RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

Merge pull request #18157 from benpicco/suit-key-dir

Browse Source 
makefiles/suit: place keys in $XDG_DATA_HOME
This commit is contained in:
benpicco 2022-06-28 16:01:11 +02:00 committed by GitHub
commit eada4f0b75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dist/tools/suit/gen_key.py vendored
View File

@ -11,6 +11,7 @@
# directory for more details.
#
import os
import sys
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
@ -37,7 +38,7 @@ def main():
encryption_algorithm=crypt,
)
with open(sys.argv[1], "wb") as f:
with open(os.open(sys.argv[1], os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600), "wb") as f:
f.write(pem)

2
examples/suit_update/README.hardware.md
View File

@ -571,7 +571,7 @@ The following default values are using for generating the manifest:
SUIT_SEQNR ?= $(APP_VER)
SUIT_CLASS ?= $(BOARD)
SUIT_KEY ?= default
SUIT_KEY_DIR ?= $(RIOTBASE)/keys
SUIT_KEY_DIR ?= $(XDG_DATA_HOME)/RIOT/keys
SUIT_SEC ?= $(SUIT_KEY_DIR)/$(SUIT_KEY).pem
All files (both slot binaries, both manifests, copies of manifests with

3
examples/suit_update/README.md
View File

@ -62,7 +62,8 @@ SUIT keys consist of a private and a public key file, stored in `$(SUIT_KEY_DIR)
Similar to how ssh names its keyfiles, the public key filename equals the
private key file, but has an extra `.pub` appended.
`SUIT_KEY_DIR` defaults to the `keys/` folder at the top of a RIOT checkout.
`SUIT_KEY_DIR` defaults to the `keys/` folder in `$XDG_DATA_HOME/RIOT`
(usually `~/.local/share/RIOT/keys`).
If the chosen key doesn't exist, it will be generated automatically.
That step can be done manually using the `suit/genkey` target.

3
makefiles/suit.base.inc.mk
View File

@ -10,11 +10,12 @@ SUIT_TOOL ?= $(RIOTBASE)/dist/tools/suit/suit-manifest-generator/bin/suit-tool
# Will use $(SUIT_KEY_DIR)/$(SUIT_KEY).pem as combined private/public key
# files.
SUIT_KEY ?= default
XDG_DATA_HOME ?= $(HOME)/.local/share
ifeq (1, $(RIOT_CI_BUILD))
SUIT_KEY_DIR ?= $(BINDIR)
else
SUIT_KEY_DIR ?= $(RIOTBASE)/keys
SUIT_KEY_DIR ?= $(XDG_DATA_HOME)/RIOT/keys
endif
# Enable user to encrypt private key with a password