[{"id":1749506,"web_url":"http://patchwork.ozlabs.org/comment/1749506/","msgid":"","list_archive_url":null,"date":"2017-08-17T10:44:22","subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","submitter":{"id":5771,"url":"http://patchwork.ozlabs.org/api/people/5771/","name":"Stefano Babic","email":"sbabic@denx.de"},"content":"Hi Maciej,\n\nOn 17/08/2017 10:25, Maciej Pijanowski wrote:\n> Signed-off-by: Maciej Pijanowski \n> ---\n> classes/swupdate.bbclass | 46 +++++++++++++++++++++++++++++++++++++---------\n> 1 file changed, 37 insertions(+), 9 deletions(-)\n> \n> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass\n> index 44e45461401c..28297ca41a1c 100644\n> --- a/classes/swupdate.bbclass\n> +++ b/classes/swupdate.bbclass\n> @@ -1,5 +1,5 @@\n> # Copyright (C) 2015 Stefano Babic \n> -# \n> +#\n> # Some parts from the patch class\n> #\n> # swupdate allows to generate a compound image for the\n> @@ -14,7 +14,7 @@\n> \n> S = \"${WORKDIR}/${PN}\"\n> \n> -DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) == '1' else ''}\"\n> +DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}\"\n> IMAGE_DEPENDS ?= \"\"\n> \n> def swupdate_is_hash_needed(s, filename):\n> @@ -101,7 +101,7 @@ python do_swuimage () {\n> fetch = bb.fetch2.Fetch([], d)\n> list_for_cpio = [\"sw-description\"]\n> \n> - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> + if d.getVar('SWUPDATE_SIGNING', True):\n> list_for_cpio.append('sw-description.sig')\n> \n> for url in fetch.urls:\n> @@ -140,12 +140,20 @@ python do_swuimage () {\n> hash = swupdate_get_sha256(s, file)\n> swupdate_write_sha256(s, file, hash)\n> \n> - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> - if sign_tool:\n> - if os.system(sign_tool) != 0:\n> - bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> - else:\n> + signing = d.getVar('SWUPDATE_SIGNING', True)\n> + if signing == \"1\":\n> + bb.warn('SWUPDATE_SIGNING = \"1\" is deprecated, falling back to \"RSA\". It is advised to set it to \"RSA\" if using RSA signing.')\n> + signing = \"RSA\"\n> + if signing:\n> + if signing == \"CUSTOM\":\n> + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> + if sign_tool:\n> + ret = os.system(sign_tool)\n> + if ret != 0:\n> + bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> + else:\n> + bb.fatal(\"Custom SWUPDATE_SIGN_TOOL is not given\")\n> + elif signing == \"RSA\":\n> privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)\n> if not privkey:\n> bb.fatal(\"SWUPDATE_PRIVATE_KEY isn't set\")\n> @@ -163,6 +171,26 @@ python do_swuimage () {\n> os.path.join(s, 'sw-description'))\n> if os.system(signcmd) != 0:\n> bb.fatal(\"Failed to sign sw-description with %s\" % (privkey))\n> + elif signing == \"CMS\":\n> + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)\n> + if not cms_cert:\n> + bb.fatal(\"SWUPDATE_CMS_CERT is not set\")\n> + if not os.path.exists(cms_cert):\n> + bb.fatal(\"SWUPDATE_CMS_CERT %s doesn't exist\" % (cms_cert))\n> + cms_key = d.getVar('SWUPDATE_CMS_KEY', True)\n> + if not cms_key:\n> + bb.fatal(\"SWUPDATE_CMS_KEY isn't set\")\n> + if not os.path.exists(cms_key):\n> + bb.fatal(\"SWUPDATE_CMS_KEY %s doesn't exist\" % (cms_key))\n> + signcmd = \"openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary\" % (\n> + os.path.join(s, 'sw-description'),\n> + os.path.join(s, 'sw-description.sig'),\n> + cms_cert,\n> + cms_key)\n> + if os.system(signcmd) != 0:\n> + bb.fatal(\"Failed to sign sw-description with %s\" % (privkey))\n> + else:\n> + bb.fatal(\"Unrecognized SWUPDATE_SIGNING mechanism.\");\n> \n> line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(deploydir,d.getVar('IMAGE_NAME', True) + '.swu')\n> os.system(\"cd \" + s + \";\" + line)\n> \n\nAcked-by: Stefano Babic \n\nBest regards,\nStefano Babic","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=googlegroups.com\n\t(client-ip=2a00:1450:4010:c07::23c;\n\thelo=mail-lf0-x23c.google.com;\n\tenvelope-from=swupdate+bncbaabbc7h2xgakgqe4zqpfda@googlegroups.com;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlegroups.com header.i=@googlegroups.com\n\theader.b=\"QLFz3Km4\"; dkim-atps=neutral"],"Received":["from mail-lf0-x23c.google.com (mail-lf0-x23c.google.com\n\t[IPv6:2a00:1450:4010:c07::23c])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xY2sB44zkz9t2x\n\tfor ;\n\tThu, 17 Aug 2017 20:44:30 +1000 (AEST)","by mail-lf0-x23c.google.com with SMTP id w199sf2179715lff.0\n\tfor ;\n\tThu, 17 Aug 2017 03:44:30 -0700 (PDT)","by 10.46.69.194 with SMTP id s185ls100258lja.17.gmail; Thu, 17 Aug\n\t2017 03:44:27 -0700 (PDT)","from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9])\n\tby gmr-mx.google.com with ESMTPS id\n\tr143si1744389wme.3.2017.08.17.03.44.27\n\tfor \n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tThu, 17 Aug 2017 03:44:27 -0700 (PDT)","from frontend01.mail.m-online.net (unknown [192.168.8.182])\n\tby mail-out.m-online.net (Postfix) with ESMTP id 3xY2s70ZlCz1qql6;\n\tThu, 17 Aug 2017 12:44:27 +0200 (CEST)","from localhost (dynscan1.mnet-online.de [192.168.6.70])\n\tby mail.m-online.net (Postfix) with ESMTP id 3xY2s64gM0z3jR9q;\n\tThu, 17 Aug 2017 12:44:26 +0200 (CEST)","from mail.mnet-online.de ([192.168.8.182])\n\tby localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id qFHJszc19iDz; Thu, 17 Aug 2017 12:44:25 +0200 (CEST)","from babic.homelinux.org\n\t(host-88-217-136-221.customer.m-online.net [88.217.136.221])\n\t(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mail.mnet-online.de (Postfix) with ESMTPS;\n\tThu, 17 Aug 2017 12:44:25 +0200 (CEST)","from localhost (mail.babic.homelinux.org [127.0.0.1])\n\tby babic.homelinux.org (Postfix) with ESMTP id 37A9045405ED;\n\tThu, 17 Aug 2017 12:44:25 +0200 (CEST)","from babic.homelinux.org ([127.0.0.1])\n\tby localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id oIQBnIo38SYw; Thu, 17 Aug 2017 12:44:22 +0200 (CEST)","from [192.168.178.132] (papero.fritz.box [192.168.178.132])\n\tby babic.homelinux.org (Postfix) with ESMTP id 9EDFD45403C3;\n\tThu, 17 Aug 2017 12:44:22 +0200 (CEST)"],"ARC-Seal":["i=2; a=rsa-sha256; t=1502966667; cv=pass;\n\td=google.com; s=arc-20160816;\n\tb=yeBVQprOesZWYW39mv/xYpMupndtIjKEUoFu02pNFUKw0ez1Haba2lbWl7nxRKJZ4w\n\tmO0ClHsbLkn1w1HHbj3Ay3iNTt3MyPZObEBUtSAipOEQ7g/MUKl7gnd51OgzFPKUWFs4\n\tyB7CkwVRyU0U73RVjV6qmWFiyYvylkMnB8Pz4WW/7fO3zvow+l5TkQc92I3xwN4j1mNP\n\tMe2ARAubCUBYGxdXTsW9/J90w/f+g6i8RBKlmls6mb8NIEX4dNM5rY0SAyYmHpwqwkBm\n\tJdSgFg9WMFuNaAtymVgGEIlw5qHFrXtgEV3cBI8zMvQJPmd8rkRYtKIyM8ivwsKQcCtw\n\t4LDQ==","i=1; a=rsa-sha256; t=1502966667; cv=none;\n\td=google.com; s=arc-20160816;\n\tb=AYXdU+45TwsbcXK6Mby+O8foBLwkeDA4HAAywLmVj2+COlqmBfo7kmtVlp9sgsN/TN\n\tUFAXJHaINYjKueNKvpobF593LqwlM3wFMGmvq3R9FW8xugt1bkOYZwYoAMW581KgIrnF\n\tMNx7G3WpqtLQyNqsjyKkXnsjqkqleQ0CxZum5ewLgnuI44vsErZZd/tKMYigPoZ1IoJT\n\tFukNVHUdz71qgM4J5N3pNx+gJebFMVO7AOb2d1UC9PkU47+rK4t249Jx7aW16b6g6C/+\n\tHOlTievvvEzOOjuejCjJTj4Y/0hP3RAc7lPq54+G6bpZscHTcVjNbx8bPWCIfaK4pMeY\n\tu5zw=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n\t:list-id:mailing-list:precedence:content-language:in-reply-to\n\t:mime-version:user-agent:date:message-id:from:references:cc:to\n\t:subject:arc-authentication-results:arc-message-signature:sender\n\t:dkim-signature:arc-authentication-results;\n\tbh=yBAYEIcBQnCrwK/vpaJyskWONgAdJAL8jmJ3qOmTlBk=;\n\tb=G2Y7qrNrMgMPeLFPUsCU/ci1ZVKlQPygnMxRaeuM8GCmE+w9NhEsZagRTgGCYG/lc4\n\tLtFZL8K9zcbTqxjfuI59AmG85MkpKQcvdcoxdlxgfyPLA6LxAEoPPkyYBux3dcXpANr8\n\tyeyBnzH49rXLl7DsKuZY/fGnQTlepN0eYS2+ePHOHAw+gyCcCik4E+Tt+OLS35xyslq3\n\tloD8cDW74Si52+ihYjB5HJ9Z+TBXDroZJRWIu7ZUHlQzQw55mFX1UxzvYxbVuRYvzw92\n\tOH7ob8CzV2VvWdunYwGEHEHx6zuC1HDikHWVOeHlqtkvV9UwwC/zoErEIgdXICR45Dvm\n\tRx6w==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=content-transfer-encoding:content-language:in-reply-to:mime-version\n\t:user-agent:date:message-id:from:references:cc:to:subject\n\t:arc-authentication-results;\n\tbh=xW1uCT79s0JdjjgmvEm0C2CuRuBou7npIRpwxQPsUv4=;\n\tb=PgepCgp2uchQFd/6a6xIMhmxL6w1Z2pU5s0tdXMi6A61HWDrN4atfQbXksBYfFek9U\n\t3xu84fd4gk4TwkOWg6SgZdG+VM1Q7kX2y/8pp49g4EN4W3y+byceEWjIONl6PUdgwGRQ\n\tKY+Uqxl/mZneRYAtpT+cbgcEeb4rK8yuwptjvf+yMdL814i8z7EDOsxAIgLuH05wOAcD\n\tSjQNApbksZRNuGEDVm9+Q/kzW2EqZRCR966ueB/MXfReS6padAwGnx9yiicAheuBovxh\n\t1E7Q/39nrCcYGZ2Dy0uP29ijTOzp0lo1LY8uYu4kKOBSC8mWARqQG28ieMSjjnXMu50X\n\tNFzQ=="],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de","i=1; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlegroups.com; s=20161025;\n\th=sender:subject:to:cc:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:x-original-sender\n\t:x-original-authentication-results:precedence:mailing-list:list-id\n\t:list-post:list-help:list-archive:list-subscribe:list-unsubscribe;\n\tbh=yBAYEIcBQnCrwK/vpaJyskWONgAdJAL8jmJ3qOmTlBk=;\n\tb=QLFz3Km4CMAASdMjOmTgfCi7fqX8lvHXotTp9GK3CNMoamor1FeqpmUK/YkXj4WHwD\n\tdAv0LPkuakHpjqpDPdwfjim9r+lzxvOSSp/Qm37Z/Z02MwVCNKZEK4HfE8eK/ggBah1c\n\tOImQFCg/28mCfCVUFJZKc9/zh9KtbU26RWsaHvvSzd05bSw2dDZLXt0Xntyu9rEKgqWy\n\touVw+uim1laxBW4qh3jsDvLyOG2hvVb+QetJLW8MYEaKR2LoC3UGnJG/FkvKXn4WiA29\n\tLOofzNHga0Z8HeDNHpmZNTqwuVxBihbTRneUy2qcNmv2+L1ooyUp6jO3759+7tn1OAvo\n\tpY6A==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=sender:x-gm-message-state:subject:to:cc:references:from:message-id\n\t:date:user-agent:mime-version:in-reply-to:content-language\n\t:x-original-sender:x-original-authentication-results:precedence\n\t:mailing-list:list-id:x-spam-checked-in-group:list-post:list-help\n\t:list-archive:list-subscribe:list-unsubscribe;\n\tbh=yBAYEIcBQnCrwK/vpaJyskWONgAdJAL8jmJ3qOmTlBk=;\n\tb=U84/LR/O9SIkTyb8W0oYRfzz/rrR7KGpIsd4SXVDnRya4/pIwU3o5rnYZYuDOTgBW6\n\tqnMSv1Af7k+dMsgrdYZ2P0DMlHBqmlxReV+jh+Xsey6fk1uU+qUBoFmv2h/8x72UDpu6\n\tgdb319GWjaqmPsIY49JOEIeXjIHwp40rWwhMrBZwDpZpXjkgAjUF3SExdOjAVoant9Yw\n\tEqNLSj5VERTCVJIi4LjV+3slJXxajcwgjj+mI6+OkfJD2Htul9UiD8aEvhIE9G5ceMaL\n\t0ElCrbeg9VIyts8Biq95VeAZV5m3PQKMUDe/Vnke2ho2tC+03OuCSxF1P5jRJNemBtsY\n\tsWNg==","Sender":"swupdate@googlegroups.com","X-Gm-Message-State":"AHYfb5hY7sTQLjDEvtf3W8+tDvgtD/NONAJVA3Qqd5fy8lXv24R/A7m7\n\tcFtKeihnXI4j+Q==","X-Received":["by 10.46.83.12 with SMTP id h12mr9572ljb.16.1502966667683;\n\tThu, 17 Aug 2017 03:44:27 -0700 (PDT)","by 10.25.32.146 with SMTP id g140mr964029lfg.26.1502966667305;\n\tThu, 17 Aug 2017 03:44:27 -0700 (PDT)"],"X-BeenThere":"swupdate@googlegroups.com","Received-SPF":"neutral (google.com: 212.18.0.9 is neither permitted nor\n\tdenied by best guess record for domain of sbabic@denx.de)\n\tclient-ip=212.18.0.9; ","X-Virus-Scanned":["amavisd-new at mnet-online.de","Debian amavisd-new at babic.homelinux.org"],"Subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","To":"Maciej Pijanowski ,\n\tswupdate@googlegroups.com","Cc":"piotr.krol@3mdeb.com","References":"<1502958326-1780-1-git-send-email-maciej.pijanowski@3mdeb.com>","From":"Stefano Babic ","Message-ID":"","Date":"Thu, 17 Aug 2017 12:44:22 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<1502958326-1780-1-git-send-email-maciej.pijanowski@3mdeb.com>","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Language":"en-GB","X-Original-Sender":"sbabic@denx.de","X-Original-Authentication-Results":"gmr-mx.google.com; spf=neutral\n\t(google.com: 212.18.0.9 is neither permitted nor denied by best guess\n\trecord\n\tfor domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n\tcontact swupdate+owners@googlegroups.com","List-ID":"","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":",\n\t","List-Help":",\n\t","List-Archive":",\n\t","List-Unsubscribe":",\n\t"}},{"id":1752559,"web_url":"http://patchwork.ozlabs.org/comment/1752559/","msgid":"<164f9a4c-5ce6-e313-ff5b-36f156f7c151@denx.de>","list_archive_url":null,"date":"2017-08-21T09:16:53","subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","submitter":{"id":5771,"url":"http://patchwork.ozlabs.org/api/people/5771/","name":"Stefano Babic","email":"sbabic@denx.de"},"content":"On 17/08/2017 10:25, Maciej Pijanowski wrote:\n> Signed-off-by: Maciej Pijanowski \n> ---\n> classes/swupdate.bbclass | 46 +++++++++++++++++++++++++++++++++++++---------\n> 1 file changed, 37 insertions(+), 9 deletions(-)\n> \n> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass\n> index 44e45461401c..28297ca41a1c 100644\n> --- a/classes/swupdate.bbclass\n> +++ b/classes/swupdate.bbclass\n> @@ -1,5 +1,5 @@\n> # Copyright (C) 2015 Stefano Babic \n> -# \n> +#\n> # Some parts from the patch class\n> #\n> # swupdate allows to generate a compound image for the\n> @@ -14,7 +14,7 @@\n> \n> S = \"${WORKDIR}/${PN}\"\n> \n> -DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) == '1' else ''}\"\n> +DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}\"\n> IMAGE_DEPENDS ?= \"\"\n> \n> def swupdate_is_hash_needed(s, filename):\n> @@ -101,7 +101,7 @@ python do_swuimage () {\n> fetch = bb.fetch2.Fetch([], d)\n> list_for_cpio = [\"sw-description\"]\n> \n> - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> + if d.getVar('SWUPDATE_SIGNING', True):\n> list_for_cpio.append('sw-description.sig')\n> \n> for url in fetch.urls:\n> @@ -140,12 +140,20 @@ python do_swuimage () {\n> hash = swupdate_get_sha256(s, file)\n> swupdate_write_sha256(s, file, hash)\n> \n> - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> - if sign_tool:\n> - if os.system(sign_tool) != 0:\n> - bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> - else:\n> + signing = d.getVar('SWUPDATE_SIGNING', True)\n> + if signing == \"1\":\n> + bb.warn('SWUPDATE_SIGNING = \"1\" is deprecated, falling back to \"RSA\". It is advised to set it to \"RSA\" if using RSA signing.')\n> + signing = \"RSA\"\n> + if signing:\n> + if signing == \"CUSTOM\":\n> + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> + if sign_tool:\n> + ret = os.system(sign_tool)\n> + if ret != 0:\n> + bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> + else:\n> + bb.fatal(\"Custom SWUPDATE_SIGN_TOOL is not given\")\n> + elif signing == \"RSA\":\n> privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)\n> if not privkey:\n> bb.fatal(\"SWUPDATE_PRIVATE_KEY isn't set\")\n> @@ -163,6 +171,26 @@ python do_swuimage () {\n> os.path.join(s, 'sw-description'))\n> if os.system(signcmd) != 0:\n> bb.fatal(\"Failed to sign sw-description with %s\" % (privkey))\n> + elif signing == \"CMS\":\n> + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)\n> + if not cms_cert:\n> + bb.fatal(\"SWUPDATE_CMS_CERT is not set\")\n> + if not os.path.exists(cms_cert):\n> + bb.fatal(\"SWUPDATE_CMS_CERT %s doesn't exist\" % (cms_cert))\n> + cms_key = d.getVar('SWUPDATE_CMS_KEY', True)\n> + if not cms_key:\n> + bb.fatal(\"SWUPDATE_CMS_KEY isn't set\")\n> + if not os.path.exists(cms_key):\n> + bb.fatal(\"SWUPDATE_CMS_KEY %s doesn't exist\" % (cms_key))\n> + signcmd = \"openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary\" % (\n> + os.path.join(s, 'sw-description'),\n> + os.path.join(s, 'sw-description.sig'),\n> + cms_cert,\n> + cms_key)\n> + if os.system(signcmd) != 0:\n> + bb.fatal(\"Failed to sign sw-description with %s\" % (privkey))\n> + else:\n> + bb.fatal(\"Unrecognized SWUPDATE_SIGNING mechanism.\");\n> \n> line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(deploydir,d.getVar('IMAGE_NAME', True) + '.swu')\n> os.system(\"cd \" + s + \";\" + line)\n> \n\nApplied to -master, -pyro, thanks !\n\nBest regards,\nStefano Babic","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=googlegroups.com\n\t(client-ip=2a00:1450:400c:c0c::237;\n\thelo=mail-wr0-x237.google.com;\n\tenvelope-from=swupdate+bncbaabbc6k5lgakgqeobmllmq@googlegroups.com;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlegroups.com header.i=@googlegroups.com\n\theader.b=\"eL6YOfTA\"; dkim-atps=neutral"],"Received":["from mail-wr0-x237.google.com (mail-wr0-x237.google.com\n\t[IPv6:2a00:1450:400c:c0c::237])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xbSkR4z0nz9s0Z\n\tfor ;\n\tMon, 21 Aug 2017 19:17:02 +1000 (AEST)","by mail-wr0-x237.google.com with SMTP id p8sf3715908wrf.0\n\tfor ;\n\tMon, 21 Aug 2017 02:17:02 -0700 (PDT)","by 10.25.80.87 with SMTP id z23ls542411lfj.10.gmail; Mon, 21 Aug\n\t2017 02:16:58 -0700 (PDT)","from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9])\n\tby gmr-mx.google.com with ESMTPS id\n\tk84si2597607wmh.5.2017.08.21.02.16.58\n\tfor \n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tMon, 21 Aug 2017 02:16:58 -0700 (PDT)","from frontend01.mail.m-online.net (unknown [192.168.8.182])\n\tby mail-out.m-online.net (Postfix) with ESMTP id 3xbSkL3Csvz1rCg9;\n\tMon, 21 Aug 2017 11:16:58 +0200 (CEST)","from localhost (dynscan1.mnet-online.de [192.168.6.70])\n\tby mail.m-online.net (Postfix) with ESMTP id 3xbSkL2fr1z3j378;\n\tMon, 21 Aug 2017 11:16:58 +0200 (CEST)","from mail.mnet-online.de ([192.168.8.182])\n\tby localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id Qd73ix28LeT7; Mon, 21 Aug 2017 11:16:57 +0200 (CEST)","from babic.homelinux.org\n\t(host-88-217-136-221.customer.m-online.net [88.217.136.221])\n\t(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mail.mnet-online.de (Postfix) with ESMTPS;\n\tMon, 21 Aug 2017 11:16:57 +0200 (CEST)","from localhost (mail.babic.homelinux.org [127.0.0.1])\n\tby babic.homelinux.org (Postfix) with ESMTP id CBFD745404AE;\n\tMon, 21 Aug 2017 11:16:56 +0200 (CEST)","from babic.homelinux.org ([127.0.0.1])\n\tby localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id xt-mV8wY9VMM; Mon, 21 Aug 2017 11:16:54 +0200 (CEST)","from [192.168.178.132] (papero.fritz.box [192.168.178.132])\n\tby babic.homelinux.org (Postfix) with ESMTP id 2EF09454019C;\n\tMon, 21 Aug 2017 11:16:54 +0200 (CEST)"],"ARC-Seal":["i=2; a=rsa-sha256; t=1503307019; cv=pass;\n\td=google.com; s=arc-20160816;\n\tb=RtIfzxubvZ+JlZHDmDssl+RgoQEU8X96rq8eJdl6B0/O2zfVodj/IfCrfV/82Hvy0J\n\tzPR0egX4uh6dJrytfv0O30lgjPafBhY8YPlwZmtjUiQ80ziJyfE4qBs9dqSiJNJCTQ/v\n\t4FMNK5RxP0N0UqQlhgnwgWRHbj5gGTye4DnNXCr74T02vEBcvoWz2YANtaHXCBVBo7cR\n\tJxKjWAqKmQ5jVaQMZiBD4SMilmA2vORpyjU3bXDgAIbzsHNiYb2L9YXgIZ2Rpr1VMEYP\n\tfOQgnVu2sALOxM2m0v0vOPPz57c5TdZtQ8rxQePhp5TBg8P2MrvQHfS+SQcBJYKiXKlU\n\tkSKA==","i=1; a=rsa-sha256; t=1503307018; cv=none;\n\td=google.com; s=arc-20160816;\n\tb=VUr00XSYAWyTdFwlQiET4vmfax+uCFocCm0ziCSc2uJUGtvUxk2/+7w/99hIwrDTwF\n\tlICZE8Qsenn6KEopttTr+8yDCkJBJSReLRwB5F6ff7ye89544ImC9tkhcHBM528iob9J\n\t5TAFuKVnyKBRqegRPyBHD9n/G37qqPyMurY/wZOeNvCpECSXNy1vsaisvvU0GuLMEcIw\n\tiPtWP9nHuKuFG0f16MoVGa857v/JwEwc4ZN1em0vRBUXOD2dvhcdV+mdvwcrXbmwW6/z\n\tKR/ctr6m1pXfo4ah3kY0DBIb8pWTjirRCiiFpkO00SxN7BfziJ7Bi06Y/+imdmdOyTU0\n\t4aLA=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n\t:list-id:mailing-list:precedence:content-language:in-reply-to\n\t:mime-version:user-agent:date:message-id:from:references:cc:to\n\t:subject:arc-authentication-results:arc-message-signature:sender\n\t:dkim-signature:arc-authentication-results;\n\tbh=aSzeQp4WzvAYR1PMGxa2Disr6s2yO2qt0jUvmt68nQg=;\n\tb=buUt0HcZBFZ5U0rZubn83SaEk3ofSS93tAxv7wApx90NRn4/oyRhS5smuQSVP3PaJb\n\tFh7NzCok3IPwWJKZpaAL6PYQ9A54tsXoou93tsRMg4Aq7rXIjyzlseuuWMzIKyQwWq+d\n\tXWEx0qmH6GtEu8lTaCv6pqWOBWW5B6E9JKzV0P9JKonheLdnTSiaWC9nWmhmOMBoBp3i\n\tK3Kt5XPKevVIVQyvVLvTAN1q/WVEEz/KO5v9O/LV9gSkSb2eGJcYSH9Mcos/WKOpPcOT\n\tfu2sGtRpxVXtOHrB4RABTJ20ZzU/r6fqdoBhGhPJbq+bgQJPIa+Z5jvCf6CWLp4PIG26\n\tnUTA==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=content-transfer-encoding:content-language:in-reply-to:mime-version\n\t:user-agent:date:message-id:from:references:cc:to:subject\n\t:arc-authentication-results;\n\tbh=TQAZGVLPB/hUDnUyR03pfQb5LXCPZs+xbBCiQBf4e0o=;\n\tb=KJlD6EMiDtkU1LKuqRBO0EUPJS1usw6Jqz1gk+Rw/Cnny4G97wvskQbGRjCCS3YCWG\n\tdvcdNUyrb4ATL2gtshZOvTaeZD0S8Y92wjjnKrRH0VFrIIZ0Oxg2U69zkkchfSQW9ZX/\n\t4ALCzZA/dXEyZNGQshJYRsGdXVOTu1O3/VEvoQNW8tRrgSG3OkEb1rD74INHwOk3sjh5\n\tANzZWVRAta5I1mruRR6B9M0Ppur8pKxQjfpBit09m87t7syVLMuh8m+tvLraro8wBX2w\n\tvUMl7WGvMdZTbRRkpBHXJopJCNpyXTDO3xLlqPG5vS27IsnNTSzaZJ3edReHK5r9/FhC\n\txqhQ=="],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de","i=1; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlegroups.com; s=20161025;\n\th=sender:subject:to:cc:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:x-original-sender\n\t:x-original-authentication-results:precedence:mailing-list:list-id\n\t:list-post:list-help:list-archive:list-subscribe:list-unsubscribe;\n\tbh=aSzeQp4WzvAYR1PMGxa2Disr6s2yO2qt0jUvmt68nQg=;\n\tb=eL6YOfTABxLbo11mWH8N/k92RR/SgOg4HV1bqePxsjeUyQh/Q1YD0XNuTwDRnm5CyG\n\tzt4aH5mPje4nLeilEhWj59hw+PIHIyE5bC+6zkQp0jPfsKfCIVw+tkuVnqSPeWU0CPfb\n\tu3cqsqM3gmSxL68W5wtRr0rEMC2n9OioGMLRVCFW/HBpjylonU2FPGPDNMqjo/aVrUtj\n\tqm4h2a41aNRdTKA/c8JFZhJipAk63bbBBgo+g3V3Oqeyff2PphPCLQI8c9HsgdUY6LiA\n\t2kf7rGSYbEXn4Fg+I1T1dNkM/oVQTu0uOhdOebPfENkrgn6G2zLKK5k1NWGwDn6F6cGg\n\t7OoQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=sender:x-gm-message-state:subject:to:cc:references:from:message-id\n\t:date:user-agent:mime-version:in-reply-to:content-language\n\t:x-original-sender:x-original-authentication-results:precedence\n\t:mailing-list:list-id:x-spam-checked-in-group:list-post:list-help\n\t:list-archive:list-subscribe:list-unsubscribe;\n\tbh=aSzeQp4WzvAYR1PMGxa2Disr6s2yO2qt0jUvmt68nQg=;\n\tb=DVWPr7rxmcGzcAX5bbFAmSja5yGmFrtDutz6cEidUb8XqsZGXWStoSkWJwO8/HqIDz\n\twv4Na7s0/wkK4VYAy+1yxppNvJPAfkg1yFu+X/9GnjJVSRM7IiLXOiAXxmnslh8yukTQ\n\tE0EOHl6Go9QqN7GNAQpSxB+XNF/6EQnl4iV9Q1Xb107/OFLim5pIBnPWR811+KQTfHOf\n\twKtFMZHy9JdBIMnpG5L/XWYbcPwVLx/852lEalczgpA+3RHoWwnL4+ocWql/zW5TvMrl\n\t3KjvOEGuuyI2I+Y30L8FASK1TSYPQ24Vuxgf6U5jgrMkhAEPbdN+OOf8WU5zInMMsozz\n\tPNxw==","Sender":"swupdate@googlegroups.com","X-Gm-Message-State":"AHYfb5h7r7T8s/FoYVMcPhrpgG82Z4mQvWf+0Eo4hI8s7ovrTe3+l+ww\n\twQSGalw8wznmNA==","X-Received":["by 10.46.19.10 with SMTP id 10mr33429ljt.1.1503307019369;\n\tMon, 21 Aug 2017 02:16:59 -0700 (PDT)","by 10.25.19.24 with SMTP id j24mr547234lfi.21.1503307018700;\n\tMon, 21 Aug 2017 02:16:58 -0700 (PDT)"],"X-BeenThere":"swupdate@googlegroups.com","Received-SPF":"neutral (google.com: 212.18.0.9 is neither permitted nor\n\tdenied by best guess record for domain of sbabic@denx.de)\n\tclient-ip=212.18.0.9; ","X-Virus-Scanned":["amavisd-new at mnet-online.de","Debian amavisd-new at babic.homelinux.org"],"Subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","To":"Maciej Pijanowski ,\n\tswupdate@googlegroups.com","Cc":"piotr.krol@3mdeb.com","References":"<1502958326-1780-1-git-send-email-maciej.pijanowski@3mdeb.com>","From":"Stefano Babic ","Message-ID":"<164f9a4c-5ce6-e313-ff5b-36f156f7c151@denx.de>","Date":"Mon, 21 Aug 2017 11:16:53 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<1502958326-1780-1-git-send-email-maciej.pijanowski@3mdeb.com>","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Language":"en-GB","X-Original-Sender":"sbabic@denx.de","X-Original-Authentication-Results":"gmr-mx.google.com; spf=neutral\n\t(google.com: 212.18.0.9 is neither permitted nor denied by best guess\n\trecord\n\tfor domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n\tcontact swupdate+owners@googlegroups.com","List-ID":"","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":",\n\t","List-Help":",\n\t","List-Archive":",\n\t","List-Unsubscribe":",\n\t"}},{"id":1764582,"web_url":"http://patchwork.ozlabs.org/comment/1764582/","msgid":"","list_archive_url":null,"date":"2017-09-07T08:26:25","subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","submitter":{"id":72315,"url":"http://patchwork.ozlabs.org/api/people/72315/","name":"Diego Rondini","email":"diego.rondini@kynetics.com"},"content":"Hi Stefano and Maciej,\n\nI just wanted to let you know that with this change an update of the\ndocumentation in the README is required, as now SWUPDATE_SIGNING can have\nvalues CUSTOM, RSA or CMS.\n\nhttps://github.com/sbabic/meta-swupdate/blob/master/README#L21\n\nBests,\nDiego Rondini\nSr. Embedded Engineer\n\nKynetics\nwww.kynetics.com\n\n\nOn Mon, Aug 21, 2017 at 11:16 AM, Stefano Babic wrote:\n\n> On 17/08/2017 10:25, Maciej Pijanowski wrote:\n> > Signed-off-by: Maciej Pijanowski \n> > ---\n> > classes/swupdate.bbclass | 46 ++++++++++++++++++++++++++++++\n> +++++++---------\n> > 1 file changed, 37 insertions(+), 9 deletions(-)\n> >\n> > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass\n> > index 44e45461401c..28297ca41a1c 100644\n> > --- a/classes/swupdate.bbclass\n> > +++ b/classes/swupdate.bbclass\n> > @@ -1,5 +1,5 @@\n> > # Copyright (C) 2015 Stefano Babic \n> > -#\n> > +#\n> > # Some parts from the patch class\n> > #\n> > # swupdate allows to generate a compound image for the\n> > @@ -14,7 +14,7 @@\n> >\n> > S = \"${WORKDIR}/${PN}\"\n> >\n> > -DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True)\n> == '1' else ''}\"\n> > +DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True)\n> else ''}\"\n> > IMAGE_DEPENDS ?= \"\"\n> >\n> > def swupdate_is_hash_needed(s, filename):\n> > @@ -101,7 +101,7 @@ python do_swuimage () {\n> > fetch = bb.fetch2.Fetch([], d)\n> > list_for_cpio = [\"sw-description\"]\n> >\n> > - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> > + if d.getVar('SWUPDATE_SIGNING', True):\n> > list_for_cpio.append('sw-description.sig')\n> >\n> > for url in fetch.urls:\n> > @@ -140,12 +140,20 @@ python do_swuimage () {\n> > hash = swupdate_get_sha256(s, file)\n> > swupdate_write_sha256(s, file, hash)\n> >\n> > - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> > - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> > - if sign_tool:\n> > - if os.system(sign_tool) != 0:\n> > - bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> > - else:\n> > + signing = d.getVar('SWUPDATE_SIGNING', True)\n> > + if signing == \"1\":\n> > + bb.warn('SWUPDATE_SIGNING = \"1\" is deprecated, falling back to\n> \"RSA\". It is advised to set it to \"RSA\" if using RSA signing.')\n> > + signing = \"RSA\"\n> > + if signing:\n> > + if signing == \"CUSTOM\":\n> > + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> > + if sign_tool:\n> > + ret = os.system(sign_tool)\n> > + if ret != 0:\n> > + bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> > + else:\n> > + bb.fatal(\"Custom SWUPDATE_SIGN_TOOL is not given\")\n> > + elif signing == \"RSA\":\n> > privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)\n> > if not privkey:\n> > bb.fatal(\"SWUPDATE_PRIVATE_KEY isn't set\")\n> > @@ -163,6 +171,26 @@ python do_swuimage () {\n> > os.path.join(s, 'sw-description'))\n> > if os.system(signcmd) != 0:\n> > bb.fatal(\"Failed to sign sw-description with %s\" %\n> (privkey))\n> > + elif signing == \"CMS\":\n> > + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)\n> > + if not cms_cert:\n> > + bb.fatal(\"SWUPDATE_CMS_CERT is not set\")\n> > + if not os.path.exists(cms_cert):\n> > + bb.fatal(\"SWUPDATE_CMS_CERT %s doesn't exist\" %\n> (cms_cert))\n> > + cms_key = d.getVar('SWUPDATE_CMS_KEY', True)\n> > + if not cms_key:\n> > + bb.fatal(\"SWUPDATE_CMS_KEY isn't set\")\n> > + if not os.path.exists(cms_key):\n> > + bb.fatal(\"SWUPDATE_CMS_KEY %s doesn't exist\" %\n> (cms_key))\n> > + signcmd = \"openssl cms -sign -in '%s' -out '%s' -signer\n> '%s' -inkey '%s' -outform DER -nosmimecap -binary\" % (\n> > + os.path.join(s, 'sw-description'),\n> > + os.path.join(s, 'sw-description.sig'),\n> > + cms_cert,\n> > + cms_key)\n> > + if os.system(signcmd) != 0:\n> > + bb.fatal(\"Failed to sign sw-description with %s\" %\n> (privkey))\n> > + else:\n> > + bb.fatal(\"Unrecognized SWUPDATE_SIGNING mechanism.\");\n> >\n> > line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done |\n> cpio -ov -H crc >' + os.path.join(deploydir,d.getVar('IMAGE_NAME', True)\n> + '.swu')\n> > os.system(\"cd \" + s + \";\" + line)\n> >\n>\n> Applied to -master, -pyro, thanks !\n>\n> Best regards,\n> Stefano Babic\n>\n> --\n> =====================================================================\n> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk\n> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany\n> Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic@denx.de\n> =====================================================================\n>\n> --\n> You received this message because you are subscribed to the Google Groups\n> \"swupdate\" group.\n> To unsubscribe from this group and stop receiving emails from it, send an\n> email to swupdate+unsubscribe@googlegroups.com.\n> To post to this group, send email to swupdate@googlegroups.com.\n> For more options, visit https://groups.google.com/d/optout.\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=googlegroups.com\n\t(client-ip=2607:f8b0:4001:c06::238;\n\thelo=mail-io0-x238.google.com;\n\tenvelope-from=swupdate+bncbckn5fetvucbbrufytgqkgqeybsdvtq@googlegroups.com;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlegroups.com header.i=@googlegroups.com\n\theader.b=\"iEKZCmNp\"; dkim-atps=neutral"],"Received":["from mail-io0-x238.google.com (mail-io0-x238.google.com\n\t[IPv6:2607:f8b0:4001:c06::238])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xntpf0Myzz9sRY\n\tfor ;\n\tThu, 7 Sep 2017 18:26:49 +1000 (AEST)","by mail-io0-x238.google.com with SMTP id y123sf535610iod.7\n\tfor ;\n\tThu, 07 Sep 2017 01:26:48 -0700 (PDT)","by 10.36.54.209 with SMTP id l200ls18466itl.14.gmail; Thu, 07 Sep\n\t2017 01:26:46 -0700 (PDT)","from mail-it0-x241.google.com (mail-it0-x241.google.com.\n\t[2607:f8b0:4001:c0b::241]) by gmr-mx.google.com with ESMTPS id\n\tp204si184896ywg.12.2017.09.07.01.26.46\n\tfor \n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tThu, 07 Sep 2017 01:26:46 -0700 (PDT)","by mail-it0-x241.google.com with SMTP id f64so613402itf.0\n\tfor ; Thu, 07 Sep 2017 01:26:46 -0700 (PDT)","by 10.107.166.17 with HTTP; Thu, 7 Sep 2017 01:26:25 -0700 (PDT)"],"ARC-Seal":["i=2; a=rsa-sha256; t=1504772807; cv=pass;\n\td=google.com; s=arc-20160816;\n\tb=kGSDgQ9aafszueLpN9d/2CKjnBXx9raUMn3NReKNEWHmE5fvRN0BX7dqgxf19AjtcY\n\ttM4+xh1ZMeu3wux3Oltyt3E5Wvxod1FKDtlkq0lsAUr/Yb9WBVifdCZIiPQzsmHlHkAe\n\tnklKaB6IvpahLPh0W+89jDVGYoh3n6XJ4FBeUqyL73BcKBX46lS1PXvqi9i6cJ7eCs/z\n\tcSv1e3pHuu+hXMLRe0wQbesnBP2h7maKAmwZMkilJ0AVyf2lAhe+DIqF7Kf9edVYke2b\n\tW8Ep5HRuQfyNzW0Pf3X0dUY7uy4zOZXcP0FqDXfzt6ygkQtNQqleG34zNflj9/mncudF\n\t4C3w==","i=1; a=rsa-sha256; t=1504772806; cv=none;\n\td=google.com; s=arc-20160816;\n\tb=MozMxMyj7sYv2RlB226HICI+z4nbV3wvqkYYy+x+kMpmSzyeD440aLeN+NgMeSciiB\n\tWTPCzBGqYyLZwot7AWwPtxO/+Fh3goNs5Kkf8y332E1lxa87p2p3Jlfo5VF1gfDsfiwI\n\tFeEa4zD29UOeVsjZ8aZya7wbFhnnqq6V5x0T398ASBoCilpWq0zuXXSmNllIXNVvB8Np\n\tDO56+k0mrYNhcTd7RlfMhDG/kygVzwLGs1zplPL7qDAgYS4FYBNe7ycxkWnIaVVrl8OG\n\t10ugzaUNKX0dPc7w7G1xSZUXrZApUPjRSWTjeFwFfP3mk4FdOhOq2OUl2zi/7O81+kqb\n\tPv8A=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n\t:list-id:mailing-list:precedence:cc:to:subject:message-id:date:from\n\t:references:in-reply-to:mime-version:arc-authentication-results\n\t:arc-message-signature:sender:dkim-signature\n\t:arc-authentication-results;\n\tbh=55H5tCQW5cA1jJFTSqvtayH8cjDEQ873wkUsVrTeud0=;\n\tb=Q31S3b4ufatLBIRqQAPq/LAhchiY2So0Sju+/+EoU+37ZS/GA5wF6IEo+eladjm3I0\n\tv4wNaaqfVa9uS8dirpCPczLs50u7wPrylW4vHtnoQi3FVv7Oocea4fXoX+yah0iyhzAU\n\t4cucpYJrc5GZXXaGVMG+dmD0d0QHuYHRXtlJpkIAllHn0PP7Rp2SW3/l1UVDQ3DNXrU1\n\txnZCnsgxX/KONuKReEbEPxaFLfnZFjkhKA2QxTrjGjh4FetAINDsJpGMfapXZwc2qd7K\n\t+f/JfEneSU0xj0Q49VnXqaWn2FIVINtJvwN7BOXNOfzIzS6EXEa5rBFLpqQGVTH1fURl\n\tScwQ==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=cc:to:subject:message-id:date:from:references:in-reply-to\n\t:mime-version:dkim-signature:arc-authentication-results;\n\tbh=TuDUllcHKDDRMokFrJgYUtzY8XKmdsT78ZZbRnaSPuI=;\n\tb=qmueL6xS+mVIuY6NJItvpBtnfypOBIZRZqM3Z+7RUWqqFBpU9rXb8hl0MTEKET//IT\n\tUi46dVAxibErW7hLsIM1rCx/BLmxK/+KuLv8VesS3rPtj3emwSk47/WnayS6MeII/8ff\n\tzD3GTqPZbfYqaSz85S/Q6ZU94B8TItD27mUvQmjDlzxXhOZvZsnMpuGfIH1nQpAoqnS+\n\t70HaoE+VJiG8HyTqO8tlVPhe+OWVzgQIcscszhEY2EcFnrq/yjYm5oUbWdHKz5QTM2YP\n\tkD99aVRbmlGUF3s6CtIyRNC8fSn2cIWHCVdawLNYxEve+QL8VcL7BtlWfpjPexLFBsT3\n\tyutg=="],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n\tdkim=pass header.i=@kynetics-com.20150623.gappssmtp.com\n\theader.s=20150623 header.b=SpjnT0Ex; \n\tspf=neutral (google.com: 2607:f8b0:4001:c0b::241 is neither permitted\n\tnor denied by domain of diego.rondini@kynetics.com)\n\tsmtp.mailfrom=diego.rondini@kynetics.com","i=1; gmr-mx.google.com;\n\tdkim=pass header.i=@kynetics-com.20150623.gappssmtp.com\n\theader.s=20150623 header.b=SpjnT0Ex; \n\tspf=neutral (google.com: 2607:f8b0:4001:c0b::241 is neither permitted\n\tnor denied by domain of diego.rondini@kynetics.com)\n\tsmtp.mailfrom=diego.rondini@kynetics.com"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlegroups.com; s=20161025;\n\th=sender:mime-version:in-reply-to:references:from:date:message-id\n\t:subject:to:cc:x-original-sender:x-original-authentication-results\n\t:precedence:mailing-list:list-id:list-post:list-help:list-archive\n\t:list-subscribe:list-unsubscribe;\n\tbh=55H5tCQW5cA1jJFTSqvtayH8cjDEQ873wkUsVrTeud0=;\n\tb=iEKZCmNpyT++tbFZToe62aZJS6cDd5PnHhohqiT/g+g8+LSHnZXr7bKdl+RWNs5WRA\n\tQ2SKtz6/Uy0KblVGrcGEXPIEW9IyOMnEsDfjgrMCW71aupVAghs48v58BsDbRjoGjGvc\n\tLWXY0D5nao1DMHdwxl3nxAL2VPZQ5EgEfQfqpo7c+WgMZVjukrXMic2p5DX1lHEcQjX5\n\tTPX/5T4Br3AA+7eDe+gCZ9QkS8mgv20gcNpCAdR+n+xi7f5yGCL65v0wxXZhxJjw1A5t\n\t9+fjKPiY+1u69d4Occ6BCrMYR/Tycp13M7dxFdrASwJ/gDYPLGlDmgIz/JP5R2kN2Sg3\n\tDR/w==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=sender:x-gm-message-state:mime-version:in-reply-to:references:from\n\t:date:message-id:subject:to:cc:x-original-sender\n\t:x-original-authentication-results:precedence:mailing-list:list-id\n\t:x-spam-checked-in-group:list-post:list-help:list-archive\n\t:list-subscribe:list-unsubscribe;\n\tbh=55H5tCQW5cA1jJFTSqvtayH8cjDEQ873wkUsVrTeud0=;\n\tb=qr2KIgC+QwWc+h/8bIGt4uzmrR412L1kUuPozhBpEs8SHEHTJIob/EUse3pQWE4frn\n\taBx+eG8AqPdo3sa4AiHK8Zh0NdREcZoiQXZnT8mnBvb3vSgqwIVnvUyWqCUX4V51oJrX\n\t8p8sAfrPuIx8dyROAAHUshrtCpNP5vjOoWVUBoPV60z6EQAglhQtJcatWMTIqyOwKgWj\n\tAyas2P8bKvh2lk+HhdKPwBx5gp23uokRIe49GgAmkdpCyJWenwUuZg/8ffGuTT37KGC/\n\t6C72iODYfw5BKedLyfF52o5PNg8vbQPkEPsvgMH/KTu0NfzZuQDb3J15pVe0cGfqvY2/\n\t2nmA==","Sender":"swupdate@googlegroups.com","X-Gm-Message-State":"AHPjjUhfFAqWrbn+avuwdh74b62HmMy+Q6fLr474Aqsxm15GpZIuT16a\n\t0SsYWsY5nl3qPw==","X-Google-Smtp-Source":"ADKCNb5n5+7Bxslzatp+v+38EuJD+nip5BZb1LF/YWWTg58WYW4Ia/KDis+mZzcwiY66zGPKnSmzbg==","X-Received":["by 10.36.23.86 with SMTP id 83mr3304ith.4.1504772806983;\n\tThu, 07 Sep 2017 01:26:46 -0700 (PDT)","by 10.176.82.229 with SMTP id w34mr1150040uaw.23.1504772806579; \n\tThu, 07 Sep 2017 01:26:46 -0700 (PDT)","by 10.36.96.75 with SMTP id i72mr2597641itc.29.1504772805947;\n\tThu, 07 Sep 2017 01:26:45 -0700 (PDT)"],"X-BeenThere":"swupdate@googlegroups.com","Received-SPF":"neutral (google.com: 2607:f8b0:4001:c0b::241 is neither\n\tpermitted nor denied by domain of diego.rondini@kynetics.com)\n\tclient-ip=2607:f8b0:4001:c0b::241; ","MIME-Version":"1.0","X-Originating-IP":"[79.7.224.57]","In-Reply-To":"<164f9a4c-5ce6-e313-ff5b-36f156f7c151@denx.de>","References":"<1502958326-1780-1-git-send-email-maciej.pijanowski@3mdeb.com>\n\t<164f9a4c-5ce6-e313-ff5b-36f156f7c151@denx.de>","From":"Diego Rondini ","Date":"Thu, 7 Sep 2017 10:26:25 +0200","Message-ID":"","Subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","To":"Stefano Babic ","Cc":"Maciej Pijanowski ,\n\tswupdate , piotr.krol@3mdeb.com","Content-Type":"multipart/alternative; boundary=\"001a11474b8e9106e50558953808\"","X-Original-Sender":"diego.rondini@kynetics.com","X-Original-Authentication-Results":"gmr-mx.google.com; dkim=pass\n\theader.i=@kynetics-com.20150623.gappssmtp.com header.s=20150623\n\theader.b=SpjnT0Ex; spf=neutral (google.com: 2607:f8b0:4001:c0b::241 is\n\tneither permitted nor denied by domain of diego.rondini@kynetics.com)\n\tsmtp.mailfrom=diego.rondini@kynetics.com","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n\tcontact swupdate+owners@googlegroups.com","List-ID":"","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":",\n\t","List-Help":",\n\t","List-Archive":",\n\t","List-Unsubscribe":",\n\t"}},{"id":1764586,"web_url":"http://patchwork.ozlabs.org/comment/1764586/","msgid":"<57623dbb-8489-0f04-fc5a-778847750e06@denx.de>","list_archive_url":null,"date":"2017-09-07T08:37:09","subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","submitter":{"id":5771,"url":"http://patchwork.ozlabs.org/api/people/5771/","name":"Stefano Babic","email":"sbabic@denx.de"},"content":"Hi Diego, Maciej,\n\nOn 07/09/2017 10:26, Diego Rondini wrote:\n> Hi Stefano and Maciej,\n> \n> I just wanted to let you know that with this change an update of the\n> documentation in the README is required, as now SWUPDATE_SIGNING can\n> have values CUSTOM, RSA or CMS.\n> \n> https://github.com/sbabic/meta-swupdate/blob/master/README#L21\n> \n\nRight. Maciej promised to send pacthes for documentation when these\npatches were merged...Maciej ?\n\nRegards,\nStefano\n\n> Bests,\n> Diego Rondini\n> Sr. Embedded Engineer\n> \n> Kynetics\n> www.kynetics.com \n> \n> \n> On Mon, Aug 21, 2017 at 11:16 AM, Stefano Babic > wrote:\n> \n> On 17/08/2017 10:25, Maciej Pijanowski wrote:\n> > Signed-off-by: Maciej Pijanowski >\n> > ---\n> > classes/swupdate.bbclass | 46\n> +++++++++++++++++++++++++++++++++++++---------\n> > 1 file changed, 37 insertions(+), 9 deletions(-)\n> >\n> > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass\n> > index 44e45461401c..28297ca41a1c 100644\n> > --- a/classes/swupdate.bbclass\n> > +++ b/classes/swupdate.bbclass\n> > @@ -1,5 +1,5 @@\n> > # Copyright (C) 2015 Stefano Babic >\n> > -#\n> > +#\n> > # Some parts from the patch class\n> > #\n> > # swupdate allows to generate a compound image for the\n> > @@ -14,7 +14,7 @@\n> >\n> > S = \"${WORKDIR}/${PN}\"\n> >\n> > -DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING',\n> True) == '1' else ''}\"\n> > +DEPENDS += \"${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING',\n> True) else ''}\"\n> > IMAGE_DEPENDS ?= \"\"\n> >\n> > def swupdate_is_hash_needed(s, filename):\n> > @@ -101,7 +101,7 @@ python do_swuimage () {\n> > fetch = bb.fetch2.Fetch([], d)\n> > list_for_cpio = [\"sw-description\"]\n> >\n> > - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> > + if d.getVar('SWUPDATE_SIGNING', True):\n> > list_for_cpio.append('sw-description.sig')\n> >\n> > for url in fetch.urls:\n> > @@ -140,12 +140,20 @@ python do_swuimage () {\n> > hash = swupdate_get_sha256(s, file)\n> > swupdate_write_sha256(s, file, hash)\n> >\n> > - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> > - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> > - if sign_tool:\n> > - if os.system(sign_tool) != 0:\n> > - bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> > - else:\n> > + signing = d.getVar('SWUPDATE_SIGNING', True)\n> > + if signing == \"1\":\n> > + bb.warn('SWUPDATE_SIGNING = \"1\" is deprecated, falling\n> back to \"RSA\". It is advised to set it to \"RSA\" if using RSA signing.')\n> > + signing = \"RSA\"\n> > + if signing:\n> > + if signing == \"CUSTOM\":\n> > + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> > + if sign_tool:\n> > + ret = os.system(sign_tool)\n> > + if ret != 0:\n> > + bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> > + else:\n> > + bb.fatal(\"Custom SWUPDATE_SIGN_TOOL is not given\")\n> > + elif signing == \"RSA\":\n> > privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)\n> > if not privkey:\n> > bb.fatal(\"SWUPDATE_PRIVATE_KEY isn't set\")\n> > @@ -163,6 +171,26 @@ python do_swuimage () {\n> > os.path.join(s, 'sw-description'))\n> > if os.system(signcmd) != 0:\n> > bb.fatal(\"Failed to sign sw-description with %s\"\n> % (privkey))\n> > + elif signing == \"CMS\":\n> > + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)\n> > + if not cms_cert:\n> > + bb.fatal(\"SWUPDATE_CMS_CERT is not set\")\n> > + if not os.path.exists(cms_cert):\n> > + bb.fatal(\"SWUPDATE_CMS_CERT %s doesn't exist\" %\n> (cms_cert))\n> > + cms_key = d.getVar('SWUPDATE_CMS_KEY', True)\n> > + if not cms_key:\n> > + bb.fatal(\"SWUPDATE_CMS_KEY isn't set\")\n> > + if not os.path.exists(cms_key):\n> > + bb.fatal(\"SWUPDATE_CMS_KEY %s doesn't exist\" %\n> (cms_key))\n> > + signcmd = \"openssl cms -sign -in '%s' -out '%s'\n> -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary\" % (\n> > + os.path.join(s, 'sw-description'),\n> > + os.path.join(s, 'sw-description.sig'),\n> > + cms_cert,\n> > + cms_key)\n> > + if os.system(signcmd) != 0:\n> > + bb.fatal(\"Failed to sign sw-description with %s\"\n> % (privkey))\n> > + else:\n> > + bb.fatal(\"Unrecognized SWUPDATE_SIGNING mechanism.\");\n> >\n> > line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo\n> $i;done | cpio -ov -H crc >' +\n> os.path.join(deploydir,d.getVar('IMAGE_NAME', True) + '.swu')\n> > os.system(\"cd \" + s + \";\" + line)\n> >\n> \n> Applied to -master, -pyro, thanks !\n> \n> Best regards,\n> Stefano Babic\n> \n> --\n> =====================================================================\n> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk\n> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany\n> Phone: +49-8142-66989-53 Fax:\n> +49-8142-66989-80 Email: sbabic@denx.de\n> \n> =====================================================================\n> \n> --\n> You received this message because you are subscribed to the Google\n> Groups \"swupdate\" group.\n> To unsubscribe from this group and stop receiving emails from it,\n> send an email to swupdate+unsubscribe@googlegroups.com\n> .\n> To post to this group, send email to swupdate@googlegroups.com\n> .\n> For more options, visit https://groups.google.com/d/optout\n> .\n> \n> \n> \n> -- \n> You received this message because you are subscribed to the Google\n> Groups \"swupdate\" group.\n> To unsubscribe from this group and stop receiving emails from it, send\n> an email to swupdate+unsubscribe@googlegroups.com\n> .\n> To post to this group, send email to swupdate@googlegroups.com\n> .\n> For more options, visit https://groups.google.com/d/optout.","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=googlegroups.com\n\t(client-ip=2a00:1450:4010:c07::23c;\n\thelo=mail-lf0-x23c.google.com;\n\tenvelope-from=swupdate+bncbaabbp4kytgqkgqe6nwei4a@googlegroups.com;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlegroups.com header.i=@googlegroups.com\n\theader.b=\"Ittqxtzv\"; dkim-atps=neutral"],"Received":["from mail-lf0-x23c.google.com (mail-lf0-x23c.google.com\n\t[IPv6:2a00:1450:4010:c07::23c])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xnv2q3477z9sRV\n\tfor ;\n\tThu, 7 Sep 2017 18:37:22 +1000 (AEST)","by mail-lf0-x23c.google.com with SMTP id c82sf638562lfc.13\n\tfor ;\n\tThu, 07 Sep 2017 01:37:22 -0700 (PDT)","by 10.25.56.24 with SMTP id f24ls44109lfa.38.gmail;\n\tThu, 07 Sep 2017 01:37:19 -0700 (PDT)","from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9])\n\tby gmr-mx.google.com with ESMTPS id\n\tp200si2724wmg.4.2017.09.07.01.37.18 for \n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tThu, 07 Sep 2017 01:37:18 -0700 (PDT)","from frontend01.mail.m-online.net (unknown [192.168.8.182])\n\tby mail-out.m-online.net (Postfix) with ESMTP id 3xnv2k41h5z1qqyb;\n\tThu, 7 Sep 2017 10:37:18 +0200 (CEST)","from localhost (dynscan1.mnet-online.de [192.168.6.70])\n\tby mail.m-online.net (Postfix) with ESMTP id 3xnv2k2pTBz3hjDJ;\n\tThu, 7 Sep 2017 10:37:18 +0200 (CEST)","from mail.mnet-online.de ([192.168.8.182])\n\tby localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id 1dj4NHKyVwZt; Thu, 7 Sep 2017 10:37:13 +0200 (CEST)","from babic.homelinux.org\n\t(host-88-217-136-221.customer.m-online.net [88.217.136.221])\n\t(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mail.mnet-online.de (Postfix) with ESMTPS;\n\tThu, 7 Sep 2017 10:37:13 +0200 (CEST)","from localhost (mail.babic.homelinux.org [127.0.0.1])\n\tby babic.homelinux.org (Postfix) with ESMTP id 9F9EF45405F9;\n\tThu, 7 Sep 2017 10:37:12 +0200 (CEST)","from babic.homelinux.org ([127.0.0.1])\n\tby localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id Pshi5pSsOzD4; Thu, 7 Sep 2017 10:37:09 +0200 (CEST)","from [192.168.178.132] (papero.fritz.box [192.168.178.132])\n\tby babic.homelinux.org (Postfix) with ESMTP id 9FE594540555;\n\tThu, 7 Sep 2017 10:37:09 +0200 (CEST)"],"ARC-Seal":["i=2; a=rsa-sha256; t=1504773439; cv=pass;\n\td=google.com; s=arc-20160816;\n\tb=fADpdEPOSwOuH0azp9NeZNrvt1uwr1EePuo5b7Io63rXioJCsNuhYGkzYzE3qsJz0Y\n\tODeGciDPahyVDcaor0LQsKI2j71BDLJqH7aMCQmkLdRfyC1I9IoqqASiix+CKFWmTJAr\n\tf3jHFEjVdjeUyu+7A4S97rNw9S8zUm9Oc5GxCLeBFVYqMmUHe578bOzNKGSz6SZ1tiMt\n\twq6ueJd6WNnVSmr4wKVSp6I8fjWr0hjRWDAwtj1AtEiBZfdZz2UI6hAGM3k+5x1cZ++W\n\tbv6GA44/rfpG5ErkIAhm/ZsxDVCnktjiuL238sZ/TuatDgrbOWuccpkkdeaCsy8iFoMH\n\tshOA==","i=1; a=rsa-sha256; t=1504773438; cv=none;\n\td=google.com; s=arc-20160816;\n\tb=iTIY9Pg0QOJdC1lGDuMFQZ6a/KmHT1bxO4IXsOP+5jKVO6sAywim0r0JofYxedC1I1\n\tOCTq0/7/F6jCxGwU0K1MWJ0BEJp46ECX/y0m9mNBW4b7Fr8SRYGasan7jMF7aLlpYB8y\n\taMRfmWfwmY2p2FEdUQ7s02r6mWYQowF9KBZI4i/tc1MnunYybfLu29kzToUk4APscpRC\n\tZ40Q59Ab+L5SOsbv+o5X9nq/qHp0qEROmsTLAotBP3jk8HQtu0KRAs3eNdVjNwM2KhKx\n\tKU6fu6E0+OEk0hiJgHttTJAgcW0IjAeqhzBUgHwuwAD50KcusZxDWvKf2B3c8tu7O6B+\n\t8kCQ=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n\t:list-id:mailing-list:precedence:content-language:in-reply-to\n\t:mime-version:user-agent:date:message-id:from:references:cc:to\n\t:subject:arc-authentication-results:arc-message-signature:sender\n\t:dkim-signature:arc-authentication-results;\n\tbh=JrnVChpHunwYu5CSfyifaooYlJ1cPLVel1Ug0NNe+T4=;\n\tb=xKeZdORN7JuQkwIEldUBT2lXodHvRwHjH2QujDMo3qk9au0efePDw2J4HQtYBAUFra\n\tDL/G/JiOqFN7XSescotQjLlyMGyOYdpiduquop66R71yiCXlS/TXbihNxBvml6Mar7ZU\n\tEpbucP4bxg0ix1o+zDzTEfWnUgZ6p35MNlKmQ6r1FON/6HbzWGjtjnCsxIJZePpLIKZJ\n\tNWop8QW5YspqhX3Y2xSLTX1gE09b+fYjMengMcVUJWt+hIOHTKthcCtFM9QTrLBHD0js\n\tHAxNh7f0GOOPms3l+jwPXdkp55/sHGnTKNB1ptmvPWMxu0Kn8raxMCKMKmjJcNOohB3k\n\t4ZPg==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=content-transfer-encoding:content-language:in-reply-to:mime-version\n\t:user-agent:date:message-id:from:references:cc:to:subject\n\t:arc-authentication-results;\n\tbh=XlnnPMAAl98+z9Cpjra5KY9P6BSyz1snZbegmtW9GaQ=;\n\tb=VTagAfYENt9M5opx2Z3caTjQKc08PtYLsQAeH95XkT8AUTP5xLd6DmxYNUqeSyxA3u\n\tTTBrIHl7+N92/E9/QUq2kUZy05WGdNj1CoWalgiqDc5ZaGVi6Lyzhgb88QyXnMHH8B+M\n\tSGzltu8YTCd/nL5zXn9aHcZir/M3UeQF40HwcRiD8mZghx6S+0qntF60UMMxRjY+8WV1\n\tNc1OC6yqmN7LyxIpKQ8ieOnsRJLAOGAYns1cw31Z2YlnhmMHNPGjQq9xcTAYL0J72vpi\n\trO4ER3tiYIFEZKA6jy2DYDdfFD21/EgGYUZlNiQMlbCu+XJGIG/YxCcP08VOSxDotZNt\n\toSYg=="],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de","i=1; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.9 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlegroups.com; s=20161025;\n\th=sender:subject:to:cc:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:x-original-sender\n\t:x-original-authentication-results:precedence:mailing-list:list-id\n\t:list-post:list-help:list-archive:list-subscribe:list-unsubscribe;\n\tbh=JrnVChpHunwYu5CSfyifaooYlJ1cPLVel1Ug0NNe+T4=;\n\tb=Ittqxtzv82TjgiF5yKO6LHJqf7q28eDCPpoyCZZ1sXKHFV/YiGOQRMGmIcppl5FbNM\n\tIZnlneyxWolgMrMj75LR552Rsxof3guI+FfVSveadVJZLZm8ZK6UUQKllG5IE6H0MygZ\n\tOEuztSu579P7jSIP31UJJUB4a3ncdBqTDW1X1cxo6QCu+H6wq5fHJQ0mNA9QtU5u8gLG\n\t9Kmu/sqBwBEuCbys029jaP3gYuz+5u/U4cupr3smdX5Pr6mxM7hO1MwW31Nv64vVyLi1\n\tIjd2cInVO+Txphts2TcmXs2zpr6K6b5sycr0Kagx3uNxkzOaPVmwNw9OZTb6Hvw4cY6X\n\t40Vw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=sender:x-gm-message-state:subject:to:cc:references:from:message-id\n\t:date:user-agent:mime-version:in-reply-to:content-language\n\t:x-original-sender:x-original-authentication-results:precedence\n\t:mailing-list:list-id:x-spam-checked-in-group:list-post:list-help\n\t:list-archive:list-subscribe:list-unsubscribe;\n\tbh=JrnVChpHunwYu5CSfyifaooYlJ1cPLVel1Ug0NNe+T4=;\n\tb=gnGz2DdhiS8fiZveKTv+N7HoFkqo1xaLSCzlj0oh5MTBkxvd7aI04BZ/ZDdJSSx0pD\n\tpj3WiMuMJrvaC9/w813Ej1C7yQWDCX5noxm83RUMVVezSc7qKNN8alXrCE8k/wy6sX6/\n\teezHbceT1QrSBDULOPX0g6GWr0B6GYGFr3nejM7+lshH6R7w31qAYnrdzeW2ej7epYlY\n\t+K+PCb15aBZV30f3yAbjGbvhDZ0CfuLFMAMCYmpsncVpwaaRAc2GlHLxxrz/DrFNmy93\n\tobuc7HUxiCveuqsx33jcbn4bgoIF14tapVB70r5kfZbIzHDmQLqcIGUc+Cj7SgFUlIMK\n\t2HhA==","Sender":"swupdate@googlegroups.com","X-Gm-Message-State":"AHPjjUiRhYtvD2jNND9RLbcuJ8bIshVdy2ppi48gGcePKuoDGP2GQqaL\n\tiD9GZzNVOr7AEQ==","X-Google-Smtp-Source":"AOwi7QALURw/buHML0Et+yQToaCrxTwp/yFsfINlM8c91r34sbABtB84zmGT752MMcF6OoeowS08pQ==","X-Received":["by 10.25.19.72 with SMTP id j69mr2484lfi.25.1504773439609;\n\tThu, 07 Sep 2017 01:37:19 -0700 (PDT)","by 10.25.202.79 with SMTP id h15mr137506lfj.27.1504773439056;\n\tThu, 07 Sep 2017 01:37:19 -0700 (PDT)"],"X-BeenThere":"swupdate@googlegroups.com","Received-SPF":"neutral (google.com: 212.18.0.9 is neither permitted nor\n\tdenied by best guess record for domain of sbabic@denx.de)\n\tclient-ip=212.18.0.9; ","X-Virus-Scanned":["amavisd-new at mnet-online.de","Debian amavisd-new at babic.homelinux.org"],"Subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","To":"Diego Rondini ,\n\tStefano Babic ","Cc":"Maciej Pijanowski ,\n\tswupdate , piotr.krol@3mdeb.com","References":"<1502958326-1780-1-git-send-email-maciej.pijanowski@3mdeb.com>\n\t<164f9a4c-5ce6-e313-ff5b-36f156f7c151@denx.de>\n\t","From":"Stefano Babic ","Message-ID":"<57623dbb-8489-0f04-fc5a-778847750e06@denx.de>","Date":"Thu, 7 Sep 2017 10:37:09 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Language":"de-DE","X-Original-Sender":"sbabic@denx.de","X-Original-Authentication-Results":"gmr-mx.google.com; spf=neutral\n\t(google.com: 212.18.0.9 is neither permitted nor denied by best guess\n\trecord\n\tfor domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n\tcontact swupdate+owners@googlegroups.com","List-ID":"","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":",\n\t","List-Help":",\n\t","List-Archive":",\n\t","List-Unsubscribe":",\n\t"}},{"id":1764587,"web_url":"http://patchwork.ozlabs.org/comment/1764587/","msgid":"<97aefc1d-6689-67eb-dd96-0d6bf33b75bc@3mdeb.com>","list_archive_url":null,"date":"2017-09-07T08:38:05","subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","submitter":{"id":72175,"url":"http://patchwork.ozlabs.org/api/people/72175/","name":"Maciej Pijanowski","email":"maciej.pijanowski@3mdeb.com"},"content":"On 07.09.2017 10:26, Diego Rondini wrote:\n> Hi Stefano and Maciej,\nHi!\n>\n> I just wanted to let you know that with this change an update of the \n> documentation in the README is required, as now SWUPDATE_SIGNING can \n> have values CUSTOM, RSA or CMS.\n> https://github.com/sbabic/meta-swupdate/blob/master/README#L21\nThanks for your your interest in this matter. I will try to send a patch \ntill the end of the week to\nSWUpdate documentation as according to prior messages we would like to \nhave meta-swupdate\ndocumented in documentation instead of readme.\n>\n> Bests,\n> Diego Rondini\n> Sr. Embedded Engineer\n>\n> Kynetics\n> www.kynetics.com \n>\n>\n> On Mon, Aug 21, 2017 at 11:16 AM, Stefano Babic > wrote:\n>\n> On 17/08/2017 10:25, Maciej Pijanowski wrote:\n> > Signed-off-by: Maciej Pijanowski >\n> > ---\n> > classes/swupdate.bbclass | 46\n> +++++++++++++++++++++++++++++++++++++---------\n> > 1 file changed, 37 insertions(+), 9 deletions(-)\n> >\n> > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass\n> > index 44e45461401c..28297ca41a1c 100644\n> > --- a/classes/swupdate.bbclass\n> > +++ b/classes/swupdate.bbclass\n> > @@ -1,5 +1,5 @@\n> > # Copyright (C) 2015 Stefano Babic >\n> > -#\n> > +#\n> > # Some parts from the patch class\n> > #\n> > # swupdate allows to generate a compound image for the\n> > @@ -14,7 +14,7 @@\n> >\n> > S = \"${WORKDIR}/${PN}\"\n> >\n> > -DEPENDS += \"${@ 'openssl-native' if\n> d.getVar('SWUPDATE_SIGNING', True) == '1' else ''}\"\n> > +DEPENDS += \"${@ 'openssl-native' if\n> d.getVar('SWUPDATE_SIGNING', True) else ''}\"\n> > IMAGE_DEPENDS ?= \"\"\n> >\n> > def swupdate_is_hash_needed(s, filename):\n> > @@ -101,7 +101,7 @@ python do_swuimage () {\n> > fetch = bb.fetch2.Fetch([], d)\n> > list_for_cpio = [\"sw-description\"]\n> >\n> > - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> > + if d.getVar('SWUPDATE_SIGNING', True):\n> > list_for_cpio.append('sw-description.sig')\n> >\n> > for url in fetch.urls:\n> > @@ -140,12 +140,20 @@ python do_swuimage () {\n> > hash = swupdate_get_sha256(s, file)\n> > swupdate_write_sha256(s, file, hash)\n> >\n> > - if d.getVar('SWUPDATE_SIGNING', True) == '1':\n> > - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> > - if sign_tool:\n> > - if os.system(sign_tool) != 0:\n> > - bb.fatal(\"Failed to sign with %s\" % (sign_tool))\n> > - else:\n> > + signing = d.getVar('SWUPDATE_SIGNING', True)\n> > + if signing == \"1\":\n> > + bb.warn('SWUPDATE_SIGNING = \"1\" is deprecated, falling\n> back to \"RSA\". It is advised to set it to \"RSA\" if using RSA\n> signing.')\n> > + signing = \"RSA\"\n> > + if signing:\n> > + if signing == \"CUSTOM\":\n> > + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)\n> > + if sign_tool:\n> > + ret = os.system(sign_tool)\n> > + if ret != 0:\n> > + bb.fatal(\"Failed to sign with %s\" %\n> (sign_tool))\n> > + else:\n> > + bb.fatal(\"Custom SWUPDATE_SIGN_TOOL is not given\")\n> > + elif signing == \"RSA\":\n> > privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)\n> > if not privkey:\n> > bb.fatal(\"SWUPDATE_PRIVATE_KEY isn't set\")\n> > @@ -163,6 +171,26 @@ python do_swuimage () {\n> > os.path.join(s, 'sw-description'))\n> > if os.system(signcmd) != 0:\n> > bb.fatal(\"Failed to sign sw-description with\n> %s\" % (privkey))\n> > + elif signing == \"CMS\":\n> > + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)\n> > + if not cms_cert:\n> > + bb.fatal(\"SWUPDATE_CMS_CERT is not set\")\n> > + if not os.path.exists(cms_cert):\n> > + bb.fatal(\"SWUPDATE_CMS_CERT %s doesn't exist\" % (cms_cert))\n> > + cms_key = d.getVar('SWUPDATE_CMS_KEY', True)\n> > + if not cms_key:\n> > + bb.fatal(\"SWUPDATE_CMS_KEY isn't set\")\n> > + if not os.path.exists(cms_key):\n> > + bb.fatal(\"SWUPDATE_CMS_KEY %s doesn't exist\" % (cms_key))\n> > + signcmd = \"openssl cms -sign -in '%s' -out '%s'\n> -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary\" % (\n> > + os.path.join(s, 'sw-description'),\n> > + os.path.join(s, 'sw-description.sig'),\n> > + cms_cert,\n> > + cms_key)\n> > + if os.system(signcmd) != 0:\n> > + bb.fatal(\"Failed to sign sw-description with\n> %s\" % (privkey))\n> > + else:\n> > + bb.fatal(\"Unrecognized SWUPDATE_SIGNING mechanism.\");\n> >\n> > line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo\n> $i;done | cpio -ov -H crc >' +\n> os.path.join(deploydir,d.getVar('IMAGE_NAME', True) + '.swu')\n> > os.system(\"cd \" + s + \";\" + line)\n> >\n>\n> Applied to -master, -pyro, thanks !\n>\n> Best regards,\n> Stefano Babic\n>\n> --\n> =====================================================================\n> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk\n> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany\n> Phone: +49-8142-66989-53 Fax:\n> +49-8142-66989-80 Email: sbabic@denx.de\n> \n> =====================================================================\n>\n> --\n> You received this message because you are subscribed to the Google\n> Groups \"swupdate\" group.\n> To unsubscribe from this group and stop receiving emails from it,\n> send an email to swupdate+unsubscribe@googlegroups.com\n> .\n> To post to this group, send email to swupdate@googlegroups.com\n> .\n> For more options, visit https://groups.google.com/d/optout\n> .\n>\n>\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=googlegroups.com\n\t(client-ip=2a00:1450:400c:c09::23d;\n\thelo=mail-wm0-x23d.google.com;\n\tenvelope-from=swupdate+bncbdil3gp4wumrbqmkytgqkgqebrxx5zi@googlegroups.com;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlegroups.com header.i=@googlegroups.com\n\theader.b=\"KnqHB5WN\"; dkim-atps=neutral"],"Received":["from mail-wm0-x23d.google.com (mail-wm0-x23d.google.com\n\t[IPv6:2a00:1450:400c:c09::23d])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xnv2t4RRmz9sRV\n\tfor ;\n\tThu, 7 Sep 2017 18:37:26 +1000 (AEST)","by mail-wm0-x23d.google.com with SMTP id b186sf59907wmf.5\n\tfor ;\n\tThu, 07 Sep 2017 01:37:26 -0700 (PDT)","by 10.28.152.136 with SMTP id a130ls11869wme.19.gmail; Thu, 07 Sep\n\t2017 01:37:20 -0700 (PDT)","from cloudserver096301.home.net.pl (cloudserver096301.home.net.pl.\n\t[79.96.179.35])\n\tby gmr-mx.google.com with ESMTPS id r3si2091wmg.6.2017.09.07.01.37.20\n\tfor \n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tThu, 07 Sep 2017 01:37:20 -0700 (PDT)","from 81-95-197-197.metrolink.pl (81.95.197.197) (HELO\n\t[192.168.0.103])\n\tby serwer1539010.home.pl (79.96.179.35) with SMTP (IdeaSmtpServer\n\t0.82) id 1be2dc56aae8d3c6; Thu, 7 Sep 2017 10:37:19 +0200"],"ARC-Seal":["i=2; a=rsa-sha256; t=1504773441; cv=pass;\n\td=google.com; s=arc-20160816;\n\tb=wzzYaTNlv9C8PghEF+KFtm/OwNHrVzdXJRIo2i1h00//uU7UBXV04YN7F95hHfLIDx\n\tF1TwMe4Ef2l1gSllHDpJpNVGGD9uBINyaDYMkuYDBA3U6oq5RBpC8imyC/OvPfCNv0cJ\n\tueC06sQBouC6tLm9edGgPsrVxqUPrMDElT9b34bPutYV3kZC8oimDXqtx85bYZj6nRAi\n\t9NfPEVtRFlvDrgv0lBwgbRdrvju5SHBisOwgLRfYwoe0pagCbFERY0Mig6Uy2ekyZzuB\n\t1CUBH4H2srNmuIzfA1fM96gk3uT44qHJfGH/F08piHsGwNJ487S+kWkiXLw/cJ9Fbdif\n\t7x/Q==","i=1; a=rsa-sha256; t=1504773440; cv=none;\n\td=google.com; s=arc-20160816;\n\tb=mRKX/8wV4BXkEB0KpUDSO8YHcAZek+F4pyNKw8R5am3BYHpSPMmPjyUPCI0C/Um78Q\n\t7h67BpOpi0vA0y5IwGxKi7npNOo6N3yZzZf6d2HFF0JYRSdbUkUS87g70/YJDuW6T3gv\n\th5Xbu9wCrJ41daNUb05FMvw8axqNpyNb4KBP+21xNmZTfAz5qN7AJgzQg8ZotuGsI4E+\n\t+HQ1oKbkNjSRLdu5UGyndt2wXGflVHR4Qh54DxSPINRc8yxd767X5qvo152EFLGUiQsA\n\tZli8GOMpdQ5SUdO5SKtkpFHqj7CNyCrRWXT6FpRp7Y7aR1fkeaScupvdG9HaCjE380ZD\n\tXbTA=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n\t:list-id:mailing-list:precedence:content-language:in-reply-to\n\t:mime-version:user-agent:date:message-id:from:references:cc:to\n\t:subject:arc-authentication-results:arc-message-signature:sender\n\t:dkim-signature:arc-authentication-results;\n\tbh=mPjVcqbnTkopF201iY/kX/U8+TMAW+NGQNIfD43bnUk=;\n\tb=TUbQJcwtQR9Q2oe3nTN67vhEBlR3nm2NjRy/7l5mETOvsfuXLPcGKvvY+ZdZMAhU9I\n\tl7ekes/ho5khwSNov9dcjHph93pj99dW1ZLfneNovkC2zCDDng3IwD0rIx6/q+GMUmHh\n\tPco0rQlIr2lnMq97WI5DFkXPZgD45llRmpCrZojrg6InODDWoi6kt8APxo2xUVXapQU2\n\t+Uy08uHvuIBOYXn9a0Ki+j7QFCs3GTJZO6X1q5RnakXIMNZ2IQFAu2F7717Ua0h3nWGS\n\t/ukn3lfhLjl9r+OhkRxCuppHyncLkxJJ/QSkQOT4cQBQxy4cvHcOmqmhA148x/7A/oa8\n\tCwZQ==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=content-language:in-reply-to:mime-version:user-agent:date\n\t:message-id:from:references:cc:to:subject:arc-authentication-results; \n\tbh=2K137B+XFe1+Z+8PV/hyc/CEa9sJUe8Plbcm3A9DXjM=;\n\tb=Ds6NfrXUfTnoIZeGpTjiaE1JVZWmOsY4Zc2EjZaL179uzjcHU3sg+GzOSqx1PNG9uu\n\t52fsE1tiO3EpB7xaV+ma6G9pcqeBC/5zsTDudYjCtgbUU292OXu/fxSLG7kRN/kytmJP\n\tx/EkM6zxH9aqq7iTMuT0OuybYI5jZuqFCw/iuaQVp0E1qKEQtM2zC8qF2azRiMw8Loly\n\tZYaAFP6qovnfoqLGwKq+yIHk6hGIX0N9kO0zORJbiaFVZnoRGfmk7l22WoYGpSztEQ/l\n\tm40jSMUzgYbqhhVHrNVu2iXVelE/jPu+8eq42YuHexs363z87D10/6N3ShUZpGzazeRn\n\tYKeg=="],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n\tspf=neutral (google.com: 79.96.179.35 is neither permitted nor denied\n\tby best guess record for domain of\n\tmaciej.pijanowski@3mdeb.com)\n\tsmtp.mailfrom=maciej.pijanowski@3mdeb.com","i=1; gmr-mx.google.com;\n\tspf=neutral (google.com: 79.96.179.35 is neither permitted nor denied\n\tby best guess record for domain of\n\tmaciej.pijanowski@3mdeb.com)\n\tsmtp.mailfrom=maciej.pijanowski@3mdeb.com"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlegroups.com; s=20161025;\n\th=sender:subject:to:cc:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:x-original-sender\n\t:x-original-authentication-results:precedence:mailing-list:list-id\n\t:list-post:list-help:list-archive:list-subscribe:list-unsubscribe;\n\tbh=mPjVcqbnTkopF201iY/kX/U8+TMAW+NGQNIfD43bnUk=;\n\tb=KnqHB5WNq2T4+cn5CWazl2TGtwfi7E2RJovImwE/3l7fCK+sJX27dOTrMhIvP+aInZ\n\tG6qSU7263HQMh3Qj3CMgQAzY3zOR9mmpr8NHctvCMShPyEVF3beYZC3iU94S7FJq9XHD\n\txCmXRJveQKR8MqXYNoAMZY6deSHDog9xs/Eb3AW9nUmI6Vi4HM/bwB0+W/m8mwWsy3UQ\n\tMDU6Xh6ThPhUGgVfcbQM2n3sAeekH6YMxAn9kEEAkI/2/5BqPeMuJt3Va4c8D8O8vkvm\n\tHMQyUv3VsTkZnwJxmo0K+siTDCFyJl5vV0T/AyWEhE/2X5kUee7o140UcsUqavGlYJyX\n\txMHQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=sender:x-gm-message-state:subject:to:cc:references:from:message-id\n\t:date:user-agent:mime-version:in-reply-to:content-language\n\t:x-original-sender:x-original-authentication-results:precedence\n\t:mailing-list:list-id:x-spam-checked-in-group:list-post:list-help\n\t:list-archive:list-subscribe:list-unsubscribe;\n\tbh=mPjVcqbnTkopF201iY/kX/U8+TMAW+NGQNIfD43bnUk=;\n\tb=c+PZstMl4yzc+xllbTKWGxAAqH5xHrgSAgVbGC6raoXuHG/ntRvznu12oGR01HuVBQ\n\tqB4FpbE3zt6JUUJrwp6ygJXgT4FUsCCt+K/zn+fL22gD45mnLOvQuIdDq2oP767Sgcwg\n\tz5QvXF6vQsPRmVBAHLti/dYhnG/9C95QwRV1g3IWTFMfWt0nm2OxcM8Jvmg4y5OPAPZK\n\tC34ep+B/ZK7KSXDPSC1rAb1CXbgIDCYXqTBoy7J+Lm1klMpHUuzYiQArg6iRDkpcg+Tx\n\tzTrF50R3oL7ZVQu0dWnxRZU+EvcdloLV+XBv4KRZInRJqr64txLQz9mVDnVVvgPtXY1a\n\t7boQ==","Sender":"swupdate@googlegroups.com","X-Gm-Message-State":"AHPjjUhmjIjrGYE7/DVQDk+5EFNc53P+o64+imWUgkqmh44EQ2vFjaxA\n\tEVODRCAq1MWgGg==","X-Google-Smtp-Source":"ADKCNb4hP/GqbwU+CUxsW/yX0wJdOwAt2s5KplhMf5Mf/VHOAsqpUpkQxmdLCo2MShG4HEhj+TDWgA==","X-Received":["by 10.28.14.80 with SMTP id 77mr177wmo.0.1504773441317;\n\tThu, 07 Sep 2017 01:37:21 -0700 (PDT)","by 10.28.150.212 with SMTP id y203mr9477wmd.4.1504773440899;\n\tThu, 07 Sep 2017 01:37:20 -0700 (PDT)"],"X-BeenThere":"swupdate@googlegroups.com","Received-SPF":"neutral (google.com: 79.96.179.35 is neither permitted nor\n\tdenied by best guess record for domain of\n\tmaciej.pijanowski@3mdeb.com) client-ip=79.96.179.35; ","Subject":"Re: [swupdate] [meta-swupdate][PATCH] add CMS signing support","To":"Diego Rondini ,\n\tStefano Babic ","Cc":"swupdate , piotr.krol@3mdeb.com","References":"<1502958326-1780-1-git-send-email-maciej.pijanowski@3mdeb.com>\n\t<164f9a4c-5ce6-e313-ff5b-36f156f7c151@denx.de>\n\t","From":"Maciej Pijanowski ","Message-ID":"<97aefc1d-6689-67eb-dd96-0d6bf33b75bc@3mdeb.com>","Date":"Thu, 7 Sep 2017 10:38:05 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"","Content-Type":"multipart/alternative;\n\tboundary=\"------------346E07CD5A94CC450BC7551B\"","Content-Language":"en-US","X-Original-Sender":"maciej.pijanowski@3mdeb.com","X-Original-Authentication-Results":"gmr-mx.google.com; spf=neutral\n\t(google.com: 79.96.179.35 is neither permitted nor denied by best\n\tguess\n\trecord for domain of maciej.pijanowski@3mdeb.com)\n\tsmtp.mailfrom=maciej.pijanowski@3mdeb.com","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n\tcontact swupdate+owners@googlegroups.com","List-ID":"","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":",\n\t","List-Help":",\n\t","List-Archive":",\n\t","List-Unsubscribe":",\n\t"}}]