signing.bbclass: add get_root_cert

Add a helper method to retrieve the root CA certificate for a given role, by walking the chain that has been setup with signing_import_set_ca up to the last element - which is the root. Reviewed-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-01 13:58:06 +00:00 · 2025-06-27 14:18:19 +02:00 · 2025-06-27 14:18:19 +02:00 · f642526db5
commit f642526db5
parent 5b315e2fc4
1 changed files with 16 additions and 0 deletions
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@ -194,6 +194,22 @@ signing_has_ca() {
    return $?
 }

+# signing_get_root_cert <cert_name>
+#
+# return the role/name of the CA root certificate for a given
+# <cert_name>, by walking the chain setup with signing_import_set_ca
+# all the way to the last in line that doesn't have a CA set - which
+# would be the root.
+#
+# To be used with SoftHSM.
+signing_get_root_cert() {
+    local cert_name="${1}"
+    while signing_has_ca "${cert_name}"; do
+        cert_name="$(signing_get_ca ${cert_name})"
+    done
+    echo "${cert_name}"
+}
+
 # signing_import_cert_chain_from_pem <role> <pem>
 #
 # Import a certificate *chain* from a PEM file to a role.