antoinefaure
commented
1 year ago Ok an export of RAUC_KEY_PASSPHRASE in a do_bundle:prepend fixes it, but I am wondering if there's any cleaner solution, or if this should be done upstream in do_bundle ?
Thanks
Hi,
I'm trying to sign a bundle image with an encrypted certificate. I am doing so by using the
RAUC_KEY_PASSPHRASE, as per the documentaion. I have tried setting this variable with an export in host environment and aBB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS RAUC_KEY_PASSPHRASE"before building, as well as from the bundle image recipe. Nevertheless,rauc bundlealways fails as it can't read the private key.bitbake -eseems to confirm I have the correct environment.I have managed to sign the image by hand using the same certificate / keys and the same password so I don't think there's any issue here.
I have also been able to sign the bundle using yocto by adding a
export RAUC_KEY_PASSPHRASE=mypasswordin bundle.bbclass / do_bundle, so it seems this is due do the environment not being accessible from the child process. This is confirmed by adding some debug prints in the do_bundle task, where I can see my password with a simple print of RAUC_KEY_PASSPHRASE, but not with aeng|grep RAUC.I am using the kirkstone release and haven't found any clean solution yet.
Thanks, Antoine