diff options
| author | Johannes Schneider <johannes.schneider@leica-geosystems.com> | 2025-06-27 14:18:22 +0200 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2025-06-28 11:04:25 -0700 |
| commit | a1dd1906048d6a83061515ae00871e8f804297da (patch) | |
| tree | aa6a7e3800295f748436f54d41da7c63c6aa7ae1 | |
| parent | d1b6f528a56084f156bcdb9baa61c08beb2db0ae (diff) | |
| download | meta-openembedded-a1dd1906048d6a83061515ae00871e8f804297da.tar.gz | |
signing.bbclass: remove signing_import_cert_chain_from_pem
With the now available set|get|has_ca functions to establish a CA link
between roles during their import, the
signing_import_cert_chain_from_pem can now be removed. As it had the
shortcoming of dynamically creating roles, which are harder to handle
then the manually/specifically setup CA roles.
This effectively reverts:
a825b853634 signing.bbclass: add certificate ca-chain handling
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-oe/classes/signing.bbclass | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 6fde22bf22..5068360ca7 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass | |||
| @@ -231,35 +231,6 @@ signing_get_root_cert() { | |||
| 231 | echo "${cert_name}" | 231 | echo "${cert_name}" |
| 232 | } | 232 | } |
| 233 | 233 | ||
| 234 | # signing_import_cert_chain_from_pem <role> <pem> | ||
| 235 | # | ||
| 236 | # Import a certificate *chain* from a PEM file to a role. | ||
| 237 | # (e.g. multiple ones concatenated in one file) | ||
| 238 | # | ||
| 239 | # Due to limitations in the toolchain: | ||
| 240 | # signing class -> softhsm -> 'extract-cert' | ||
| 241 | # the input certificate is split into a sequentially numbered list of roles, | ||
| 242 | # starting at <role>_1 | ||
| 243 | # | ||
| 244 | # (The limitations are the conversion step from x509 to a plain .der, and | ||
| 245 | # extract-cert expecting a x509 and then producing only plain .der again) | ||
| 246 | signing_import_cert_chain_from_pem() { | ||
| 247 | local role="${1}" | ||
| 248 | local pem="${2}" | ||
| 249 | local i=1 | ||
| 250 | |||
| 251 | cat "${pem}" | \ | ||
| 252 | while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do | ||
| 253 | signing_import_define_role "${role}_${i}" | ||
| 254 | signing_pkcs11_tool --type cert \ | ||
| 255 | --write-object ${B}/temp_${i}.der \ | ||
| 256 | --label "${role}_${i}" | ||
| 257 | rm ${B}/temp_${i}.der | ||
| 258 | echo "imported ${pem} under role: ${role}_${i}" | ||
| 259 | i=$(awk "BEGIN {print $i+1}") | ||
| 260 | done | ||
| 261 | } | ||
| 262 | |||
| 263 | # signing_import_cert_from_pem <cert_name> <pem> | 234 | # signing_import_cert_from_pem <cert_name> <pem> |
| 264 | # | 235 | # |
| 265 | # Import a certificate from PEM file to a cert_name. | 236 | # Import a certificate from PEM file to a cert_name. |