From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 22 May 2024 14:19:45 +0000 (+0200)
Subject: build: generate private key for APK early
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=9a11bc3682dd7e95eb0534da9e2dbe3cdaa1c6de;p=openwrt%2Fopenwrt.git

build: generate private key for APK early

Other than OPKG which only uses signed package list, APK uses
individually signed packages in addition to signed package lists. Hence,
in order to be able to generate package, the private key needs to be
generated before compiling packages. Express that dependency and
generate the private key before building any packages instead of doing
so as part of the base-files package build.

Fixes: d788ab376f ("build: add APK package build capabilities")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---

diff --git a/package/Makefile b/package/Makefile
index 301a9e6cd5..eb7cfcf962 100644
--- a/package/Makefile
+++ b/package/Makefile
@@ -59,6 +59,12 @@ else
 	-$(foreach pdir,$(PACKAGE_SUBDIRS),$(if $(wildcard $(pdir)/*.ipk),ln -s $(pdir)/*.ipk $(PACKAGE_DIR_ALL);))
 endif
 
+$(BUILD_KEY_APK_SEC):
+	$(STAGING_DIR_HOST)/bin/openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC)
+
+$(BUILD_KEY_APK_PUB): $(BUILD_KEY_APK_SEC)
+	$(STAGING_DIR_HOST)/bin/openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB)
+
 $(curdir)/merge-index: $(curdir)/merge
 ifneq ($(CONFIG_USE_APK),)
 	(cd $(PACKAGE_DIR_ALL) && $(STAGING_DIR_HOST)/bin/apk mkndx \
@@ -75,7 +81,7 @@ endif
 ifndef SDK
   $(curdir)//compile = $(STAGING_DIR)/.prepared $(BIN_DIR)
 ifneq ($(CONFIG_USE_APK),)
-  $(curdir)/compile: $(curdir)/system/apk/host/compile
+  $(curdir)/compile: $(curdir)/system/apk/host/compile $(BUILD_KEY_APK_SEC) $(BUILD_KEY_APK_PUB)
 else
   $(curdir)/compile: $(curdir)/system/opkg/host/compile
 endif
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 0aa7ecd854..4425bb346d 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -117,12 +117,6 @@ endef
 Build/Compile = $(Build/Compile/Default)
 
 ifneq ($(CONFIG_USE_APK),)
-  define Build/Configure
-	[ -s $(BUILD_KEY_APK_SEC) -a -s $(BUILD_KEY_APK_PUB) ] || \
-		$(STAGING_DIR_HOST)/bin/openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC); \
-		$(STAGING_DIR_HOST)/bin/openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB)
-  endef
-
 ifndef CONFIG_BUILDBOT
   define Package/base-files/install-key
 	mkdir -p $(1)/etc/apk/keys