From a1dd1906048d6a83061515ae00871e8f804297da Mon Sep 17 00:00:00 2001
From: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Date: Fri, 27 Jun 2025 14:18:22 +0200
Subject: [PATCH] signing.bbclass: remove signing_import_cert_chain_from_pem

With the now available set|get|has_ca functions to establish a CA link
between roles during their import, the
signing_import_cert_chain_from_pem can now be removed.  As it had the
shortcoming of dynamically creating roles, which are harder to handle
then the manually/specifically setup CA roles.

This effectively reverts:
a825b853634 signing.bbclass: add certificate ca-chain handling

Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-oe/classes/signing.bbclass | 29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index 6fde22bf22..5068360ca7 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -231,35 +231,6 @@ signing_get_root_cert() {
     echo "${cert_name}"
 }
 
-# signing_import_cert_chain_from_pem <role> <pem>
-#
-# Import a certificate *chain* from a PEM file to a role.
-# (e.g. multiple ones concatenated in one file)
-#
-# Due to limitations in the toolchain:
-#   signing class -> softhsm -> 'extract-cert'
-# the input certificate is split into a sequentially numbered list of roles,
-# starting at <role>_1
-#
-# (The limitations are the conversion step from x509 to a plain .der, and
-# extract-cert expecting a x509 and then producing only plain .der again)
-signing_import_cert_chain_from_pem() {
-    local role="${1}"
-    local pem="${2}"
-    local i=1
-
-    cat "${pem}" | \
-        while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do
-            signing_import_define_role "${role}_${i}"
-            signing_pkcs11_tool --type cert \
-                                --write-object  ${B}/temp_${i}.der \
-                                --label "${role}_${i}"
-            rm ${B}/temp_${i}.der
-            echo "imported ${pem} under role: ${role}_${i}"
-            i=$(awk "BEGIN {print $i+1}")
-        done
-}
-
 # signing_import_cert_from_pem <cert_name> <pem>
 #
 # Import a certificate from PEM file to a cert_name.