[PATCH 19.07 2/2] openwrt-keyring: Only copy sign key for 19.07 and 21.02
Paul Spooren
mail at aparcar.org
Mon May 17 11:09:28 PDT 2021
On 5/16/21 3:55 PM, Hauke Mehrtens wrote:
> Instead of adding all public signature keys from the openwrt-keyring
> repository only add the key which is used to sign the OpenWrt 19.07
> feeds and the 21.02 feeds to allow checking the next release.
>
> If one of the other keys would be compromised this would not affect
> users of 19.07 release builds.
>
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> ---
Acked-by: Paul Spooren <mail at aparcar.org>
> package/system/openwrt-keyring/Makefile | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
> index 6f3aa65622..037809a667 100644
> --- a/package/system/openwrt-keyring/Makefile
> +++ b/package/system/openwrt-keyring/Makefile
> @@ -3,7 +3,7 @@
> include $(TOPDIR)/rules.mk
>
> PKG_NAME:=openwrt-keyring
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>
> PKG_SOURCE_PROTO:=git
> PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
> @@ -32,7 +32,10 @@ Build/Compile=
>
> define Package/openwrt-keyring/install
> $(INSTALL_DIR) $(1)/etc/opkg/keys/
> - $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
> + # Public usign key for 19.07 release builds
> + $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/f94b9dd6febac963 $(1)/etc/opkg/keys/
> + # Public usign key for 21.02 release builds
> + $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
> endef
>
> $(eval $(call BuildPackage,openwrt-keyring))
More information about the openwrt-devel
mailing list