mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-27 01:11:14 +00:00
build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve trusted public keys. Using `opkg-key` outside a running device is unfeasible as the key folder is hard coded to `/etc/opkg/keys`. This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys` if unset, however allows set arbitrary key folder locations. Arbitrary key folder locations are useful to add signature verification to the ImageBuilders. Signed-off-by: Paul Spooren <mail@aparcar.org>
This commit is contained in:
parent
18b1cc2838
commit
395ac4d018
@ -1,5 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}"
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Usage: $0 <command> <arguments...>
|
Usage: $0 <command> <arguments...>
|
||||||
@ -19,7 +21,7 @@ opkg_key_verify() {
|
|||||||
(
|
(
|
||||||
zcat "$msgfile" 2>/dev/null ||
|
zcat "$msgfile" 2>/dev/null ||
|
||||||
cat "$msgfile" 2>/dev/null
|
cat "$msgfile" 2>/dev/null
|
||||||
) | usign -V -P /etc/opkg/keys -q -x "$sigfile" -m -
|
) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m -
|
||||||
}
|
}
|
||||||
|
|
||||||
opkg_key_add() {
|
opkg_key_add() {
|
||||||
@ -27,8 +29,8 @@ opkg_key_add() {
|
|||||||
[ -n "$key" ] || usage
|
[ -n "$key" ] || usage
|
||||||
[ -f "$key" ] || echo "Cannot open file $1"
|
[ -f "$key" ] || echo "Cannot open file $1"
|
||||||
local fingerprint="$(usign -F -p "$key")"
|
local fingerprint="$(usign -F -p "$key")"
|
||||||
mkdir -p "/etc/opkg/keys"
|
mkdir -p "$OPKG_KEYS"
|
||||||
cp "$key" "/etc/opkg/keys/$fingerprint"
|
cp "$key" "$OPKG_KEYS/$fingerprint"
|
||||||
}
|
}
|
||||||
|
|
||||||
opkg_key_remove() {
|
opkg_key_remove() {
|
||||||
@ -36,7 +38,7 @@ opkg_key_remove() {
|
|||||||
[ -n "$key" ] || usage
|
[ -n "$key" ] || usage
|
||||||
[ -f "$key" ] || echo "Cannot open file $1"
|
[ -f "$key" ] || echo "Cannot open file $1"
|
||||||
local fingerprint="$(usign -F -p "$key")"
|
local fingerprint="$(usign -F -p "$key")"
|
||||||
rm -f "/etc/opkg/keys/$fingerprint"
|
rm -f "$OPKG_KEYS/$fingerprint"
|
||||||
}
|
}
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
Loading…
Reference in New Issue
Block a user