Google Git
Sign in
apache / mynewt-artifact / a86ed83af5bab0eeea204b1d02f052b4ddfeef10
commita86ed83af5bab0eeea204b1d02f052b4ddfeef10[log] [tgz]
authorChristopher Collins <ccollins@apache.org>Mon Jul 01 14:29:42 2019 -0700
committerccollins476ad <ccollins476ad@gmail.com>Wed Jul 03 13:14:36 2019 -0700
treecc1af5ceac0022abf1177cf4efeda8ce49a73378
parent05cace2b3fab7b106f2eb6d644663fa92f3bfb62 [diff]
mfg: Verify embedded images separately

Prior to this commit, the `"mfg".Mfg.VerifyManifest()` function
attempted to verify all of an mfg's embedded images.  This resulted in a
clunky and unfriendly API:

* The caller was required to pass in a set of public signing keys and
private encryption keys.
* There was no way to verify the manifest without also checking the
embedded images.  E.g., if the caller doesn't have access to encryption
keys, this function would fail even if the mfgimage is correct.

Now `VerifyManifest()` does not verify the embedded images.  To verify
the embedded images, the caller should call `"mfg".Mfg.ExtractImages()`
and call the image verification functions on each image separately.
2 files changed
tree: cc1af5ceac0022abf1177cf4efeda8ce49a73378
  1. errors/
  2. flash/
  3. image/
  4. manifest/
  5. mfg/
  6. sec/
  7. .gitignore
  8. .travis.yml
  9. go.mod
  10. go.sum
  11. LICENSE
  12. NOTICE
  13. README.md
README.md

Mynewt Artifact

Apache Mynewt Artifact is a Go library that parses, manipulates, validates, and outputs Mynewt artifacts. Supported artifacts are:

  • Images
  • Image manifests
  • Manufacturing images (mfgimages)
  • Manufacturing manifests