<sc6502> Evening Xogium :)
<Xogium> oh, hello sc6502 :)
<Xogium> how have you been ?
<sc6502> Well thanks - but very busy at the moment.
<sc6502> Hope you're also well.
<sc6502> Peter mentioned something about certificates. I see some rauc commits in the channel log.
<Xogium> yeah I have made a WIP branch for this, not yet merged
<Xogium> it will be a bit of a rocky start to migrate to rauc, as everything in the system is affected one way or another, even the sd card layout changed, and so did the bootloader
<Xogium> I think I nailed it, but I won't know until the migration is done for real
<Xogium> but… anyway, the thing is rauc requires a CA, and currently on my branch I'm the only one capable of producing update artifacts
<Xogium> that means that if you made some artifacts, rauc wouldn't recognize the bundle, so neither I nor Peter could install what you made
<Xogium> and so I thought that if might be best if you were also in the CA, that way you could produce updats for Peter to try out, should you need
<Xogium> woah typoes, sorry about that
<sc6502> Seems reasonable to be able to do that at some point.
<Xogium> yeah, I figured so
<Xogium> I mean, I could migrate to rauc then get your certificate request later on, and then have Peter replace the keyring on his installation
<Xogium> but I suspect the rauc migration will already be quite a shock to Peter as is ;)
<sc6502> Well we would need to know we can update later at some point. Even if it's only to replace expired certificates.
<Xogium> yes, we can… Just need to change the keyring on the actual system
<sc6502> OK, so what's the process for generating a certificate? I remember doing something months ago, but that was on my old slow build machine and that's gone now.
<Xogium> let me get my notes on that, sec
<Xogium> ok so
<Xogium> sc6502: what I'd recommend is to store easyrsa in a place you won't lose it especially not your generated pki folder as it will contain the private part of your key !
<Xogium> so what I did for my other project was this
<Xogium> tar -xf EasyRSA-3.0.7.tgz
<Xogium> mv EasyRSA-3.0.7 easy-rsa
<Xogium> cd easy-rsa
<Xogium> ./easyrsa init-pki
<Xogium> ./easyrsa gen-req steve-rauc nopass
<Xogium> then we will have to get that file to me, via ssh or some such on the server
<Xogium> I'll then be able to sign your request, and give you the .crt file
<Xogium> it will automatically get added to the keyring, of course
<sc6502> OK, I'll give that a go tomorrow. My g/f is waiting for me.
<sc6502> bye for now
<Xogium> have fun :)