signing.bbclass: add signing_extract_cert helpers

Add extract-cert wrapping helper functions, to easily extract certificates again that had been previously imported into the softhsm. Reviewed-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Johannes Schneider <johannes.schneider@leica-geosystems.com> 2025-06-27 14:18:21 +0200
committer: Khem Raj <raj.khem@gmail.com> 2025-06-28 11:04:25 -0700
commit: d1b6f528a56084f156bcdb9baa61c08beb2db0ae (patch)
tree: 3a399978e4f7fffd7c3d684757ec6cb340253d78
parent: b6915f63998e17655c6d4cb094ba8880fed7fb9f (diff)
download: meta-openembedded-d1b6f528a56084f156bcdb9baa61c08beb2db0ae.tar.gz
1 files changed, 25 insertions, 1 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index 248c6400ed..6fde22bf22 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -54,7 +54,7 @@
 SIGNING_PKCS11_URI ?= ""
 SIGNING_PKCS11_MODULE ?= ""
-DEPENDS += "softhsm-native libp11-native opensc-native openssl-native"
+DEPENDS += "softhsm-native libp11-native opensc-native openssl-native extract-cert-native"
 def signing_class_prepare(d):
    import os.path
@@ -453,6 +453,30 @@ signing_get_module() {
    fi
 }
+# signing_extract_cert_der <role> <der>
+#
+# Export a certificate attached to a role into a DER file.
+# To be used with SoftHSM.
+signing_extract_cert_der() {
+    local role="${1}"
+    local output="${2}"
+    extract-cert "$(signing_get_uri $role)" "${output}"
+}
+# signing_extract_cert_pem <role> <pem>
+#
+# Export a certificate attached to a role into a PEM file.
+# To be used with SoftHSM.
+signing_extract_cert_pem() {
+    local role="${1}"
+    local output="${2}"
+    extract-cert "$(signing_get_uri $role)" "${output}.tmp-der"
+    openssl x509 -inform der -in "${output}.tmp-der" -out "${output}"
+    rm "${output}.tmp-der"
+}
 python () {
    signing_class_prepare(d)
 }
author	Johannes Schneider <johannes.schneider@leica-geosystems.com>	2025-06-27 14:18:21 +0200
committer	Khem Raj <raj.khem@gmail.com>	2025-06-28 11:04:25 -0700
commit	d1b6f528a56084f156bcdb9baa61c08beb2db0ae (patch)
tree	3a399978e4f7fffd7c3d684757ec6cb340253d78
parent	b6915f63998e17655c6d4cb094ba8880fed7fb9f (diff)
download	meta-openembedded-d1b6f528a56084f156bcdb9baa61c08beb2db0ae.tar.gz

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 248c6400ed..6fde22bf22 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass
@@ -54,7 +54,7 @@
54	SIGNING_PKCS11_URI ?= ""	54	SIGNING_PKCS11_URI ?= ""
55	SIGNING_PKCS11_MODULE ?= ""	55	SIGNING_PKCS11_MODULE ?= ""
56		56
57	DEPENDS += "softhsm-native libp11-native opensc-native openssl-native"	57	DEPENDS += "softhsm-native libp11-native opensc-native openssl-native extract-cert-native"
58		58
59	def signing_class_prepare(d):	59	def signing_class_prepare(d):
60	import os.path	60	import os.path
@@ -453,6 +453,30 @@ signing_get_module() {
453	fi	453	fi
454	}	454	}
455		455
		456	# signing_extract_cert_der <role> <der>
		457	#
		458	# Export a certificate attached to a role into a DER file.
		459	# To be used with SoftHSM.
		460	signing_extract_cert_der() {
		461	local role="${1}"
		462	local output="${2}"
		463
		464	extract-cert "$(signing_get_uri $role)" "${output}"
		465	}
		466
		467	# signing_extract_cert_pem <role> <pem>
		468	#
		469	# Export a certificate attached to a role into a PEM file.
		470	# To be used with SoftHSM.
		471	signing_extract_cert_pem() {
		472	local role="${1}"
		473	local output="${2}"
		474
		475	extract-cert "$(signing_get_uri $role)" "${output}.tmp-der"
		476	openssl x509 -inform der -in "${output}.tmp-der" -out "${output}"
		477	rm "${output}.tmp-der"
		478	}
		479
456	python () {	480	python () {
457	signing_class_prepare(d)	481	signing_class_prepare(d)
458	}	482	}