Possbile bug on key-build.ucert not being renewed

If you have an openwrt local full build environment, with key-build.(,pub,ucert) files generated for you on first run, you may stumble upon error/problem after one year of working with this directory (and key-build files).

key-build.ucert, while being automatically generated , is created with 365days expiry, and after this date, without any warning you will start building images which fill fail sysupgrade's /usr/libexec/validate_firmware_image check.

Proposed solutions:

  1. renew ucert automatically (if it's being genered in automatic way, also renew could be automated)
    (btw: you must delete old key-build.ucert and have a new one generated from scratch, as chained verification is not working, at least for me :slight_smile: so stacked ucert file will also fail sysupgrade!
  2. at least put big warning at the end of build process.