diff options
| author | George McCollister <george.mccollister@gmail.com> | 2011-05-12 15:48:35 -0500 |
|---|---|---|
| committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2011-05-28 10:38:32 +0200 |
| commit | 1ba16b048959815aac80ae3dce1b3a76211309dc (patch) | |
| tree | 00247f4414ff5de009f8f9d57aa497e51f37c57b /rules/opkg.make | |
| parent | 14e672f348f40ff9ab90c655388e03f1444f13cb (diff) | |
| download | ptxdist-1ba16b048959815aac80ae3dce1b3a76211309dc.tar.gz ptxdist-1ba16b048959815aac80ae3dce1b3a76211309dc.tar.xz | |
Added option to sign ipkg-repository
ipkg-repository can now be signed using openssl. A signature for the
Packages file is created and stored in Packages.sig. On the target, opkg
can be configured to enforce verification of the Packages file (which in
turn contains hashes of each ipk file) by using an /etc/opkg/opkg.conf similar
to the following:
src myrepo http://server/ipkg-repository/mydistro/dists/mydistro-3
option check_signature
option signature_ca_path /var/keys
option signature_ca_file /var/keys/selfsigned.crt
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'rules/opkg.make')
| -rw-r--r-- | rules/opkg.make | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/rules/opkg.make b/rules/opkg.make index 68a0ab3c9..982215697 100644 --- a/rules/opkg.make +++ b/rules/opkg.make @@ -96,12 +96,31 @@ endif @$(call install_lib, opkg, 0, 0, 0644, libopkg) +ifdef PTXCONF_IMAGE_IPKG_SIGN_OPENSSL + @$(call install_copy, opkg, 0, 0, 0644, $(PTXCONF_IMAGE_IPKG_SIGN_OPENSSL_SIGNER), /etc/ssl/certs/opkg.crt) +endif + ifdef PTXCONF_OPKG_OPKG_CONF @$(call install_alternative, opkg, 0, 0, 0644, /etc/opkg/opkg.conf) @$(call install_replace, opkg, /etc/opkg/opkg.conf, @SRC@, \ $(PTXCONF_OPKG_OPKG_CONF_URL)) @$(call install_replace, opkg, /etc/opkg/opkg.conf, @ARCH@, \ $(PTXDIST_IPKG_ARCH_STRING)) +ifdef PTXCONF_OPKG_OPKG_CONF_CHECKSIG + @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ + "option check_signature 1") + @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ + "option signature_ca_path /etc/ssl/certs") + @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ + "option signature_ca_file /etc/ssl/certs/opkg.crt") +else + @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ + "option check_signature 0") + @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ + "#option signature_ca_path /etc/ssl/certs") + @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ + "#option signature_ca_file /etc/ssl/certs/opkg.crt") +endif endif @$(call install_finish, opkg) |