mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-12 16:03:13 +00:00
cbdd346b11
Add package signing key and certificate configuration options to the "Image configuration" submenu. If enabled, the Packages.gz list will be signed as file Packages.sig. The passphrase for the signing key can be sourced from a file or entered by the user. The signing certificate is automatically added to the firmware image if opkg-smime is selected. Signed-off-by: Evan Hunt <each@isc.org> Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 38284
224 lines
7.4 KiB
Plaintext
224 lines
7.4 KiB
Plaintext
# Copyright (C) 2006-2012 OpenWrt.org
|
|
# Copyright (C) 2010 Vertical Communications
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
menuconfig PREINITOPT
|
|
bool "Preinit configuration options" if IMAGEOPT
|
|
default n
|
|
help
|
|
These options are used to control the environment used to initialize
|
|
the system before running init (which typically mean /sbin/init which
|
|
switches to multiuser mode).
|
|
|
|
config TARGET_PREINIT_SUPPRESS_STDERR
|
|
bool "Suppress stderr messages during preinit" if PREINITOPT
|
|
default y
|
|
help
|
|
Sends stderr to null during preinit. This is the default behaviour
|
|
in previous versions of OpenWRT. This also prevents init process
|
|
itself from displaying stderr, however processes launched by init
|
|
in multiuser through inittab will use the current terminal (e.g.
|
|
the ash shell launched by inittab will display stderr). That's
|
|
the same behaviour as seen in previous version of OpenWRT.
|
|
|
|
config TARGET_PREINIT_TIMEOUT
|
|
int
|
|
prompt "Failsafe wait timeout" if PREINITOPT
|
|
default 2
|
|
help
|
|
How long to wait for failsafe mode to be entered before
|
|
continuing with a regular boot if failsafe not selected.
|
|
|
|
config TARGET_PREINIT_SHOW_NETMSG
|
|
bool
|
|
prompt "Show all preinit network messages" if PREINITOPT
|
|
default n
|
|
help
|
|
Show preinit all network messages (via netmsg broadcast), not only
|
|
the message indicating to press reset to enter failsafe. Note that
|
|
if the architecture doesn't define an interface, and there is no
|
|
'Preinit network interface' defined, then no messages will be
|
|
emitted, even if this is set.
|
|
|
|
config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG
|
|
bool
|
|
prompt "Suppress network message indicating failsafe" if PREINITOPT
|
|
default n
|
|
help
|
|
If "Show all preinit network messages" above is not set, then
|
|
setting this option suppresses the only message that would be
|
|
emitted otherwise, name the network message to enter failsafe
|
|
(via netmsg).
|
|
|
|
config TARGET_PREINIT_IFNAME
|
|
string
|
|
prompt "Preinit network interface" if PREINITOPT
|
|
default ""
|
|
help
|
|
Interface for sending preinit messages to network, and any other
|
|
default networking in failsafe or preinit. If empty
|
|
uses $ifname (if defined in /etc/preinit.arch).
|
|
|
|
config TARGET_PREINIT_IP
|
|
string
|
|
prompt "IP address for preinit network messages" if PREINITOPT
|
|
default "192.168.1.1"
|
|
help
|
|
IP address used to configure interface for preinit network
|
|
messages, including failsafe messages
|
|
|
|
config TARGET_PREINIT_NETMASK
|
|
string
|
|
prompt "Netmask for preinit network messages" if PREINITOPT
|
|
default "255.255.255.0"
|
|
help
|
|
Netmask used to configure interface for preinit network
|
|
messages, including failsafes messages
|
|
|
|
config TARGET_PREINIT_BROADCAST
|
|
string
|
|
prompt "Broadcast address for preinit network messages" if PREINITOPT
|
|
default "192.168.1.255"
|
|
help
|
|
Broadcast address to which to send preinit network messages, as
|
|
as failsafe messages
|
|
|
|
|
|
menuconfig INITOPT
|
|
bool "Init configuration options" if IMAGEOPT
|
|
default n
|
|
help
|
|
These option choose the command that will run as the 'init' command
|
|
(that is which is responsible for controlling the system once preinit
|
|
transfers control to it) as well as some options controlling its
|
|
behaviour. Normally init is /sbin/init.
|
|
|
|
config TARGET_INIT_PATH
|
|
string
|
|
prompt "PATH for regular boot" if INITOPT
|
|
default "/bin:/sbin:/usr/bin:/usr/sbin"
|
|
help
|
|
Default PATH used during normal operation
|
|
|
|
config TARGET_INIT_ENV
|
|
string
|
|
prompt "Environment variables to set when starting init (start with none)" if INITOPT
|
|
default ""
|
|
help
|
|
Should be a space seperated list of variable assignments. These
|
|
variables will be present in the environment. Spaces may not be
|
|
present (including through expansion) even in a quoted string
|
|
(env doesn't understanding quoting).
|
|
|
|
config TARGET_INIT_CMD
|
|
string
|
|
prompt "Init command" if INITOPT
|
|
default "/sbin/init"
|
|
help
|
|
The executable to run as the init process. Is 'exec'd by
|
|
preinit (which is the init that the kernel launches on boot).
|
|
|
|
config TARGET_INIT_SUPPRESS_STDERR
|
|
bool
|
|
prompt "Suppress stderr messages of init" if INITOPT
|
|
default y
|
|
help
|
|
Prevents showing stderr messages for init command if not already
|
|
suppressed during preinit. This is the default behaviour in
|
|
previous versions of OpenWRT. Removing this does nothing if
|
|
stderr is suppressed during preinit (which is the default).
|
|
|
|
|
|
menuconfig VERSIONOPT
|
|
bool "Version configuration options" if IMAGEOPT
|
|
default n
|
|
help
|
|
These options allow to override the version information embedded in
|
|
the /etc/openwrt_version, /etc/openwrt_release, /etc/banner and
|
|
/etc/opkg.conf files. Usually there is no need to set these, but
|
|
they're useful for release builds or custom OpenWrt redistributions
|
|
that should carry custom version tags.
|
|
|
|
config VERSION_DIST
|
|
string
|
|
prompt "Release distribution" if VERSIONOPT
|
|
default "OpenWrt" if VERSIONOPT
|
|
help
|
|
This is the name of the release distribution.
|
|
If unspecified, it defaults to OpenWrt.
|
|
|
|
config VERSION_NICK
|
|
string
|
|
prompt "Release version nickname" if VERSIONOPT
|
|
help
|
|
This is the release codename embedded in the image.
|
|
If unspecified, it defaults to the name of source branch.
|
|
|
|
config VERSION_NUMBER
|
|
string
|
|
prompt "Release version number" if VERSIONOPT
|
|
help
|
|
This is the release version number embedded in the image.
|
|
If unspecified, it defaults to the svn or git-svn revision
|
|
of the build tree.
|
|
|
|
config VERSION_REPO
|
|
string
|
|
prompt "Release repository" if VERSIONOPT
|
|
default "http://downloads.openwrt.org/snapshots/trunk/%T/packages" if VERSIONOPT
|
|
help
|
|
This is the repository address embedded in the image, it defaults
|
|
to the trunk snapshot repo; the url may contain the following placeholders:
|
|
%R .. Revision number
|
|
%V .. Release version or revision number, uppercase
|
|
%v .. Release version or revision number, lowercase
|
|
%C .. Release version or "Bleeding Edge", uppercase
|
|
%c .. Release version or "bleeding_edge", lowercase
|
|
%N .. Release name, uppercase
|
|
%n .. Release name, lowercase
|
|
%D .. Distribution name or "OpenWrt", uppercase
|
|
%d .. Distribution name or "openwrt", lowercase
|
|
%T .. Target name
|
|
%S .. Target/Subtarget name
|
|
|
|
menuconfig SMIMEOPT
|
|
bool "Package signing options" if IMAGEOPT
|
|
default n
|
|
help
|
|
These options configure the signing key and certificate to
|
|
be used for signing and verifying packages.
|
|
|
|
config OPKGSMIME_CERT
|
|
string
|
|
prompt "Path to certificate (PEM certificate format)" if SMIMEOPT
|
|
help
|
|
Path to the certificate to use for signature verification
|
|
|
|
config OPKGSMIME_KEY
|
|
string
|
|
prompt "Path to signing key (PEM private key format)" if SMIMEOPT
|
|
help
|
|
Path to the key to use for signing packages
|
|
|
|
config OPKGSMIME_PASSPHRASE
|
|
bool
|
|
default y
|
|
prompt "Wait for a passphrase when signing packages?" if SMIMEOPT
|
|
help
|
|
If this value is set, then the build will pause and request a passphrase
|
|
from the command line when signing packages. This SHOULD NOT be used with
|
|
automatic builds. If this value is not set, a file can be specified from
|
|
which the passphrase will be read.
|
|
|
|
config OPKGSMIME_PASSFILE
|
|
string
|
|
prompt "Path to a file containing the passphrase" if SMIMEOPT
|
|
depends on !OPKGSMIME_PASSPHRASE
|
|
help
|
|
Path to a file containing the passphrase for the signing key.
|
|
If the signing key is not encrypted and does not require a passphrase,
|
|
this option may be left blank.
|