Manage metadata expiry dates
Once you take the keys for signing metadata offline, you need to be aware of when this metadata expires. You need to refresh the expiry date before it is reached, otherwise you won’t be able to push updates. You can also define your own expiry dates when you take your keys offline.
The default expiry dates are as follows:
-
For
targets.json
, the expiry date is 31 days from when the metadata was last updated. -
For
root.json
, the expiry date is 365 days from when the metadata was last updated.
Define your own expiry dates
How you define the expiry dates depends on how you use OTA Connect:
-
If you’re building disk images, you need to update your build configuration.
-
If you’re using the standalone command-line tools such as
garage-deploy
, you need to add extra command-line arguments.
If you are building a disk image that contains aktualizr, your configuration will be the local.conf file.
-
You’ll find this file in the
conf
subdirectory of the of your build project.
For more information, see the build configuration reference and the sample build procedures
Configuration | Description |
---|---|
|
Use this option to have the metadata expire after a fixed date and time. Specify the time as a UTC instant like in the following example: GARAGE_TARGET_EXPIRES = "2018-01-01T00:01:00Z" |
|
Use this option to have the metadata expire after an elapsed period of time. Specify the number of years, months and days like in the following example: GARAGE_TARGET_EXPIRE_AFTER = "1Y3M5D" |
When you’re using the garage-sign
command to take your keys offline, you can also sign your metadata with one of the following expiry arguments.
Configuration | Description |
---|---|
|
Use this option to have the metadata expire after a fixed date and time. Specify the time as a UTC instant like in the following example: garage-sign targets sign --expires 2018-01-01T00:01:00Z --repo myimagerepo --key-name mytargets |
|
Use this option to have the metadata expire after an elapsed period of time. Specify the number of years, months and days like in the following example: garage-sign targets sign ----expire-after 1Y3M5D --repo myimagerepo --key-name mytargets |