[Buildroot] [PATCH 1/1] package/sscep: new package

[Buildroot] [PATCH 1/1] package/sscep: new package

[Dario Binacchi]

SSCEP is a client-only implementation of the SCEP (Cisco System's Simple
Certificate Enrollment Protocol).

The goal of SCEP is to support the secure issuance of certificates to
network devices in a scalable manner, using existing technology whenever
possible. The protocol supports the following operations:

* CA and RA public key distribution
* Certificate enrollment
* Certificate and CRL query

Certificate and CRL access can be achieved by using the LDAP protocol,
or by using the query messages defined in SCEP.

CC: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
---
 DEVELOPERS               |  1 +
 package/Config.in        |  1 +
 package/sscep/Config.in  |  9 +++++++++
 package/sscep/sscep.hash |  3 +++
 package/sscep/sscep.mk   | 14 ++++++++++++++
 5 files changed, 28 insertions(+)
 create mode 100644 package/sscep/Config.in
 create mode 100644 package/sscep/sscep.hash
 create mode 100644 package/sscep/sscep.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 81e6cd54abcc..f0ba196ad06b 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -681,6 +681,7 @@ F:	package/luaexpat/
 F:	package/xinetd/
 
 N:	Dario Binacchi <dario.binacchi@amarulasolutions.com>
+F:	package/sscep/
 F:	package/uuu/
 
 N:	Dario Binacchi <dariobin@libero.it>
diff --git a/package/Config.in b/package/Config.in
index aef80f9ab0f2..736428a4589d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1949,6 +1949,7 @@ menu "Networking"
 	source "package/slirp4netns/Config.in"
 	source "package/snmppp/Config.in"
 	source "package/sofia-sip/Config.in"
+	source "package/sscep/Config.in"
 	source "package/sysrepo/Config.in"
 	source "package/thrift/Config.in"
 	source "package/usbredir/Config.in"
diff --git a/package/sscep/Config.in b/package/sscep/Config.in
new file mode 100644
index 000000000000..d4847f1b8a75
--- /dev/null
+++ b/package/sscep/Config.in
@@ -0,0 +1,9 @@
+config BR2_PACKAGE_SSCEP
+	bool "sscep"
+	depends on BR2_PACKAGE_OPENSSL
+	help
+	  SSCEP is a client-only implementation of the SCEP
+	  (Cisco System's Simple Certificate Enrollment Protocol).
+
+	  https://github.com/certnanny/sscep
+
diff --git a/package/sscep/sscep.hash b/package/sscep/sscep.hash
new file mode 100644
index 000000000000..050f7feb1594
--- /dev/null
+++ b/package/sscep/sscep.hash
@@ -0,0 +1,3 @@
+# locally computed
+sha256  489cc8e093986776eb3f15082bf766778f707176f3cd604bf0ef1008da06b8e5  sscep-v0.10.0.tar.gz
+sha256  e1328c292102a22c10e8dcfbfda33740f603767c73f8c5b5189c5513eb6b4dea  COPYING
diff --git a/package/sscep/sscep.mk b/package/sscep/sscep.mk
new file mode 100644
index 000000000000..f59f4bd03bbc
--- /dev/null
+++ b/package/sscep/sscep.mk
@@ -0,0 +1,14 @@
+################################################################################
+#
+# sscep
+#
+################################################################################
+
+SSCEP_VERSION = v0.10.0
+SSCEP_SITE = $(call github,certnanny,sscep,$(SSCEP_VERSION))
+SSCEP_LICENSE = BSD
+SSCEP_LICENSE_FILES = COPYING
+SSCEP_AUTORECONF = YES
+SSCEP_DEPENDENCIES += openssl
+
+$(eval $(autotools-package))
-- 
2.32.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/sscep: new package

[Thomas Petazzoni via buildroot]

Hello Dario,

On Fri, 11 Nov 2022 14:32:54 +0100
Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote:

> SSCEP is a client-only implementation of the SCEP (Cisco System's Simple
> Certificate Enrollment Protocol).
> 
> The goal of SCEP is to support the secure issuance of certificates to
> network devices in a scalable manner, using existing technology whenever
> possible. The protocol supports the following operations:
> 
> * CA and RA public key distribution
> * Certificate enrollment
> * Certificate and CRL query
> 
> Certificate and CRL access can be achieved by using the LDAP protocol,
> or by using the query messages defined in SCEP.
> 
> CC: Angelo Compagnucci <angelo@amarulasolutions.com>
> Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
> Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>

Thanks for your contribution. I applied to master, but after fixing a
number of things. See below.


> diff --git a/package/sscep/Config.in b/package/sscep/Config.in
> new file mode 100644
> index 000000000000..d4847f1b8a75
> --- /dev/null
> +++ b/package/sscep/Config.in
> @@ -0,0 +1,9 @@
> +config BR2_PACKAGE_SSCEP
> +	bool "sscep"
> +	depends on BR2_PACKAGE_OPENSSL

This should have been a "select", not a "depends on".

> diff --git a/package/sscep/sscep.mk b/package/sscep/sscep.mk
> new file mode 100644
> index 000000000000..f59f4bd03bbc
> --- /dev/null
> +++ b/package/sscep/sscep.mk
> @@ -0,0 +1,14 @@
> +################################################################################
> +#
> +# sscep
> +#
> +################################################################################
> +
> +SSCEP_VERSION = v0.10.0
> +SSCEP_SITE = $(call github,certnanny,sscep,$(SSCEP_VERSION))

This should have been:

+SSCEP_VERSION = 0.10.0
+SSCEP_SITE = $(call github,certnanny,sscep,v$(SSCEP_VERSION))

I.e the "v" prefix should not be in the VERSION variable.

> +SSCEP_LICENSE = BSD

BSD is not a valid SPDX license code and is not specific enough. I've
changed this to:

+SSCEP_LICENSE = BSD-2-Clause, OpenSSL, OpenOSP


> +SSCEP_LICENSE_FILES = COPYING
> +SSCEP_AUTORECONF = YES
> +SSCEP_DEPENDENCIES += openssl

+= is not needed, a simple = is sufficient. But more importantly, the
host-pkgconf dependency was missing, causing the package to fail
building.

I've addressed all those small issues when committing.

Thanks again!

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/sscep: new package

[Dario Binacchi]

Hello Thomas,

On Tue, Nov 22, 2022 at 11:27 PM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> Hello Dario,
>
> On Fri, 11 Nov 2022 14:32:54 +0100
> Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote:
>
> > SSCEP is a client-only implementation of the SCEP (Cisco System's Simple
> > Certificate Enrollment Protocol).
> >
> > The goal of SCEP is to support the secure issuance of certificates to
> > network devices in a scalable manner, using existing technology whenever
> > possible. The protocol supports the following operations:
> >
> > * CA and RA public key distribution
> > * Certificate enrollment
> > * Certificate and CRL query
> >
> > Certificate and CRL access can be achieved by using the LDAP protocol,
> > or by using the query messages defined in SCEP.
> >
> > CC: Angelo Compagnucci <angelo@amarulasolutions.com>
> > Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
> > Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
>
> Thanks for your contribution. I applied to master, but after fixing a
> number of things. See below.
>
>
> > diff --git a/package/sscep/Config.in b/package/sscep/Config.in
> > new file mode 100644
> > index 000000000000..d4847f1b8a75
> > --- /dev/null
> > +++ b/package/sscep/Config.in
> > @@ -0,0 +1,9 @@
> > +config BR2_PACKAGE_SSCEP
> > +     bool "sscep"
> > +     depends on BR2_PACKAGE_OPENSSL
>
> This should have been a "select", not a "depends on".
>
> > diff --git a/package/sscep/sscep.mk b/package/sscep/sscep.mk
> > new file mode 100644
> > index 000000000000..f59f4bd03bbc
> > --- /dev/null
> > +++ b/package/sscep/sscep.mk
> > @@ -0,0 +1,14 @@
> > +################################################################################
> > +#
> > +# sscep
> > +#
> > +################################################################################
> > +
> > +SSCEP_VERSION = v0.10.0
> > +SSCEP_SITE = $(call github,certnanny,sscep,$(SSCEP_VERSION))
>
> This should have been:
>
> +SSCEP_VERSION = 0.10.0
> +SSCEP_SITE = $(call github,certnanny,sscep,v$(SSCEP_VERSION))
>
> I.e the "v" prefix should not be in the VERSION variable.
>
> > +SSCEP_LICENSE = BSD
>
> BSD is not a valid SPDX license code and is not specific enough. I've
> changed this to:
>
> +SSCEP_LICENSE = BSD-2-Clause, OpenSSL, OpenOSP
>
>
> > +SSCEP_LICENSE_FILES = COPYING
> > +SSCEP_AUTORECONF = YES
> > +SSCEP_DEPENDENCIES += openssl
>
> += is not needed, a simple = is sufficient. But more importantly, the
> host-pkgconf dependency was missing, causing the package to fail
> building.
>
> I've addressed all those small issues when committing.

Thanks for your fixings and explanations.

Best regards,

Dario

>
> Thanks again!
>
> Best regards,
>
> Thomas
> --
> Thomas Petazzoni, co-owner and CEO, Bootlin
> Embedded Linux and Kernel engineering and training
> https://bootlin.com



-- 

Dario Binacchi

Embedded Linux Developer

dario.binacchi@amarulasolutions.com

__________________________________


Amarula Solutions SRL

Via Le Canevare 30, 31100 Treviso, Veneto, IT

T. +39 042 243 5310
info@amarulasolutions.com

www.amarulasolutions.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot