--with-crypto is needed e.g. for UBIFS Authentication support in
mkfs.ubifs, and the additional dependencies are negligible (and probably
even required for other host tools).
Signed-off-by: Roland Hieber
---
rules/host-mtd-utils.in | 2 ++
rules/host-mtd-utils.make | 2 +-
2 files changed, 3
On Wed, Jun 16, 2021 at 01:44:39PM +0200, Michael Olbrich wrote:
> On Sat, Jun 12, 2021 at 10:48:35PM +0200, Roland Hieber wrote:
> > --with-crypto is needed e.g. for UBIFS Authentication support in
> > mkfs.ubifs, and the additional dependencies are negligible (and probably
> &
-libera-chat
Link: https://www.devever.net/~hl/freenode_suicide
Signed-off-by: Roland Hieber
---
doc/getting_help.rst | 15 ---
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/doc/getting_help.rst b/doc/getting_help.rst
index a4ea4b3bb8b5..2983618c3bb0 100644
--- a/doc
the copyright
lines stay in place.
I'll rephrase that paragraph to include the copyright statement, the
license statement and (if present) the license text in the
_LICENSE_FILES variable. Having to bump license MD5s is a smaller evil
compared to delivering incomplete data.
- Roland
>
packages, so
propagate them to their own sections.
Signed-off-by: Roland Hieber
---
doc/dev_add_new_pkgs.rst| 689
doc/dev_advanced_rule_files.rst | 463 +
doc/dev_manual.rst | 2 +
doc/dev_patching.rst| 22
Signed-off-by: Roland Hieber
---
If someone could write a similar section for the quilt workflow, that
would be great, as I don't know too much about quilt :-)
doc/dev_patching.rst | 72
1 file changed, 72 insertions(+)
diff --git
On Fri, Jun 11, 2021 at 02:18:42PM +0200, Michael Olbrich wrote:
> On Mon, Jun 07, 2021 at 03:09:07PM +0200, Roland Hieber wrote:
> > The tarball does not include a configure script, generate it in the
> > extract.post stage.
> >
> > Based on a patch by Marc Kleine-Budd
On Fri, Jun 11, 2021 at 10:04:35AM +0200, Michael Olbrich wrote:
> On Mon, Jun 07, 2021 at 03:09:09PM +0200, Roland Hieber wrote:
> > This reduces the dependency graph and can therefore decrease boot time
> > on systems that are configured with a static hostname, and which do no
Signed-off-by: Roland Hieber
---
v1 -> v2:
* fix unknown-exception -> custom-exception
PATCH v1:
https://lore.ptxdist.org/ptxdist/20210611121842.gh839...@pengutronix.de
---
rules/ima-evm-utils.make | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/rules/i
-by: Roland Hieber
---
v1 -> v2:
* order the new promptable options next to the other promptable options
* set "default y" for both new options to keep compatibility
PATCH v1:
https://lore.ptxdist.org/ptxdist/20210607130909.4836-7-...@pengutronix.de
---
rules/syst
421b5d0
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889
Signed-off-b
Signed-off-by: Roland Hieber
---
v1 -> v2:
* also remove spaces after the config prompt
PATCH v1:
https://lore.ptxdist.org/ptxdist/20210609215254.22554-1-...@pengutronix.de
---
rules/openfortivpn.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/openfortivpn
ut
maybe my cofe level wasn't high enough either.
- Roland
--
Roland Hieber, Pengutronix e.K. | r.hie...@pengutronix.de |
Steuerwalder Str. 21 | https://www.pengutronix.de/ |
31137 Hildesheim, Germany| Phone: +49-5121-206917-0|
Amtsgericht
-
> 2.31.1
>
>
> ___
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to
> ptxdist-requ...@pengutronix.de
>
--
Roland Hieber, Pengutronix e.K. | r
PTXdist startup and try to set up our rule files accordingly so they
built with all make versions. Maybe add a linter function too, if
possible.
- Roland
--
Roland Hieber, Pengutronix e.K. | r.hie...@pengutronix.de |
Steuerwalder Str. 21 | https://www.
install_alternative already looks for the config files in various
places, there is no need for kconfig switches here. These options are
probably a leftover from the very early years of PTXdist.
Signed-off-by: Roland Hieber
---
rules/dhcp.in | 33 -
rules
Signed-off-by: Roland Hieber
---
rules/dhcp.in | 4
1 file changed, 4 insertions(+)
diff --git a/rules/dhcp.in b/rules/dhcp.in
index 859b939eebc9..06ba29080f2c 100644
--- a/rules/dhcp.in
+++ b/rules/dhcp.in
@@ -1,4 +1,8 @@
## SECTION=networking
+
+comment "Note: no DHCP binarie
If this package is selected, it is probably because of the server, of
because the busybox DHCP client was not powerful enough.
Signed-off-by: Roland Hieber
---
rules/dhcp.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rules/dhcp.in b/rules/dhcp.in
index 7eefb16c6414..859b939eebc9
Copy the following files from the ISC DHCP tree:
* client/dhclient.conf.example
* server/dhcpd.conf.example
and comment out all lines, so they serve as examples only and don't
configure any strange things on the target.
Signed-off-by: Roland Hieber
---
projectroot/etc/dhclient.conf
Copy the following files from busybox 1.33:
* examples/udhcp/simple.script
* examples/udhcp/udhcpd.conf
This teaches the DHCP client to use iproute2 tools instead of the
outdated iputils.
Signed-off-by: Roland Hieber
---
projectroot/etc/udhcpc.script | 60 +-
projectroot
On Mon, Jun 21, 2021 at 08:13:45AM +0200, Bruno Thomsen wrote:
> Den lør. 19. jun. 2021 kl. 23.27 skrev Roland Hieber :
> >
> > On Sat, Jun 19, 2021 at 02:58:13PM +0200, Bruno Thomsen wrote:
> > > Improve help message when failing to find mpc development files
> > &
/bin/j1939sr
> +BERLIOS_CAN_UTILS_INST-$(PTXCONF_BERLIOS_CAN_UTILS_J1939ACD) +=
> /usr/bin/j1939acd
> +BERLIOS_CAN_UTILS_INST-$(PTXCONF_BERLIOS_CAN_UTILS_J1939CAT) +=
> /usr/bin/j1939cat
> BERLIOS_CAN_UTILS_INST-$(PTXCONF_BERLIOS_CAN_UTILS_TESTJ1939) +=
> /usr/bin/testj1939
>
>
Fixes: 204be3e0f85f82e96630 (2021-05-06, "libusbgx: make example and tool
selection fine grained")
Signed-off-by: Roland Hieber
---
rules/libusbgx.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rules/libusbgx.in b/rules/libusbgx.in
index dc751ec46fdf..13252a3a7
[rhi: add lines for the license statements too. The lib is LGPL, the
examples are GPL, and are also installed on the target.]
Reviewed-by: Roland Hieber
Signed-off-by: Roland Hieber
---
rules/libusbgx.make | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rules/libusbgx.make b/rules
On Fri, Jun 25, 2021 at 09:58:18AM +0200, Michael Olbrich wrote:
> On Sun, Jun 20, 2021 at 07:10:45PM +0200, Roland Hieber wrote:
> > Signed-off-by: Roland Hieber
> > ---
> > rules/dhcp.in | 4
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/
Signed-off-by: Roland Hieber
---
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index 57bfdcc10c24..dabf0d56eb66 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,6 +32,7 @@ scripts/kconfig/lxdialog/*.o
!/bin/ptxdist-auto-version
/Documentation/
+man
With this version, host-ptx-code-signing-dev sets up the new role groups
imx-habv4-srk, imx-habv4-csf and imx-habv4-img.
Signed-off-by: Roland Hieber
---
PATCH v2 (rhi):
- new patch in v2 (feedback from Michael Olbrich)
---
rules/host-ptx-code-signing-dev.make | 4 ++--
1 file changed, 2
Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
and spaces.
Signed-off-by: Roland Hieber
---
PATCH v2 (rhi):
- new patch in v2
- not essential, but slowly start fixing indentation in scripts/lib
- git show -w is empty
---
scripts/lib/ptxd_lib_imx_hab.sh | 86
Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
and spaces.
Signed-off-by: Roland Hieber
---
PATCH v2 (rhi):
- new patch in v2
- not essential, but slowly start fixing indentation in scripts/lib
- git show -w is empty
---
scripts/lib/ptxd_lib_code_signing.sh | 278
abv4-srk"
| cs_define_group "${g}"
| cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2"
Use the function cs_group_get_roles() to get the roles of a group.
In a later patch the function ptxd_make_imx_habv4_gen_table() is
converted to make use $(c
From: Marc Kleine-Budde
This patch changes cs_get_ca() to only output the CA if it actually
exists, or print an error and return 1 instead. This makes it possible
to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
conditional.
Co-authored-by: Roland Hieber
Signed-off-by: Marc K
by: Marc Kleine-Budde
Signed-off-by: Roland Hieber
---
PATCH v2 (rhi):
- split off code signing provider template changes from library and
consumer changes (see next patch) to make patches easier to port to
existing code signing providers
PATCH v1 (mkl):
https://lore.ptxd
ecipes can still work with
ptxd_make_imx_habv4_gen_table() if their code signing provider sets up
the roles appropriately.
Signed-off-by: Marc Kleine-Budde
Signed-off-by: Roland Hieber
---
PATCH v2 (rhi):
- split up code signing provider template changes (see previous patch)
from lib and consum
If PDF files are found in the _LICENSE_FILES variable, include them as
literal pages in license-report.pdf with the 'pdfpages' package, which
nowadays comes preinstalled with most LaTeX distributions.
Signed-off-by: Roland Hieber
---
scripts/lib/ptxd_make_license_report.sh | 2 ++
s
ew package")
Cc: Lars Pedersen
Signed-off-by: Roland Hieber
---
rules/python3-pycryptodomex.make | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/rules/python3-pycryptodomex.make b/rules/python3-pycryptodomex.make
index 59dadfbd0d29..9409bb414e88 100644
ckages,, *.py)
> +
> + @$(call install_finish, python3-pyasn1)
> +
> + @$(call touch)
> +
> +# vim: syntax=make
> --
> 2.31.1
>
>
> ___
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, se
@$(call install_finish, python3-snmpclitools)
> +
> + @$(call touch)
> +
> +# vim: syntax=make
> --
> 2.31.1
>
>
> ___
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscr
Signed-off-by: Roland Hieber
---
On Wed, Jul 07, 2021 at 04:38:20PM +0200, Michael Olbrich wrote:
> > +PYTHON3_PYCRYPTODOMEX_LICENSE := Unlicense AND BSD-2-Clause and
> > proprietary
>
> I think this should be 'custom' not 'proprietary'. If 'pro
OK, why did I break the subject… v2 then.
- Roland
On Thu, Jul 08, 2021 at 08:46:26PM +0200, Roland Hieber wrote:
> Signed-off-by: Roland Hieber
> ---
> On Wed, Jul 07, 2021 at 04:38:20PM +0200, Michael Olbrich wrote:
> > > +PYTHON3_PYCRYPTODOMEX_LICENSE:= Unlicense AN
If PDF files are found in the _LICENSE_FILES variable, include them as
literal pages in license-report.pdf with the 'pdfpages' package, which
nowadays comes preinstalled with most LaTeX distributions.
Signed-off-by: Roland Hieber
---
* v1 -> v2: no changes
ew package")
Cc: Lars Pedersen
Signed-off-by: Roland Hieber
---
* v1 -> v2: use "custom" instead of "proprietary"
rules/python3-pycryptodomex.make | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/rules/python3-pycryptodomex.make b/rules/py
On Mon, Jun 28, 2021 at 08:42:13AM +0200, Michael Olbrich wrote:
> On Mon, Jun 28, 2021 at 01:11:20AM +0200, Roland Hieber wrote:
> > Be uniform with bin/ptxdist, indent with one tab instead of mixed tabs
> > and spaces.
>
> No. Everything is scripts is indented this way:
On Mon, Jun 28, 2021 at 08:38:25AM +0200, Michael Olbrich wrote:
> On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote:
> > From: Marc Kleine-Budde
> >
> > This patch changes cs_get_ca() to only output the CA if it actually
> > exists, or print an error and r
With this version, host-ptx-code-signing-dev sets up the new role groups
imx-habv4-srk, imx-habv4-csf and imx-habv4-img.
Signed-off-by: Roland Hieber
---
PATCH v3:
- no changes
PATCH v2 (rhi):
https://lore.ptxdist.org/ptxdist/20210627231121.28313-5-...@pengutronix.de
- new patch in v2
From: Marc Kleine-Budde
This patch changes cs_get_ca() to only output the CA if it actually
exists, or print an error and return 1 instead. This makes it possible
to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
conditional.
Co-authored-by: Roland Hieber
Signed-off-by: Marc K
abv4-srk"
| cs_define_group "${g}"
| cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2"
Use the function cs_group_get_roles() to get the roles of a group.
In a later patch the function ptxd_make_imx_habv4_gen_table() is
converted to make use $(c
by: Marc Kleine-Budde
Signed-off-by: Roland Hieber
---
PATCH v3:
- no changes
PATCH v2 (rhi):
https://lore.ptxdist.org/ptxdist/20210627231121.28313-3-...@pengutronix.de
- split off code signing provider template changes from library and
consumer changes (see next patch) to make patches ea
ecipes can still work with
ptxd_make_imx_habv4_gen_table() if their code signing provider sets up
the roles appropriately.
Signed-off-by: Marc Kleine-Budde
Signed-off-by: Roland Hieber
---
PATCH v3:
- no changes
PATCH v2 (rhi):
https://lore.ptxdist.org/ptxdist/20210627231121.28313-4-...@peng
Signed-off-by: Roland Hieber
---
rules/dbench.in | 2 +-
rules/dbench.make | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/dbench.in b/rules/dbench.in
index 719b8b797c6a..a16b13f002fc 100644
--- a/rules/dbench.in
+++ b/rules/dbench.in
@@ -16,7 +16,7 @@ menuconfig
Signed-off-by: Roland Hieber
---
rules/linuxptp.make | 3 +++
1 file changed, 3 insertions(+)
diff --git a/rules/linuxptp.make b/rules/linuxptp.make
index 6415512f1cbc..425ba3925a76 100644
--- a/rules/linuxptp.make
+++ b/rules/linuxptp.make
@@ -23,6 +23,9 @@ LINUXPTP_URL := $(call ptx
Signed-off-by: Roland Hieber
---
rules/ppp.make | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rules/ppp.make b/rules/ppp.make
index 3c8a57fd9396..e39b87b45dd3 100644
--- a/rules/ppp.make
+++ b/rules/ppp.make
@@ -20,7 +20,7 @@ PPP_VERSION := 2.4.9
PPP_MD5
The old version has been depublished from SourceForge due to CVEs.
Signed-off-by: Roland Hieber
---
rules/linuxptp.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/linuxptp.make b/rules/linuxptp.make
index 7e94cb20dfbd..6415512f1cbc 100644
--- a/rules
Signed-off-by: Roland Hieber
---
rules/rsync.make | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rules/rsync.make b/rules/rsync.make
index be507916820a..70fdd751ca0d 100644
--- a/rules/rsync.make
+++ b/rules/rsync.make
@@ -18,7 +18,7 @@ RSYNC_VERSION := 2.6.9
RSYNC_MD5
Signed-off-by: Roland Hieber
---
rules/samba.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rules/samba.in b/rules/samba.in
index dd952cbe6e80..c01b28c10921 100644
--- a/rules/samba.in
+++ b/rules/samba.in
@@ -31,7 +31,7 @@ menuconfig SAMBA
Windows operating
The old version has been depublished from SourceForge due to CVEs.
The remaining patch has been applied upstream.
Signed-off-by: Roland Hieber
---
PATCH v2:
- remove old patches
- resend only this one patch out-of-series, no changes for the rest of
the series
PATCH v1:
https
On Fri, Jul 09, 2021 at 08:59:08AM +0200, Alexander Dahl wrote:
> Hello Roland,
>
> On Fri, Jul 09, 2021 at 12:02:02AM +0200, Roland Hieber wrote:
> > Signed-off-by: Roland Hieber
>
> I miss the reasoning for this change. What's the benefit?
Originally I tried to &q
On Fri, Jul 09, 2021 at 09:42:09AM +0200, Michael Olbrich wrote:
> On Thu, Jul 08, 2021 at 10:16:24PM +0200, Roland Hieber wrote:
> > BTW, I like to get feedback mail as Cc into my inbox so I can keep a
> > simple backlog of my still-to-be-done patches in addition to the
> &g
From: Marc Kleine-Budde
This patch changes cs_get_ca() to only output the CA if it actually
exists, or print an error and return 1 instead. This makes it possible
to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
conditional.
Co-authored-by: Roland Hieber
Signed-off-by: Marc K
Signed-off-by: Roland Hieber
---
doc/dev_code_signing.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/dev_code_signing.rst b/doc/dev_code_signing.rst
index 56ac0e3b3217..5a6196cb2826 100644
--- a/doc/dev_code_signing.rst
+++ b/doc/dev_code_signing.rst
@@ -10,6 +10,8 @@ This is also
Just fix a typo…
Signed-off-by: Roland Hieber
---
doc/dev_code_signing_flowchart.svg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/dev_code_signing_flowchart.svg
b/doc/dev_code_signing_flowchart.svg
index 7b06b2f0bbfe..e7aaa6bb7dd8 100644
--- a/doc
signing provider was not set up yet. If the error
message is used as part of a URI, the user can at least get a hint about
the fact that an error happened.
Co-authored-by: Roland Hieber
Signed-off-by: Marc Kleine-Budde
Signed-off-by: Roland Hieber
---
PATCH v5:
- print error if keydir doesn't
(call targetinfo)
> + @$(call install_init, gnu-efi)
> + @$(call install_fixup, gnu-efi,PRIORITY,optional)
> + @$(call install_fixup, gnu-efi,SECTION,base)
> + @$(call install_fixup, gnu-efi,AUTHOR,"Christian Melki
> ")
> + @$(call install_fixup, gnu-efi,DESCRIPTION,missing)
>
On Mon, Jul 19, 2021 at 11:09:40AM +0200, Roland Hieber wrote:
> On Fri, Jul 16, 2021 at 03:41:03PM +0200, Christian Melki wrote:
> > +# No tags: use a fake descriptive commit-ish to include the date
> > +GNU_EFI_VERSION:= 3.0.13
&
Therefore, all
variables that make use of need to be evaluated recursively when they
are used ('=' instead of ':='). All other recipes using KERNEL_*
variables already take care of this.
Signed-off-by: Roland Hieber
---
Note: this depends on "[PATCH v5] ptxd_lib_c
Version 0.6 sets up keys for the 'kernel-module' role.
Signed-off-by: Roland Hieber
---
Meant to be applied along with "[PATCH] kernel: add support for kernel
module signing", but I forgot to include this in the series.
https://lore.ptxdist.org/ptxdist/20210719183053.3799-
On Tue, Jul 20, 2021 at 03:08:53PM +0200, Christian Melki wrote:
> On 7/19/21 11:09 AM, Roland Hieber wrote:
> > Hi,
> >
> > generally you can just prefix the commit message with the package name
> > (no "rules/"), that's how we usually do it
On Wed, Jul 21, 2021 at 10:54:53AM +0200, Michael Olbrich wrote:
> On Mon, Jul 19, 2021 at 08:30:53PM +0200, Roland Hieber wrote:
> > Use the code signing role 'kernel-modules' to supply the kernel with the
> > keys for kernel module signing and additional CAs for the kern
On Fri, Jul 23, 2021 at 12:39:28PM +0200, Michael Olbrich wrote:
> On Fri, Jul 23, 2021 at 12:17:36PM +0200, Roland Hieber wrote:
> > On Wed, Jul 21, 2021 at 10:54:53AM +0200, Michael Olbrich wrote:
> > > On Mon, Jul 19, 2021 at 08:30:53PM +0200, Roland Hieber wrote:
> > &g
Also provide some example code to set up the role group for the SoftHSM
use case.
Fixes: f1fc06cd534092bd1a4a (2021-07-08, "templates/code-signing-provider: set
up the 'imx-habv4-srk' role group")
Signed-off-by: Roland Hieber
---
.../code-signing-provider/ptxdist
of ':=', except the options for the perf and iio
tools, were this is not needed. All other recipes using KERNEL_*
variables also already take care of this.)
Signed-off-by: Roland Hieber
---
PATCH v2:
- new in v2, split off from "[PATCH] kernel: add support for kernel
modul
ed when using
module signing in PTXdist.
Signed-off-by: Roland Hieber
---
PATCH v2:
- rebase to current master
- split trusted key handling into its own patch (see previous patch)
- add CONFIG_MODULE_SIG_KEY to KENREL_BASE_OPT instead of
KERNEL_SIGN_OPT, and only if module signing is enabled in t
Version 0.6 sets up keys for the 'kernel-modules' role.
Signed-off-by: Roland Hieber
---
PATCH v2:
- rebase to current master after commit bd8b3d01cbd0ce3af98f
("host-ptx-code-signing-dev: version bump 0.4 -> 0.5") was applied
PATCH v1:
https://lore.ptxdist.org/ptxdi
Apparently this one fell through the cracks...
- Roland
On Sun, Jun 27, 2021 at 12:49:44AM +0200, Roland Hieber wrote:
> Signed-off-by: Roland Hieber
> ---
> .gitignore | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/.gitignore b/.gitignore
> index 57bfdcc10c24
p, fscryptctl,AUTHOR,"Ahmad Fatoum
> ")
> + @$(call install_fixup, fscryptctl,DESCRIPTION, "Low-level Linux fscrypt
> control tool")
> +
> + @$(call install_copy, fscryptctl, 0, 0, 0755, -, /usr/bin/fscryptctl)
> +
> + @$(call install_finish, fscryptctl)
> +
> +
> # Prepare
> --
> 2.30.2
>
>
> ___
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to
> ptxdist-requ...@pengutronix.de
&
On Wed, Jul 28, 2021 at 01:48:09PM +0200, Bastian Krause wrote:
>
> On 7/28/21 11:49 AM, Roland Hieber wrote:
> > On Wed, Jul 28, 2021 at 11:01:07AM +0200, Bastian Krause wrote:
> >> Cairo is dual-licensed:
> >>
> >> "Cairo is free software
On Mon, Aug 02, 2021 at 07:45:26AM +0200, Ahmad Fatoum wrote:
> Hi Roland,
>
> On 28.07.21 11:48, Roland Hieber wrote:
> > On Tue, Jul 27, 2021 at 04:05:35PM +0200, Ahmad Fatoum wrote:
> >> diff --git a/rules/fscryptctl.make b/rules/fscryptctl.make
> >>
with 'ptxdist -v', but the messages are still
available in the logfile.
Signed-off-by: Roland Hieber
---
scripts/libptxdist.sh | 18 ++
1 file changed, 18 insertions(+)
diff --git a/scripts/libptxdist.sh b/scripts/libptxdist.sh
index ee0ba39d3ea3..bb508798cb6f 10064
Variables named ${pkg} are already widely used throughout the code base
for different purposes, so name it ${pkg_name} instead.
Signed-off-by: Roland Hieber
---
Turned out I didn't need it for this series, but I still think it's
useful in general.
---
rules/post/ptxd_make_world_commo
Signed-off-by: Roland Hieber
---
doc/dev_code_signing.rst | 68 +++
platforms/code-signing.in | 22
rules/pre/030-code-signing-consumers.make | 6 ++
scripts/lib/ptxd_lib_code_signing.sh | 52 -
4 files changed
We'll need this type of function more often later.
Signed-off-by: Roland Hieber
---
scripts/lib/ptxd_lib_code_signing.sh | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/scripts/lib/ptxd_lib_code_signing.sh
b/scripts/lib/ptxd_lib_code_signing.sh
information can be added
later if needed.
Refactor the existing consumers in the code base too, and add an error
message in case anyone else that still uses the old API.
Signed-off-by: Roland Hieber
---
doc/dev_code_signing.rst | 2 +-
doc/ref_code_signing_helpers.rst
Co-authored-by: Felicitas Jung
Signed-off-by: Felicitas Jung
Signed-off-by: Roland Hieber
---
PATCH v3:
- rebase to current master
- rewrite paragraph about always including the copyright statement
lines in the checksum (feedback from Michael Olbrich)
PATCH v2:
https://lore.ptxdist.org
Co-authored-by: Felicitas Jung
Signed-off-by: Felicitas Jung
Signed-off-by: Roland Hieber
---
PATCH v4:
- remove dangling include to daily_work_licenses.inc (how did that ever
work…?)
PATCH v3:
https://lore.ptxdist.org/ptxdist/20210805091848.2855-1-...@pengutronix.de
- rebase to current
Variables named ${pkg} are already widely used throughout the code base
for different purposes, so name it ${pkg_name} instead.
Signed-off-by: Roland Hieber
---
Turned out I didn't need it for this series, but I still think it's
useful in general.
PATCH v2: no changes
PATCH
with 'ptxdist -v', but the messages are still
available in the logfile.
Signed-off-by: Roland Hieber
---
PATCH v2: no changes
PATCH v1:
https://lore.ptxdist.org/ptxdist/20210804142330.32739-2-...@pengutronix.de
---
scripts/libptxdist.sh | 18 ++
1 file changed, 18 inse
We'll need this type of function more often later.
Signed-off-by: Roland Hieber
---
PATCH v2: no changes
PATCH v1:
https://lore.ptxdist.org/ptxdist/20210804142330.32739-3-...@pengutronix.de
---
scripts/lib/ptxd_lib_code_signing.sh | 14 +-
1 file changed, 13 insertions(
information can be added
later if needed.
Refactor the existing consumers in the code base too, and add an error
message in case anyone else that still uses the old API.
Signed-off-by: Roland Hieber
---
PATCH v2:
- define multiline macros using "define"
PATCH v1:
https://lore.ptxdist.o
Signed-off-by: Roland Hieber
---
PATCH v2:
- cs_check_whitelisted: make "needle" local variable (feedback by
Michael Olbrich)
- cs_check_whitelisted: error out with ERROR_KEY_NOT_WHITELISTED also
if whitelist does not exist yet (Michael Olbrich)
- rename cs_
On Mon, Aug 09, 2021 at 10:06:08AM +0200, Roland Hieber wrote:
> Signed-off-by: Roland Hieber
> ---
> PATCH v2:
> - cs_check_whitelisted: make "needle" local variable (feedback by
>Michael Olbrich)
> - cs_check_whitelisted: error out with ERROR_KEY_NOT_WHITEL
Signed-off-by: Roland Hieber
---
bin/ptxdist | 2 +-
doc/dev_code_signing.rst | 12
scripts/lib/ptxd_lib_code_signing.sh | 21 +
3 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/bin/ptxdist b/bin/ptxdist
index
: Bastian Stender
Signed-off-by: Roland Hieber
---
doc/ref_code_signing_helpers.rst | 46 +++
rules/host-ptx-code-signing-dev.make | 6 +++
.../ptxdist-set-keys-hsm.sh | 1 +
.../template-code-signing-provider-make | 6 +++
scripts
Checking for PKCS11_MODULE_PATH etc. is also useful for the non-SoftHSM
workflow, but the other variables are specific to SoftHSM. Split off the
SoftHSM checks up into a separate function.
Signed-off-by: Roland Hieber
---
scripts/lib/ptxd_lib_code_signing.sh | 21 ++---
1 file
On Mon, Aug 09, 2021 at 04:40:30PM +0200, Roland Hieber wrote:
> Currently, sysroot-host/var/lib/keys/${keyprovider} is left over even
> when the provider package is cleaned. To help with this, introduce
> cs_clean and cs_clean_softhsm shell functions. The latter needs access
> to ${sh
Signed-off-by: Roland Hieber
---
PATCH v2: no changes
PATCH v1:
https://lore.ptxdist.org/ptxdist/20210809144030.22764-1-...@pengutronix.de
---
bin/ptxdist | 2 +-
doc/dev_code_signing.rst | 12
scripts/lib/ptxd_lib_code_signing.sh | 21
Checking for PKCS11_MODULE_PATH etc. is also useful for the non-SoftHSM
workflow, but the other variables are specific to SoftHSM. Split off the
SoftHSM checks up into a separate function.
Signed-off-by: Roland Hieber
---
PATCH v2: no changes
PATCH v1:
https://lore.ptxdist.org/ptxdist
functions in the clean stage of the
providers.
Reported-by: Bastian Krause
Signed-off-by: Roland Hieber
---
PATCH v2:
- spell Bastian's last name correctly (sorry!) (feedback from Bastian
Krause)
- split off and extend cs_init stuff into next patch
PATCH v1:
https://lore.ptxdist.org/pt
Similarly to cs_init_softhsm, introduce cs_init for non-SoftHSM use
cases. In both cases, clean up any left-over files from previous
installations to ensure a clean state, and enforce their use for
existing providers.
Reported-by: Bastian Krause
Signed-off-by: Roland Hieber
---
PATCH v2: new in
Signed-off-by: Roland Hieber
---
rules/rng-tools.make | 4
1 file changed, 4 insertions(+)
diff --git a/rules/rng-tools.make b/rules/rng-tools.make
index 5d8a09cee153..93d1b522588b 100644
--- a/rules/rng-tools.make
+++ b/rules/rng-tools.make
@@ -17,6 +17,10 @@ RNG_TOOLS_URL
The old version of rng-tools didn't use libgcrypt, but linked to it
nevertheless; however it moved from libgcrypt to openssl anyway in the
new version. The patch was applied upstream, but ./configure still needs
to be generated.
Signed-off-by: Roland Hieber
---
.../autog
301 - 400 of 1067 matches
Mail list logo