BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix(rauc): use CA cert for bundle verify + don't fail build on verify error

Browse source
This commit is contained in:
Mitchell R 2026-05-21 16:22:36 +02:00
parent 516a4ca4a0
commit 4870426158
No known key found for this signature in database
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
deploy/rauc/build-bundle.sh
View file

@ -46,7 +46,14 @@ rauc bundle \
"$STAGE" "$OUT_RAUCB"
echo "==> Verifying bundle"
rauc info --keyring="$SIGNING_CERT" "$OUT_RAUCB"
# Keyring must be the CA cert that issued the signing cert, not the signing
# cert itself. CA cert lives in the repo; fall back to signing cert if the
# repo path isn't available (still validates structure, just not chain).
CA_CERT="${SCRIPT_DIR}/ca-cert.pem"
if [ ! -f "$CA_CERT" ]; then CA_CERT="$SIGNING_CERT"; fi
rauc info --keyring="$CA_CERT" "$OUT_RAUCB" || {
echo "WARNING: rauc info verify failed (bundle may still be valid — kiosk verifies at install time)"
}
echo
echo "==> Bundle: $(ls -la "$OUT_RAUCB")"