qemuarm/qemux86: replace key generation by pre-generated keys

Most layers use pre-generated keys anyway and while generating keys might motivate to not use known keys for production, people might misunderstand the scripts as a recommendation for creating their own PKIs. Signed-off-by: Enrico Jörns <[email protected]>
rauc · Feb 5, 2025 · 793d36a · 793d36a
1 parent 86cc4e6
commit 793d36a
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 141 deletions.
diff --git a/create-example-keys.sh b/create-example-keys.sh
diff --git a/meta-rauc-qemuarm/README.rst b/meta-rauc-qemuarm/README.rst
@@ -70,10 +70,6 @@ interaction with the system::
    EXTRA_IMAGE_FEATURES += "debug-tweaks"
    EXTRA_IMAGE_FEATURES += "ssh-server-openssh"
 
-Create example authentication keys (from sourced environment)::
-
-  $ ../meta-rauc-community/create-example-keys.sh
-
 This will place the keys in a directory ``example-ca/`` in your build dir and
 configure your ``conf/site.conf`` to let ``RAUC_KEYRING_FILE``,
 ``RAUC_KEY_FILE`` and ``RAUC_CERT_FILE`` point to this.

diff --git a/meta-rauc-qemuarm/conf/layer.conf b/meta-rauc-qemuarm/conf/layer.conf
@@ -11,3 +11,7 @@ BBFILE_PRIORITY_meta-rauc-qemuarm = "6"
 
 LAYERDEPENDS_meta-rauc-qemuarm = "core"
 LAYERSERIES_COMPAT_meta-rauc-qemuarm = "styhead"
+
+RAUC_KEY_FILE ?= "${LAYERDIR}/../files/rauc-example-keys/development-1.key.pem"
+RAUC_CERT_FILE ?= "${LAYERDIR}/../files/rauc-example-keys/development-1.cert.pem"
+RAUC_KEYRING_FILE ?= "${LAYERDIR}/../files/rauc-example-keys/ca.cert.pem"
diff --git a/meta-rauc-qemux86/README.rst b/meta-rauc-qemux86/README.rst
@@ -75,10 +75,6 @@ It is also recommended, but not strictly necessary, to enable 'systemd'::
 
    INIT_MANAGER = "systemd"
 
-Create example authentication keys (from sourced environment)::
-
-  $ ../meta-rauc-community/create-example-keys.sh
-
 This will place the keys in a directory ``example-ca/`` in your build dir and
 configure your ``conf/site.conf`` to let ``RAUC_KEYRING_FILE``,
 ``RAUC_KEY_FILE`` and ``RAUC_CERT_FILE`` point to this.

diff --git a/meta-rauc-qemux86/conf/layer.conf b/meta-rauc-qemux86/conf/layer.conf
@@ -11,3 +11,7 @@ BBFILE_PRIORITY_meta-rauc-qemux86 = "6"
 
 LAYERDEPENDS_meta-rauc-qemux86 = "core"
 LAYERSERIES_COMPAT_meta-rauc-qemux86 = "styhead"
+
+RAUC_KEY_FILE ?= "${LAYERDIR}/../files/rauc-example-keys/development-1.key.pem"
+RAUC_CERT_FILE ?= "${LAYERDIR}/../files/rauc-example-keys/development-1.cert.pem"
+RAUC_KEYRING_FILE ?= "${LAYERDIR}/../files/rauc-example-keys/ca.cert.pem"