[PATCH opkg] opkg: allow to configure the path to the signature verification script

Baptiste Jonglez baptiste at bitsofnetworks.org
Wed Aug 26 15:08:06 EDT 2020


On 25-08-20, Paul Spooren wrote:
> On 24.08.20 05:07, Baptiste Jonglez wrote:
> > From: Baptiste Jonglez <git at bitsofnetworks.org>
> > 
> > Currently, package index signatures are only checked when opkg runs on the
> > OpenWrt device.  The verification script is hard-coded to a path in
> > /usr/sbin/.
> > 
> > Making this path configurable is a first step to implement signature
> > verification in host builds of opkg (e.g. in the imagebuilder).
> > 
> > Signed-off-by: Baptiste Jonglez <git at bitsofnetworks.org>
> 
> Great, I was just looking for something like that! Thank you very much.
> 
> Tested via an ImageBuilder moving a `exit 0` script to the host machine at
> `/usr/sbin/opkg-key` and afterwards defining a custom place, both worked
> fine.

Thanks for testing.

> The openwrt.git/opkg-key (not opkg.git/opkg-key) script uses currently a
> hard coded key position (`/etc/opkg/keys`) which should be patched next.

Yes, several more changes need to be done in the openwrt build system.
But for opkg this change should be enough to get things going.

Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200826/8193a484/attachment.sig>


More information about the openwrt-devel mailing list