[PATCH 19.07 2/2] openwrt-keyring: Only copy sign key for 19.07 and 21.02

Paul Spooren mail at aparcar.org
Mon May 17 11:09:28 PDT 2021


On 5/16/21 3:55 PM, Hauke Mehrtens wrote:
> Instead of adding all public signature keys from the openwrt-keyring
> repository only add the key which is used to sign the OpenWrt 19.07
> feeds and the 21.02 feeds to allow checking the next release.
>
> If one of the other keys would be compromised this would not affect
> users of 19.07 release builds.
>
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> ---
Acked-by: Paul Spooren <mail at aparcar.org>
>   package/system/openwrt-keyring/Makefile | 7 +++++--
>   1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
> index 6f3aa65622..037809a667 100644
> --- a/package/system/openwrt-keyring/Makefile
> +++ b/package/system/openwrt-keyring/Makefile
> @@ -3,7 +3,7 @@
>   include $(TOPDIR)/rules.mk
>   
>   PKG_NAME:=openwrt-keyring
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>   
>   PKG_SOURCE_PROTO:=git
>   PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
> @@ -32,7 +32,10 @@ Build/Compile=
>   
>   define Package/openwrt-keyring/install
>   	$(INSTALL_DIR) $(1)/etc/opkg/keys/
> -	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
> +	# Public usign key for 19.07 release builds
> +	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/f94b9dd6febac963 $(1)/etc/opkg/keys/
> +	# Public usign key for 21.02 release builds
> +	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
>   endef
>   
>   $(eval $(call BuildPackage,openwrt-keyring))



More information about the openwrt-devel mailing list