16accb6b24
- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
Generate Testing Certificate
|
|
----------------------------
|
|
|
|
The script `openssl-ca.sh` allows you to create a certificate and key that you
|
|
can use for a test-setup of RAUC.
|
|
|
|
To generate the required files, execute
|
|
|
|
./openssl-ca.sh
|
|
|
|
This will generate a folder `openssl-ca/` that contains the generated openssl
|
|
configuration file and a development certificate and key.
|
|
|
|
To use them in your BSP in order to sign and verify bundles, you have to:
|
|
|
|
1) Make the target rauc package use the generated keyring file:
|
|
|
|
Copy the keyring file `dev/ca.cert.pem` into your projects meta layer under
|
|
`recipes-core/rauc/files` and add a simple .bbappend file
|
|
`recipes-core/rauc/rauc-conf.bbappend` that adds the keyring file to the rauc
|
|
config package search path:
|
|
|
|
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
|
|
|
2) Make your bundle recipe use the generated key and certificate:
|
|
|
|
Copy the key file `dev/private/development-1.key.pem` and the cert file
|
|
`dev/development-1.cert.pem` to your projects meta layer in a global `files`
|
|
folder.
|
|
|
|
In your bundle recipe, let the variables `RAUC_KEY_FILE` and `RAUC_CERT_FILE`
|
|
point to these key and cert files:
|
|
|
|
RAUC_KEY_FILE = "${COREBASE}/meta-<layername>/files/development-1.key.pem"
|
|
RAUC_CERT_FILE = "${COREBASE}/meta-<layername>/files/development-1.cert.pem"
|
|
|
|
Now you are able to build and sign bundles that contain a rootfs that will
|
|
allow RAUC to verify the content of further bundles.
|