summaryrefslogtreecommitdiffstats
path: root/meta-oe/classes/signing.bbclass
Commit message (Collapse)AuthorAgeFilesLines
* signing.bbclass: fix typosUlrich Ölmann2024-03-051-3/+3
| | | | | Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* signing.bbclass: fix wrong function nameSascha Hauer2024-02-231-3/+3
| | | | | | | | | | | | The function signing_import_pubkey_from_pem is defined twice, one of them should really be named signing_import_pubkey_from_der. Fix this and while at it fix some argument names in the comments above the functions as well. Reported-by: Miklos Toth <Miklos.Toth@knorr-bremse.com> Fixes: 4a6ac691f ("add signing.bbclass as infrastructure for build artifact signing") Signed-off-by: Sascha Hauer <sha@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* signing.bbclass: make it work with eliptic curve keysSascha Hauer2024-02-131-4/+4
| | | | | | | | | "openssl rsa" works with RSA keys only. Use "openssl pkey" instead which is a frontend that picks the right operation automatically and works with RSA keys, eliptic curve keys and also DSA keys. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* signing.bbclass: don't export OPENSSL environment variables globallyAhmad Fatoum2023-10-091-6/+6
| | | | | | | | | | | | | | | OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently exported globally for any recipe that inherits signing. This not only affects the tasks that use the signing infrastructure, but also unrelated tasks like e.g. do_fetch. Avoid this by exporting the variables only for these tasks that actually call signing_prepare. This resolves a breakage I observed on Ubuntu 18.04, where the host tool wget is called with the environment variables set and then fails with a SSL error (exit code 5). Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* add signing.bbclass as infrastructure for build artifact signingJan Luebbe2023-02-151-0/+316
This adds common infrastructure to access and used asymmetric keys to sign build artifacts. The approach and implementation was presented at the recent OpenEmbedded Workshop: https://pretalx.com/openembedded-workshop-2023/talk/3C8MFF/ A working demo setup for verified boot based on qemu is available at https://github.com/jluebbe/meta-code-signing. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>