aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
diff options
context:
space:
mode:
authorPaul Spooren <mail@aparcar.org>2020-08-25 14:55:27 -1000
committerDaniel Golle <daniel@makrotopia.org>2020-08-31 22:44:26 +0100
commit395ac4d018d007335d6475ba00b0013d31cc0476 (patch)
tree7d4c48acec85df40fe4db18255c93af8c8c33f57 /package/system
parent18b1cc283879c39ffe6b50d18b487448162f2139 (diff)
downloadupstream-395ac4d018d007335d6475ba00b0013d31cc0476.tar.gz
upstream-395ac4d018d007335d6475ba00b0013d31cc0476.tar.bz2
upstream-395ac4d018d007335d6475ba00b0013d31cc0476.zip
build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve trusted public keys. Using `opkg-key` outside a running device is unfeasible as the key folder is hard coded to `/etc/opkg/keys`. This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys` if unset, however allows set arbitrary key folder locations. Arbitrary key folder locations are useful to add signature verification to the ImageBuilders. Signed-off-by: Paul Spooren <mail@aparcar.org>
Diffstat (limited to 'package/system')
-rwxr-xr-xpackage/system/opkg/files/opkg-key10
1 files changed, 6 insertions, 4 deletions
diff --git a/package/system/opkg/files/opkg-key b/package/system/opkg/files/opkg-key
index ae5e8a4591..51d1857ad5 100755
--- a/package/system/opkg/files/opkg-key
+++ b/package/system/opkg/files/opkg-key
@@ -1,5 +1,7 @@
#!/bin/sh
+OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}"
+
usage() {
cat <<EOF
Usage: $0 <command> <arguments...>
@@ -19,7 +21,7 @@ opkg_key_verify() {
(
zcat "$msgfile" 2>/dev/null ||
cat "$msgfile" 2>/dev/null
- ) | usign -V -P /etc/opkg/keys -q -x "$sigfile" -m -
+ ) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m -
}
opkg_key_add() {
@@ -27,8 +29,8 @@ opkg_key_add() {
[ -n "$key" ] || usage
[ -f "$key" ] || echo "Cannot open file $1"
local fingerprint="$(usign -F -p "$key")"
- mkdir -p "/etc/opkg/keys"
- cp "$key" "/etc/opkg/keys/$fingerprint"
+ mkdir -p "$OPKG_KEYS"
+ cp "$key" "$OPKG_KEYS/$fingerprint"
}
opkg_key_remove() {
@@ -36,7 +38,7 @@ opkg_key_remove() {
[ -n "$key" ] || usage
[ -f "$key" ] || echo "Cannot open file $1"
local fingerprint="$(usign -F -p "$key")"
- rm -f "/etc/opkg/keys/$fingerprint"
+ rm -f "$OPKG_KEYS/$fingerprint"
}
case "$1" in