signing.bbclass: make PEM loading compatible with OpenSC 0.26.0 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Enrico Jörns <ejo@pengutronix.de>	2025-07-02 08:09:55 +0200
committer	Khem Raj <raj.khem@gmail.com>	2025-07-02 09:48:26 -0700
commit	2d1d128a41abb698874e2d0b8e59cb5ae0416937 (patch)
tree	54aade442e2054d8cd60efa65f4be951daddcc59 /meta-python/recipes-devtools/python/python3-backports-functools-lru-cache
parent	7d23c8e09c4fc546b5424bec863ccbcac68b4f85 (diff)
download	meta-openembedded-2d1d128a41abb698874e2d0b8e59cb5ae0416937.tar.gz

signing.bbclass: make PEM loading compatible with OpenSC 0.26.0

With https://github.com/OpenSC/OpenSC/pull/3174 which is part of 0.26.0, OpenSC does not support reading the (DER-converted) object data from stdin anymore. However, OpenSC/pkcs11-tool also supports reading PEM files directly. This we can use for simply replacing and simplifying the stdin piping in signing_import_cert_from_pem(). Only for password-protected files we still have to use OpenSSL for conversion, since OpenSC/pkcs11-tool currently doesn't have a mechanism for providing passwords. For these cases, we store the converted PEM into a simple temporary file. This handling is sufficient, since SoftHSM import should be used for example keys only and SoftHSM also doesn't protect the keys in any way. Keys which actually need to be protected are stored in HSMs and accessed via their PKCS#11 URIs. Signed-off-by: Enrico Jörns <ejo@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-backports-functools-lru-cache')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: