aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2015-04-06 19:39:51 +0000
committerFelix Fietkau <nbd@openwrt.org>2015-04-06 19:39:51 +0000
commit741a0576ad3184f0f061ff8fd056f933986d110d (patch)
tree15696903dfd2ffe65ef465923203876f48a2088b /package/system
parent5731f502797636762931a6447703043ae297adae (diff)
downloadupstream-741a0576ad3184f0f061ff8fd056f933986d110d.tar.gz
upstream-741a0576ad3184f0f061ff8fd056f933986d110d.tar.bz2
upstream-741a0576ad3184f0f061ff8fd056f933986d110d.zip
build: add integration for managing opkg package feed keys
Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45286 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/system')
-rw-r--r--package/system/opkg/Makefile17
-rwxr-xr-xpackage/system/opkg/files/opkg-key56
2 files changed, 71 insertions, 2 deletions
diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index 391adfa0d9..4f30ec2114 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -26,6 +26,8 @@ PKG_REMOVE_FILES = autogen.sh aclocal.m4
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
+PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES
+
PKG_BUILD_PARALLEL:=1
HOST_BUILD_PARALLEL:=1
PKG_INSTALL:=1
@@ -91,7 +93,11 @@ CONFIGURE_ARGS += \
--with-opkglockfile=/var/lock/opkg.lock
ifeq ($(BUILD_VARIANT),smime)
- CONFIGURE_ARGS += --enable-openssl --enable-sha256
+ CONFIGURE_ARGS += --enable-openssl --enable-sha256 --disable-usign
+else
+ ifndef CONFIG_SIGNED_PACKAGES
+ CONFIGURE_ARGS += --disable-usign
+ endif
endif
MAKE_FLAGS = \
@@ -105,6 +111,9 @@ define Package/opkg/Default/install
$(INSTALL_DIR) $(1)/bin
$(INSTALL_DIR) $(1)/etc
$(INSTALL_DATA) ./files/opkg$(2).conf $(1)/etc/opkg.conf
+ ifneq ($(CONFIG_SIGNED_PACKAGES),)
+ echo "option check_signature 1" >> $(1)/etc/opkg.conf
+ endif
ifeq ($(CONFIG_PER_FEED_REPO),)
echo "src/gz %n %U" >> $(1)/etc/opkg.conf
else
@@ -121,7 +130,11 @@ define Package/opkg/Default/install
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/opkg-cl $(1)/bin/opkg
endef
-Package/opkg/install = $(call Package/opkg/Default/install,$(1),)
+define Package/opkg/install
+ $(call Package/opkg/Default/install,$(1),)
+ mkdir $(1)/usr/sbin
+ $(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
+endef
define Package/opkg-smime/install
$(call Package/opkg/Default/install,$(1),-smime)
diff --git a/package/system/opkg/files/opkg-key b/package/system/opkg/files/opkg-key
new file mode 100755
index 0000000000..ae5e8a4591
--- /dev/null
+++ b/package/system/opkg/files/opkg-key
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+usage() {
+ cat <<EOF
+Usage: $0 <command> <arguments...>
+Commands:
+ add <file>: Add keyfile <file> to opkg trusted keys
+ remove <file>: Remove keyfile matching <file> from opkg trusted keys
+ verify <sigfile> <list>: Check list file <list> against signature file <sigfile>
+
+EOF
+ exit 1
+}
+
+opkg_key_verify() {
+ local sigfile="$1"
+ local msgfile="$2"
+
+ (
+ zcat "$msgfile" 2>/dev/null ||
+ cat "$msgfile" 2>/dev/null
+ ) | usign -V -P /etc/opkg/keys -q -x "$sigfile" -m -
+}
+
+opkg_key_add() {
+ local key="$1"
+ [ -n "$key" ] || usage
+ [ -f "$key" ] || echo "Cannot open file $1"
+ local fingerprint="$(usign -F -p "$key")"
+ mkdir -p "/etc/opkg/keys"
+ cp "$key" "/etc/opkg/keys/$fingerprint"
+}
+
+opkg_key_remove() {
+ local key="$1"
+ [ -n "$key" ] || usage
+ [ -f "$key" ] || echo "Cannot open file $1"
+ local fingerprint="$(usign -F -p "$key")"
+ rm -f "/etc/opkg/keys/$fingerprint"
+}
+
+case "$1" in
+ add)
+ shift
+ opkg_key_add "$@"
+ ;;
+ remove)
+ shift
+ opkg_key_remove "$@"
+ ;;
+ verify)
+ shift
+ opkg_key_verify "$@"
+ ;;
+ *) usage ;;
+esac