| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
This will be useful for some packages using scons.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20211025130910.7257-2-ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Co-authored-by: Felicitas Jung <f.jung@pengutronix.de>
Signed-off-by: Felicitas Jung <f.jung@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210806104401.12401-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the code signing role 'kernel-modules' to supply the kernel with the
key for kernel module singing. This only works if kernel module signing
is enabled in the kernel config file, so write a short paragraph for the
"daily use" chapter in the docs what has to be considered when using
module signing in PTXdist.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210723142956.31879-2-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Additional trusted CAs can be necessary for certain use cases, see the
snippet in the docs.
Current kernels don't cope well with an empty CONFIG_SYSTEM_TRUSTED_KEYS
variable, so only add it when the singing provider actually supplies a
non-empty list of CA certificates.
The cs_get_* functions print undefined strings when the code signing
provider hasn't been installed into sysroot-host yet, which is usually
the case when kernel.make is parsed at PTXdist startup. Therefore, all
variables that make use of need to be evaluated recursively when they
are used ('=' instead of ':=', except the options for the perf and iio
tools, were this is not needed. All other recipes using KERNEL_*
variables also already take care of this.)
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210723142956.31879-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210714121619.27670-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210714120234.16196-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes cs_get_ca() to only output the CA if it actually
exists, so that this function can be used even if a signing provider
does not provide a CA for a role.
Additionally improve robustness against premature evaluation by printing
an error code if the signing provider was not set up yet. If the error
message is used as part of a URI, the user can at least get a hint about
the fact that an error happened.
Co-authored-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210715134224.25700-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A role group consists of one or more roles. It should be used where more
than one role is needed, but the exact names and/or number of roles
depend on the used code signing provider.
For example the generation of the imx HABv4 fuse table can use 1 to 4
SRK keys as input. If the signing provider is an HSM, the current
mechanism with continuous numbered URI may not work – role groups to the
rescue.
To make use of role groups, define roles as usual:
| r="imx-habv4-srk1"
| cs_define_role "${r}"
| cs_set_uri "${r}" "pkcs11:object=SRK CA 0"
| cs_append_ca_from_uri "${r}"
|
| r="imx-habv4-srk2"
| cs_define_role "${r}"
| cs_set_uri "${r}" "pkcs11:object=SRK CA 1"
| cs_append_ca_from_uri "${r}"
Now define a role group and add the roles to the group:
| g="imx-habv4-srk"
| cs_define_group "${g}"
| cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2"
Use the function cs_group_get_roles() to get the roles of a group.
In a later patch the function ptxd_make_imx_habv4_gen_table() is
converted to make use $(cs_group_get_roles imx-habv4-srk) to get the
roles of the imx-habv4-srk group.
Co-authored-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210708203941.30212-2-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We moved the IRC channel to Libera.Chat after the takeover and the
successive reboot of Freenode under new owners, and since the recent
database purge at Freenode, we no longer have control over the old
channel.
Link: https://lwn.net/Articles/857140/
Link: https://libera.chat/news/welcome-to-libera-chat
Link: https://www.devever.net/~hl/freenode_suicide
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Reviewed-by: Alexander Dahl <post@lespocky.de>
Message-Id: <20210616141429.17800-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210616155631.12180-2-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The "Adding new packages" section has become quite long already, to the
point that some headings have reached level five and no longer make it
into the table of contents. The subsections "Advanced rule files" and
"Patching packages" are also not only relevant for new packages, so
propagate them to their own sections.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210616155631.12180-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Found with `codespell -i 3 -w doc/*.rst`
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20210608065050.41038-3-ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
Move the "How to contribute" section before the "PTXdist Packages"
section, as it applies generally and not only for packages. Update the
Git URL, and add the Git web interface too.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210606145101.21027-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
I totally forgot that this subcommand existed when submitting the patch
for commit b87bbab6ea7e…
Fixes: b87bbab6ea7ed0cdc5ff (2021-05-25, "doc: contributing: mention lint and license checksums")
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210606133924.14878-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210525204018.1617-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
The RST custom link text syntax is
:ref:`custom text<Heading Text>`
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20210525160822.6416-1-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Another option to prevent unwanted implicit dependencies.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The archived messages at mail-archive.org only contains a few headers
and getting git-am-able patch mails from their HTML pages is quirky at
best. Replace the link with the new lore instance, which has a number of
advantages, like raw message contents with full headers, cloneable git
archives, and interoperability with the b4 command line tool.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210427200349.21939-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210427083030.7632-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210228234809.5294-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210207230157.22524-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
This should ease distinguishing inline code snippets from default text
and is also more similar to what the sphinx html outputs look like.
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Message-Id: <20200911103204.9745-1-ejo@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Three octal digits are not enough, we must also respect the
sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we
should be explicit here. This should also help to prevent permission
clashes when more than one packages install the same directory.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Acked-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20200819105909.21441-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
The install_copy label was in the wrong place, remove it. We already
had install_copy,reference too. Remove the ',reference' part from the
already existing to be in line with the other labels in the same file.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200819105144.17850-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200807104425.30276-3-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently any umask other than 0022 is not really supported. There is no
check but strange things may happen, either at build-time or at runtime.
Improve this by:
- setting the umask to 0022 if it it currently more permissive
- fail with a clear error message if it is more restrictive
Expand the documentation to explain the new behaviour.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
ptxdistHwVendor and ptxdistHwProduct may contain any character, including
spaces. This breaks building the PDF documentation.
Avoid this by replacing any sequence of special characters with a '-'.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
| |
ref_parameter.inc was renamed to ref_parameter.rst. Update the man page
generation to use the new file name.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200624160849.6966-2-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200624160849.6966-1-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: Roland Hieber <rhi@pengutronix.de>
Tested-by: Ladislav Michl <ladis@linux-mips.org>
Message-Id: <20200617143125.23999-7-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: Roland Hieber <rhi@pengutronix.de>
Tested-by: Ladislav Michl <ladis@linux-mips.org>
Message-Id: <20200617143125.23999-6-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: Roland Hieber <rhi@pengutronix.de>
Tested-by: Ladislav Michl <ladis@linux-mips.org>
Message-Id: <20200617143125.23999-5-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Split the lengthy developer's manual into multiple files to ease
navigation when editing.
No further change to the content.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: Roland Hieber <rhi@pengutronix.de>
Tested-by: Ladislav Michl <ladis@linux-mips.org>
Message-Id: <20200617143125.23999-4-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
This chapter is getting very long and could also profit from an extra
table of contents.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200604121533.27886-2-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200604121533.27886-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
|
| |
Make it possible to check all MD5 sums of license files by building all
report stages without also building the license report (which produces
tons of LaTeX output).
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200529091339.8396-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
|
|
| |
Update the toolchain fallback to OSELAS.Toolchain-2019.09.1 so the
official documentation suggests the latest bugfix release.
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Message-Id: <20200528082554.31439-1-p.zabel@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200423214035.2482-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
| |
Signed-off-by: Felicitas Jung <f.jung@pengutronix.de>
Reviewed-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200406120227.8669-1-f.jung@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
|
|
| |
Reviewed-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20200310212623.22821-4-post@lespocky.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
| |
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
