On Wed, Apr 27, 2011 at 08:35:24AM -0500, George McCollister wrote:
> On 04/26/2011 07:03 AM, Michael Olbrich wrote:
> >On Mon, Apr 25, 2011 at 01:14:22PM -0500, George McCollister wrote:
[...]
> >>+config IMAGE_IPKG_SIGN_OPENSSL_SIGNER
> >>+ string
> >>+ default ""
> >>+ prompt "signer certificate file"
> >>+ help
> >>+ signer certificate file to pass to openssl for signing.
> >>+
> >>+config IMAGE_IPKG_SIGN_OPENSSL_KEY
> >>+ string
> >>+ default ""
> >>+ prompt "private key file"
> >>+ help
> >>+ private key file to pass to openssl.
> >Would this be a path below ${PTXDIST_WORKSPACE}? Otherwise, it would make
> >sense to add this to 'ptxdist setup'.
> You may want to use different keys for different workspaces.
> Consider this fictional developer's workspaces:
>
> nato_weaponsystem_workspace
> russian_weaponsystem_workspace
> chinese_weaponsystem_workspace
>
> It would be unacceptable to sign the repository for
> nato_weaponsystem_workspace with the same key as
> russian_weaponsystem_workspace :)
>
> I'm actually planning to use these paths:
>
> Private key (not installed on target):
> ${PTXDIST_WORKSPACE}/projectroot/etc/ssl/certs/repo.key
>
> Certificate (installed on target):
> ${PTXDIST_WORKSPACE}/projectroot/etc/ssl/certs/repo.crt
Ok, in this case ptxconfig is the right place. And an option to install the
certificate would definitively make sense.
Michael
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
