From 9a11bc3682dd7e95eb0534da9e2dbe3cdaa1c6de Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Wed, 22 May 2024 16:19:45 +0200 Subject: [PATCH] build: generate private key for APK early Other than OPKG which only uses signed package list, APK uses individually signed packages in addition to signed package lists. Hence, in order to be able to generate package, the private key needs to be generated before compiling packages. Express that dependency and generate the private key before building any packages instead of doing so as part of the base-files package build. Fixes: d788ab376f ("build: add APK package build capabilities") Signed-off-by: Daniel Golle --- package/Makefile | 8 +++++++- package/base-files/Makefile | 6 ------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package/Makefile b/package/Makefile index 301a9e6cd5a..eb7cfcf9627 100644 --- a/package/Makefile +++ b/package/Makefile @@ -59,6 +59,12 @@ else -$(foreach pdir,$(PACKAGE_SUBDIRS),$(if $(wildcard $(pdir)/*.ipk),ln -s $(pdir)/*.ipk $(PACKAGE_DIR_ALL);)) endif +$(BUILD_KEY_APK_SEC): + $(STAGING_DIR_HOST)/bin/openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC) + +$(BUILD_KEY_APK_PUB): $(BUILD_KEY_APK_SEC) + $(STAGING_DIR_HOST)/bin/openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB) + $(curdir)/merge-index: $(curdir)/merge ifneq ($(CONFIG_USE_APK),) (cd $(PACKAGE_DIR_ALL) && $(STAGING_DIR_HOST)/bin/apk mkndx \ @@ -75,7 +81,7 @@ endif ifndef SDK $(curdir)//compile = $(STAGING_DIR)/.prepared $(BIN_DIR) ifneq ($(CONFIG_USE_APK),) - $(curdir)/compile: $(curdir)/system/apk/host/compile + $(curdir)/compile: $(curdir)/system/apk/host/compile $(BUILD_KEY_APK_SEC) $(BUILD_KEY_APK_PUB) else $(curdir)/compile: $(curdir)/system/opkg/host/compile endif diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 0aa7ecd8542..4425bb346de 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -117,12 +117,6 @@ endef Build/Compile = $(Build/Compile/Default) ifneq ($(CONFIG_USE_APK),) - define Build/Configure - [ -s $(BUILD_KEY_APK_SEC) -a -s $(BUILD_KEY_APK_PUB) ] || \ - $(STAGING_DIR_HOST)/bin/openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC); \ - $(STAGING_DIR_HOST)/bin/openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB) - endef - ifndef CONFIG_BUILDBOT define Package/base-files/install-key mkdir -p $(1)/etc/apk/keys