<sc6502>
Well thanks - but very busy at the moment.
<sc6502>
Hope you're also well.
<sc6502>
Peter mentioned something about certificates. I see some rauc commits in the channel log.
<Xogium>
yeah I have made a WIP branch for this, not yet merged
<Xogium>
it will be a bit of a rocky start to migrate to rauc, as everything in the system is affected one way or another, even the sd card layout changed, and so did the bootloader
<Xogium>
I think I nailed it, but I won't know until the migration is done for real
<Xogium>
but… anyway, the thing is rauc requires a CA, and currently on my branch I'm the only one capable of producing update artifacts
<Xogium>
that means that if you made some artifacts, rauc wouldn't recognize the bundle, so neither I nor Peter could install what you made
<Xogium>
and so I thought that if might be best if you were also in the CA, that way you could produce updats for Peter to try out, should you need
<Xogium>
woah typoes, sorry about that
<sc6502>
Seems reasonable to be able to do that at some point.
<Xogium>
yeah, I figured so
<Xogium>
I mean, I could migrate to rauc then get your certificate request later on, and then have Peter replace the keyring on his installation
<Xogium>
but I suspect the rauc migration will already be quite a shock to Peter as is ;)
<sc6502>
Well we would need to know we can update later at some point. Even if it's only to replace expired certificates.
<Xogium>
yes, we can… Just need to change the keyring on the actual system
<sc6502>
OK, so what's the process for generating a certificate? I remember doing something months ago, but that was on my old slow build machine and that's gone now.
<Xogium>
let me get my notes on that, sec
<Xogium>
ok so
<Xogium>
sc6502: what I'd recommend is to store easyrsa in a place you won't lose it especially not your generated pki folder as it will contain the private part of your key !
<Xogium>
so what I did for my other project was this