From: Paul Spooren Date: Wed, 26 Aug 2020 00:55:27 +0000 (-1000) Subject: build: opkg-key variable key folder X-Git-Tag: v21.02.0-rc1~1699 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=395ac4d018d007335d6475ba00b0013d31cc0476;p=openwrt%2Fstaging%2Fchunkeey.git build: opkg-key variable key folder The key folder is used by `opkg` and `usign` to store and retrieve trusted public keys. Using `opkg-key` outside a running device is unfeasible as the key folder is hard coded to `/etc/opkg/keys`. This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys` if unset, however allows set arbitrary key folder locations. Arbitrary key folder locations are useful to add signature verification to the ImageBuilders. Signed-off-by: Paul Spooren --- diff --git a/package/system/opkg/files/opkg-key b/package/system/opkg/files/opkg-key index ae5e8a4591..51d1857ad5 100755 --- a/package/system/opkg/files/opkg-key +++ b/package/system/opkg/files/opkg-key @@ -1,5 +1,7 @@ #!/bin/sh +OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}" + usage() { cat < @@ -19,7 +21,7 @@ opkg_key_verify() { ( zcat "$msgfile" 2>/dev/null || cat "$msgfile" 2>/dev/null - ) | usign -V -P /etc/opkg/keys -q -x "$sigfile" -m - + ) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m - } opkg_key_add() { @@ -27,8 +29,8 @@ opkg_key_add() { [ -n "$key" ] || usage [ -f "$key" ] || echo "Cannot open file $1" local fingerprint="$(usign -F -p "$key")" - mkdir -p "/etc/opkg/keys" - cp "$key" "/etc/opkg/keys/$fingerprint" + mkdir -p "$OPKG_KEYS" + cp "$key" "$OPKG_KEYS/$fingerprint" } opkg_key_remove() { @@ -36,7 +38,7 @@ opkg_key_remove() { [ -n "$key" ] || usage [ -f "$key" ] || echo "Cannot open file $1" local fingerprint="$(usign -F -p "$key")" - rm -f "/etc/opkg/keys/$fingerprint" + rm -f "$OPKG_KEYS/$fingerprint" } case "$1" in