diff options
| author | Paul Spooren <mail@aparcar.org> | 2019-03-06 21:43:01 +0100 |
|---|---|---|
| committer | Paul Spooren <mail@aparcar.org> | 2019-03-06 23:24:08 +0100 |
| commit | 54a2c8d087e65ce5389586b62b2ec41f00c0c8c0 (patch) | |
| tree | 032a110c9d2429339231de9455285876b2159247 /utils/attendedsysupgrade-common | |
| parent | af68f431474a7cb6816e77a46aea2eb6ef35026e (diff) | |
attendedsyuspgrade-common: add key and set server
In collaboration with @dangowrt the server makes use of `ucert`. Active
workers sign created firmware and clients check if the signature is
valid. Certs of *hacked* or inactive workers can be revoked. Private CA
key is **not** stored on the upgrade server.
Only for devices already supporting ucert via firmware metadata.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Diffstat (limited to 'utils/attendedsysupgrade-common')
| -rw-r--r-- | utils/attendedsysupgrade-common/Makefile | 7 | ||||
| -rw-r--r-- | utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults | 2 | ||||
| -rw-r--r-- | utils/attendedsysupgrade-common/files/c06d891233ba699 | 2 |
3 files changed, 8 insertions, 3 deletions
diff --git a/utils/attendedsysupgrade-common/Makefile b/utils/attendedsysupgrade-common/Makefile index d1419ae1a..52170404b 100644 --- a/utils/attendedsysupgrade-common/Makefile +++ b/utils/attendedsysupgrade-common/Makefile @@ -5,8 +5,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=attendedsysupgrade-common -PKG_VERSION:=0.1 -PKG_RELEASE:=2 +PKG_VERSION:=0.2 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0 include $(INCLUDE_DIR)/package.mk @@ -51,6 +51,9 @@ endef define Package/attendedsysupgrade-common/install $(INSTALL_DIR) $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/attendedsysupgrade.defaults $(1)/etc/uci-defaults/attendedsysupgrade + + $(INSTALL_DIR) $(1)/etc/opkg/keys/ + $(INSTALL_BIN) ./files/c06d891233ba699 $(1)/etc/opkg/keys/c06d891233ba699 endef $(eval $(call BuildPackage,attendedsysupgrade-common)) diff --git a/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults b/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults index f7fb1ebde..3d65afba3 100644 --- a/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults +++ b/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults @@ -6,7 +6,7 @@ touch /etc/config/attendedsysupgrade uci -q batch <<EOF set attendedsysupgrade.server=server -set attendedsysupgrade.server.url='https://example.org' +set attendedsysupgrade.server.url='https://chef.libremesh.org' set attendedsysupgrade.client=client set attendedsysupgrade.client.upgrade_packages='1' diff --git a/utils/attendedsysupgrade-common/files/c06d891233ba699 b/utils/attendedsysupgrade-common/files/c06d891233ba699 new file mode 100644 index 000000000..94edfd8e1 --- /dev/null +++ b/utils/attendedsysupgrade-common/files/c06d891233ba699 @@ -0,0 +1,2 @@ +untrusted comment: public key c06d891233ba699 +RWQMBtiRIzummeTc81jtKdJ3XwnaZGtHLRwjls0ovGsKoTnTmS7fj4Na |