Manage metadata expiry dates
Once you take the keys for signing metadata offline, you need to be aware of when this metadata expires. You need to refresh the expiry date before it is reached, otherwise you won’t be able to push updates.
The default expiry dates are as follows:
targets.json, the expiry date is 31 days from when the metadata was last updated.
root.json, the expiry date is 365 days from when the metadata was last updated.
You can refresh the expiry date one of the following ways:
If you previously followed the procedure to take Uptane-related keys offline, you would have created a local image repository called
myimagerepoand a key called
mytargets. You use these same repository and key names to refresh the expiry dates.
Resign the current targets.json with your existing key:
garage-sign targets sign --repo myimagerepo --key-name mytargets
Upload the newly signed targets.json to OTA Connect:
garage-sign targets push --repo myimagerepo
Another option is to bitbake your main disk image again. Specifically, the disk image that you flashed to your devices.
Bitbaking again shouldn’t take long as files are usually cached from the previous build. You don’t have to do anything with the image, it’s just that process of bitbaking also refreshes the expiry date for