apk/openwrt-snapshots.pem contains Elliptic Curve based public key which
is going to be used for signing of apk's package.adb package indexes
after the builds using `apk adbsign --sign-key <key> packages.adb`
command on the buildbot.
References: https://github.com/openwrt/buildbot/pull/46
Link: https://github.com/openwrt/openwrt/pull/16539
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When using zst instead of xz, the hash changes. This commit fixes the
hash for packages and tools in core.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the master feeds.
If one of the other keys would be compromised this would not affect
users of master snapshot builds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>