openwrt-keyring: Only copy sign key for 21.02
authorHauke Mehrtens <hauke@hauke-m.de>
Fri, 14 May 2021 22:00:39 +0000 (00:00 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Mon, 17 May 2021 17:13:43 +0000 (19:13 +0200)
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 21.02 feeds.

If one of the other keys would be compromised this would not affect
users of 21.02 release builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/system/openwrt-keyring/Makefile

index 6f3aa65622d501373fd51bb09c6c4dff879156a9..390144e4bed0613e4ea03b679902e78c53dbab80 100644 (file)
@@ -3,7 +3,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwrt-keyring
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
@@ -32,7 +32,8 @@ Build/Compile=
 
 define Package/openwrt-keyring/install
        $(INSTALL_DIR) $(1)/etc/opkg/keys/
-       $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
+       # Public usign key for 21.02 release builds
+       $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
 endef
 
 $(eval $(call BuildPackage,openwrt-keyring))