I'm trying to sign a bundle image with an encrypted certificate. I am doing so by using the RAUC_KEY_PASSPHRASE, as per the documentaion. I have tried setting this variable with an export in host environment and a BB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS RAUC_KEY_PASSPHRASE" before building, as well as from the bundle image recipe. Nevertheless, rauc bundle always fails as it can't read the private key.
bitbake -e seems to confirm I have the correct environment.
I have managed to sign the image by hand using the same certificate / keys and the same password so I don't think there's any issue here.
I have also been able to sign the bundle using yocto by adding a export RAUC_KEY_PASSPHRASE=mypassword in bundle.bbclass / do_bundle, so it seems this is due do the environment not being accessible from the child process.
This is confirmed by adding some debug prints in the do_bundle task, where I can see my password with a simple print of RAUC_KEY_PASSPHRASE, but not with a eng|grep RAUC.
I am using the kirkstone release and haven't found any clean solution yet.
Ok an export of RAUC_KEY_PASSPHRASE in a do_bundle:prepend fixes it, but I am wondering if there's any cleaner solution, or if this should be done upstream in do_bundle ?
Hi,
I'm trying to sign a bundle image with an encrypted certificate. I am doing so by using the
RAUC_KEY_PASSPHRASE
, as per the documentaion. I have tried setting this variable with an export in host environment and aBB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS RAUC_KEY_PASSPHRASE"
before building, as well as from the bundle image recipe. Nevertheless,rauc bundle
always fails as it can't read the private key.bitbake -e
seems to confirm I have the correct environment.I have managed to sign the image by hand using the same certificate / keys and the same password so I don't think there's any issue here.
I have also been able to sign the bundle using yocto by adding a
export RAUC_KEY_PASSPHRASE=mypassword
in bundle.bbclass / do_bundle, so it seems this is due do the environment not being accessible from the child process. This is confirmed by adding some debug prints in the do_bundle task, where I can see my password with a simple print of RAUC_KEY_PASSPHRASE, but not with aeng|grep RAUC
.I am using the kirkstone release and haven't found any clean solution yet.
Thanks, Antoine