clr-distro-factory icon indicating copy to clipboard operation
clr-distro-factory copied to clipboard

Published 20 hours ago verified publisher icon clearlinux

Sign latest and first files when sign_update is defined

Open gtkramer opened this issue 5 years ago • 3 comments

When using the --no-signing option on mixer, mixer will not sign the latest file. This is not being done today by our process and is required for supporting future enhancements to swupd. The first file is not used by mixer or swupd, but supports creating delta packs from the first build in every format, and also supports MCA. This file should also be signed.

gtkramer avatar Dec 20 '19 23:12 gtkramer

This finishes the last bit of implementing custom signing

gtkramer avatar Dec 20 '19 23:12 gtkramer

I'm not sure if the first file needs signed? It's a DevOps-only artifacts that is useful for us to keep track of producing delta packs from the first build in the format to the current as an optimization for swupd clients. It's neither produced by mixer nor consumed by swupd, but is helpful for MCA according to @jwakre

gtkramer avatar Dec 20 '19 23:12 gtkramer

We do have an equivalent file now under update that is used by swupd and signed by mixer already. So nowadays it is possible to stop using the root latest file in favour of the update/ one.

mbelluzzo avatar Dec 24 '19 04:12 mbelluzzo