39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
|
Generate Testing Certificate
|
||
|
|
----------------------------
|
||
|
|
|
||
|
|
The script `openssl-ca.sh` allows you to create a certificate and key that you
|
||
|
|
can use for a test-setup of RAUC.
|
||
|
|
|
||
|
|
To generate the required files, execute
|
||
|
|
|
||
|
|
./openssl-ca.sh
|
||
|
|
|
||
|
|
This will generate a folder `openssl-ca/` that contains the generated openssl
|
||
|
|
configuration file and a development certificate and key.
|
||
|
|
|
||
|
|
To use them in your BSP in order to sign and verify bundles, you have to:
|
||
|
|
|
||
|
|
1) Make the target rauc package use the generated keyring file:
|
||
|
|
|
||
|
|
Copy the keyring file `dev/ca.cert.pem` into your projects meta layer under
|
||
|
|
`recipes-core/rauc/files` and add a simple .bbappend file
|
||
|
|
`recipes-core/rauc/rauc-conf.bbappend` that adds the keyring file to the rauc
|
||
|
|
config package search path:
|
||
|
|
|
||
|
|
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
||
|
|
|
||
|
|
2) Make your bundle recipe use the generated key and certificate:
|
||
|
|
|
||
|
|
Copy the key file `dev/private/development-1.key.pem` and the cert file
|
||
|
|
`dev/development-1.cert.pem` to your projects meta layer in a global `files`
|
||
|
|
folder.
|
||
|
|
|
||
|
|
In your bundle recipe, let the variables `RAUC_KEY_FILE` and `RAUC_CERT_FILE`
|
||
|
|
point to these key and cert files:
|
||
|
|
|
||
|
|
RAUC_KEY_FILE = "${COREBASE}/meta-<layername>/files/development-1.key.pem"
|
||
|
|
RAUC_CERT_FILE = "${COREBASE}/meta-<layername>/files/development-1.cert.pem"
|
||
|
|
|
||
|
|
Now you are able to build and sign bundles that contain a rootfs that will
|
||
|
|
allow RAUC to verify the content of further bundles.
|