Manage metadata expiry dates
Once you take the keys for signing metadata offline, you need to be aware of when this metadata expires. You need to refresh the expiry date before it is reached, otherwise you won’t be able to push updates.
The default expiry dates are as follows:
-
For
targets.json
, the expiry date is 31 days from when the metadata was last updated. -
For
root.json
, the expiry date is 365 days from when the metadata was last updated.
You can refresh the expiry date one of the following ways:
-
With
garage-sign
:If you previously followed the procedure to take Uptane-related keys offline, you would have created a local image repository called
myimagerepo
and a key calledmytargets
. You use these same repository and key names to refresh the expiry dates.-
Resign the current targets.json with your existing key:
garage-sign targets sign --repo myimagerepo --key-name mytargets
-
Upload the newly signed targets.json to OTA Connect:
garage-sign targets push --repo myimagerepo
-
-
With the
bitbake
command:Another option is to bitbake your main disk image again. Specifically, the disk image that you flashed to your devices.
Bitbaking again shouldn’t take long as files are usually cached from the previous build. You don’t have to do anything with the image, it’s just that process of bitbaking also refreshes the expiry date for
targets.json.