[elbe-devel] key in url not expected
John Ogness
john.ogness at linutronix.de
Thu Feb 10 10:04:01 CET 2022
On 2022-02-09, "Steih, Martin" <Martin.Steih at lachmann-rink.de> wrote:
> I just stumbled across a phenomenon with the key tag within url.
>
> We are using a url in the manner like:
>
> <url>
> <binary>
> http://debian.linutronix.de/elbe buster main
> </binary>
> <source>
> http://debian.linutronix.de/elbe buster main
> </source>
> <key>
> http://debian.linutronix.de/elbe/elbe-repo.pub
> </key>
> </url>
>
> using elbe initvm submit xyz.xml, everything is fine.
>
> But if I try to
>
> elbe control set_xml xyz.xml, it complains about an unexpected element "key".
>
> In the schema dbsfed.xsd, I cannot find a definition of key within url at all.
>
> Does anyone know how this fits together?
The official XML element is called "raw-key", which is the ascii encoded
public key. You can see an example of this here:
https://github.com/Linutronix/elbe/blob/master/examples/x86_64-docker-elbe.xml#L28
Embedding the public key is important. Relying on an external source for
the accepted key is a security risk.
When you run "elbe initvm submit", there is a pre-process step that
occurs where the "key" element is read and downloaded and then converted
to the proper "raw-key" element.
You can manually run the pre-process step with "elbe preprocess". But
really you should be using "elbe initvm submit" so that you do not need
to be concerned about all the internal steps.
John Ogness
More information about the elbe-devel
mailing list