Open-CMSIS-Pack Technical Meeting 2021-09-21


Sep 21, 2021


Jonatan Antoni

Daniel Brondani

Maxime Dortel

Bill Fletcher

Marc Goodner

Joachim Krech

David Leach

Charles Oliveira

David Jurajda

Petr Hradsky




Digital signing of packs (issue #8)

Add new signing tool to generate a signed file

cpacksec implements GPG in golang

Add vendor public keys in cpackget binary

JK: Scaling issue if need to create a new binary for each vendor key. Should we have a vendor registration process? A way to authenticate keys without changing the binary. Also timestamps - on Windows at least don’t know when the timestamp gets changed.

JA: Key of a vendor may change over time. Typically keys have expiration, or need to be revoked. Should always be able to install a pack that is 10 years old.

CO: Could have someone on our side signing (trusted source) vendor keys so they can be uploaded to key servers.

DB: What about putting (pointing to) keys in pack index?

CO: If keys are in vendor infrastructure believe they need to be signed by a trusted source.

“projmgr” (issue #12)

JK: Since no longer specify secure attribute will not show in target. Will assume it’s compiling secure which will clash with non-secure source.

DB: Could have secure attribute and try to add non-secure variant. “No component found with these key words”.

MG: Is the scope C project files or include CMake?

DB: Scope is limited to a project manager tool. Does not have any connection with CMake. Specific lists are made in the build phase. Could in future make CMake list from yaml file. That would be MVP, but could support multiple projects - several layers and build order of projects.

JK: Project files are golden reference. Here we are trying to find a way to generate projects in a user friendly way.

Config/Template file specification extensions (issue #10)

DJ: We are partially solving this with template components and a separated folder. Not just marking the files but creating separate components. Not differentiating templates and configs.

JK: Could you add this as a summary in the issue.