Hello,
the pub key embedded in official Flatcar releases matches the official
update payloads, as soon as you build an own Flatcar image, there will
just be the dev key embedded and the official update payloads are
rejected unless forced.
Vice versa, if you want to update to your own signed payload, it would
also be rejected unless the pub key is provided in the image.
To update from a own-built Flatcar image, you can force the update
once by running "flatcar-update --force-flatcar-key -V VERSION" which
will bind-mount the official pub key inside the image and download an
official release update payload from the web server.
(If your Nebraska serves the official update payload and you want to
use this, you can do only the bind mount manually, see e.g., how the
"update-to-flatcar.sh" script does it in
https://www.flatcar.org/docs/latest/migrating-from-coreos/update-from-container-linux/)
Regards,
Kai
> --
> You received this message because you are subscribed to the Google Groups "Flatcar Container Linux User" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
flatcar-linux-u...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/flatcar-linux-user/c3d98867-f2d2-4bd0-b4fe-dc904157ad2cn%40googlegroups.com.
--
Kinvolk GmbH | Adalbertstr.6a, 10999 Berlin | tel:
+491755589364
Geschäftsführer/Directors: Benjamin Owen Orndorff
Registergericht/Court of registration: Amtsgericht Charlottenburg
Registernummer/Registration number: HRB 171414 B
Ust-ID-Nummer/VAT ID number: DE302207000