projects / openwrt / staging / aparcar.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2098876)
build: drop SIGNATURE_CHECK and SIGNED_PACKAGES
authorPaul Spooren <mail@aparcar.org>
Thu, 3 Feb 2022 23:15:43 +0000 (00:15 +0100)
committerPaul Spooren <mail@aparcar.org>
Wed, 23 Feb 2022 19:23:56 +0000 (20:23 +0100)
Always sign packages, security by default

Signed-off-by: Paul Spooren <mail@aparcar.org>
config/Config-build.in patch | blob | history
package/base-files/Makefile patch | blob | history
target/sdk/convert-config.pl patch | blob | history
target/sdk/files/Config.in patch | blob | history

diff --git a/config/Config-build.in b/config/Config-build.in
index 7c808bcbdbc6377dc8ba33dc64442644c14654da..71e66661b3331dacef74deef590d012c4311ee45 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -50,13 +50,6 @@ menu "Global build settings"
                  - Enabling per-device rootfs support
                  ...
 
-       config SIGNED_PACKAGES
-               bool "Cryptographically signed package lists"
-               default y
-
-       config SIGNATURE_CHECK
-               bool "Enable signature checking in opkg"
-               default SIGNED_PACKAGES
 
        comment "General build options"
 
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index bef464fcb9aea4c856d7cee15dd4a3732468cbf8..0017f6a218e456bfe9309e27c3775ccd4f5c11a6 100644 (file)
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -39,7 +39,7 @@ endif
 define Package/base-files
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +jsonfilter usign openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
   TITLE:=Base filesystem for OpenWrt
   URL:=http://openwrt.org/
   VERSION:=$(PKG_RELEASE)-$(REVISION)
diff --git a/target/sdk/convert-config.pl b/target/sdk/convert-config.pl
index 08189df95cb5f0bf9934909de24f54003dbc4420..24f0ac47a9459dc75b3527a6b2361619523cf615 100755 (executable)
--- a/target/sdk/convert-config.pl
+++ b/target/sdk/convert-config.pl
@@ -7,7 +7,6 @@ while (<>) {
        my $val;
        my $type;
        chomp;
-       next if /^CONFIG_SIGNED_PACKAGES/;
 
        if (/^CONFIG_((BINARY)|(DOWNLOAD))_FOLDER=(.*)$/) {
                # We don't want to preserve the build setting of
diff --git a/target/sdk/files/Config.in b/target/sdk/files/Config.in
index aab6352118242bb31d2ff8dae2592002ec3d34f9..4ab8af79baddaf3d0dba2426b8ffcc2e251433ea 100644 (file)
--- a/target/sdk/files/Config.in
+++ b/target/sdk/files/Config.in
@@ -14,10 +14,6 @@ menu "Global build settings"
                bool "Select all userspace packages by default"
                default y
 
-       config SIGNED_PACKAGES
-               bool "Cryptographically sign package lists"
-               default y
-
        comment "Package build options"
 
        config DEBUG
Staging tree of Paul Spooren