From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: (from localhost user: 'ladis' uid#1021 fake: STDIN (ladis@eddie.linux-mips.org)) by eddie.linux-mips.org id S23991212AbgIXLPYwN51m (ORCPT + 1 other); Thu, 24 Sep 2020 13:15:24 +0200 Date: Thu, 24 Sep 2020 13:15:22 +0200 From: Ladislav Michl Message-ID: <20200924111522.GA229137@lenoch> References: <20200617143125.23999-1-bst@pengutronix.de> <20200617143125.23999-3-bst@pengutronix.de> <20200924100427.GA225235@lenoch> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Subject: Re: [ptxdist] [PATCH v3 2/6] package templates: add code-signing-provider template List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: Bastian Krause Cc: ptxdist@pengutronix.de Hi Bastian, On Thu, Sep 24, 2020 at 01:05:31PM +0200, Bastian Krause wrote: [doc quote deleted] > After reading the quoted documentation snippets above (and assuming the > error message triggers correctly now), do you still think this needs > documentation improvement? If yes, you're very welcome to add an > explanation to the signing doc section (maybe an info box?) to help > others migrate their development key material into a code signing > provider for the sake of backwards compatibility. I needed to handle this situation (I guess many people find it familiar): Board is using rauc for updates, keys was generated using previously provided script and boards were supposed to stay near developers until software stack is finalized. As always that was not the case and now we need to update then. Templated provider does not add ca.cert.pem, so generating rauc will end with error (Failed to create bundle: failed signing bundle: signature verification failed: Verify error: unable to get local issuer certificate). This way you can at least prepare firmware using recent ptxdist with properly generated keys. If there is any other option, please let me know. ladis _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de