Quote:
Originally Posted by yifanlu
It would be "cleaner" if you use symbolic links (no two copies of the file). Or does amazon's OS doesn't read links?
Code:
ln -s "$KEY_DIR/pubprodkey01.pem.$ACTIVE" "$KEY_DIR/pubprodkey01.pem"
ln -s "$KEY_DIR/pubprodkey02.pem.$ACTIVE" "$KEY_DIR/pubprodkey02.pem"
|
Cleaner, maybe. The important thing is to be safe, and ensure that you don't leave the system in a state where neither key is valid. I guess using symlinks might help in that regard, although there's the slightly scary possibility that a future update might specifically avoid reading symlinks, or might just decide to delete everything from /etc/uks except the two known keys.
Now I'm thinking about it, maybe the smartest thing to do would be to bind-mount /etc/uks to a directory under /mnt/us. That way, you'd avoid touching the original files at all; to switch between official and unofficial keys, all you'd need to do would be to rename a directory and reboot. There'd no need to modify the root FS except during the initial installation.