[
https://issues.apache.org/jira/browse/MYNEWT-720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15962577#comment-15962577
]
Simon Ratner commented on MYNEWT-720:
-------------------------------------
At a risk of overloading this, maybe images should be promoted to first-class
newt objects (like targets and packages), so we instead have:
{noformat}
newt image create <target> ...
newt image load <file> ...
newt image sign <file> ...
newt image show <file> ... # print information about an image: ver, hash, size,
sig.
{noformat}
> Newt: manipulate image signatures
> ---------------------------------
>
> Key: MYNEWT-720
> URL: https://issues.apache.org/jira/browse/MYNEWT-720
> Project: Mynewt
> Issue Type: New Feature
> Components: Newt
> Affects Versions: v1_0_0_rel
> Reporter: Simon Ratner
> Assignee: Sterling Hughes
>
> Ability to manipulate image signatures should be independent of creating the
> image. Suggesting a new command:
> {noformat}
> newt sign-image <image-file> <signing-key>
> {noformat}
> Useful operations:
> * strip a signature from an existing image,
> * sign an existing unsigned image,
> * re-sign an existing image with a different key.
> In all cases, the rest of the image besides the signature should remain
> byte-for-byte identical.
> Motivating use cases:
> * dev images are promoted to qa, prod; qa and prod keys are kept separate,
> but the promoted image should not be rebuilt from source, to eliminate any
> possibility that an untested configuration is deployed due to differences in
> build environment.
> * distinct keys for different customers, used to sign the same image.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
