Our official file system images have only the devel.cert.pem certificate enabled, even if they come from the testing or stable release channel.
This may be confusing because they will not show update notifications.
Even worse they are susceptible to being compromised by installing a devel bundle that anyone can sign.
Instead add a variable to configure which certificates to enable and enable the stable update channel by default, which is what most users (that do not build their own images) will want anyways.
This replaces #82 which left this configuration step to the user, if they recovered a TAC using official images via fastboot.
Our official file system images have only the
devel.cert.pem
certificate enabled, even if they come from the testing or stable release channel. This may be confusing because they will not show update notifications. Even worse they are susceptible to being compromised by installing a devel bundle that anyone can sign.Instead add a variable to configure which certificates to enable and enable the stable update channel by default, which is what most users (that do not build their own images) will want anyways.
This replaces #82 which left this configuration step to the user, if they recovered a TAC using official images via fastboot.