aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2019-08-06 21:22:27 +0200
committerJo-Philipp Wich <jo@mein.io>2019-08-06 21:22:27 +0200
commitf565f276e2c06ac8f3176e0b16d6f2d40cd653d4 (patch)
tree7f7fed9665eefcec7f3c9c3e3dd2f38f93868681 /package/system
parent991dd5a89340367920315a3fd0390a7423e6b34a (diff)
downloadupstream-f565f276e2c06ac8f3176e0b16d6f2d40cd653d4.tar.gz
upstream-f565f276e2c06ac8f3176e0b16d6f2d40cd653d4.tar.bz2
upstream-f565f276e2c06ac8f3176e0b16d6f2d40cd653d4.zip
config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value of CONFIG_SIGNED_PACKAGES and thus is enabled by default. This option is needed to support building target opkg with enabled signature verification while having the signed package lists disabled. Our buildbots currently disable package signing globally in the buildroot and SDK to avoid the need to ship private signing keys to the build workers and to prevent the triggering of random key generation on the worker nodes since package signing happens off-line on the master nodes. As unintended side-effect, updated opkg packages will get built with disabled signature verification, hence the need for a new override option. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'package/system')
-rw-r--r--package/system/opkg/Makefile4
1 files changed, 2 insertions, 2 deletions
diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index 43b9ebdb4f..ed3cd5ebf4 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -25,7 +25,7 @@ PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
# Extend depends from version.mk
PKG_CONFIG_DEPENDS += \
- CONFIG_SIGNED_PACKAGES \
+ CONFIG_SIGNATURE_CHECK \
CONFIG_TARGET_INIT_PATH
PKG_BUILD_PARALLEL:=1
@@ -88,7 +88,7 @@ define Package/opkg/install
$(INSTALL_DATA) ./files/opkg$(2).conf $(1)/etc/opkg.conf
$(INSTALL_BIN) ./files/20_migrate-feeds $(1)/etc/uci-defaults/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/opkg-cl $(1)/bin/opkg
- ifneq ($(CONFIG_SIGNED_PACKAGES),)
+ ifneq ($(CONFIG_SIGNATURE_CHECK),)
echo "option check_signature" >> $(1)/etc/opkg.conf
endif
$(INSTALL_DIR) $(1)/usr/sbin