Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unify, deduplicate and simplify key setup #139

Merged
merged 4 commits into from
Feb 5, 2025
Merged

Unify, deduplicate and simplify key setup #139

merged 4 commits into from
Feb 5, 2025

Conversation

ejoerns
Copy link
Member

@ejoerns ejoerns commented Feb 1, 2025

The example key handling in meta-rauc-community is a bit historically grown. Some layers use a script to generate keys on first usage, some have pre-generated keys, but the same keys are duplicated across the layers.

This PR unifies the setup by using a single pre-generated set of keys for all layers and removes the key generation which does not add sufficient benefit. Also, move the variable setting to the layer.conf.

@ejoerns
nxp: remove hint on create-example-keys.sh
99e8310 
The layer comes with pre-generated keys, thus there is no need to
generate new ones.

Signed-off-by: Enrico Jörns <[email protected]>
@ejoerns ejoerns added the cleanup label Feb 1, 2025
@ejoerns ejoerns requested review from jluebbe and leon-anavi February 1, 2025 21:05
@ejoerns ejoerns self-assigned this Feb 4, 2025
@ejoerns
rauc-conf: don't add ca.cert.pem to SRC_URI again
82d8ede 
It's already added by meta-rauc, thus no need to add it again.
It's also not necessary to use immediate expansions for this.

Signed-off-by: Enrico Jörns <[email protected]>
@ejoerns
unify certs and keys used
823ed14 
The certs and keys used are only redundant copies of the exact same set.
To reduce duplication and simplify adding further platforms, move them
all into a common directory of the base repo.

Signed-off-by: Enrico Jörns <[email protected]>
@ejoerns
qemuarm/qemux86: replace key generation by pre-generated keys
b656947 
Most layers use pre-generated keys anyway and while generating keys
might motivate to not use known keys for production, people might
misunderstand the scripts as a recommendation for creating their own
PKIs.

Signed-off-by: Enrico Jörns <[email protected]>
@ejoerns
Copy link
Member Author

ejoerns commented Feb 4, 2025

I've now fixed the keyring handling by removing conflicting and non-required SRC_URI:appends and setting RAUC_KEYRING_FILE properly.

@ejoerns ejoerns assigned jluebbe and unassigned ejoerns Feb 4, 2025
@leon-anavi leon-anavi merged commit 793d36a into rauc:master Feb 5, 2025
3 checks passed
@leon-anavi leon-anavi mentioned this pull request Feb 5, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leon-anavi leon-anavi leon-anavi approved these changes

@jluebbe jluebbe Awaiting requested review from jluebbe

Assignees

@jluebbe jluebbe

Labels
cleanup
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ejoerns @leon-anavi @jluebbe