mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-29 18:19:02 +00:00
395ac4d018
The key folder is used by `opkg` and `usign` to store and retrieve trusted public keys. Using `opkg-key` outside a running device is unfeasible as the key folder is hard coded to `/etc/opkg/keys`. This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys` if unset, however allows set arbitrary key folder locations. Arbitrary key folder locations are useful to add signature verification to the ImageBuilders. Signed-off-by: Paul Spooren <mail@aparcar.org>
59 lines
1.1 KiB
Bash
Executable File
59 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}"
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: $0 <command> <arguments...>
|
|
Commands:
|
|
add <file>: Add keyfile <file> to opkg trusted keys
|
|
remove <file>: Remove keyfile matching <file> from opkg trusted keys
|
|
verify <sigfile> <list>: Check list file <list> against signature file <sigfile>
|
|
|
|
EOF
|
|
exit 1
|
|
}
|
|
|
|
opkg_key_verify() {
|
|
local sigfile="$1"
|
|
local msgfile="$2"
|
|
|
|
(
|
|
zcat "$msgfile" 2>/dev/null ||
|
|
cat "$msgfile" 2>/dev/null
|
|
) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m -
|
|
}
|
|
|
|
opkg_key_add() {
|
|
local key="$1"
|
|
[ -n "$key" ] || usage
|
|
[ -f "$key" ] || echo "Cannot open file $1"
|
|
local fingerprint="$(usign -F -p "$key")"
|
|
mkdir -p "$OPKG_KEYS"
|
|
cp "$key" "$OPKG_KEYS/$fingerprint"
|
|
}
|
|
|
|
opkg_key_remove() {
|
|
local key="$1"
|
|
[ -n "$key" ] || usage
|
|
[ -f "$key" ] || echo "Cannot open file $1"
|
|
local fingerprint="$(usign -F -p "$key")"
|
|
rm -f "$OPKG_KEYS/$fingerprint"
|
|
}
|
|
|
|
case "$1" in
|
|
add)
|
|
shift
|
|
opkg_key_add "$@"
|
|
;;
|
|
remove)
|
|
shift
|
|
opkg_key_remove "$@"
|
|
;;
|
|
verify)
|
|
shift
|
|
opkg_key_verify "$@"
|
|
;;
|
|
*) usage ;;
|
|
esac
|