From 5e52d15409a11c874004b54fa13aec4db2b7fbda Mon Sep 17 00:00:00 2001 From: Benjamin Valentin Date: Thu, 2 Jun 2022 00:02:26 +0200 Subject: [PATCH] makefiles/suit: place keys in $XDG_DATA_HOME Placing the SUIT key in the RIOT repository folder is dangerous as a repo checkout is by most people considered a volatile location. Since all important files are stored in git, deleting the entire folder or it's contents is not an uncommon cleanup operation. If the user is at that point unaware that SUIT key material is stored in that folder, that key will then be lost. Another workflow may involve multiple checkouts of the RIOT repository to multiple folders to work on several features at the same time, or for easy cross-referencing or splitting of off features from an integration into a feature branch. In that case each checkout would use it's own incompatible SUIT key. To avoid all these pitfalls, place the SUIT keys outside the RIOT repository in the $XDG_DATA_HOME directory. --- examples/suit_update/README.hardware.md | 2 +- examples/suit_update/README.md | 3 ++- makefiles/suit.base.inc.mk | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/examples/suit_update/README.hardware.md b/examples/suit_update/README.hardware.md index 2a321d8af8..9e61102e67 100644 --- a/examples/suit_update/README.hardware.md +++ b/examples/suit_update/README.hardware.md @@ -571,7 +571,7 @@ The following default values are using for generating the manifest: SUIT_SEQNR ?= $(APP_VER) SUIT_CLASS ?= $(BOARD) SUIT_KEY ?= default - SUIT_KEY_DIR ?= $(RIOTBASE)/keys + SUIT_KEY_DIR ?= $(XDG_DATA_HOME)/RIOT/keys SUIT_SEC ?= $(SUIT_KEY_DIR)/$(SUIT_KEY).pem All files (both slot binaries, both manifests, copies of manifests with diff --git a/examples/suit_update/README.md b/examples/suit_update/README.md index 1360ef1906..9ec878747b 100644 --- a/examples/suit_update/README.md +++ b/examples/suit_update/README.md @@ -62,7 +62,8 @@ SUIT keys consist of a private and a public key file, stored in `$(SUIT_KEY_DIR) Similar to how ssh names its keyfiles, the public key filename equals the private key file, but has an extra `.pub` appended. -`SUIT_KEY_DIR` defaults to the `keys/` folder at the top of a RIOT checkout. +`SUIT_KEY_DIR` defaults to the `keys/` folder in `$XDG_DATA_HOME/RIOT` +(usually `~/.local/share/RIOT/keys`). If the chosen key doesn't exist, it will be generated automatically. That step can be done manually using the `suit/genkey` target. diff --git a/makefiles/suit.base.inc.mk b/makefiles/suit.base.inc.mk index 19bf209502..757f73632f 100644 --- a/makefiles/suit.base.inc.mk +++ b/makefiles/suit.base.inc.mk @@ -10,11 +10,12 @@ SUIT_TOOL ?= $(RIOTBASE)/dist/tools/suit/suit-manifest-generator/bin/suit-tool # Will use $(SUIT_KEY_DIR)/$(SUIT_KEY).pem as combined private/public key # files. SUIT_KEY ?= default +XDG_DATA_HOME ?= $(HOME)/.local/share ifeq (1, $(RIOT_CI_BUILD)) SUIT_KEY_DIR ?= $(BINDIR) else - SUIT_KEY_DIR ?= $(RIOTBASE)/keys + SUIT_KEY_DIR ?= $(XDG_DATA_HOME)/RIOT/keys endif # Enable user to encrypt private key with a password