build: opkg-key variable key folder

The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
This commit is contained in:
Paul Spooren 2020-08-25 14:55:27 -10:00 committed by Daniel Golle
parent 18b1cc2838
commit 395ac4d018

View File

@ -1,5 +1,7 @@
#!/bin/sh #!/bin/sh
OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}"
usage() { usage() {
cat <<EOF cat <<EOF
Usage: $0 <command> <arguments...> Usage: $0 <command> <arguments...>
@ -19,7 +21,7 @@ opkg_key_verify() {
( (
zcat "$msgfile" 2>/dev/null || zcat "$msgfile" 2>/dev/null ||
cat "$msgfile" 2>/dev/null cat "$msgfile" 2>/dev/null
) | usign -V -P /etc/opkg/keys -q -x "$sigfile" -m - ) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m -
} }
opkg_key_add() { opkg_key_add() {
@ -27,8 +29,8 @@ opkg_key_add() {
[ -n "$key" ] || usage [ -n "$key" ] || usage
[ -f "$key" ] || echo "Cannot open file $1" [ -f "$key" ] || echo "Cannot open file $1"
local fingerprint="$(usign -F -p "$key")" local fingerprint="$(usign -F -p "$key")"
mkdir -p "/etc/opkg/keys" mkdir -p "$OPKG_KEYS"
cp "$key" "/etc/opkg/keys/$fingerprint" cp "$key" "$OPKG_KEYS/$fingerprint"
} }
opkg_key_remove() { opkg_key_remove() {
@ -36,7 +38,7 @@ opkg_key_remove() {
[ -n "$key" ] || usage [ -n "$key" ] || usage
[ -f "$key" ] || echo "Cannot open file $1" [ -f "$key" ] || echo "Cannot open file $1"
local fingerprint="$(usign -F -p "$key")" local fingerprint="$(usign -F -p "$key")"
rm -f "/etc/opkg/keys/$fingerprint" rm -f "$OPKG_KEYS/$fingerprint"
} }
case "$1" in case "$1" in