<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/classes/signing.bbclass, branch styhead</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2024-03-05T23:09:24+00:00</updated>
<entry>
<title>signing.bbclass: fix typos</title>
<updated>2024-03-05T23:09:24+00:00</updated>
<author>
<name>Ulrich Ölmann</name>
<email>u.oelmann@pengutronix.de</email>
</author>
<published>2024-03-05T20:07:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=123c58693ac786c3cef8a74b03c1557a66dc0142'/>
<id>urn:sha1:123c58693ac786c3cef8a74b03c1557a66dc0142</id>
<content type='text'>
Signed-off-by: Ulrich Ölmann &lt;u.oelmann@pengutronix.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>signing.bbclass: fix wrong function name</title>
<updated>2024-02-23T17:17:42+00:00</updated>
<author>
<name>Sascha Hauer</name>
<email>sha@pengutronix.de</email>
</author>
<published>2024-02-23T08:45:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=30d1eb08b42e9eeb76037fdc8613610878ba1092'/>
<id>urn:sha1:30d1eb08b42e9eeb76037fdc8613610878ba1092</id>
<content type='text'>
The function signing_import_pubkey_from_pem is defined twice, one of
them should really be named signing_import_pubkey_from_der. Fix this and
while at it fix some argument names in the comments above the functions
as well.

Reported-by: Miklos Toth &lt;Miklos.Toth@knorr-bremse.com&gt;
Fixes: 4a6ac691f ("add signing.bbclass as infrastructure for build artifact signing")
Signed-off-by: Sascha Hauer &lt;sha@pengutronix.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>signing.bbclass: make it work with eliptic curve keys</title>
<updated>2024-02-13T20:41:23+00:00</updated>
<author>
<name>Sascha Hauer</name>
<email>s.hauer@pengutronix.de</email>
</author>
<published>2024-02-13T09:18:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9'/>
<id>urn:sha1:c9ddb71d35c68ba58f5318a5bcc504a2ee1026a9</id>
<content type='text'>
"openssl rsa" works with RSA keys only. Use "openssl pkey" instead which
is a frontend that picks the right operation automatically and works
with RSA keys, eliptic curve keys and also DSA keys.

Signed-off-by: Sascha Hauer &lt;s.hauer@pengutronix.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>signing.bbclass: don't export OPENSSL environment variables globally</title>
<updated>2023-10-09T16:38:49+00:00</updated>
<author>
<name>Ahmad Fatoum</name>
<email>a.fatoum@pengutronix.de</email>
</author>
<published>2023-09-20T14:33:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4ad790c7334b02d6d150285a952d84a02645773f'/>
<id>urn:sha1:4ad790c7334b02d6d150285a952d84a02645773f</id>
<content type='text'>
OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
exported globally for any recipe that inherits signing. This not only
affects the tasks that use the signing infrastructure, but also unrelated
tasks like e.g. do_fetch. Avoid this by exporting the variables only
for these tasks that actually call signing_prepare.

This resolves a breakage I observed on Ubuntu 18.04, where the host
tool wget is called with the environment variables set and then fails
with a SSL error (exit code 5).

Signed-off-by: Ahmad Fatoum &lt;a.fatoum@pengutronix.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>add signing.bbclass as infrastructure for build artifact signing</title>
<updated>2023-02-15T16:23:49+00:00</updated>
<author>
<name>Jan Luebbe</name>
<email>jlu@pengutronix.de</email>
</author>
<published>2023-02-13T11:20:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4a6ac691f209204434da38fd271a91455391e728'/>
<id>urn:sha1:4a6ac691f209204434da38fd271a91455391e728</id>
<content type='text'>
This adds common infrastructure to access and used asymmetric keys to
sign build artifacts. The approach and implementation was presented at
the recent OpenEmbedded Workshop:
https://pretalx.com/openembedded-workshop-2023/talk/3C8MFF/

A working demo setup for verified boot based on qemu is available at
https://github.com/jluebbe/meta-code-signing.

Signed-off-by: Jan Luebbe &lt;jlu@pengutronix.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
