From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <rauc-bounces@pengutronix.de>
Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92)
 (envelope-from <dggonz@gmail.com>) id 1jTUSn-0005gd-RN
 for rauc@pengutronix.de; Tue, 28 Apr 2020 19:56:10 +0200
Received: by mail-ed1-x52f.google.com with SMTP id k22so17123397eds.6
 for <rauc@pengutronix.de>; Tue, 28 Apr 2020 10:56:09 -0700 (PDT)
MIME-Version: 1.0
From: =?UTF-8?Q?Diego_Gonz=C3=A1lez?= <dggonz@gmail.com>
Date: Tue, 28 Apr 2020 19:55:16 +0200
Message-ID: <CACV1ZzK52HEJ3Hq9JWTOJvrpzU2Knz36oz=0VJRVx5E_H-w6RA@mail.gmail.com>
Subject: [RAUC] problems verifying a bundle
List-Id: RAUC Project - Discussion List <rauc.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/rauc>, 
 <mailto:rauc-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/rauc/>
List-Post: <mailto:rauc@pengutronix.de>
List-Help: <mailto:rauc-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/rauc>,
 <mailto:rauc-request@pengutronix.de?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2079201096=="
Errors-To: rauc-bounces@pengutronix.de
Sender: "RAUC" <rauc-bounces@pengutronix.de>
To: rauc@pengutronix.de

--===============2079201096==
Content-Type: multipart/alternative; boundary="000000000000d9bf3f05a45d8b01"

--000000000000d9bf3f05a45d8b01
Content-Type: text/plain; charset="UTF-8"

Hello,

I am having issues when I try to verify a bundle downloaded on the device.
I am using rauc 1.3 through the meta-rauc for Yocto.

I am running *rauc info [name of the bundle].raucb* on the device. The
output I get is the following:

rauc-Message: 17:24:54.156: Debug log domains: 'all'
(rauc:528): rauc-DEBUG: 17:24:54.165: input bundle:
/var/1/rauc-bundle-raspberrypi3-64.raucb
(rauc:528): rauc-DEBUG: 17:24:54.166: No value for key
"max-bundle-download-size" in [system] defined - using default value of
8388608 bytes.
(rauc:528): rauc-DEBUG: 17:24:54.166: No mount prefix provided, using
/mnt/rauc/ as default
rauc-Message: 17:24:54.167: Reading bundle:
/var/1/rauc-bundle-raspberrypi3-64.raucb
(rauc:528): GLib-GIO-DEBUG: 17:24:54.170: _g_io_module_get_default: Found
default implementation local (GLocalVfs) for ?gio-vfs?
rauc-Message: 17:24:54.173: Verifying bundle...
*signature verification failed: Verify error:unsupported certificate
purpose*

I don't really know how to get past this issue. I have included in a file
the root certificate, intermediate certificate and the certificate that
corresponds to they key used to sign the bundle. And I point to that file
with path=/etc/rauc/firmware-keyring.pem in the system.conf file.

previous to doing that I was getting:
[...]
*signature verification failed: Verify error:unable to get local issuer
certificate*

With regards to the environment variables this is what I am using:

RAUC_KEY_FILE="/h4-work/certs/rauc/firmware-key.pem"
RAUC_CERT_FILE="/h4-work/certs/rauc/firmware.pem"
RAUC_KEYRING_FILE="firmware-keyring.pem" (which is the file that I am using
on the device)

I don't really know how to get past this issue, any points would be highly
appreciated.

Cheers,
Diego

--000000000000d9bf3f05a45d8b01
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello,</div><div><br></div><div>I am having issues wh=
en I try to verify a bundle downloaded on the device. I am using rauc 1.3 t=
hrough the meta-rauc for Yocto. <br></div><div><br></div><div>I am running =
<i>rauc info [name of the bundle].raucb</i> on the device. The output I get=
 is the following:</div><div><br></div><div>rauc-Message: 17:24:54.156: Deb=
ug log domains: &#39;all&#39;<br>(rauc:528): rauc-DEBUG: 17:24:54.165: inpu=
t bundle: /var/1/rauc-bundle-raspberrypi3-64.raucb<br>(rauc:528): rauc-DEBU=
G: 17:24:54.166: No value for key &quot;max-bundle-download-size&quot; in [=
system] defined - using default value of 8388608 bytes.<br>(rauc:528): rauc=
-DEBUG: 17:24:54.166: No mount prefix provided, using /mnt/rauc/ as default=
<br>rauc-Message: 17:24:54.167: Reading bundle: /var/1/rauc-bundle-raspberr=
ypi3-64.raucb<br>(rauc:528): GLib-GIO-DEBUG: 17:24:54.170: _g_io_module_get=
_default: Found default implementation local (GLocalVfs) for ?gio-vfs?<br>r=
auc-Message: 17:24:54.173: Verifying bundle... <br></div><div><b>signature =
verification failed: Verify error:unsupported certificate purpose</b><br></=
div><div><br></div><div>I don&#39;t really know how to get past this issue.=
 I have included in a file the root certificate, intermediate certificate a=
nd the certificate that corresponds to they key used to sign the bundle. An=
d I point to that file with path=3D/etc/rauc/firmware-keyring.pem in the sy=
stem.conf file.<br></div><div><br></div><div>previous to doing that I was g=
etting:</div><div>[...]<br></div><div><b>signature verification failed: Ver=
ify error:unable to get local issuer certificate</b></div><div><br></div><d=
iv><div>With regards to the environment variables this is what I am using:<=
/div><div><br></div><div>RAUC_KEY_FILE=3D&quot;/h4-work/certs/rauc/firmware=
-key.pem&quot;<br></div><div>RAUC_CERT_FILE=3D&quot;/h4-work/certs/rauc/fir=
mware.pem&quot;<br></div><div>RAUC_KEYRING_FILE=3D&quot;firmware-keyring.pe=
m&quot; (which is the file that I am using on the device)</div></div><div><=
br></div><div>I don&#39;t really know how to get past this issue, any point=
s would be highly appreciated.</div><div><br></div><div>Cheers,</div><div>D=
iego<br></div><div><b><br></b></div><div><b><br></b></div></div>

--000000000000d9bf3f05a45d8b01--


--===============2079201096==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
RAUC mailing list

--===============2079201096==--