[OpenWrt-Devel] RFC: check signatures of sysupgrades via ucert

Petr Štetiar ynezz at true.cz
Fri Apr 26 07:13:48 EDT 2019

Daniel Golle <daniel at makrotopia.org> [2019-04-24 00:33:53]:


> I don't think using UCI for this makes sense,

it makes sense to me, as it allows easier opt-in via custom uci-defaults
script for downstream projects during the transition period.

> because people also use sysupgrade in failsafe mode and then may not be able
> to change UCI options. We already got the '-F' option of sysupgrade, imho
> this is enough to ignore an invalid signature.

This is assuming, that the signature verification is enabled by default which
is not going to happen for some time.

-- ynezz

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list