Skip to content

sso: Need upgrade path

This was mentioned in the progress call, but I think there's no issue open for it yet.

Currently, for sso, the mod-auth-pubtkt keys are generated in plinth firstboot. This will work for new installs, but not for upgraded systems.

One idea that came up in the meeting:

  • Generate keys in sso module setup.
  • Equivalent of "plinth setup" would happen at every plinth start -- would run setup for all essential modules, if needed.
  • No longer run "plinth setup" from freedombox-setup. So that live images won't contain generated keys.