signing.bbclass: add certificate ca-chain handling - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Johannes Schneider <johannes.schneider@leica-geosystems.com>	2024-11-01 13:05:13 +0100
committer	Khem Raj <raj.khem@gmail.com>	2024-11-01 06:43:15 -0700
commit	a825b853634714bfad5ecee0acdc2942209828c2 (patch)
tree	fed48946b6fa03dda03edfba4b20ddec7f368325 /meta-python/recipes-devtools/python/python3-py-cpuinfo/0001-test_cli.py-disable.patch
parent	4990a36eb404d5ae603acd6f777c38d62b7973a3 (diff)
download	meta-openembedded-a825b853634714bfad5ecee0acdc2942209828c2.tar.gz

signing.bbclass: add certificate ca-chain handling

Add handling of ca-chains which can consist of more than one certificate in a .pem file, which need to be split off, processed and stored separately in the softhsm - as the tool-chain signing.bbclass::signing_import_cert* -> softhsm -> 'extract-cert' only supports one-per-file, due to using/expecting "plain" x509 in-/output. The added signing_import_cert_chain_from_pem function takes a <role> basename, and iterates through the input .pem file, creating numbered <role>_1, _2, ... roles as needed. Afterwards the certificates can be used or extracted one-by-one from the softhsm, using the numbered roles; the only precondition - or limitation - is that the PKI structure has to be known beforhand; e.g. how many certificates are between leaf and root. Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-py-cpuinfo/0001-test_cli.py-disable.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: