Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

Inject certificate used by sign_update function into mixer's chroot #85

Open
gtkramer opened this issue Dec 13, 2019 · 1 comment
Open

Inject certificate used by sign_update function into mixer's chroot #85

gtkramer opened this issue Dec 13, 2019 · 1 comment
Assignees
@gtkramer
Labels
effort 1 Low level of effort required
Milestone
Parity

Comments

@gtkramer
Copy link
Contributor

gtkramer commented Dec 13, 2019
edited
Loading

A file named os-core-update-extra-files needs to be created in mixer's server state directory containing the paths that need to be added to the os-core-update manifest. These files need to be created with the proper permissions inside mixer's full chroot. This needs done after mixer build bundles but before mixer build update. Without this, users are not able to perform swupd update from the content that mixer creates when custom update signing is used.

At a minimum, need the following:

/usr/share/clear/update-ca
/usr/share/clear/update-ca/Swupd_Root.pem

This is because swupd-client has an option in it's configure.ac for:

default_cert_path="/usr/share/clear/update-ca/Swupd_Root.pem"
@gtkramer gtkramer self-assigned this Dec 13, 2019
@gtkramer gtkramer mentioned this issue Dec 14, 2019
Closed
@gtkramer gtkramer added this to the Up-to-pair milestone Dec 18, 2019
@gtkramer gtkramer added the effort 1 Low level of effort required label Dec 20, 2019
@mbelluzzo
Copy link
Contributor

#88 was merged. So I think this can be closed now, right?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gtkramer gtkramer

Labels
effort 1 Low level of effort required
Projects
None yet
Milestone
Parity
Development

Successfully merging a pull request may close this issue.

[mixer] Inject Swupd_Root.pem when custom signing
2 participants
@mbelluzzo @gtkramer