On Wed, Apr 27, 2011 at 08:35:24AM -0500, George McCollister wrote: > On 04/26/2011 07:03 AM, Michael Olbrich wrote: > >On Mon, Apr 25, 2011 at 01:14:22PM -0500, George McCollister wrote: [...] > >>+config IMAGE_IPKG_SIGN_OPENSSL_SIGNER > >>+ string > >>+ default "" > >>+ prompt "signer certificate file" > >>+ help > >>+ signer certificate file to pass to openssl for signing. > >>+ > >>+config IMAGE_IPKG_SIGN_OPENSSL_KEY > >>+ string > >>+ default "" > >>+ prompt "private key file" > >>+ help > >>+ private key file to pass to openssl. > >Would this be a path below ${PTXDIST_WORKSPACE}? Otherwise, it would make > >sense to add this to 'ptxdist setup'. > You may want to use different keys for different workspaces. > Consider this fictional developer's workspaces: > > nato_weaponsystem_workspace > russian_weaponsystem_workspace > chinese_weaponsystem_workspace > > It would be unacceptable to sign the repository for > nato_weaponsystem_workspace with the same key as > russian_weaponsystem_workspace :) > > I'm actually planning to use these paths: > > Private key (not installed on target): > ${PTXDIST_WORKSPACE}/projectroot/etc/ssl/certs/repo.key > > Certificate (installed on target): > ${PTXDIST_WORKSPACE}/projectroot/etc/ssl/certs/repo.crt
Ok, in this case ptxconfig is the right place. And an option to install the certificate would definitively make sense. Michael -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de