Symlinking mender-agent.pem to an external certificate

I’d like to set my mender images to symlink mender-agent.pem to an existing persistent certificate that is already present on each of my devices.

I currently have this working by adding ln -s /config/certs/device_cert.key.rsa ${WORKDIR}/data/mender/mender-agent.pem to mender-part-images.bbclass but I would like to have a less hacky way of doing this where I don’t need to patch the Mender source.

Is there a nice way of achieving this? Appreciate the help.

Which Yocto versions are you using? If you are on thud you can simply create this link in a mender_%.bbappend as mender-part-images extract the /data directory from rootfs

You can also use a modified mender.service file which will create the certificate symlinks using an “ExecStartPre” command. If the cert already exist, mender will not try to create it. You can add that with a mender_*.bbappend file in your own layer.

I’m on rocko, is there any way to achieve that with it?

Ah good point! Would prefer to do it prior to run time if possible but this isn’t a bad alternative if it’s not possible.