Ana Sayfa Keşfet Yardım
Giriş Yap
vdd
/
meta-swupdate
şunun yansıması https://github.com/sbabic/meta-swupdate
1
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Revert "swupdate_class: Add support for engine signing"

This reverts commit 3ba81db8065a42b22a93f83d7436296ef36166c2.
George McCollister 8 yıl önce
ebeveyn
47ce33dfab
işleme
040c5884a7
2 değiştirilmiş dosya ile 2 ekleme ve 47 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 0 27
      README
  2. 2 20
      classes/swupdate.bbclass

+ 0 - 27
README
Dosyayı Görüntüle 

@@ -31,33 +31,6 @@ sw-description.sig which is included in the SWU file.
 
 Encrypted private keys are not currently supported since a secure 
 mechanism must exist to provide the passphrase.
 
 
-SWU image hardware signing
 
---------------------------
 
-
 
-One may prefer to sign the SWU image with a hardware token or hardware security
 
-module (HSM) which doesn't expose the private key.
 
-
 
-To enable, SWUPDATE_SIGNING_ENGINE must be set to an available openssl engine.
 
-
 
-Example:
 
-    SWUPDATE_SIGNING_ENGINE = "pkcs11"
 
-
 
-SWUPDATE_SIGNING_ENGINE_PATH may need to be set so that openssl can locate the
 
-engine.
 
-
 
-Example:
 
-    SWUPDATE_SIGNING_ENGINE_PATH = "/usr/lib"
 
-
 
-Instead of setting SWUPDATE_PRIVATE_KEY to the full path of a file, set it to
 
-a key string recognized by the engine used.
 
-
 
-Example:
 
-    SWUPDATE_PRIVATE_KEY = "pkcs11:model=SoftHSM%20v2;" \
 
-                           "manufacturer=SoftHSM%20project;" \
 
-                           "serial=1234567890;" \
 
-                           "token=test-token;pin-value=123456;" \
 
-                           "object=swupdate-test"
 
-
 
 Maintainer
 
 ----------

+ 2 - 20
classes/swupdate.bbclass
Dosyayı Görüntüle 

@@ -144,34 +144,16 @@ python do_swuimage () {
 
         privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
 
         if not privkey:
 
             bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
 
-
 
-        engine = d.getVar('SWUPDATE_SIGNING_ENGINE', True)
 
-        if engine:
 
-            engine = "-engine '%s' -keyform engine " % (engine)
 
-        elif not os.path.exists(privkey):
 
+        if not os.path.exists(privkey):
 
             bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey))
 
-        else:
 
-            engine = ""
 
-
 
-        engine_path = d.getVar('SWUPDATE_SIGNING_ENGINE_PATH', True)
 
-        if engine and engine_path:
 
-            engine_path = 'OPENSSL_ENGINES="%s" ' % (engine_path)
 
-        else:
 
-            engine_path = ""
 
-
 
         passout = d.getVar('SWUPDATE_PASSWORD_FILE', True)
 
         if passout:
 
             passout = "-passin file:'%s' " % (passout)
 
         else:
 
             passout = ""
 
-
 
-        # Sign with openssl.real, provided by openssl-native so OPENSSL_ENGINES
 
-        # can be overridden
 
-        signcmd = "%sopenssl.real dgst -sha256 -sign '%s' %s%s -out '%s' '%s'" % (
 
-            engine_path,
 
+        signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % (
 
             privkey,
 
             passout,
 
-            engine,
 
             os.path.join(s, 'sw-description.sig'),
 
             os.path.join(s, 'sw-description'))
 
         if os.system(signcmd) != 0: