treewide: remove pre-generated certificates

For software updates, security is quite crucial and using pre-generated standard keys is not something that people should get used to. We have a dedicated script to generate custom certificates: ./create-example-keys.sh Thus this commit removes all pre-generated certificates together with the RAUC_KEY_FILE and RAUC_CERT_FILE definitions in bundle recipes and the SRC_URI modifications in rauc bbappends. Instead add the README.rst section on generating keys we have for meta-rauc-qemux86 to all platforms. Signed-off-by: Enrico Jörns <[email protected]>
rauc · Aug 15, 2024 · 6a35ff5 · 6a35ff5
1 parent 157ca73
commit 6a35ff5
Show file tree

Hide file tree

Showing 35 changed files with 37 additions and 1,160 deletions.
diff --git a/meta-rauc-beaglebone/README.rst b/meta-rauc-beaglebone/README.rst
@@ -61,6 +61,14 @@ It is also recommended, but not strictly necessary, to enable 'systemd'::
 
    INIT_MANAGER = "systemd"
 
+Create example authentication keys (from sourced environment)::
+
+  $ ../meta-rauc-community/create-example-keys.sh
+
+This will place the keys in a directory ``example-ca/`` in your build dir and
+configure your ``conf/site.conf`` to let ``RAUC_KEYRING_FILE``,
+``RAUC_KEY_FILE`` and ``RAUC_CERT_FILE`` point to this.
+
 Build the minimal system image::
 
    $ bitbake core-image-minimal

diff --git a/meta-rauc-beaglebone/recipes-core/bundles/files/development-1.cert.pem b/meta-rauc-beaglebone/recipes-core/bundles/files/development-1.cert.pem
diff --git a/meta-rauc-beaglebone/recipes-core/bundles/files/development-1.key.pem b/meta-rauc-beaglebone/recipes-core/bundles/files/development-1.key.pem
diff --git a/meta-rauc-beaglebone/recipes-core/bundles/update-bundle.bb b/meta-rauc-beaglebone/recipes-core/bundles/update-bundle.bb
@@ -14,6 +14,3 @@ RAUC_BUNDLE_DESCRIPTION = "RAUC demonstration bundle"
 RAUC_BUNDLE_SLOTS = "rootfs"
 RAUC_SLOT_rootfs = "core-image-minimal"
 RAUC_SLOT_rootfs[fstype] = "ext4"
-
-RAUC_KEY_FILE = "${THISDIR}/files/development-1.key.pem"
-RAUC_CERT_FILE = "${THISDIR}/files/development-1.cert.pem"
diff --git a/meta-rauc-beaglebone/recipes-core/rauc/files/ca.cert.pem b/meta-rauc-beaglebone/recipes-core/rauc/files/ca.cert.pem
diff --git a/meta-rauc-beaglebone/recipes-core/rauc/rauc-conf.bbappend b/meta-rauc-beaglebone/recipes-core/rauc/rauc-conf.bbappend
diff --git a/meta-rauc-nxp/README.rst b/meta-rauc-nxp/README.rst
@@ -102,7 +102,11 @@ You can increase the size of rootfs to contain software added when updating::
 
 Create example authentication keys (from sourced environment)::
 
-    $ ../meta-rauc-community/create-example-keys.sh
+  $ ../meta-rauc-community/create-example-keys.sh
+
+This will place the keys in a directory ``example-ca/`` in your build dir and
+configure your ``conf/site.conf`` to let ``RAUC_KEYRING_FILE``,
+``RAUC_KEY_FILE`` and ``RAUC_CERT_FILE`` point to this.
 
 Build the minimal system image::
 

diff --git a/meta-rauc-nxp/recipes-core/bundles/files/development-1.cert.pem b/meta-rauc-nxp/recipes-core/bundles/files/development-1.cert.pem
diff --git a/meta-rauc-nxp/recipes-core/bundles/files/development-1.key.pem b/meta-rauc-nxp/recipes-core/bundles/files/development-1.key.pem
diff --git a/meta-rauc-nxp/recipes-core/bundles/update-bundle.bb b/meta-rauc-nxp/recipes-core/bundles/update-bundle.bb
@@ -11,6 +11,3 @@ RAUC_BUNDLE_DESCRIPTION = "RAUC demonstration bundle"
 RAUC_BUNDLE_SLOTS = "rootfs"
 RAUC_SLOT_rootfs = "core-image-base"
 RAUC_SLOT_rootfs[fstype] = "ext4"
-
-RAUC_KEY_FILE ?= "${THISDIR}/files/development-1.key.pem"
-RAUC_CERT_FILE ?= "${THISDIR}/files/development-1.cert.pem"