RAUC_KEY_PASSPHRASE isn't passed to rauc bundle

[antoinefaure]

Hi,

I'm trying to sign a bundle image with an encrypted certificate. I am doing so by using the RAUC_KEY_PASSPHRASE, as per the documentaion. I have tried setting this variable with an export in host environment and a BB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS RAUC_KEY_PASSPHRASE" before building, as well as from the bundle image recipe. Nevertheless, rauc bundle always fails as it can't read the private key.
bitbake -e seems to confirm I have the correct environment.

I have managed to sign the image by hand using the same certificate / keys and the same password so I don't think there's any issue here.

I have also been able to sign the bundle using yocto by adding a export RAUC_KEY_PASSPHRASE=mypassword in bundle.bbclass / do_bundle, so it seems this is due do the environment not being accessible from the child process.
This is confirmed by adding some debug prints in the do_bundle task, where I can see my password with a simple print of RAUC_KEY_PASSPHRASE, but not with a eng|grep RAUC.

I am using the kirkstone release and haven't found any clean solution yet.

Thanks,
Antoine

[antoinefaure]

Ok an export of RAUC_KEY_PASSPHRASE in a do_bundle:prepend fixes it, but I am wondering if there's any cleaner solution, or if this should be done upstream in do_bundle ?

Thanks