* [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
@ 2025-01-16 9:38 Sascha Hauer
2025-01-16 10:25 ` Bastian Krause
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Sascha Hauer @ 2025-01-16 9:38 UTC (permalink / raw)
To: Barebox List; +Cc: Bastian Krause
With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
certificates are taken from environment variables (allowing for better
integration with build systems). In this case these values are passed
internally via compiler macros (-D) to the imx-image host tool. PKCS#11
URIs usually contain semicolons. The semicolons didn't make it through
to the imx-image configuration file due to wrong escapes. Fix this by
expanding the environment variables using make rather than shell.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
scripts/Makefile.lib | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index f195ddb7e8..7dcd8c9892 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
overwrite-hab-env = $(shell set -e; \
test -n "$(CONFIG_HAB_CERTS_ENV)"; \
test -n "$$$(1)"; \
- echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
+ echo -D$(1)=\''"${${1}}"'\')
overwrite-fit-env = $(shell set -e; \
test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
--
2.39.5
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer
@ 2025-01-16 10:25 ` Bastian Krause
2025-01-16 11:07 ` Sascha Hauer
2025-01-16 11:12 ` Ahmad Fatoum
2 siblings, 0 replies; 8+ messages in thread
From: Bastian Krause @ 2025-01-16 10:25 UTC (permalink / raw)
To: Sascha Hauer, Barebox List
On 1/16/25 10:38 AM, Sascha Hauer wrote:
> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
> certificates are taken from environment variables (allowing for better
> integration with build systems). In this case these values are passed
> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
> URIs usually contain semicolons. The semicolons didn't make it through
> to the imx-image configuration file due to wrong escapes. Fix this by
> expanding the environment variables using make rather than shell.
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Tested-by: Bastian Krause <bst@pengutronix.de>
Thanks!
Regards,
Bastian
> ---
> scripts/Makefile.lib | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index f195ddb7e8..7dcd8c9892 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
> overwrite-hab-env = $(shell set -e; \
> test -n "$(CONFIG_HAB_CERTS_ENV)"; \
> test -n "$$$(1)"; \
> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
> + echo -D$(1)=\''"${${1}}"'\')
>
> overwrite-fit-env = $(shell set -e; \
> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer
2025-01-16 10:25 ` Bastian Krause
@ 2025-01-16 11:07 ` Sascha Hauer
2025-01-16 11:12 ` Ahmad Fatoum
2 siblings, 0 replies; 8+ messages in thread
From: Sascha Hauer @ 2025-01-16 11:07 UTC (permalink / raw)
To: Barebox List, Sascha Hauer; +Cc: Bastian Krause
On Thu, 16 Jan 2025 10:38:59 +0100, Sascha Hauer wrote:
> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
> certificates are taken from environment variables (allowing for better
> integration with build systems). In this case these values are passed
> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
> URIs usually contain semicolons. The semicolons didn't make it through
> to the imx-image configuration file due to wrong escapes. Fix this by
> expanding the environment variables using make rather than shell.
>
> [...]
Applied, thanks!
[1/1] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
https://git.pengutronix.de/cgit/barebox/commit/?id=e6a4f1f25a76 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer
2025-01-16 10:25 ` Bastian Krause
2025-01-16 11:07 ` Sascha Hauer
@ 2025-01-16 11:12 ` Ahmad Fatoum
2025-01-16 11:26 ` Bastian Krause
2 siblings, 1 reply; 8+ messages in thread
From: Ahmad Fatoum @ 2025-01-16 11:12 UTC (permalink / raw)
To: Sascha Hauer, Barebox List; +Cc: Bastian Krause
On 16.01.25 10:38, Sascha Hauer wrote:
> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
> certificates are taken from environment variables (allowing for better
> integration with build systems). In this case these values are passed
> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
> URIs usually contain semicolons. The semicolons didn't make it through
> to the imx-image configuration file due to wrong escapes. Fix this by
> expanding the environment variables using make rather than shell.
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
> scripts/Makefile.lib | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index f195ddb7e8..7dcd8c9892 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
> overwrite-hab-env = $(shell set -e; \
> test -n "$(CONFIG_HAB_CERTS_ENV)"; \
> test -n "$$$(1)"; \
> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
> + echo -D$(1)=\''"${${1}}"'\')
Does {} and () make a difference here?
>
> overwrite-fit-env = $(shell set -e; \
> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
2025-01-16 11:12 ` Ahmad Fatoum
@ 2025-01-16 11:26 ` Bastian Krause
2025-01-16 13:50 ` Ahmad Fatoum
0 siblings, 1 reply; 8+ messages in thread
From: Bastian Krause @ 2025-01-16 11:26 UTC (permalink / raw)
To: Ahmad Fatoum, Sascha Hauer, Barebox List
On 1/16/25 12:12 PM, Ahmad Fatoum wrote:
> On 16.01.25 10:38, Sascha Hauer wrote:
>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
>> certificates are taken from environment variables (allowing for better
>> integration with build systems). In this case these values are passed
>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
>> URIs usually contain semicolons. The semicolons didn't make it through
>> to the imx-image configuration file due to wrong escapes. Fix this by
>> expanding the environment variables using make rather than shell.
>>
>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>> ---
>> scripts/Makefile.lib | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
>> index f195ddb7e8..7dcd8c9892 100644
>> --- a/scripts/Makefile.lib
>> +++ b/scripts/Makefile.lib
>> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
>> overwrite-hab-env = $(shell set -e; \
>> test -n "$(CONFIG_HAB_CERTS_ENV)"; \
>> test -n "$$$(1)"; \
>> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
>> + echo -D$(1)=\''"${${1}}"'\')
>
> Does {} and () make a difference here?
I don't think so. This also works:
- echo -D$(1)=\''"${${1}}"'\')
+ echo -D$(1)=\''"$($(1))"'\')
Bastian
>
>>
>> overwrite-fit-env = $(shell set -e; \
>> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
2025-01-16 11:26 ` Bastian Krause
@ 2025-01-16 13:50 ` Ahmad Fatoum
2025-01-16 14:34 ` Bastian Krause
0 siblings, 1 reply; 8+ messages in thread
From: Ahmad Fatoum @ 2025-01-16 13:50 UTC (permalink / raw)
To: Bastian Krause, Sascha Hauer, Barebox List
On 16.01.25 12:26, Bastian Krause wrote:
> On 1/16/25 12:12 PM, Ahmad Fatoum wrote:
>> On 16.01.25 10:38, Sascha Hauer wrote:
>>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
>>> certificates are taken from environment variables (allowing for better
>>> integration with build systems). In this case these values are passed
>>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
>>> URIs usually contain semicolons. The semicolons didn't make it through
>>> to the imx-image configuration file due to wrong escapes. Fix this by
>>> expanding the environment variables using make rather than shell.
>>>
>>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>>> ---
>>> scripts/Makefile.lib | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
>>> index f195ddb7e8..7dcd8c9892 100644
>>> --- a/scripts/Makefile.lib
>>> +++ b/scripts/Makefile.lib
>>> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
>>> overwrite-hab-env = $(shell set -e; \
>>> test -n "$(CONFIG_HAB_CERTS_ENV)"; \
>>> test -n "$$$(1)"; \
>>> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
>>> + echo -D$(1)=\''"${${1}}"'\')
>>
>> Does {} and () make a difference here?
>
> I don't think so. This also works:
>
> - echo -D$(1)=\''"${${1}}"'\')
> + echo -D$(1)=\''"$($(1))"'\')
Thanks for testing. @Sascha, can you switch to using () instead?
Otherwise it's confusing to have $(1) on the left-hand side,
but ${1} on the right.
(My personal favorite would be -D$(1)=$(call stringify,$($(1))) FWIW,
provided that it works as intended)
Thanks,
Ahmad
>
> Bastian
>
>>
>>> overwrite-fit-env = $(shell set -e; \
>>> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
>>
>>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
2025-01-16 13:50 ` Ahmad Fatoum
@ 2025-01-16 14:34 ` Bastian Krause
2025-01-16 14:35 ` Ahmad Fatoum
0 siblings, 1 reply; 8+ messages in thread
From: Bastian Krause @ 2025-01-16 14:34 UTC (permalink / raw)
To: Ahmad Fatoum, Sascha Hauer, Barebox List
On 1/16/25 2:50 PM, Ahmad Fatoum wrote:
> On 16.01.25 12:26, Bastian Krause wrote:
>> On 1/16/25 12:12 PM, Ahmad Fatoum wrote:
>>> On 16.01.25 10:38, Sascha Hauer wrote:
>>>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
>>>> certificates are taken from environment variables (allowing for better
>>>> integration with build systems). In this case these values are passed
>>>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
>>>> URIs usually contain semicolons. The semicolons didn't make it through
>>>> to the imx-image configuration file due to wrong escapes. Fix this by
>>>> expanding the environment variables using make rather than shell.
>>>>
>>>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>>>> ---
>>>> scripts/Makefile.lib | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
>>>> index f195ddb7e8..7dcd8c9892 100644
>>>> --- a/scripts/Makefile.lib
>>>> +++ b/scripts/Makefile.lib
>>>> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
>>>> overwrite-hab-env = $(shell set -e; \
>>>> test -n "$(CONFIG_HAB_CERTS_ENV)"; \
>>>> test -n "$$$(1)"; \
>>>> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
>>>> + echo -D$(1)=\''"${${1}}"'\')
>>>
>>> Does {} and () make a difference here?
>>
>> I don't think so. This also works:
>>
>> - echo -D$(1)=\''"${${1}}"'\')
>> + echo -D$(1)=\''"$($(1))"'\')
>
> Thanks for testing. @Sascha, can you switch to using () instead?
> Otherwise it's confusing to have $(1) on the left-hand side,
> but ${1} on the right.
Makes sense.
>
> (My personal favorite would be -D$(1)=$(call stringify,$($(1))) FWIW,
> provided that it works as intended)
Unfortunately..
- echo -D$(1)=\''"${${1}}"'\')
+ echo -D$(1)=$(call stringify,$($(1))))
..does not work if the value contains a semicolon.
Regards,
Bastian
>
> Thanks,
> Ahmad
>
>>
>> Bastian
>>
>>>
>>>> overwrite-fit-env = $(shell set -e; \
>>>> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
>>>
>>>
>>
>>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables
2025-01-16 14:34 ` Bastian Krause
@ 2025-01-16 14:35 ` Ahmad Fatoum
0 siblings, 0 replies; 8+ messages in thread
From: Ahmad Fatoum @ 2025-01-16 14:35 UTC (permalink / raw)
To: Bastian Krause, Sascha Hauer, Barebox List
On 16.01.25 15:34, Bastian Krause wrote:
> On 1/16/25 2:50 PM, Ahmad Fatoum wrote:
>> On 16.01.25 12:26, Bastian Krause wrote:
>>> On 1/16/25 12:12 PM, Ahmad Fatoum wrote:
>>>> On 16.01.25 10:38, Sascha Hauer wrote:
>>>>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
>>>>> certificates are taken from environment variables (allowing for better
>>>>> integration with build systems). In this case these values are passed
>>>>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
>>>>> URIs usually contain semicolons. The semicolons didn't make it through
>>>>> to the imx-image configuration file due to wrong escapes. Fix this by
>>>>> expanding the environment variables using make rather than shell.
>>>>>
>>>>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>>>>> ---
>>>>> scripts/Makefile.lib | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
>>>>> index f195ddb7e8..7dcd8c9892 100644
>>>>> --- a/scripts/Makefile.lib
>>>>> +++ b/scripts/Makefile.lib
>>>>> @@ -579,7 +579,7 @@ cmd_imximage_S_dcd= \
>>>>> overwrite-hab-env = $(shell set -e; \
>>>>> test -n "$(CONFIG_HAB_CERTS_ENV)"; \
>>>>> test -n "$$$(1)"; \
>>>>> - echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
>>>>> + echo -D$(1)=\''"${${1}}"'\')
>>>>
>>>> Does {} and () make a difference here?
>>>
>>> I don't think so. This also works:
>>>
>>> - echo -D$(1)=\''"${${1}}"'\')
>>> + echo -D$(1)=\''"$($(1))"'\')
>>
>> Thanks for testing. @Sascha, can you switch to using () instead?
>> Otherwise it's confusing to have $(1) on the left-hand side,
>> but ${1} on the right.
>
> Makes sense.
>
>>
>> (My personal favorite would be -D$(1)=$(call stringify,$($(1))) FWIW,
>> provided that it works as intended)
>
> Unfortunately..
>
> - echo -D$(1)=\''"${${1}}"'\')
> + echo -D$(1)=$(call stringify,$($(1))))
>
> ..does not work if the value contains a semicolon.
:-(
Thanks for testing,
Ahmad
>
> Regards,
> Bastian
>
>>
>> Thanks,
>> Ahmad
>>
>>>
>>> Bastian
>>>
>>>>
>>>>> overwrite-fit-env = $(shell set -e; \
>>>>> test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-01-16 14:37 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-16 9:38 [PATCH] ARM: i.MX: HAB: Allow for semicolons in HAB environment variables Sascha Hauer
2025-01-16 10:25 ` Bastian Krause
2025-01-16 11:07 ` Sascha Hauer
2025-01-16 11:12 ` Ahmad Fatoum
2025-01-16 11:26 ` Bastian Krause
2025-01-16 13:50 ` Ahmad Fatoum
2025-01-16 14:34 ` Bastian Krause
2025-01-16 14:35 ` Ahmad Fatoum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox