[openwrt/openwrt] build: opkg-key variable key folder

LEDE Commits lede-commits at lists.infradead.org
Mon Aug 31 17:45:22 EDT 2020


dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/395ac4d018d007335d6475ba00b0013d31cc0476

commit 395ac4d018d007335d6475ba00b0013d31cc0476
Author: Paul Spooren <mail at aparcar.org>
AuthorDate: Tue Aug 25 14:55:27 2020 -1000

    build: opkg-key variable key folder
    
    The key folder is used by `opkg` and `usign` to store and retrieve
    trusted public keys. Using `opkg-key` outside a running device is
    unfeasible as the key folder is hard coded to `/etc/opkg/keys`.
    
    This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
    if unset, however allows set arbitrary key folder locations.
    
    Arbitrary key folder locations are useful to add signature verification
    to the ImageBuilders.
    
    Signed-off-by: Paul Spooren <mail at aparcar.org>
---
 package/system/opkg/files/opkg-key | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/package/system/opkg/files/opkg-key b/package/system/opkg/files/opkg-key
index ae5e8a4591..51d1857ad5 100755
--- a/package/system/opkg/files/opkg-key
+++ b/package/system/opkg/files/opkg-key
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}"
+
 usage() {
 	cat <<EOF
 Usage: $0 <command> <arguments...>
@@ -19,7 +21,7 @@ opkg_key_verify() {
 	(
 		zcat "$msgfile" 2>/dev/null ||
 		cat "$msgfile" 2>/dev/null
-	) | usign -V -P /etc/opkg/keys -q -x "$sigfile" -m -
+	) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m -
 }
 
 opkg_key_add() {
@@ -27,8 +29,8 @@ opkg_key_add() {
 	[ -n "$key" ] || usage
 	[ -f "$key" ] || echo "Cannot open file $1"
 	local fingerprint="$(usign -F -p "$key")"
-	mkdir -p "/etc/opkg/keys"
-	cp "$key" "/etc/opkg/keys/$fingerprint"
+	mkdir -p "$OPKG_KEYS"
+	cp "$key" "$OPKG_KEYS/$fingerprint"
 }
 
 opkg_key_remove() {
@@ -36,7 +38,7 @@ opkg_key_remove() {
 	[ -n "$key" ] || usage
 	[ -f "$key" ] || echo "Cannot open file $1"
 	local fingerprint="$(usign -F -p "$key")"
-	rm -f "/etc/opkg/keys/$fingerprint"
+	rm -f "$OPKG_KEYS/$fingerprint"
 }
 
 case "$1" in



More information about the lede-commits mailing list