mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-01 13:58:06 +00:00
signing.bbclass: create env with 0x600
The env file holds the PKCS#11 uris, which include the pin to access the database - in plaintext. Directly create the file (after it has been remove) with the proper 'user RW only' permissions, to give only the build-user access to this somewhat "security sensitive" file. Note that the softhsm/sqlite3.db* is already 0x600. Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Johannes Schneider
Khem Raj
parent
5c33bc28eb
commit
c092b3adc5
|
|
@ -104,6 +104,7 @@ signing_import_prepare() {
|
||||||
|
|
||||||
export _SIGNING_ENV_FILE_="${B}/meta-signing.env"
|
export _SIGNING_ENV_FILE_="${B}/meta-signing.env"
|
||||||
rm -f "$_SIGNING_ENV_FILE_"
|
rm -f "$_SIGNING_ENV_FILE_"
|
||||||
|
install -m 600 /dev/null "$_SIGNING_ENV_FILE_"
|
||||||
|
|
||||||
export SOFTHSM2_CONF="${B}/softhsm2.conf"
|
export SOFTHSM2_CONF="${B}/softhsm2.conf"
|
||||||
export SOFTHSM2_DIR="${B}/softhsm2.tokens"
|
export SOFTHSM2_DIR="${B}/softhsm2.tokens"
|
||||||
|
|
@ -331,7 +332,7 @@ signing_import_install() {
|
||||||
install -d ${D}${localstatedir}/lib/softhsm/tokens/${PN}
|
install -d ${D}${localstatedir}/lib/softhsm/tokens/${PN}
|
||||||
install -m 600 -t ${D}${localstatedir}/lib/softhsm/tokens/${PN} ${B}/softhsm2.tokens/*/*
|
install -m 600 -t ${D}${localstatedir}/lib/softhsm/tokens/${PN} ${B}/softhsm2.tokens/*/*
|
||||||
install -d ${D}${localstatedir}/lib/meta-signing.env.d
|
install -d ${D}${localstatedir}/lib/meta-signing.env.d
|
||||||
install -m 644 "${B}/meta-signing.env" ${D}${localstatedir}/lib/meta-signing.env.d/${PN}
|
install -m 600 "${B}/meta-signing.env" ${D}${localstatedir}/lib/meta-signing.env.d/${PN}
|
||||||
}
|
}
|
||||||
|
|
||||||
signing_prepare() {
|
signing_prepare() {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user