Re: [yocto] Best practices for tokens/passwords that can't be versioned

2018-12-13 Thread Alan Martinovic
Thanks for the feedback. This is a very interesting use case. By default you want to allow ssh access for the developer who built the image, cool :) On Thu, Dec 13, 2018 at 2:59 PM Enrico Scholz wrote: > > Alan Martinovic writes: > > > am looking for opinions on how to deal with recipes that dep

Re: [yocto] Best practices for tokens/passwords that can't be versioned

2018-12-13 Thread Enrico Scholz
Alan Martinovic writes: > am looking for opinions on how to deal with recipes that depend on file > content > that can't be versioned. For ssh public keys we use something like https://github.com/sigma-embedded/meta-de.sigma-chemnitz/blob/thud/classes/elito-image.bbclass#L36-L44 e.g. we ta

Re: [yocto] Best practices for tokens/passwords that can't be versioned

2018-12-13 Thread Alan Martinovic
Yes! :) That is what I ended up doing in the end, thanks. Be Well, Alan On Thu, Dec 13, 2018 at 1:45 PM Erik Botö wrote: > > On Tue, Dec 11, 2018 at 1:44 PM Alan Martinovic > wrote: > > > > Thanks Erik, > > guess that could work to and seems cleaner than the env variables. > > > > It still lea

Re: [yocto] Best practices for tokens/passwords that can't be versioned

2018-12-13 Thread Erik Botö
On Tue, Dec 11, 2018 at 1:44 PM Alan Martinovic wrote: > > Thanks Erik, > guess that could work to and seems cleaner than the env variables. > > It still leaves the question how to move that content into a static file. > For example if in the end the recipe should install a file with "super > secr

Re: [yocto] Best practices for tokens/passwords that can't be versioned

2018-12-11 Thread Alan Martinovic
Thanks Erik, guess that could work to and seems cleaner than the env variables. It still leaves the question how to move that content into a static file. For example if in the end the recipe should install a file with "super secret" as the content. Example on the device at runtime: cat /etc/confi

Re: [yocto] Best practices for tokens/passwords that can't be versioned

2018-12-11 Thread Erik Botö
On Tue, Dec 11, 2018 at 12:55 PM Alan Martinovic wrote: > Seems like conf/local.conf could also offer a solution given that it's > a temporary > thing (per build setup), but didn't yet figure out a good mechanism. You could have a variable in the recipe and override that value in local.conf. Let

[yocto] Best practices for tokens/passwords that can't be versioned

2018-12-11 Thread Alan Martinovic
Hi, am looking for opinions on how to deal with recipes that depend on file content that can't be versioned. i.e. The logging service on the embedded device needs to have a certain private key or token to work correctly. But due to security reasons that file can't be versioned with the layer. Th