diff options
| author | George McCollister <george.mccollister@gmail.com> | 2011-05-12 15:48:35 -0500 |
|---|---|---|
| committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2011-05-28 10:38:32 +0200 |
| commit | 1ba16b048959815aac80ae3dce1b3a76211309dc (patch) | |
| tree | 00247f4414ff5de009f8f9d57aa497e51f37c57b /rules/opkg.in | |
| parent | 14e672f348f40ff9ab90c655388e03f1444f13cb (diff) | |
| download | ptxdist-1ba16b048959815aac80ae3dce1b3a76211309dc.tar.gz ptxdist-1ba16b048959815aac80ae3dce1b3a76211309dc.tar.xz | |
Added option to sign ipkg-repository
ipkg-repository can now be signed using openssl. A signature for the
Packages file is created and stored in Packages.sig. On the target, opkg
can be configured to enforce verification of the Packages file (which in
turn contains hashes of each ipk file) by using an /etc/opkg/opkg.conf similar
to the following:
src myrepo http://server/ipkg-repository/mydistro/dists/mydistro-3
option check_signature
option signature_ca_path /var/keys
option signature_ca_file /var/keys/selfsigned.crt
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'rules/opkg.in')
| -rw-r--r-- | rules/opkg.in | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/rules/opkg.in b/rules/opkg.in index e6542a060..cc45f755f 100644 --- a/rules/opkg.in +++ b/rules/opkg.in @@ -85,6 +85,17 @@ config OPKG_OPKG_CONF_URL If you don't want to use this feature, keep the whole entry empty. +config OPKG_OPKG_CONF_CHECKSIG + bool + prompt "enable repository signature checking" + depends on OPKG_OPENSSL + help + Set the following options in opkg.conf: + option check_signature 1 + option signature_ca_path /etc/ssl/certs + option signature_ca_file /etc/ssl/certs/opkg.crt + + Repository will only be used if it's signature can be validated. endif endif |