}"
- cs_init_variables
-
- if [ ! -f "${keydir}/${role}/uri" ]; then
- if [ ${#FUNCNAME[*]} -gt 1 ]; then
- ptxd_bailout "No PKCS#11 URI for role ${role}"
- else
- # cs_get_uri was called directly from make prior to cs_set_uri,
- # which may not be an error if it is evaluated early *and* later
- # again - return a unique error string in case it is not expected
- # and a user stumbles upon this
- echo "ERROR_URI_NOT_YET_SET"
- return
+ local role="${1}"
+ cs_init_variables
+
+ if [ ! -f "${keydir}/${role}/uri" ]; then
+ if [ ${#FUNCNAME[*]} -gt 1 ]; then
+ ptxd_bailout "No PKCS#11 URI for role ${role}"
+ else
+ # cs_get_uri was called directly from make prior to
cs_set_uri,
+ # which may not be an error if it is evaluated early
*and* later
+ # again - return a unique error string in case it is
not expected
+ # and a user stumbles upon this
+ echo "ERROR_URI_NOT_YET_SET"
+ return
+ fi
fi
- fi
- cat "${keydir}/${role}/uri"
+ cat "${keydir}/${role}/uri"
}
export -f cs_get_uri
@@ -190,11 +190,11 @@ export -f cs_get_uri
# with SoftHSM.
#
cs_import_cert_from_der() {
- local role="${1}"
- local der="${2}"
- cs_init_variables
+ local role="${1}"
+ local der="${2}"
+ cs_init_variables
- softhsm_pkcs11_tool --type cert --write-object "${der}" --label "${role}"
+ softhsm_pkcs11_tool --type cert --write-object "${der}" --label
"${role}"
}
export -f cs_import_cert_from_der
@@ -205,14 +205,14 @@ export -f cs_import_cert_from_der
# with SoftHSM.
#
cs_import_cert_from_pem() {
- local role="${1}"
- local pem="${2}"
- cs_init_variables
-
- openssl x509 \
- "${openssl_keyopt[@]}" \
- -in "${pem}" -inform pem -outform der |
- softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}"
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
+
+ openssl x509 \
+ "${openssl_keyopt[@]}" \
+ -in "${pem}" -inform pem -outform der |
+ softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label
"${role}"
}
export -f cs_import_cert_from_pem
@@ -223,20 +223,20 @@ export -f cs_import_cert_from_pem
# with SoftHSM.
#
cs_import_pubkey_from_pem() {
- local -a openssl_keyopt
- local role="${1}"
- local pem="${2}"
- cs_init_variables
-
- if [ -n "${OPENSSL_KEYPASS}" ]; then
- openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
- fi
-
- openssl rsa \
- "${openssl_keyopt[@]}" \
- -in "${pem}" -inform pem -pubout -outform der |
- softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label
"${role}"
- check_pipe_status
+ local -a openssl_keyopt
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
+
+ if [ -n "${OPENSSL_KEYPASS}" ]; then
+ openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
+ fi
+
+ openssl rsa \
+ "${openssl_keyopt[@]}" \
+ -in "${pem}" -inform pem -pubout -outform der |
+ softhsm_pkcs11_tool --type pubkey --write-object /dev/stdin --label
"${role}"
+ check_pipe_status
}
export -f cs_import_pubkey_from_pem
@@ -247,20 +247,20 @@ export -f cs_import_pubkey_from_pem
# with SoftHSM.
#
cs_import_privkey_from_pem() {
- local -a openssl_keyopt
- local role="${1}"
- local pem="${2}"
- cs_init_variables
-
- if [ -n "${OPENSSL_KEYPASS}" ]; then
- openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
- fi
-
- openssl rsa \
- "${openssl_keyopt[@]}" \
- -in "${pem}" -inform pem -outform der |
- softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label
"${role}"
- check_pipe_status
+ local -a openssl_keyopt
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
+
+ if [ -n "${OPENSSL_KEYPASS}" ]; then
+ openssl_keyopt=( -passin "file:${OPENSSL_KEYPASS}" )
+ fi
+
+ openssl rsa \
+ "${openssl_keyopt[@]}" \
+ -in "${pem}" -inform pem -outform der |
+ softhsm_pkcs11_tool --type privkey --write-object /dev/stdin --label
"${role}"
+ check_pipe_status
}
export -f cs_import_privkey_from_pem
@@ -271,11 +271,11 @@ export -f cs_import_privkey_from_pem
# with SoftHSM.
#
cs_import_key_from_pem() {
- local role="${1}"
- local pem="${2}"
+ local role="${1}"
+ local pem="${2}"
- cs_import_pubkey_from_pem "${role}" "${pem}"
- cs_import_privkey_from_pem "${role}" "${pem}"
+ cs_import_pubkey_from_pem "${role}" "${pem}"
+ cs_import_privkey_from_pem "${role}" "${pem}"
}
export -f cs_import_key_from_pem
@@ -285,16 +285,16 @@ export -f cs_import_key_from_pem
# Get the path to the CA in pem format from a role
#
cs_get_ca() {
- local role="${1}"
- cs_init_variables
+ local role="${1}"
+ cs_init_variables
- local ca="${keydir}/${role}/ca.pem"
+ local ca="${keydir}/${role}/ca.pem"
- if [ ! -e "${ca}" ]; then
- echo "ERROR_CA_NOT_YET_SET"
- return 1
- fi
- echo "${ca}"
+ if [ ! -e "${ca}" ]; then
+ echo "ERROR_CA_NOT_YET_SET"
+ return 1
+ fi
+ echo "${ca}"
}
export -f cs_get_ca
@@ -304,13 +304,13 @@ export -f cs_get_ca
# Append PEM to CA for a role
#
cs_append_ca_from_pem() {
- local role="${1}"
- local pem="${2}"
- cs_init_variables
+ local role="${1}"
+ local pem="${2}"
+ cs_init_variables
- cat "${pem}" >> "${keydir}/${role}/ca.pem"
- # add new line in case ${pem} does not end with an EOL
- echo >> "${keydir}/${role}/ca.pem"
+ cat "${pem}" >> "${keydir}/${role}/ca.pem"
+ # add new line in case ${pem} does not end with an EOL
+ echo >> "${keydir}/${role}/ca.pem"
}
export -f cs_append_ca_from_pem
@@ -320,13 +320,13 @@ export -f cs_append_ca_from_pem
# Append DER to CA for a role
#
cs_append_ca_from_der() {
- local role="${1}"
- local der="${2}"
- cs_init_variables
+ local role="${1}"
+ local der="${2}"
+ cs_init_variables
- ptxd_exec openssl x509 -inform der -in "${der}" \
- -out "${tmpdir}/ca.pem" &&
- cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem"
+ ptxd_exec openssl x509 -inform der -in "${der}" \
+ -out "${tmpdir}/ca.pem" &&
+ cs_append_ca_from_pem "${role}" "${tmpdir}/ca.pem"
}
export -f cs_append_ca_from_der
@@ -336,16 +336,16 @@ export -f cs_append_ca_from_der
# Append certificate specified by URI or by already set URI to CA for a role
#
cs_append_ca_from_uri() {
- local role="${1}"
- local uri="${2}"
- local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")"
- cs_init_variables
+ local role="${1}"
+ local uri="${2}"
+ local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/${role}-ca.XXXXXX")"
+ cs_init_variables
- if [ -z "${uri}" ]; then
- uri=$(cs_get_uri "${role}")
- fi
+ if [ -z "${uri}" ]; then
+ uri=$(cs_get_uri "${role}")
+ fi
- ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" &&
- cs_append_ca_from_der "${role}" "${tmpdir}/ca.der"
+ ptxd_exec extract-cert "${uri}" "${tmpdir}/ca.der" &&
+ cs_append_ca_from_der "${role}" "${tmpdir}/ca.der"
}
export -f cs_append_ca_from_uri
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to
ptxdist-requ...@pengutronix.de
