Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

makefiles/suit: place keys in $XDG_DATA_HOME #18157

Merged
merged 2 commits into from
Jun 28, 2022
Merged

makefiles/suit: place keys in $XDG_DATA_HOME #18157

merged 2 commits into from
Jun 28, 2022

Conversation

benpicco
Copy link
Contributor

@benpicco benpicco commented Jun 1, 2022

Contribution description

Placing the SUIT key in the RIOT repository folder is dangerous as a repo checkout is by most people considered a volatile location.
Since all important files are stored in git, deleting the entire folder or it's contents is not an uncommon cleanup operation.

If the user is at that point unaware that SUIT key material is stored in that folder, that key will then be lost.

Another workflow may involve multiple checkouts of the RIOT repository to multiple folders to work on several features at the same time, or for easy cross-referencing or splitting of off features from an integration into a feature branch.
In that case each checkout would use it's own incompatible SUIT key.

To avoid all these pitfalls, place the SUIT keys outside the RIOT repository in the $XDG_DATA_HOME directory.

Testing procedure

make -C examples/suit_update suit/publish

should still work (with a new key being generated in ~/.local/share/RIOT/keys).

Issues/PRs references

@benpicco benpicco marked this pull request as ready for review June 1, 2022 22:22
@benpicco benpicco requested a review from jia200x as a code owner June 1, 2022 22:22
@github-actions github-actions bot added Area: build system Area: Build system Area: doc Area: Documentation Area: examples Area: Example Applications Area: tools Area: Supplementary tools labels Jun 1, 2022
@benpicco benpicco requested review from bergzand, kaspar030 and chrysn June 1, 2022 22:23
@benpicco benpicco added Process: API change Integration Process: PR contains or issue proposes an API change. Should be handled with care. Area: security Area: Security-related libraries and subsystems labels Jun 1, 2022
@benpicco benpicco requested review from fjmolinas and maribu June 1, 2022 22:23
maribu
maribu reviewed Jun 2, 2022
View reviewed changes
@benpicco
makefiles/suit: place keys in $XDG_DATA_HOME
5e52d15 
Placing the SUIT key in the RIOT repository folder is dangerous as
a repo checkout is by most people considered a volatile location.
Since all important files are stored in git, deleting the entire folder
or it's contents is not an uncommon cleanup operation.

If the user is at that point unaware that SUIT key material is stored
in that folder, that key will then be lost.

Another workflow may involve multiple checkouts of the RIOT repository
to multiple folders to work on several features at the same time, or for
easy cross-referencing or splitting of off features from an integration
into a feature branch.
In that case each checkout would use it's own incompatible SUIT key.

To avoid all these pitfalls, place the SUIT keys outside the RIOT
repository in the $XDG_DATA_HOME directory.
@fjmolinas
Copy link
Contributor

Can you post some test output?

@benpicco
Copy link
Contributor Author

benpicco commented Jun 2, 2022 

benpicco@T430s ~/dev/RIOT/examples/suit_update (git)-[suit-key-dir] % make suit/genkey
suit: generating key in /home/benpicco/.local/share/RIOT/keys
benpicco@T430s ~/dev/RIOT/examples/suit_update (git)-[suit-key-dir] % ll /home/benpicco/.local/share/RIOT/keys
total 4
-rw------- 1 benpicco benpicco 119 Jun  2 13:41 default.pem

@fjmolinas
Copy link
Contributor 

benpicco@T430s ~/dev/RIOT/examples/suit_update (git)-[suit-key-dir] % make suit/genkey
suit: generating key in /home/benpicco/.local/share/RIOT/keys
benpicco@T430s ~/dev/RIOT/examples/suit_update (git)-[suit-key-dir] % ll /home/benpicco/.local/share/RIOT/keys
total 4
-rw------- 1 benpicco benpicco 119 Jun  2 13:41 default.pem

Of your suggested test procedure :)

@kaspar030
Copy link
Contributor

This might fail on CI, as parallel builds share some random $(HOME) within the build container.

@kaspar030
Copy link
Contributor

So, if I'd want to get back the original behavior, I'd have to inject a local makefile, right?

@benpicco
Copy link
Contributor Author

benpicco commented Jun 2, 2022
edited
Loading

This might fail on CI, as parallel builds share some random $(HOME) within the build container.

No

So, if I'd want to get back the original behavior, I'd have to inject a local makefile, right?

You can still set the SUIT_KEY_DIR environment variable as before.

@kaspar030
Copy link
Contributor

No

ok

You can still set the SUIT_KEY_DIR environment variable as before.

But, ${RIOTBASE} depends on the workdir, so I can't set this globally (like, in my .profile). export SUIT_KEY_DIR=~/.local/RIOT/keys works fine, whereas export SUIT_KEY_DIR=${RIOTBASE} won't if I have multiple checkouts.

@benpicco
Copy link
Contributor Author

benpicco commented Jun 6, 2022
edited
Loading

Of your suggested test procedure :)

make suit/publish 
make: Entering directory '/home/benpicco/dev/RIOT/examples/suit_update'
compiling /home/benpicco/dev/RIOT/dist/tools/riotboot_gen_hdr/bin/genhdr...
make: Nothing to be done for 'all'.
suit: generating key in /home/benpicco/.local/share/RIOT/keys
make[1]: Nothing to be done for 'prepare'.
"make" -C /home/benpicco/dev/RIOT/pkg/c25519/ 
"make" -C /home/benpicco/dev/RIOT/build/pkg/c25519/src -f /home/benpicco/dev/RIOT/Makefile.base MODULE=c25519
"make" -C /home/benpicco/dev/RIOT/pkg/libcose/ 
"make" -C /home/benpicco/dev/RIOT/build/pkg/libcose/src -f /home/benpicco/dev/RIOT/Makefile.base MODULE=libcose
"make" -C /home/benpicco/dev/RIOT/build/pkg/libcose/src/crypt -f /home/benpicco/dev/RIOT/pkg/libcose/Makefile.libcose_crypt
"make" -C /home/benpicco/dev/RIOT/pkg/nanocbor/ 
"make" -C /home/benpicco/dev/RIOT/build/pkg/nanocbor/src -f /home/benpicco/dev/RIOT/Makefile.base MODULE=nanocbor
"make" -C /home/benpicco/dev/RIOT/boards/common/init
"make" -C /home/benpicco/dev/RIOT/boards/samr21-xpro
"make" -C /home/benpicco/dev/RIOT/core
"make" -C /home/benpicco/dev/RIOT/core/lib
"make" -C /home/benpicco/dev/RIOT/cpu/samd21
"make" -C /home/benpicco/dev/RIOT/cpu/cortexm_common
"make" -C /home/benpicco/dev/RIOT/cpu/cortexm_common/periph
"make" -C /home/benpicco/dev/RIOT/cpu/sam0_common
"make" -C /home/benpicco/dev/RIOT/cpu/sam0_common/periph
"make" -C /home/benpicco/dev/RIOT/cpu/samd21/periph
"make" -C /home/benpicco/dev/RIOT/cpu/samd21/vectors
"make" -C /home/benpicco/dev/RIOT/drivers
"make" -C /home/benpicco/dev/RIOT/drivers/edbg_eui
"make" -C /home/benpicco/dev/RIOT/drivers/ethos
"make" -C /home/benpicco/dev/RIOT/drivers/netdev
"make" -C /home/benpicco/dev/RIOT/drivers/periph_common
"make" -C /home/benpicco/dev/RIOT/pkg/libcose/init
"make" -C /home/benpicco/dev/RIOT/sys
"make" -C /home/benpicco/dev/RIOT/sys/auto_init
"make" -C /home/benpicco/dev/RIOT/sys/checksum
"make" -C /home/benpicco/dev/RIOT/sys/crypto
"make" -C /home/benpicco/dev/RIOT/sys/div
"make" -C /home/benpicco/dev/RIOT/sys/event
"make" -C /home/benpicco/dev/RIOT/sys/evtimer
"make" -C /home/benpicco/dev/RIOT/sys/fmt
"make" -C /home/benpicco/dev/RIOT/sys/frac
"make" -C /home/benpicco/dev/RIOT/sys/hashes
"make" -C /home/benpicco/dev/RIOT/sys/iolist
"make" -C /home/benpicco/dev/RIOT/sys/isrpipe
"make" -C /home/benpicco/dev/RIOT/sys/luid
"make" -C /home/benpicco/dev/RIOT/sys/malloc_thread_safe
"make" -C /home/benpicco/dev/RIOT/sys/net/application_layer/nanocoap
"make" -C /home/benpicco/dev/RIOT/sys/net/application_layer/uhcp
"make" -C /home/benpicco/dev/RIOT/sys/net/crosslayer/inet_csum
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/netapi
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/netif
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/netif/ethernet
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/netif/hdr
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/netif/init_devs
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/netreg
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/network_layer/icmpv6
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/network_layer/icmpv6/echo
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/network_layer/ipv6
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/network_layer/ipv6/hdr
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/network_layer/ipv6/nib
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/network_layer/ndp
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/pkt
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/pktbuf
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/pktbuf_static
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/sock
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/sock/udp
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/transport_layer/udp
"make" -C /home/benpicco/dev/RIOT/sys/net/gnrc/application_layer/uhcpc
"make" -C /home/benpicco/dev/RIOT/sys/net/link_layer/eui_provider
"make" -C /home/benpicco/dev/RIOT/sys/net/link_layer/l2util
"make" -C /home/benpicco/dev/RIOT/sys/net/netif
"make" -C /home/benpicco/dev/RIOT/sys/net/netutils
"make" -C /home/benpicco/dev/RIOT/sys/net/network_layer/icmpv6
"make" -C /home/benpicco/dev/RIOT/sys/net/network_layer/ipv6/addr
"make" -C /home/benpicco/dev/RIOT/sys/net/network_layer/ipv6/hdr
"make" -C /home/benpicco/dev/RIOT/sys/net/sock
"make" -C /home/benpicco/dev/RIOT/sys/net/transport_layer/udp
"make" -C /home/benpicco/dev/RIOT/sys/newlib_syscalls_default
"make" -C /home/benpicco/dev/RIOT/sys/pm_layered
"make" -C /home/benpicco/dev/RIOT/sys/posix/inet
"make" -C /home/benpicco/dev/RIOT/sys/progress_bar
"make" -C /home/benpicco/dev/RIOT/sys/random
"make" -C /home/benpicco/dev/RIOT/sys/riotboot
"make" -C /home/benpicco/dev/RIOT/sys/shell
"make" -C /home/benpicco/dev/RIOT/sys/shell/commands
"make" -C /home/benpicco/dev/RIOT/sys/suit
"make" -C /home/benpicco/dev/RIOT/sys/suit/storage
"make" -C /home/benpicco/dev/RIOT/sys/suit/transport
"make" -C /home/benpicco/dev/RIOT/sys/test_utils/interactive_sync
"make" -C /home/benpicco/dev/RIOT/sys/tsrb
"make" -C /home/benpicco/dev/RIOT/sys/uuid
"make" -C /home/benpicco/dev/RIOT/sys/ztimer
creating /home/benpicco/dev/RIOT/examples/suit_update/bin/samr21-xpro/riotboot_files/slot0.1654557362.bin...
creating /home/benpicco/dev/RIOT/examples/suit_update/bin/samr21-xpro/riotboot_files/slot1.1654557362.bin...
published "/home/benpicco/dev/RIOT/examples/suit_update/bin/samr21-xpro/suit_files/riot.suit.1654557362.bin"
       as "coap://localhost/fw/suit_update/samr21-xpro/riot.suit.1654557362.bin"
published "/home/benpicco/dev/RIOT/examples/suit_update/bin/samr21-xpro/suit_files/riot.suit.latest.bin"
       as "coap://localhost/fw/suit_update/samr21-xpro/riot.suit.latest.bin"
published "/home/benpicco/dev/RIOT/examples/suit_update/bin/samr21-xpro/riotboot_files/slot0.1654557362.bin"
       as "coap://localhost/fw/suit_update/samr21-xpro/slot0.1654557362.bin"
published "/home/benpicco/dev/RIOT/examples/suit_update/bin/samr21-xpro/riotboot_files/slot1.1654557362.bin"
       as "coap://localhost/fw/suit_update/samr21-xpro/slot1.1654557362.bin"
make: Leaving directory '/home/benpicco/dev/RIOT/examples/suit_update'

@benpicco benpicco added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Jun 6, 2022
@benpicco benpicco modified the milestone: Release 2022.01 Jun 28, 2022
@benpicco benpicco added this to the Release 2022.07 milestone Jun 28, 2022
@benpicco benpicco merged commit eada4f0 into RIOT-OS:master Jun 28, 2022
@benpicco benpicco deleted the suit-key-dir branch June 28, 2022 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maribu maribu maribu approved these changes

@jia200x jia200x Awaiting requested review from jia200x jia200x is a code owner

@bergzand bergzand Awaiting requested review from bergzand

@kaspar030 kaspar030 Awaiting requested review from kaspar030

@chrysn chrysn Awaiting requested review from chrysn

@fjmolinas fjmolinas Awaiting requested review from fjmolinas

Assignees
No one assigned
Labels
Area: build system Area: Build system Area: doc Area: Documentation Area: examples Area: Example Applications Area: security Area: Security-related libraries and subsystems Area: tools Area: Supplementary tools CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Process: API change Integration Process: PR contains or issue proposes an API change. Should be handled with care.
Projects
None yet
Milestone
Release 2022.07
Development

Successfully merging this pull request may close these issues.
4 participants
@benpicco @fjmolinas @kaspar030 @maribu