Specifying the password of the SUIT private key on the command line
and thereby committing it to shell history is a security issue.
Instead ask for the password interactively when an encrypted private
key is used.
I think the intention was that SUIT_VENDOR_DOMAIN gets set to
$(SUIT_VENDOR) so it can be overwritten by the build system.
However, no such code was in place yet.
- move all generated manifests under $(BINDIR)/suit_files (this can be
overwritten.
- rename signed manifests so that they are of the form:
<somename>.<version>.bin, where <somename> is by default riot.suit.
This avoids cluterring BINDIR while as well having a naming scheme that
allows custom names for manifests addresssing different types of
payloads.
This adds:
* SUIT_MANIFEST_BASENAME: allow for non slotfiles payloads to have
different names that slotfiles payloads.
* SUIT_MANIFEST_PAYLOADS: firmware payloads to be published with the
manifest.
* SUIT_MANIFEST_SLOTFILES: firmware payloads referenced by the manifest
in the form 'filename:[offset]:[comp_name]' as expected by
gen_manifest.py.
With this the same recipes suit/publish suit/notify can be used with
non slotfiles payloads.