Project

General

Profile

Issue #2002

Installation instructions: Handle different signing keys and make sure that the recovery match the zip

Added by Graham Cobb 4 months ago. Updated 4 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Installation instructions
Target version:
Start date:
02/13/2020
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:

Description

Extract from email from Joonas Kylmälä <> on mailing list:

yeah, the images for RC1 has been signed with GNUtoo's key and for the
0003 release with Wolfgang's key, so since there is signature checking
using rc1 zip on 0003 recovery won't work and vice versa.

This hit me when trying to replace my Replicant 6.0 with Replicant 6.0 0004 RC1 and
then (when that didn't work) trying to reinstall Replicant 6.0.

If that will be the case for the release, the recovery image should be renamed from
recovery-espressowifi.img to recovery-6.0-0004-rc1-espressowifi.img so it is clear
it is different from the original, and both can be kept in the same directory if required.

Also, the release notes should explain the issue and at least summarize how to go back
to the earlier version by reinstalling the earlier recovery.

History

#1

Updated by Denis 'GNUtoo' Carikli 4 months ago

If that will be the case for the release, the recovery image should be renamed from
recovery-espressowifi.img to recovery-6.0-0004-rc1-espressowifi.img so it is clear
it is different from the original, and both can be kept in the same directory if required.

Good idea. I'll try to find the time to look into it.

While renaming it is a good idea, it's probably not sufficient. We also need to explain that where people expect it the most. The installation instructions and release notes would be a good start for that.

Also, the release notes should explain the issue and at least summarize how to go back
to the earlier version by reinstalling the earlier recovery.

You usually cannot "go back" in the usual meaning, because you need to again erase the data and cache partitions.

Making sure that people can "go back" is probably possible but we'd need to dig into a lot of code to understand why the recovery is telling us that the data are incompatible.

We also got some report of people being able to "go back", but we'd need to find the reports (IRC, etc) and document in which conditions it was possible.

Though you can reinstall the previous version after erasing the data and cache partitions. So it's a good idea to backup all you can before doing that and restore it after.

#2

Updated by Denis 'GNUtoo' Carikli 4 months ago

  • Subject changed from Replicant 6.0 0004 RC1: Recovery is not backwards/forwards compatible to Installation instructions: Handle different signing keys and make sure that the recovery match the zip
  • Category set to Installation instructions
The best way to deal with that is probably to make sure that, for now:
  • People use the Recovery that goes with the zip they are installing
  • As the Recovery needs to be verified with gpg, to make sure that people are using the right GPG key going with the recovery (and the zip as well if they check it).

The Replicant project also decided to simplify the key management and to make sure that people do reinstall the recovery if needed, at least when the signing key changes.

We also have ideas on how to implement something better, like having a keyring inside the recovery to enable multiple gpg keys and to enable a transition to newer images, and do the checks with gpg. The image would then install the new recovery along the way. But but until that is implemented, we decided to simplify things on our side to make the installation more robust, though we forgot to update the installation instructions.

If this is ever implemented, we'd also need to think more about the various uses (installing older Replicant versions) and how to handle the keys (people's key, temporary keys like with OpenBSD's signify, etc).

Here's a preliminary status about updating all the instructions to use the release specific key and recovery:

Also available in: Atom PDF