* [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
@ 2025-01-16 9:38 Sascha Hauer
2025-01-16 10:25 ` Bastian Krause
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Sascha Hauer @ 2025-01-16 9:38 UTC (permalink / raw)
To: Barebox List; +Cc: Bastian Krause
With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
certificates are taken from environment variables (allowing for better
integration with build systems). In this case these values are passed
internally via compiler macros (-D) to the imx-image host tool. PKCS#11
URIs usually contain semicolons. The semicolons didn't make it through
to the imx-image configuration file due to wrong escapes. Fix this by
expanding the environment variables using make rather than shell.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
scripts/Makefile.lib | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index f195ddb7e8..7dcd8c9892 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
overwrite-hab-env = $(shell set -e; \
test -n "$(CONFIG_HAB_CERTS_ENV)"; \
test -n "$$$(1)"; \
- echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
+ echo -D$(1)=\''"${${1}}"'\')
overwrite-fit-env = $(shell set -e; \
test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
--
2.39.5
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables 2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer @ 2025-01-16 10:25 ` Bastian Krause 2025-01-16 11:07 ` Sascha Hauer 2025-01-16 11:12 ` Ahmad Fatoum 2 siblings, 0 replies; 8+ messages in thread From: Bastian Krause @ 2025-01-16 10:25 UTC (permalink / raw) To: Sascha Hauer, Barebox List On 1/16/25 10:38 AM, Sascha Hauer wrote: > With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB > certificates are taken from environment variables (allowing for better > integration with build systems). In this case these values are passed > internally via compiler macros (-D) to the imx-image host tool. PKCS#11 > URIs usually contain semicolons. The semicolons didn't make it through > to the imx-image configuration file due to wrong escapes. Fix this by > expanding the environment variables using make rather than shell. > > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Tested-by: Bastian Krause <bst@pengutronix.de> Thanks! Regards, Bastian > --- > scripts/Makefile.lib | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib > index f195ddb7e8..7dcd8c9892 100644 > --- a/scripts/Makefile.lib > +++ b/scripts/Makefile.lib > @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \ > overwrite-hab-env = $(shell set -e; \ > test -n "$(CONFIG_HAB_CERTS_ENV)"; \ > test -n "$$$(1)"; \ > - echo -D$(1)=\\\"$(shell echo $$$(1))\\\") > + echo -D$(1)=\''"${${1}}"'\') > > overwrite-fit-env = $(shell set -e; \ > test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \ -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables 2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer 2025-01-16 10:25 ` Bastian Krause @ 2025-01-16 11:07 ` Sascha Hauer 2025-01-16 11:12 ` Ahmad Fatoum 2 siblings, 0 replies; 8+ messages in thread From: Sascha Hauer @ 2025-01-16 11:07 UTC (permalink / raw) To: Barebox List, Sascha Hauer; +Cc: Bastian Krause On Thu, 16 Jan 2025 10:38:59 +0100, Sascha Hauer wrote: > With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB > certificates are taken from environment variables (allowing for better > integration with build systems). In this case these values are passed > internally via compiler macros (-D) to the imx-image host tool. PKCS#11 > URIs usually contain semicolons. The semicolons didn't make it through > to the imx-image configuration file due to wrong escapes. Fix this by > expanding the environment variables using make rather than shell. > > [...] Applied, thanks! [1/1] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables https://git.pengutronix.de/cgit/barebox/commit/?id=e6a4f1f25a76 (link may not be stable) Best regards, -- Sascha Hauer <s.hauer@pengutronix.de> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables 2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer 2025-01-16 10:25 ` Bastian Krause 2025-01-16 11:07 ` Sascha Hauer @ 2025-01-16 11:12 ` Ahmad Fatoum 2025-01-16 11:26 ` Bastian Krause 2 siblings, 1 reply; 8+ messages in thread From: Ahmad Fatoum @ 2025-01-16 11:12 UTC (permalink / raw) To: Sascha Hauer, Barebox List; +Cc: Bastian Krause On 16.01.25 10:38, Sascha Hauer wrote: > With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB > certificates are taken from environment variables (allowing for better > integration with build systems). In this case these values are passed > internally via compiler macros (-D) to the imx-image host tool. PKCS#11 > URIs usually contain semicolons. The semicolons didn't make it through > to the imx-image configuration file due to wrong escapes. Fix this by > expanding the environment variables using make rather than shell. > > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> > --- > scripts/Makefile.lib | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib > index f195ddb7e8..7dcd8c9892 100644 > --- a/scripts/Makefile.lib > +++ b/scripts/Makefile.lib > @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \ > overwrite-hab-env = $(shell set -e; \ > test -n "$(CONFIG_HAB_CERTS_ENV)"; \ > test -n "$$$(1)"; \ > - echo -D$(1)=\\\"$(shell echo $$$(1))\\\") > + echo -D$(1)=\''"${${1}}"'\') Does {} and () make a difference here? > > overwrite-fit-env = $(shell set -e; \ > test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \ -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables 2025-01-16 11:12 ` Ahmad Fatoum @ 2025-01-16 11:26 ` Bastian Krause 2025-01-16 13:50 ` Ahmad Fatoum 0 siblings, 1 reply; 8+ messages in thread From: Bastian Krause @ 2025-01-16 11:26 UTC (permalink / raw) To: Ahmad Fatoum, Sascha Hauer, Barebox List On 1/16/25 12:12 PM, Ahmad Fatoum wrote: > On 16.01.25 10:38, Sascha Hauer wrote: >> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB >> certificates are taken from environment variables (allowing for better >> integration with build systems). In this case these values are passed >> internally via compiler macros (-D) to the imx-image host tool. PKCS#11 >> URIs usually contain semicolons. The semicolons didn't make it through >> to the imx-image configuration file due to wrong escapes. Fix this by >> expanding the environment variables using make rather than shell. >> >> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> >> --- >> scripts/Makefile.lib | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib >> index f195ddb7e8..7dcd8c9892 100644 >> --- a/scripts/Makefile.lib >> +++ b/scripts/Makefile.lib >> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \ >> overwrite-hab-env = $(shell set -e; \ >> test -n "$(CONFIG_HAB_CERTS_ENV)"; \ >> test -n "$$$(1)"; \ >> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\") >> + echo -D$(1)=\''"${${1}}"'\') > > Does {} and () make a difference here? I don't think so. This also works: - echo -D$(1)=\''"${${1}}"'\') + echo -D$(1)=\''"$($(1))"'\') Bastian > >> >> overwrite-fit-env = $(shell set -e; \ >> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \ > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables 2025-01-16 11:26 ` Bastian Krause @ 2025-01-16 13:50 ` Ahmad Fatoum 2025-01-16 14:34 ` Bastian Krause 0 siblings, 1 reply; 8+ messages in thread From: Ahmad Fatoum @ 2025-01-16 13:50 UTC (permalink / raw) To: Bastian Krause, Sascha Hauer, Barebox List On 16.01.25 12:26, Bastian Krause wrote: > On 1/16/25 12:12 PM, Ahmad Fatoum wrote: >> On 16.01.25 10:38, Sascha Hauer wrote: >>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB >>> certificates are taken from environment variables (allowing for better >>> integration with build systems). In this case these values are passed >>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11 >>> URIs usually contain semicolons. The semicolons didn't make it through >>> to the imx-image configuration file due to wrong escapes. Fix this by >>> expanding the environment variables using make rather than shell. >>> >>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> >>> --- >>> scripts/Makefile.lib | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib >>> index f195ddb7e8..7dcd8c9892 100644 >>> --- a/scripts/Makefile.lib >>> +++ b/scripts/Makefile.lib >>> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \ >>> overwrite-hab-env = $(shell set -e; \ >>> test -n "$(CONFIG_HAB_CERTS_ENV)"; \ >>> test -n "$$$(1)"; \ >>> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\") >>> + echo -D$(1)=\''"${${1}}"'\') >> >> Does {} and () make a difference here? > > I don't think so. This also works: > > - echo -D$(1)=\''"${${1}}"'\') > + echo -D$(1)=\''"$($(1))"'\') Thanks for testing. @Sascha, can you switch to using () instead? Otherwise it's confusing to have $(1) on the left-hand side, but ${1} on the right. (My personal favorite would be -D$(1)=$(call stringify,$($(1))) FWIW, provided that it works as intended) Thanks, Ahmad > > Bastian > >> >>> overwrite-fit-env = $(shell set -e; \ >>> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \ >> >> > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables 2025-01-16 13:50 ` Ahmad Fatoum @ 2025-01-16 14:34 ` Bastian Krause 2025-01-16 14:35 ` Ahmad Fatoum 0 siblings, 1 reply; 8+ messages in thread From: Bastian Krause @ 2025-01-16 14:34 UTC (permalink / raw) To: Ahmad Fatoum, Sascha Hauer, Barebox List On 1/16/25 2:50 PM, Ahmad Fatoum wrote: > On 16.01.25 12:26, Bastian Krause wrote: >> On 1/16/25 12:12 PM, Ahmad Fatoum wrote: >>> On 16.01.25 10:38, Sascha Hauer wrote: >>>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB >>>> certificates are taken from environment variables (allowing for better >>>> integration with build systems). In this case these values are passed >>>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11 >>>> URIs usually contain semicolons. The semicolons didn't make it through >>>> to the imx-image configuration file due to wrong escapes. Fix this by >>>> expanding the environment variables using make rather than shell. >>>> >>>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> >>>> --- >>>> scripts/Makefile.lib | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib >>>> index f195ddb7e8..7dcd8c9892 100644 >>>> --- a/scripts/Makefile.lib >>>> +++ b/scripts/Makefile.lib >>>> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \ >>>> overwrite-hab-env = $(shell set -e; \ >>>> test -n "$(CONFIG_HAB_CERTS_ENV)"; \ >>>> test -n "$$$(1)"; \ >>>> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\") >>>> + echo -D$(1)=\''"${${1}}"'\') >>> >>> Does {} and () make a difference here? >> >> I don't think so. This also works: >> >> - echo -D$(1)=\''"${${1}}"'\') >> + echo -D$(1)=\''"$($(1))"'\') > > Thanks for testing. @Sascha, can you switch to using () instead? > Otherwise it's confusing to have $(1) on the left-hand side, > but ${1} on the right. Makes sense. > > (My personal favorite would be -D$(1)=$(call stringify,$($(1))) FWIW, > provided that it works as intended) Unfortunately.. - echo -D$(1)=\''"${${1}}"'\') + echo -D$(1)=$(call stringify,$($(1)))) ..does not work if the value contains a semicolon. Regards, Bastian > > Thanks, > Ahmad > >> >> Bastian >> >>> >>>> overwrite-fit-env = $(shell set -e; \ >>>> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \ >>> >>> >> >> > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables 2025-01-16 14:34 ` Bastian Krause @ 2025-01-16 14:35 ` Ahmad Fatoum 0 siblings, 0 replies; 8+ messages in thread From: Ahmad Fatoum @ 2025-01-16 14:35 UTC (permalink / raw) To: Bastian Krause, Sascha Hauer, Barebox List On 16.01.25 15:34, Bastian Krause wrote: > On 1/16/25 2:50 PM, Ahmad Fatoum wrote: >> On 16.01.25 12:26, Bastian Krause wrote: >>> On 1/16/25 12:12 PM, Ahmad Fatoum wrote: >>>> On 16.01.25 10:38, Sascha Hauer wrote: >>>>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB >>>>> certificates are taken from environment variables (allowing for better >>>>> integration with build systems). In this case these values are passed >>>>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11 >>>>> URIs usually contain semicolons. The semicolons didn't make it through >>>>> to the imx-image configuration file due to wrong escapes. Fix this by >>>>> expanding the environment variables using make rather than shell. >>>>> >>>>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> >>>>> --- >>>>> scripts/Makefile.lib | 2 +- >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> >>>>> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib >>>>> index f195ddb7e8..7dcd8c9892 100644 >>>>> --- a/scripts/Makefile.lib >>>>> +++ b/scripts/Makefile.lib >>>>> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \ >>>>> overwrite-hab-env = $(shell set -e; \ >>>>> test -n "$(CONFIG_HAB_CERTS_ENV)"; \ >>>>> test -n "$$$(1)"; \ >>>>> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\") >>>>> + echo -D$(1)=\''"${${1}}"'\') >>>> >>>> Does {} and () make a difference here? >>> >>> I don't think so. This also works: >>> >>> - echo -D$(1)=\''"${${1}}"'\') >>> + echo -D$(1)=\''"$($(1))"'\') >> >> Thanks for testing. @Sascha, can you switch to using () instead? >> Otherwise it's confusing to have $(1) on the left-hand side, >> but ${1} on the right. > > Makes sense. > >> >> (My personal favorite would be -D$(1)=$(call stringify,$($(1))) FWIW, >> provided that it works as intended) > > Unfortunately.. > > - echo -D$(1)=\''"${${1}}"'\') > + echo -D$(1)=$(call stringify,$($(1)))) > > ..does not work if the value contains a semicolon. :-( Thanks for testing, Ahmad > > Regards, > Bastian > >> >> Thanks, >> Ahmad >> >>> >>> Bastian >>> >>>> >>>>> overwrite-fit-env = $(shell set -e; \ >>>>> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \ >>>> >>>> >>> >>> >> >> > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-01-16 14:37 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer 2025-01-16 10:25 ` Bastian Krause 2025-01-16 11:07 ` Sascha Hauer 2025-01-16 11:12 ` Ahmad Fatoum 2025-01-16 11:26 ` Bastian Krause 2025-01-16 13:50 ` Ahmad Fatoum 2025-01-16 14:34 ` Bastian Krause 2025-01-16 14:35 ` Ahmad Fatoum
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox