From patchwork Fri Jun 26 12:30:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kurt Van Dijck X-Patchwork-Id: 1317616 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=vandijck-laurijssen.be Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49tbpb0yb3z9sRN for ; Fri, 26 Jun 2020 22:31:19 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 0F8E420117; Fri, 26 Jun 2020 12:31:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gSHH9kE0uPd4; Fri, 26 Jun 2020 12:31:15 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id A7886204B6; Fri, 26 Jun 2020 12:31:15 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 31A8D1BF9B6 for ; Fri, 26 Jun 2020 12:31:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 2CCC486DAF for ; Fri, 26 Jun 2020 12:31:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I2UqiPIOXtrA for ; Fri, 26 Jun 2020 12:31:12 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from relay-b03.edpnet.be (relay-b03.edpnet.be [212.71.1.220]) by whitealder.osuosl.org (Postfix) with ESMTPS id CC37F877D1 for ; Fri, 26 Jun 2020 12:31:11 +0000 (UTC) X-ASG-Debug-ID: 1593174668-0a8818764f4a0a30002-rUBnyj Received: from zotac.vandijck-laurijssen.be (77.109.122.82.adsl.dyn.edpnet.net [77.109.122.82]) by relay-b03.edpnet.be with ESMTP id 9xLns2QFswOaZ4ZJ for ; Fri, 26 Jun 2020 14:31:08 +0200 (CEST) X-Barracuda-Envelope-From: dev.kurt@vandijck-laurijssen.be X-Barracuda-Effective-Source-IP: 77.109.122.82.adsl.dyn.edpnet.net[77.109.122.82] X-Barracuda-Apparent-Source-IP: 77.109.122.82 Received: from x1.vandijck-laurijssen.be (x1.vandijck-laurijssen.be [192.168.0.36]) by zotac.vandijck-laurijssen.be (Postfix) with ESMTPSA id A1EE8F71FA0; Fri, 26 Jun 2020 14:31:08 +0200 (CEST) From: Kurt Van Dijck To: buildroot@buildroot.org Date: Fri, 26 Jun 2020 14:30:52 +0200 X-ASG-Orig-Subj: [PATCH 5/6] wireless-regdb: add explicit signing key config Message-Id: <20200626123053.30626-6-dev.kurt@vandijck-laurijssen.be> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200626123053.30626-1-dev.kurt@vandijck-laurijssen.be> References: <20200626123053.30626-1-dev.kurt@vandijck-laurijssen.be> MIME-Version: 1.0 X-Barracuda-Connect: 77.109.122.82.adsl.dyn.edpnet.net[77.109.122.82] X-Barracuda-Start-Time: 1593174668 X-Barracuda-URL: https://212.71.1.220:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at edpnet.be X-Barracuda-Scan-Msg-Size: 3217 X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.4007 1.0000 0.0000 X-Barracuda-Spam-Score: 0.50 X-Barracuda-Spam-Status: No, SCORE=0.50 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=7.0 tests=BSF_RULE7568M X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.82819 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.50 BSF_RULE7568M Custom Rule 7568M Subject: [Buildroot] [PATCH 5/6] wireless-regdb: add explicit signing key config X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kurt Van Dijck Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This commit allows to set an explicit file with signing key to use. Signed-off-by: Kurt Van Dijck --- package/wireless-regdb/Config.in | 18 ++++++++++++++++++ package/wireless-regdb/wireless-regdb.mk | 24 +++++++++++++++++++++--- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/package/wireless-regdb/Config.in b/package/wireless-regdb/Config.in index 55347b5e8c..be2c421438 100644 --- a/package/wireless-regdb/Config.in +++ b/package/wireless-regdb/Config.in @@ -26,4 +26,22 @@ config BR2_WIRELESS_REGDB_REBUILD outdoor and indoor regulations differ. Make sure to deploy your wireless-regdb public key if you use crda or compile them into the kernel. + +if BR2_WIRELESS_REGDB_REBUILD + +config BR2_WIRELESS_REGDB_COMMONNAME + string "CommonName for x509 cert" + default "buildroot" + +config BR2_WIRELESS_REGDB_PRIVKEY + string "private key for signing wireless-regdb" + default "~/.buildroot" + help + Path to file containing private key to sign wireless-regdb. + The key should be in .pem format. + + If the file does not exist, a new key will be generated + +endif + endif diff --git a/package/wireless-regdb/wireless-regdb.mk b/package/wireless-regdb/wireless-regdb.mk index 7c6b140a4a..af54d2c0f4 100644 --- a/package/wireless-regdb/wireless-regdb.mk +++ b/package/wireless-regdb/wireless-regdb.mk @@ -13,16 +13,34 @@ WIRELESS_REGDB_LICENSE_FILES = LICENSE ifeq ($(BR2_WIRELESS_REGDB_REBUILD),y) +WIRELESS_REGDB_PRIVKEY = $(call qstrip,$(BR2_WIRELESS_REGDB_PRIVKEY)) +# make sure PRIVKEYNAME is set +ifeq ($(WIRELESS_REGDB_PRIVKEYNAME),) +WIRELESS_REGDB_PRIVKEY=~/.buildroot +endif +WIRELESS_REGDB_PRIVKEYNAME = $(patsubst .%,%,$(notdir $(WIRELESS_REGDB_PRIVKEY))) + +ifeq ($(call qstrip,$(BR2_WIRELESS_REGDB_COMMONNAME)),) +BR2_WIRELESS_REGDB_COMMONNAME = "buildroot" +endif + define WIRELESS_REGDB_PATCH_PYTHON3 sed -i -e '1 s/python$$/python3/' $(@D)/*.py + sed -i -e 's/= sforshee$$/= $(call qstrip,$(BR2_WIRELESS_REGDB_COMMONNAME))/' $(@D)/gen-pubcert.sh endef WIRELESS_REGDB_POST_PATCH_HOOKS += WIRELESS_REGDB_PATCH_PYTHON3 WIRELESS_REGDB_DEPENDENCIES += host-python3-m2crypto + define WIRELESS_REGDB_BUILD_CMDS $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \ - REGDB_AUTHOR=buildroot + REGDB_PRIVKEY=$(WIRELESS_REGDB_PRIVKEY) \ + REGDB_PUBKEY=$(WIRELESS_REGDB_PRIVKEYNAME).pub \ + REGDB_PUBCERT=$(WIRELESS_REGDB_PRIVKEYNAME).x509.pem + openssl x509 -in $(@D)/$(WIRELESS_REGDB_PRIVKEYNAME).x509.pem \ + -outform DER \ + -out $(@D)/$(WIRELESS_REGDB_PRIVKEYNAME).x509 endef endif @@ -32,8 +50,8 @@ define WIRELESS_REGDB_INSTALL_CRDA_TARGET_CMDS $(TARGET_DIR)/usr/lib/crda/regulatory.bin $(INSTALL) -m 644 -D -T $(@D)/sforshee.key.pub.pem \ $(TARGET_DIR)/etc/wireless-regdb/pubkeys/sforshee.key.pub.pem - $(INSTALL) -m 644 -D -T ~/.wireless-regdb-buildroot.key.pub.pem \ - $(TARGET_DIR)/etc/wireless-regdb/pubkeys/buildroot.key.pub.pem + $(INSTALL) -m 644 -D -T $(@D)/$(WIRELESS_REGDB_PRIVKEYNAME).pub \ + $(TARGET_DIR)/etc/wireless-regdb/pubkeys/$(WIRELESS_REGDB_PRIVKEYNAME).pub endef endif