mirror of
git://git.openwrt.org/openwrt/openwrt.git
synced 2024-12-26 00:22:47 +00:00
opkg: drop S/MIME support
It has never been used by default (due to being too bloated), and it is properly replaced by usign (which has been the default for a long time now). Remove this feature to simplify the build system Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
parent
f5c649d7c6
commit
9cdf852ae0
@ -74,15 +74,6 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/system/opkg/host/install $(curdir
|
|||||||
|
|
||||||
$(call prepare_rootfs,$(TARGET_DIR))
|
$(call prepare_rootfs,$(TARGET_DIR))
|
||||||
|
|
||||||
PASSOPT=""
|
|
||||||
PASSARG=""
|
|
||||||
ifndef CONFIG_OPKGSMIME_PASSPHRASE
|
|
||||||
ifneq ($(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE)),)
|
|
||||||
PASSOPT="-passin"
|
|
||||||
PASSARG="file:$(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE))"
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
$(curdir)/index: FORCE
|
$(curdir)/index: FORCE
|
||||||
@echo Generating package index...
|
@echo Generating package index...
|
||||||
@for d in $(PACKAGE_SUBDIRS); do ( \
|
@for d in $(PACKAGE_SUBDIRS); do ( \
|
||||||
@ -99,25 +90,6 @@ ifdef CONFIG_SIGNED_PACKAGES
|
|||||||
cd $$d || continue; \
|
cd $$d || continue; \
|
||||||
$(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \
|
$(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \
|
||||||
); done
|
); done
|
||||||
else
|
|
||||||
ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_KEY)),)
|
|
||||||
@echo Signing key has not been configured
|
|
||||||
else
|
|
||||||
ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_CERT)),)
|
|
||||||
@echo Certificate has not been configured
|
|
||||||
else
|
|
||||||
@echo Signing package index...
|
|
||||||
@for d in $(PACKAGE_SUBDIRS); do ( \
|
|
||||||
[ -d $$d ] && \
|
|
||||||
cd $$d || continue; \
|
|
||||||
openssl smime -binary -in Packages.gz \
|
|
||||||
-out Packages.sig -outform PEM -sign \
|
|
||||||
-signer $(CONFIG_OPKGSMIME_CERT) \
|
|
||||||
-inkey $(CONFIG_OPKGSMIME_KEY) \
|
|
||||||
$(PASSOPT) $(PASSARG); \
|
|
||||||
); done
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
$(curdir)/preconfig:
|
$(curdir)/preconfig:
|
||||||
|
@ -292,42 +292,3 @@ menuconfig PER_FEED_REPO
|
|||||||
Add not enabled feeds as commented out source lines to opkg.conf.
|
Add not enabled feeds as commented out source lines to opkg.conf.
|
||||||
|
|
||||||
source "tmp/.config-feeds.in"
|
source "tmp/.config-feeds.in"
|
||||||
|
|
||||||
|
|
||||||
menuconfig SMIMEOPT
|
|
||||||
bool "Package signing options" if IMAGEOPT
|
|
||||||
default n
|
|
||||||
help
|
|
||||||
These options configure the signing key and certificate to
|
|
||||||
be used for signing and verifying packages.
|
|
||||||
|
|
||||||
config OPKGSMIME_CERT
|
|
||||||
string
|
|
||||||
prompt "Path to certificate (PEM certificate format)" if SMIMEOPT
|
|
||||||
help
|
|
||||||
Path to the certificate to use for signature verification
|
|
||||||
|
|
||||||
config OPKGSMIME_KEY
|
|
||||||
string
|
|
||||||
prompt "Path to signing key (PEM private key format)" if SMIMEOPT
|
|
||||||
help
|
|
||||||
Path to the key to use for signing packages
|
|
||||||
|
|
||||||
config OPKGSMIME_PASSPHRASE
|
|
||||||
bool
|
|
||||||
default y
|
|
||||||
prompt "Wait for a passphrase when signing packages?" if SMIMEOPT
|
|
||||||
help
|
|
||||||
If this value is set, then the build will pause and request a passphrase
|
|
||||||
from the command line when signing packages. This SHOULD NOT be used with
|
|
||||||
automatic builds. If this value is not set, a file can be specified from
|
|
||||||
which the passphrase will be read.
|
|
||||||
|
|
||||||
config OPKGSMIME_PASSFILE
|
|
||||||
string
|
|
||||||
prompt "Path to a file containing the passphrase" if SMIMEOPT
|
|
||||||
depends on !OPKGSMIME_PASSPHRASE
|
|
||||||
help
|
|
||||||
Path to a file containing the passphrase for the signing key.
|
|
||||||
If the signing key is not encrypted and does not require a passphrase,
|
|
||||||
this option may be left blank.
|
|
||||||
|
@ -37,7 +37,7 @@ PKG_INSTALL:=1
|
|||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
include $(INCLUDE_DIR)/host-build.mk
|
include $(INCLUDE_DIR)/host-build.mk
|
||||||
|
|
||||||
define Package/opkg/Default
|
define Package/opkg
|
||||||
SECTION:=base
|
SECTION:=base
|
||||||
CATEGORY:=Base system
|
CATEGORY:=Base system
|
||||||
TITLE:=opkg package manager
|
TITLE:=opkg package manager
|
||||||
@ -46,7 +46,7 @@ define Package/opkg/Default
|
|||||||
MENU:=1
|
MENU:=1
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/opkg/Default/description
|
define Package/opkg/description
|
||||||
Lightweight package management system
|
Lightweight package management system
|
||||||
opkg is the opkg Package Management System, for handling
|
opkg is the opkg Package Management System, for handling
|
||||||
installation and removal of packages on a system. It can
|
installation and removal of packages on a system. It can
|
||||||
@ -66,47 +66,12 @@ config OPKG_SUPPORT_MD5
|
|||||||
Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
|
Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/opkg
|
|
||||||
$(call Package/opkg/Default)
|
|
||||||
VARIANT:=unsigned
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/opkg/description
|
|
||||||
$(call Package/opkg/Default/description)
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/opkg/conffiles
|
define Package/opkg/conffiles
|
||||||
/etc/opkg.conf
|
/etc/opkg.conf
|
||||||
/etc/opkg/keys/
|
/etc/opkg/keys/
|
||||||
/etc/opkg/customfeeds.conf
|
/etc/opkg/customfeeds.conf
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
|
||||||
define Package/opkg-smime
|
|
||||||
$(call Package/opkg/Default)
|
|
||||||
TITLE+= (with S/MIME signature support)
|
|
||||||
DEPENDS+=+PACKAGE_opkg-smime:libopenssl
|
|
||||||
VARIANT:=smime
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/opkg-smime/description
|
|
||||||
$(call Package/opkg/Default/description)
|
|
||||||
|
|
||||||
This package allows the Package index to be verified with S/MIME.
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/opkg-smime/config
|
|
||||||
config OPKG_SMIME_SUPPORT_MD5
|
|
||||||
bool
|
|
||||||
default n
|
|
||||||
depends on PACKAGE_opkg-smime
|
|
||||||
prompt "Support reading old md5 hashes."
|
|
||||||
help
|
|
||||||
Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
|
|
||||||
endef
|
|
||||||
|
|
||||||
Package/opkg-smime/conffiles = $(Package/opkg/conffiles)
|
|
||||||
|
|
||||||
TARGET_CFLAGS += -ffunction-sections -fdata-sections
|
TARGET_CFLAGS += -ffunction-sections -fdata-sections
|
||||||
EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
|
EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
|
||||||
|
|
||||||
@ -117,22 +82,13 @@ CONFIGURE_ARGS += \
|
|||||||
--with-opkgetcdir=/etc \
|
--with-opkgetcdir=/etc \
|
||||||
--with-opkglockfile=/var/lock/opkg.lock
|
--with-opkglockfile=/var/lock/opkg.lock
|
||||||
|
|
||||||
ifeq ($(BUILD_VARIANT),smime)
|
ifndef CONFIG_SIGNED_PACKAGES
|
||||||
CONFIGURE_ARGS += --enable-openssl --disable-usign
|
CONFIGURE_ARGS += --disable-usign
|
||||||
ifeq ($(CONFIG_OPKG_SMIME_SUPPORT_MD5),y)
|
endif
|
||||||
CONFIGURE_ARGS += --enable-md5
|
ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
|
||||||
else
|
CONFIGURE_ARGS += --enable-md5
|
||||||
CONFIGURE_ARGS += --disable-md5
|
|
||||||
endif
|
|
||||||
else
|
else
|
||||||
ifndef CONFIG_SIGNED_PACKAGES
|
CONFIGURE_ARGS += --disable-md5
|
||||||
CONFIGURE_ARGS += --disable-usign
|
|
||||||
endif
|
|
||||||
ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
|
|
||||||
CONFIGURE_ARGS += --enable-md5
|
|
||||||
else
|
|
||||||
CONFIGURE_ARGS += --disable-md5
|
|
||||||
endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
MAKE_FLAGS = \
|
MAKE_FLAGS = \
|
||||||
@ -163,12 +119,6 @@ define Package/opkg/install
|
|||||||
$(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
|
$(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/opkg-smime/install
|
|
||||||
$(call Package/opkg/Default/install,$(1),-smime)
|
|
||||||
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
|
||||||
$(if $(CONFIG_OPKGSMIME_CERT),$(INSTALL_DATA) $(call qstrip,$(CONFIG_OPKGSMIME_CERT)) $(1)/etc/ssl/certs/opkg.pem,)
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Build/InstallDev
|
define Build/InstallDev
|
||||||
mkdir -p $(1)/usr/include
|
mkdir -p $(1)/usr/include
|
||||||
$(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/
|
$(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/
|
||||||
@ -191,5 +141,4 @@ define Host/Install
|
|||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call BuildPackage,opkg))
|
$(eval $(call BuildPackage,opkg))
|
||||||
$(eval $(call BuildPackage,opkg-smime))
|
|
||||||
$(eval $(call HostBuild))
|
$(eval $(call HostBuild))
|
||||||
|
Loading…
Reference in New Issue
Block a user