mirror of
https://github.com/openwrt/openwrt.git
synced 2024-11-27 03:43:37 +08:00
config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2
)
This commit is contained in:
parent
8a83892662
commit
0a4a82a431
@ -34,6 +34,10 @@ menu "Global build settings"
|
|||||||
bool "Cryptographically signed package lists"
|
bool "Cryptographically signed package lists"
|
||||||
default y
|
default y
|
||||||
|
|
||||||
|
config SIGNATURE_CHECK
|
||||||
|
bool "Enable signature checking in opkg"
|
||||||
|
default SIGNED_PACKAGES
|
||||||
|
|
||||||
comment "General build options"
|
comment "General build options"
|
||||||
|
|
||||||
config DISPLAY_SUPPORT
|
config DISPLAY_SUPPORT
|
||||||
|
@ -25,7 +25,7 @@ PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
|
|||||||
|
|
||||||
# Extend depends from version.mk
|
# Extend depends from version.mk
|
||||||
PKG_CONFIG_DEPENDS += \
|
PKG_CONFIG_DEPENDS += \
|
||||||
CONFIG_SIGNED_PACKAGES \
|
CONFIG_SIGNATURE_CHECK \
|
||||||
CONFIG_TARGET_INIT_PATH
|
CONFIG_TARGET_INIT_PATH
|
||||||
|
|
||||||
PKG_BUILD_PARALLEL:=1
|
PKG_BUILD_PARALLEL:=1
|
||||||
@ -88,7 +88,7 @@ define Package/opkg/install
|
|||||||
$(INSTALL_DATA) ./files/opkg$(2).conf $(1)/etc/opkg.conf
|
$(INSTALL_DATA) ./files/opkg$(2).conf $(1)/etc/opkg.conf
|
||||||
$(INSTALL_BIN) ./files/20_migrate-feeds $(1)/etc/uci-defaults/
|
$(INSTALL_BIN) ./files/20_migrate-feeds $(1)/etc/uci-defaults/
|
||||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/opkg-cl $(1)/bin/opkg
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/opkg-cl $(1)/bin/opkg
|
||||||
ifneq ($(CONFIG_SIGNED_PACKAGES),)
|
ifneq ($(CONFIG_SIGNATURE_CHECK),)
|
||||||
echo "option check_signature" >> $(1)/etc/opkg.conf
|
echo "option check_signature" >> $(1)/etc/opkg.conf
|
||||||
endif
|
endif
|
||||||
$(INSTALL_DIR) $(1)/usr/sbin
|
$(INSTALL_DIR) $(1)/usr/sbin
|
||||||
|
Loading…
Reference in New Issue
Block a user