Draft: add support for using external cmd to do the payload signing of pvs/jose signatures
To test you can use:
$ cd /tmp/
$ pvr clone pantahub-ci/rock64_initial_latest
$ git clone https://gitlab.com/pantacor/pv-developer-ca
$ cd rock64_initial_latest
$ pvr sig --signcmd "openssl dgst -sign /tmp/pv-developer-ca/pki/private/pv-developer-01.key --keyform PEM -sha256" \
--signalgo RS256 \
--x5c /tmp/pv-developer-ca/pki/issued/pv-developer-01.crt \
add --part awconnect
to validate:
pvr sig --cacerts /tmp/pv-developer-ca/pki/ca.crt \
--key /tmp/pv-developer-ca/pki/private/pv-developer-01.key \
--x5c /tmp/pv-developer-ca/pki/issued/pv-developer-01.crt ls
x5c must be a certificate chain of cert and intermediate (without the actual root) as PEM and --cacerts must have the matching root of trust in PEM.