trustfence-cst: add support for CST 2.3.3

https://jira.digi.com/browse/DEL-5337 Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
2017-11-15 16:51:23 +01:00 · 2017-11-15 16:51:23 +01:00 · 14fc51147f
parent 3261119470
commit 14fc51147f
8 changed files with 57 additions and 48 deletions
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native.inc
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native.inc
@ -0,0 +1,50 @@
+# Copyright (C) 2017 Digi International
+SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
+DESCRIPTION = "Provides software code signing support designed for use with \
+i.MX processors that integrate the HAB library in the internal boot ROM."
+HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL"
+LICENSE = "CLOSED"
+
+DEPENDS = "openssl-native"
+
+SRC_URI = " \
+    file://cst-${PV}.tar.gz \
+    file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
+    file://0002-hab4_pki_tree.sh-automate-script.patch \
+    file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \
+    file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \
+    file://Makefile \
+"
+
+# Usually local files (with file:// protocol) are not checked for
+# premirrors. But in this case we want to be able to download the 'cst'
+# package from a premirror in case it's not already in the DL_DIR, so prepend
+# a premirror for the 'file://' protocol.
+python() {
+    source_mirror_url = d.getVar('SOURCE_MIRROR_URL', True)
+    if source_mirror_url:
+        premirrors = d.getVar('PREMIRRORS', True)
+        d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors))
+}
+
+S = "${WORKDIR}/cst-${PV}"
+
+inherit native
+
+do_configure() {
+	cp -f ${WORKDIR}/Makefile .
+}
+
+do_compile() {
+	oe_runmake clean && oe_runmake
+}
+
+do_install() {
+	install -d ${D}${bindir}
+	install -m 0755 linux64/cst ${D}${bindir}/cst
+	install -m 0755 $(find linux64 -type f -name srktool) ${D}${bindir}/srktool
+	install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
+	install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf
+	install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf
+	install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf
+}
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb
@ -1,49 +1,3 @@
-SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
-DESCRIPTION = "Provides software code signing support designed for use with \
-i.MX processors that integrate the HAB library in the internal boot ROM."
-HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL"
-LICENSE = "CLOSED"
+# Copyright (C) 2017 Digi International

-DEPENDS = "openssl-native"
-
-SRC_URI = " \
-    ${@base_conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tar.gz', '', d)} \
-    file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
-    file://0002-hab4_pki_tree.sh-automate-script.patch \
-    file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \
-    file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \
-    file://Makefile \
-"
-
-# Usually local files (with file:// protocol) are not checked for
-# premirrors. But in this case we want to be able to download the 'cst'
-# package from a premirror in case it's not already in the DL_DIR, so prepend
-# a premirror for the 'file://' protocol.
-python() {
-    source_mirror_url = d.getVar('SOURCE_MIRROR_URL', True)
-    if source_mirror_url:
-        premirrors = d.getVar('PREMIRRORS', True)
-        d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors))
-}
-
-S = "${WORKDIR}/cst-${PV}"
-
-inherit native
-
-do_configure() {
-	cp -f ${WORKDIR}/Makefile .
-}
-
-do_compile() {
-	oe_runmake clean && oe_runmake
-}
-
-do_install() {
-	install -d ${D}${bindir}
-	install -m 0755 linux64/cst ${D}${bindir}/cst
-	install -m 0755 linux64/srktool ${D}${bindir}/srktool
-	install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
-	install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf
-	install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf
-	install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf
-}
+require trustfence-cst-native.inc
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.3.bb
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.3.bb
@ -0,0 +1,5 @@
+# Copyright (C) 2017 Digi International
+
+require trustfence-cst-native.inc
+
+INSANE_SKIP_${PN} += "already-stripped"
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0002-hab4_pki_tree.sh-automate-script.patch
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0002-hab4_pki_tree.sh-automate-script.patch
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0003-openssl_helper-use-dev-urandom-as-seed-source.patch
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0003-openssl_helper-use-dev-urandom-as-seed-source.patch
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile