From: Ladislav Michl <ladis@linux-mips.org>
To: Bastian Krause <bst@pengutronix.de>
Cc: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v3 2/6] package templates: add code-signing-provider template
Date: Thu, 24 Sep 2020 13:15:22 +0200 [thread overview]
Message-ID: <20200924111522.GA229137@lenoch> (raw)
In-Reply-To: <ebbda4c0-4003-e57d-08c0-ea8946358975@pengutronix.de>
Hi Bastian,
On Thu, Sep 24, 2020 at 01:05:31PM +0200, Bastian Krause wrote:
[doc quote deleted]
> After reading the quoted documentation snippets above (and assuming the
> error message triggers correctly now), do you still think this needs
> documentation improvement? If yes, you're very welcome to add an
> explanation to the signing doc section (maybe an info box?) to help
> others migrate their development key material into a code signing
> provider for the sake of backwards compatibility.
I needed to handle this situation (I guess many people find it familiar):
Board is using rauc for updates, keys was generated using previously
provided script and boards were supposed to stay near developers until
software stack is finalized. As always that was not the case and now
we need to update then. Templated provider does not add ca.cert.pem,
so generating rauc will end with error (Failed to create bundle:
failed signing bundle: signature verification failed: Verify error:
unable to get local issuer certificate).
This way you can at least prepare firmware using recent ptxdist
with properly generated keys. If there is any other option,
please let me know.
ladis
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
next prev parent reply other threads:[~2020-09-24 11:15 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-17 14:31 [ptxdist] [PATCH v3 0/6] Add code-signing-provider template, add code signing docs Bastian Krause
2020-06-17 14:31 ` [ptxdist] [PATCH v3 1/6] ptxd_lib_template: add ptxd_template_read_options Bastian Krause
2020-06-19 6:24 ` Michael Olbrich
2020-06-19 8:13 ` Bastian Krause
2020-06-19 22:04 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-06-17 14:31 ` [ptxdist] [PATCH v3 2/6] package templates: add code-signing-provider template Bastian Krause
2020-06-18 11:40 ` Roland Hieber
2020-06-18 11:50 ` Bastian Krause
2020-06-19 6:12 ` Michael Olbrich
2020-06-19 6:28 ` Michael Olbrich
2020-06-19 7:52 ` Bastian Krause
2020-06-19 22:04 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-09-24 10:04 ` [ptxdist] [PATCH v3 2/6] " Ladislav Michl
2020-09-24 11:05 ` Bastian Krause
2020-09-24 11:15 ` Ladislav Michl [this message]
2020-09-24 12:23 ` Bastian Krause
2020-06-17 14:31 ` [ptxdist] [PATCH v3 3/6] doc: dev_manual: split up into multiple files Bastian Krause
2020-06-19 22:04 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-06-17 14:31 ` [ptxdist] [PATCH v3 4/6] doc: move code signing docs from scripts/ into doc/ Bastian Krause
2020-06-19 22:04 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-06-17 14:31 ` [ptxdist] [PATCH v3 5/6] doc: dev_code_signing: rework and extend code signing section Bastian Krause
2020-06-19 22:04 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-06-17 14:31 ` [ptxdist] [PATCH v3 6/6] doc: introduce ref_code_signing_helpers Bastian Krause
2020-06-19 22:04 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200924111522.GA229137@lenoch \
--to=ladis@linux-mips.org \
--cc=bst@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox