You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@mynewt.apache.org by "Marko Kiiskila (JIRA)" <ji...@apache.org> on 2017/06/13 21:16:00 UTC

[jira] [Resolved] (MYNEWT-720) Newt: manipulate image signatures

     [ https://issues.apache.org/jira/browse/MYNEWT-720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marko Kiiskila resolved MYNEWT-720.
-----------------------------------
    Resolution: Fixed

Code merged.

Now there is 'newt resign-image' command available.

> Newt: manipulate image signatures
> ---------------------------------
>
>                 Key: MYNEWT-720
>                 URL: https://issues.apache.org/jira/browse/MYNEWT-720
>             Project: Mynewt
>          Issue Type: New Feature
>      Security Level: Public(Viewable by anyone) 
>          Components: Newt
>    Affects Versions: v1_0_0_rel
>            Reporter: Simon Ratner
>            Assignee: Marko Kiiskila
>            Priority: Minor
>             Fix For: v1_1_0_rel
>
>
> Ability to manipulate image signatures should be independent of creating the image. Suggesting a new command:
> {noformat}
> newt sign-image <image-file> <signing-key>
> {noformat}
> Useful operations:
> * strip a signature from an existing image,
> * sign an existing unsigned image,
> * re-sign an existing image with a different key.
> In all cases, the rest of the image besides the signature should remain byte-for-byte identical.
> Motivating use cases:
> * dev images are promoted to qa, prod; qa and prod keys are kept separate, but the promoted image should not be rebuilt from source, to eliminate any possibility that an untested configuration is deployed due to differences in build environment.
> * distinct keys for different customers, used to sign the same image.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)