opkg: drop S/MIME support

It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).

Remove this feature to simplify the build system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2017-01-10 13:02:33 +01:00
parent f5c649d7c6
commit 9cdf852ae0
3 changed files with 8 additions and 126 deletions

View File

@ -74,15 +74,6 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/system/opkg/host/install $(curdir
$(call prepare_rootfs,$(TARGET_DIR)) $(call prepare_rootfs,$(TARGET_DIR))
PASSOPT=""
PASSARG=""
ifndef CONFIG_OPKGSMIME_PASSPHRASE
ifneq ($(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE)),)
PASSOPT="-passin"
PASSARG="file:$(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE))"
endif
endif
$(curdir)/index: FORCE $(curdir)/index: FORCE
@echo Generating package index... @echo Generating package index...
@for d in $(PACKAGE_SUBDIRS); do ( \ @for d in $(PACKAGE_SUBDIRS); do ( \
@ -99,25 +90,6 @@ ifdef CONFIG_SIGNED_PACKAGES
cd $$d || continue; \ cd $$d || continue; \
$(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \ $(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \
); done ); done
else
ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_KEY)),)
@echo Signing key has not been configured
else
ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_CERT)),)
@echo Certificate has not been configured
else
@echo Signing package index...
@for d in $(PACKAGE_SUBDIRS); do ( \
[ -d $$d ] && \
cd $$d || continue; \
openssl smime -binary -in Packages.gz \
-out Packages.sig -outform PEM -sign \
-signer $(CONFIG_OPKGSMIME_CERT) \
-inkey $(CONFIG_OPKGSMIME_KEY) \
$(PASSOPT) $(PASSARG); \
); done
endif
endif
endif endif
$(curdir)/preconfig: $(curdir)/preconfig:

View File

@ -292,42 +292,3 @@ menuconfig PER_FEED_REPO
Add not enabled feeds as commented out source lines to opkg.conf. Add not enabled feeds as commented out source lines to opkg.conf.
source "tmp/.config-feeds.in" source "tmp/.config-feeds.in"
menuconfig SMIMEOPT
bool "Package signing options" if IMAGEOPT
default n
help
These options configure the signing key and certificate to
be used for signing and verifying packages.
config OPKGSMIME_CERT
string
prompt "Path to certificate (PEM certificate format)" if SMIMEOPT
help
Path to the certificate to use for signature verification
config OPKGSMIME_KEY
string
prompt "Path to signing key (PEM private key format)" if SMIMEOPT
help
Path to the key to use for signing packages
config OPKGSMIME_PASSPHRASE
bool
default y
prompt "Wait for a passphrase when signing packages?" if SMIMEOPT
help
If this value is set, then the build will pause and request a passphrase
from the command line when signing packages. This SHOULD NOT be used with
automatic builds. If this value is not set, a file can be specified from
which the passphrase will be read.
config OPKGSMIME_PASSFILE
string
prompt "Path to a file containing the passphrase" if SMIMEOPT
depends on !OPKGSMIME_PASSPHRASE
help
Path to a file containing the passphrase for the signing key.
If the signing key is not encrypted and does not require a passphrase,
this option may be left blank.

View File

@ -37,7 +37,7 @@ PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk include $(INCLUDE_DIR)/host-build.mk
define Package/opkg/Default define Package/opkg
SECTION:=base SECTION:=base
CATEGORY:=Base system CATEGORY:=Base system
TITLE:=opkg package manager TITLE:=opkg package manager
@ -46,7 +46,7 @@ define Package/opkg/Default
MENU:=1 MENU:=1
endef endef
define Package/opkg/Default/description define Package/opkg/description
Lightweight package management system Lightweight package management system
opkg is the opkg Package Management System, for handling opkg is the opkg Package Management System, for handling
installation and removal of packages on a system. It can installation and removal of packages on a system. It can
@ -66,47 +66,12 @@ config OPKG_SUPPORT_MD5
Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha. Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
endef endef
define Package/opkg
$(call Package/opkg/Default)
VARIANT:=unsigned
endef
define Package/opkg/description
$(call Package/opkg/Default/description)
endef
define Package/opkg/conffiles define Package/opkg/conffiles
/etc/opkg.conf /etc/opkg.conf
/etc/opkg/keys/ /etc/opkg/keys/
/etc/opkg/customfeeds.conf /etc/opkg/customfeeds.conf
endef endef
define Package/opkg-smime
$(call Package/opkg/Default)
TITLE+= (with S/MIME signature support)
DEPENDS+=+PACKAGE_opkg-smime:libopenssl
VARIANT:=smime
endef
define Package/opkg-smime/description
$(call Package/opkg/Default/description)
This package allows the Package index to be verified with S/MIME.
endef
define Package/opkg-smime/config
config OPKG_SMIME_SUPPORT_MD5
bool
default n
depends on PACKAGE_opkg-smime
prompt "Support reading old md5 hashes."
help
Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
endef
Package/opkg-smime/conffiles = $(Package/opkg/conffiles)
TARGET_CFLAGS += -ffunction-sections -fdata-sections TARGET_CFLAGS += -ffunction-sections -fdata-sections
EXTRA_CFLAGS += $(TARGET_CPPFLAGS) EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
@ -117,22 +82,13 @@ CONFIGURE_ARGS += \
--with-opkgetcdir=/etc \ --with-opkgetcdir=/etc \
--with-opkglockfile=/var/lock/opkg.lock --with-opkglockfile=/var/lock/opkg.lock
ifeq ($(BUILD_VARIANT),smime) ifndef CONFIG_SIGNED_PACKAGES
CONFIGURE_ARGS += --enable-openssl --disable-usign CONFIGURE_ARGS += --disable-usign
ifeq ($(CONFIG_OPKG_SMIME_SUPPORT_MD5),y) endif
CONFIGURE_ARGS += --enable-md5 ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
else CONFIGURE_ARGS += --enable-md5
CONFIGURE_ARGS += --disable-md5
endif
else else
ifndef CONFIG_SIGNED_PACKAGES CONFIGURE_ARGS += --disable-md5
CONFIGURE_ARGS += --disable-usign
endif
ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
CONFIGURE_ARGS += --enable-md5
else
CONFIGURE_ARGS += --disable-md5
endif
endif endif
MAKE_FLAGS = \ MAKE_FLAGS = \
@ -163,12 +119,6 @@ define Package/opkg/install
$(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/ $(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
endef endef
define Package/opkg-smime/install
$(call Package/opkg/Default/install,$(1),-smime)
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(if $(CONFIG_OPKGSMIME_CERT),$(INSTALL_DATA) $(call qstrip,$(CONFIG_OPKGSMIME_CERT)) $(1)/etc/ssl/certs/opkg.pem,)
endef
define Build/InstallDev define Build/InstallDev
mkdir -p $(1)/usr/include mkdir -p $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/ $(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/
@ -191,5 +141,4 @@ define Host/Install
endef endef
$(eval $(call BuildPackage,opkg)) $(eval $(call BuildPackage,opkg))
$(eval $(call BuildPackage,opkg-smime))
$(eval $(call HostBuild)) $(eval $(call HostBuild))