diff mbox series

[meta-oe,PATCHv2] pkcs11-provider: Add recipe

Message ID 20231219162705.3865469-1-niko.mauno@vaisala.com
State Superseded
Headers show
Series [meta-oe,PATCHv2] pkcs11-provider: Add recipe | expand

Commit Message

Niko Mauno Dec. 19, 2023, 4:27 p.m. UTC 
From: Niko Mauno <niko.mauno@vaisala.com>

Starting with version 3.0 the OpenSSL project introduced a new modular
system to extend OpenSSL that replaces the deprecated Engine modules.

Providers are loaded via configuration directives in the openssl
configuration file (or directly loaded by applications).

The pkcs11 provider allows applications linked to openssl to use keys
and cryptographic operations from a hardware or software token via
their PKCS #11 driver and the use of PCKS #11 URIs.

The pkcs11 provider can be configured to be automatically loaded via
openssl.cnf

For more details, visit
https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
---
 .../pkcs11-provider/pkcs11-provider_git.bb    | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb

Comments

Khem Raj Dec. 19, 2023, 4:36 p.m. UTC | #1 
On Tue, Dec 19, 2023 at 8:27 AM Niko Mauno via lists.openembedded.org
<niko.mauno=vaisala.com@lists.openembedded.org> wrote:
>
> From: Niko Mauno <niko.mauno@vaisala.com>
>
> Starting with version 3.0 the OpenSSL project introduced a new modular
> system to extend OpenSSL that replaces the deprecated Engine modules.
>
> Providers are loaded via configuration directives in the openssl
> configuration file (or directly loaded by applications).
>
> The pkcs11 provider allows applications linked to openssl to use keys
> and cryptographic operations from a hardware or software token via
> their PKCS #11 driver and the use of PCKS #11 URIs.
>
> The pkcs11 provider can be configured to be automatically loaded via
> openssl.cnf
>
> For more details, visit
> https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md
>
> Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
> ---
>  .../pkcs11-provider/pkcs11-provider_git.bb    | 28 +++++++++++++++++++
>  1 file changed, 28 insertions(+)
>  create mode 100644 meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb
>
> diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb
> new file mode 100644
> index 000000000..2e25d91c5
> --- /dev/null
> +++ b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb
> @@ -0,0 +1,28 @@
> +SUMMARY = "An OpenSSL provider that allows direct interfacing with pkcs11 drivers"
> +DESCRIPTION = "\
> +This is an Openssl 3.x provider to access Hardware or Software Tokens using \
> +the PKCS#11 Cryptographic Token Interface\
> +\
> +This code targets version 3.1 of the interface but should be backwards \
> +compatible to previous versions as well.\
> +"
> +HOMEPAGE = "https://github.com/latchset/pkcs11-provider"
> +SECTION = "libs"
> +LICENSE = "Apache-2.0"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=b53b787444a60266932bd270d1cf2d45"
> +DEPENDS = "\
> +    autoconf-archive \
> +    openssl \
> +    p11-kit \
> +"
> +
> +SRCREV = "e2abc4a7ae33159f2fb21b9d87a05ea9e79ef584"
> +PV = "0.2+git${SRCPV}"

I think SRCPV is redundant here as we do not need it on master.

> +
> +SRC_URI = "git://github.com/latchset/${BPN}.git;branch=main;protocol=https"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools pkgconfig
> +
> +FILES:${PN} += "${libdir}/ossl-modules/pkcs11.so"
> --
> 2.39.2
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#107638): https://lists.openembedded.org/g/openembedded-devel/message/107638
> Mute This Topic: https://lists.openembedded.org/mt/103265166/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Niko Mauno Dec. 19, 2023, 4:49 p.m. UTC | #2 
On 19.12.2023 18.36, Khem Raj wrote:
> I think SRCPV is redundant here as we do not need it on master.

Thanks, now submitted v3 which omits SRCPV from PV value.
-Niko
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb
new file mode 100644
index 000000000..2e25d91c5
--- /dev/null
+++ b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_git.bb
@@ -0,0 +1,28 @@ 
+SUMMARY = "An OpenSSL provider that allows direct interfacing with pkcs11 drivers"
+DESCRIPTION = "\
+This is an Openssl 3.x provider to access Hardware or Software Tokens using \
+the PKCS#11 Cryptographic Token Interface\
+\
+This code targets version 3.1 of the interface but should be backwards \
+compatible to previous versions as well.\
+"
+HOMEPAGE = "https://github.com/latchset/pkcs11-provider"
+SECTION = "libs"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b53b787444a60266932bd270d1cf2d45"
+DEPENDS = "\
+    autoconf-archive \
+    openssl \
+    p11-kit \
+"
+
+SRCREV = "e2abc4a7ae33159f2fb21b9d87a05ea9e79ef584"
+PV = "0.2+git${SRCPV}"
+
+SRC_URI = "git://github.com/latchset/${BPN}.git;branch=main;protocol=https"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
+
+FILES:${PN} += "${libdir}/ossl-modules/pkcs11.so"