Please install the subversion client. \
))
+$(eval $(call RequireCommand,openssl, \
+ Please install openssl. \
+))
+
define Require/gnu-find
$(FIND) --version 2>/dev/null
endef
$(if $(CONFIG_CLEAN_IPKG),rm -rf $(TARGET_DIR)/usr/lib/opkg)
$(call mklibs)
+PASSOPT=""
+PASSARG=""
+ifndef CONFIG_OPKGSMIME_PASSPHRASE
+ ifneq ($(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE)),)
+ PASSOPT="-passin"
+ PASSARG="file:$(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE))"
+ endif
+endif
+
$(curdir)/index: FORCE
- @(cd $(PACKAGE_DIR); $(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages && \
- gzip -9c Packages > Packages.gz \
- )
+ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_KEY)),)
+ @echo Signing key has not been configured
+else
+ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_CERT)),)
+ @echo Certificate has not been configured
+else
+ @echo Generating package index...
+ @(cd $(PACKAGE_DIR); \
+ $(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages && \
+ gzip -9c Packages > Packages.gz )
+ @echo Signing package index...
+ @(cd $(PACKAGE_DIR); \
+ openssl smime -binary -in Packages.gz \
+ -out Packages.sig -outform PEM -sign \
+ -signer $(CONFIG_OPKGSMIME_CERT) \
+ -inkey $(CONFIG_OPKGSMIME_KEY) \
+ $(PASSOPT) $(PASSARG) )
+endif
+endif
$(curdir)/preconfig:
%d .. Distribution name or "openwrt", lowercase
%T .. Target name
%S .. Target/Subtarget name
+
+menuconfig SMIMEOPT
+ bool "Package signing options" if IMAGEOPT
+ default n
+ help
+ These options configure the signing key and certificate to
+ be used for signing and verifying packages.
+
+ config OPKGSMIME_CERT
+ string
+ prompt "Path to certificate (PEM certificate format)" if SMIMEOPT
+ help
+ Path to the certificate to use for signature verification
+
+ config OPKGSMIME_KEY
+ string
+ prompt "Path to signing key (PEM private key format)" if SMIMEOPT
+ help
+ Path to the key to use for signing packages
+
+ config OPKGSMIME_PASSPHRASE
+ bool
+ default y
+ prompt "Wait for a passphrase when signing packages?" if SMIMEOPT
+ help
+ If this value is set, then the build will pause and request a passphrase
+ from the command line when signing packages. This SHOULD NOT be used with
+ automatic builds. If this value is not set, a file can be specified from
+ which the passphrase will be read.
+
+ config OPKGSMIME_PASSFILE
+ string
+ prompt "Path to a file containing the passphrase" if SMIMEOPT
+ depends on !OPKGSMIME_PASSPHRASE
+ help
+ Path to a file containing the passphrase for the signing key.
+ If the signing key is not encrypted and does not require a passphrase,
+ this option may be left blank.
endef
Package/opkg/install = $(call Package/opkg/Default/install,$(1),)
-Package/opkg-smime/install = $(call Package/opkg/Default/install,$(1),-smime)
+define Package/opkg-smime/install
+ $(call Package/opkg/Default/install,$(1),-smime)
+ $(INSTALL_DIR) $(1)/etc/ssl/certs
+ $(if $(CONFIG_OPKGSMIME_CERT),$(INSTALL_DATA) $(call qstrip,$(CONFIG_OPKGSMIME_CERT)) $(1)/etc/ssl/certs/opkg.pem,)
+endef
define Build/InstallDev
mkdir -p $(1)/usr/include
lists_dir ext /var/opkg-lists
option overlay_root /overlay
option check_signature 1
-option signature_ca_path /etc/ssl/certs/
+option signature_ca_file /etc/ssl/certs/opkg.pem
projects / openwrt / staging / robimarko.git / commitdiff