[openwrt/openwrt] openwrt-keyring: Only copy sign key for snapshots
LEDE Commits
lede-commits at lists.infradead.org
Mon May 17 10:13:08 PDT 2021
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/097dc943f1f9b02835c6b249b2a035679da5619f
commit 097dc943f1f9b02835c6b249b2a035679da5619f
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Thu May 13 01:25:55 2021 +0200
openwrt-keyring: Only copy sign key for snapshots
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the master feeds.
If one of the other keys would be compromised this would not affect
users of master snapshot builds.
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
package/system/openwrt-keyring/Makefile | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
index 6f3aa65622..318d42cf92 100644
--- a/package/system/openwrt-keyring/Makefile
+++ b/package/system/openwrt-keyring/Makefile
@@ -3,7 +3,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=openwrt-keyring
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
@@ -32,7 +32,8 @@ Build/Compile=
define Package/openwrt-keyring/install
$(INSTALL_DIR) $(1)/etc/opkg/keys/
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
+ # Public usign key for unattended snapshot builds
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/b5043e70f9a75cde $(1)/etc/opkg/keys/
endef
$(eval $(call BuildPackage,openwrt-keyring))
More information about the lede-commits
mailing list