Re: [yocto] Best practices for tokens/passwords that can't be versioned
Alan Martinovic writes:
> am looking for opinions on how to deal with recipes that depend on file
> content
> that can't be versioned.
For ssh public keys we use something like
https://github.com/sigma-embedded/meta-de.sigma-chemnitz/blob/thud/classes/elito-image.bbclass#L36-L44
e.g. we take it from ${HOME}/.config/oe (which is a little bit tricky to
expand).
And/or incliude local/side configuration by
https://gitlab.com/ensc-groups/bpi-router/BSP/blob/thud-next/build/conf/local.conf#L33-36
which in turn includes something from ~/.config/oe/
https://gitlab.com/ensc-groups/bpi-router/BSP/blob/thud-next/build/conf/local_bpi-router.bigo.ensc.de.conf#L9
> i.e. The logging service on the embedded device needs to have a
> certain private key
Note that including private keys in the image usually weakens security
because the key can be extracted more or less trivially.
Enrico
--
SIGMA Chemnitz GmbH Registergericht: Amtsgericht Chemnitz HRB 1750
Am Erlenwald 13 Geschaeftsfuehrer: Grit Freitag, Frank Pyritz
09128 Chemnitz
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux] Request for 'thud' branch
Hello, I would like to provide some content[1] for meta-selinux[2], but all this is based/tested on 'thud' only. Would it be possible to create a 'thud' branch and update the corresponding LAYERSERIES_COMPAT_selinux? Thanks Enrico Footnotes: [1] https://gitlab.com/ensc-groups/bpi-router/de.ensc.bpi-router/blob/master/meta-core/classes/selinux-policy.bbclass https://gitlab.com/ensc-groups/bpi-router/de.ensc.bpi-router/tree/master/meta-core/recipes-selinux [2] https://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/ -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Git tool/command problems with YOCTO Open Source repos
Zoran Stojsavljevic writes: > On the other note, repo is GOOGLE tool. Promoted by them. Most of the > ARM followers (such as Toradex) use repo tool. fwiw, I suggest to use just the plain 'git submodule'. It works perfectly to build a BSP and uses a native git workflow. E.g. look at https://gitlab.com/ensc-groups/bpi-router/BSP A plain 'git clone --recursive' will download the complete BSP and you can use 'git remote update --remote' to synchronize layers. Google 'repo' is crap and adds only a very small value (better mirroring and 'repo grep') compared to submodules. Enrico -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux] Request for 'thud' branch
Hello, I would like to provide some content[1] for meta-selinux[2], but all this is based/tested on 'thud' only. Would it be possible to create a 'thud' branch and update the corresponding LAYERSERIES_COMPAT_selinux? Thanks Enrico Footnotes: [1] https://gitlab.com/ensc-groups/bpi-router/de.ensc.bpi-router/blob/master/meta-core/classes/selinux-policy.bbclass https://gitlab.com/ensc-groups/bpi-router/de.ensc.bpi-router/tree/master/meta-core/recipes-selinux [2] https://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/ -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
