[openwrt/openwrt] openwrt-keyring: Only copy sign key for 19.07 and 21.02

LEDE Commits lede-commits at lists.infradead.org
Mon May 17 10:19:45 PDT 2021


hauke pushed a commit to openwrt/openwrt.git, branch openwrt-19.07:
https://git.openwrt.org/84c5dbcf2a922f5713b6a24241cc09604dd9bc88

commit 84c5dbcf2a922f5713b6a24241cc09604dd9bc88
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Sun May 16 15:31:49 2021 +0200

    openwrt-keyring: Only copy sign key for 19.07 and 21.02
    
    Instead of adding all public signature keys from the openwrt-keyring
    repository only add the key which is used to sign the OpenWrt 19.07
    feeds and the 21.02 feeds to allow checking the next release.
    
    If one of the other keys would be compromised this would not affect
    users of 19.07 release builds.
    
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/system/openwrt-keyring/Makefile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
index 6f3aa65622..037809a667 100644
--- a/package/system/openwrt-keyring/Makefile
+++ b/package/system/openwrt-keyring/Makefile
@@ -3,7 +3,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwrt-keyring
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
@@ -32,7 +32,10 @@ Build/Compile=
 
 define Package/openwrt-keyring/install
 	$(INSTALL_DIR) $(1)/etc/opkg/keys/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
+	# Public usign key for 19.07 release builds
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/f94b9dd6febac963 $(1)/etc/opkg/keys/
+	# Public usign key for 21.02 release builds
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
 endef
 
 $(eval $(call BuildPackage,openwrt-keyring))



More information about the lede-commits mailing list