OTA Connect Developer Guide

Manage metadata expiry dates

Once you take the keys for signing metadata offline, you need to be aware of when this metadata expires. You need to refresh the expiry date before it is reached, otherwise you won’t be able to push updates. You can also define your own expiry dates when you take your keys offline.

The default expiry dates are as follows:

  • For targets.json, the expiry date is 31 days from when the metadata was last updated.

  • For root.json, the expiry date is 365 days from when the metadata was last updated.

Define your own expiry dates

How you define the expiry dates depends on how you use OTA Connect:

  • If you’re building disk images, you need to update your build configuration.

  • If you’re using the standalone command-line tools such as garage-deploy, you need to add extra command-line arguments.

  • Build configuration

  • Command-line arguments

If you are building a disk image that contains aktualizr, your configuration will be the local.conf file.

  • You’ll find this file in the conf subdirectory of the of your build project.

For more information, see the build configuration reference and the sample build procedures

Table 1. Build configuration parameters for metadata expiry
Configuration Description

GARAGE_TARGET_EXPIRES

Use this option to have the metadata expire after a fixed date and time.

Specify the time as a UTC instant like in the following example:

GARAGE_TARGET_EXPIRES = "2018-01-01T00:01:00Z"

GARAGE_TARGET_EXPIRE_AFTER

Use this option to have the metadata expire after an elapsed period of time.

Specify the number of years, months and days like in the following example:

GARAGE_TARGET_EXPIRE_AFTER = "1Y3M5D"

When you’re using the garage-sign command to take your keys offline, you can also sign your metadata with one of the following expiry arguments.

Table 2. Command-line arguments for metadata expiry
Configuration Description

--expires

Use this option to have the metadata expire after a fixed date and time.

Specify the time as a UTC instant like in the following example:

garage-sign targets sign --expires 2018-01-01T00:01:00Z  --repo myimagerepo --key-name mytargets

--expire-after

Use this option to have the metadata expire after an elapsed period of time.

Specify the number of years, months and days like in the following example:

garage-sign targets sign ----expire-after 1Y3M5D  --repo myimagerepo --key-name mytargets