[openwrt/openwrt] build: generate private key for APK early

LEDE Commits lede-commits at lists.infradead.org
Wed May 22 10:31:18 PDT 2024 

dangole pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/9a11bc3682dd7e95eb0534da9e2dbe3cdaa1c6de

commit 9a11bc3682dd7e95eb0534da9e2dbe3cdaa1c6de
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Wed May 22 16:19:45 2024 +0200

    build: generate private key for APK early
    
    Other than OPKG which only uses signed package list, APK uses
    individually signed packages in addition to signed package lists. Hence,
    in order to be able to generate package, the private key needs to be
    generated before compiling packages. Express that dependency and
    generate the private key before building any packages instead of doing
    so as part of the base-files package build.
    
    Fixes: d788ab376f ("build: add APK package build capabilities")
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
 package/Makefile            | 8 +++++++-
 package/base-files/Makefile | 6 ------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/package/Makefile b/package/Makefile
index 301a9e6cd5..eb7cfcf962 100644
--- a/package/Makefile
+++ b/package/Makefile
@@ -59,6 +59,12 @@ else
 	-$(foreach pdir,$(PACKAGE_SUBDIRS),$(if $(wildcard $(pdir)/*.ipk),ln -s $(pdir)/*.ipk $(PACKAGE_DIR_ALL);))
 endif
 
+$(BUILD_KEY_APK_SEC):
+	$(STAGING_DIR_HOST)/bin/openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC)
+
+$(BUILD_KEY_APK_PUB): $(BUILD_KEY_APK_SEC)
+	$(STAGING_DIR_HOST)/bin/openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB)
+
 $(curdir)/merge-index: $(curdir)/merge
 ifneq ($(CONFIG_USE_APK),)
 	(cd $(PACKAGE_DIR_ALL) && $(STAGING_DIR_HOST)/bin/apk mkndx \
@@ -75,7 +81,7 @@ endif
 ifndef SDK
   $(curdir)//compile = $(STAGING_DIR)/.prepared $(BIN_DIR)
 ifneq ($(CONFIG_USE_APK),)
-  $(curdir)/compile: $(curdir)/system/apk/host/compile
+  $(curdir)/compile: $(curdir)/system/apk/host/compile $(BUILD_KEY_APK_SEC) $(BUILD_KEY_APK_PUB)
 else
   $(curdir)/compile: $(curdir)/system/opkg/host/compile
 endif
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 0aa7ecd854..4425bb346d 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -117,12 +117,6 @@ endef
 Build/Compile = $(Build/Compile/Default)
 
 ifneq ($(CONFIG_USE_APK),)
-  define Build/Configure
-	[ -s $(BUILD_KEY_APK_SEC) -a -s $(BUILD_KEY_APK_PUB) ] || \
-		$(STAGING_DIR_HOST)/bin/openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC); \
-		$(STAGING_DIR_HOST)/bin/openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB)
-  endef
-
 ifndef CONFIG_BUILDBOT
   define Package/base-files/install-key
 	mkdir -p $(1)/etc/apk/keys

More information about the lede-commits mailing list