[OpenWrt-Devel] [PATCH 09/14] package/signing-key base-files: Move the package list signing key to separate package
openwrt at daniel.thecshore.com
openwrt at daniel.thecshore.com
Sun Jan 3 01:02:57 EST 2016
From: Daniel Dickinson <openwrt at daniel.thecshore.com>
In order to make it easier to sign packages built with an SDK
we make signing-key a separate package from base-files with
a configuration option and variants (so that different builds
can use different keys) which can be easy included in images
with imagebuilder
Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
---
config/Config-build.in | 5 +++
package/base-files/Makefile | 20 +---------
package/signing-key/Makefile | 95 ++++++++++++++++++++++++++++++++++++++++++++
rules.mk | 3 +-
4 files changed, 104 insertions(+), 19 deletions(-)
create mode 100644 package/signing-key/Makefile
diff --git a/config/Config-build.in b/config/Config-build.in
index 2523a18..5867f53 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -18,6 +18,11 @@ menu "Global build settings"
bool "Cryptographically signed package lists"
default y
+ config BUILD_KEY_TYPE
+ string
+ prompt "Name for build key with signed package lists"
+ depends on SIGNED_PACKAGES
+
comment "General build options"
config DISPLAY_SUPPORT
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index bf32f63..d1d6da1 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -17,8 +17,6 @@ PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
PKG_BUILD_DEPENDS:=usign/host
PKG_LICENSE:=GPL-2.0
-PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES
-
include $(INCLUDE_DIR)/package.mk
ifneq ($(DUMP),1)
@@ -31,7 +29,7 @@ endif
define Package/base-files
SECTION:=base
CATEGORY:=Base system
- DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign +fstools
+ DEPENDS:=+netifd +libc +procd +jsonfilter +fstools +SIGNED_PACKAGES:signing-key-$(BUILD_KEY_TYPE)
TITLE:=Base filesystem for OpenWrt
URL:=http://openwrt.org/
VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -90,25 +88,11 @@ endef
define Build/Compile/Default
endef
-Build/Compile = $(Build/Compile/Default)
-
-ifdef CONFIG_SIGNED_PACKAGES
- define Build/Configure
- [ -s $(BUILD_KEY) -a -s $(BUILD_KEY).pub ] || \
- $(STAGING_DIR_HOST)/bin/usign -G -s $(BUILD_KEY) -p $(BUILD_KEY).pub -c "Local build key"
-
- endef
- define Package/base-files/install-key
- mkdir -p $(1)/etc/opkg/keys
- $(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
-
- endef
-endif
+Build/Compile = $(Build/Compile/Default)
define Package/base-files/install
$(CP) ./files/* $(1)/
- $(Package/base-files/install-key)
if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
fi
diff --git a/package/signing-key/Makefile b/package/signing-key/Makefile
new file mode 100644
index 0000000..1ac2996
--- /dev/null
+++ b/package/signing-key/Makefile
@@ -0,0 +1,95 @@
+#
+# Copyright (C) 2007-2015 OpenWrt.org
+# Copyright (C) 2010 Vertical Communications
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+ifneq ($(DUMP),)
+ -include $(TOPDIR)/.config
+endif
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=signing-key
+PKG_VERSION:=1.0
+PKG_RELEASE:=1
+
+PKG_BUILD_DEPENDS:=usign/host
+PKG_LICENSE:=GPL-2.0
+
+PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_KEY_TYPE)
+
+include $(INCLUDE_DIR)/package.mk
+
+# Cheat and use VARIANT so we can have package names which
+# are different from the subdirectory / PKG_NAME
+
+define Package/signing-key/Default
+ SECTION:=base
+ CATEGORY:=Base system
+ DEPENDS:=+usign
+ TITLE:=Signing key when using signed package lists
+ URL:=http://openwrt.org/
+endef
+
+define Package/signing-key
+$(call Package/signing-key/Default)
+ DEPENDS+=@!IN_SDK
+ TITLE+= (base key)
+ VARIANT:=base
+endef
+
+ifneq ($(BUILD_KEY_TYPE),base)
+define Package/signing-key-$(BUILD_KEY_TYPE)
+$(call Package/signing-key/Default)
+ DEPENDS+=@IN_SDK
+ TITLE+= ($(BUILD_KEY_TYPE) key)
+ VARIANT:=$(BUILD_KEY_TYPE)
+endef
+endif
+
+define Package/signing-key/description
+ This package contains the opkg signing key for the base build when using signed package lists
+endef
+
+ifneq ($(BUILD_KEY_TYPE),base)
+define Package/signing-key-$(BUILD_KEY_TYPE)/description
+ This package contains the opkg signing key for the $(BUILD_KEY_TYPE) build when using signed package lists
+endef
+endif
+
+define Build/Prepare
+ true
+endef
+
+define Build/Configure
+ [ -s $(BUILD_KEY) -a -s $(BUILD_KEY).pub ] || \
+ $(STAGING_DIR_HOST)/bin/usign -G -s $(BUILD_KEY) -p $(BUILD_KEY).pub -c "Local $(BUILD_KEY_TYPE) build key"
+endef
+
+define Build/Compile
+ echo "Placeholder for log file"
+endef
+
+define Package/signing-key/install/Default
+ $(INSTALL_DIR) $(1)/etc/opkg/keys
+ $(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
+endef
+
+define Package/signing-key/install
+$(call Package/signing-key/install/Default,$(1),$(2))
+endef
+
+ifneq ($(BUILD_KEY_TYPE),base)
+define Package/signing-key-$(BUILD_KEY_TYPE)/install
+$(call Package/signing-key/install/Default,$(1),$(2))
+endef
+endif
+
+$(eval $(call BuildPackage,signing-key))
+ifneq ($(BUILD_KEY_TYPE),base)
+$(eval $(call BuildPackage,signing-key-$(BUILD_KEY_TYPE)))
+endif
+
diff --git a/rules.mk b/rules.mk
index eb5665d..09aff9b 100644
--- a/rules.mk
+++ b/rules.mk
@@ -211,7 +211,8 @@ else
TARGET_NM:=$(TARGET_CROSS)nm
endif
-BUILD_KEY=$(TOPDIR)/key-build
+BUILD_KEY_TYPE:=$(call qstrip,$(CONFIG_BUILD_KEY_TYPE))
+BUILD_KEY=$(TOPDIR)/key-$(BUILD_KEY_TYPE)
TARGET_CC:=$(TARGET_CROSS)gcc
TARGET_CXX:=$(TARGET_CROSS)g++
--
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list