Revert "build: separate signing logic"
This reverts commit 4a45e69d19
.
This broke the buildbots
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
parent
4408723d42
commit
f4aaee01fa
@ -37,21 +37,13 @@ menu "Global build settings"
|
|||||||
- Enabling per-device rootfs support
|
- Enabling per-device rootfs support
|
||||||
...
|
...
|
||||||
|
|
||||||
config INSTALL_LOCAL_KEY
|
|
||||||
bool "Install local usign key into image"
|
|
||||||
default n
|
|
||||||
|
|
||||||
config SIGNED_PACKAGES
|
config SIGNED_PACKAGES
|
||||||
bool "Cryptographically signed package lists"
|
bool "Cryptographically signed package lists"
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config SIGNED_IMAGES
|
|
||||||
bool "Cryptographically signed firmware images"
|
|
||||||
default n
|
|
||||||
|
|
||||||
config SIGNATURE_CHECK
|
config SIGNATURE_CHECK
|
||||||
bool "Enable signature checking in opkg"
|
bool "Enable signature checking in opkg"
|
||||||
default y
|
default SIGNED_PACKAGES
|
||||||
|
|
||||||
comment "General build options"
|
comment "General build options"
|
||||||
|
|
||||||
|
@ -373,14 +373,11 @@ metadata_json = \
|
|||||||
|
|
||||||
define Build/append-metadata
|
define Build/append-metadata
|
||||||
$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
|
$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
|
||||||
[ -z "$(SIGNED_IMAGES)" \
|
[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
|
||||||
-o ! -s "$(BUILD_KEY)" \
|
cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
|
||||||
-o ! -s "$(BUILD_KEY).ucert" \
|
usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
|
||||||
-o ! -s "$@" ] || { \
|
ucert -A -c "$@.ucert" -x "$@.sig" ;\
|
||||||
cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
|
fwtool -S "$@.ucert" "$@" ;\
|
||||||
usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
|
|
||||||
ucert -A -c "$@.ucert" -x "$@.sig" ;\
|
|
||||||
fwtool -S "$@.ucert" "$@" ;\
|
|
||||||
}
|
}
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ endif
|
|||||||
define Package/base-files
|
define Package/base-files
|
||||||
SECTION:=base
|
SECTION:=base
|
||||||
CATEGORY:=Base system
|
CATEGORY:=Base system
|
||||||
DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNATURE_CHECK:usign +SIGNATURE_CHECK:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
|
DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
|
||||||
TITLE:=Base filesystem for OpenWrt
|
TITLE:=Base filesystem for OpenWrt
|
||||||
URL:=http://openwrt.org/
|
URL:=http://openwrt.org/
|
||||||
VERSION:=$(PKG_RELEASE)-$(REVISION)
|
VERSION:=$(PKG_RELEASE)-$(REVISION)
|
||||||
@ -116,6 +116,12 @@ ifdef CONFIG_SIGNED_PACKAGES
|
|||||||
$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p $(BUILD_KEY).pub -s $(BUILD_KEY)
|
$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p $(BUILD_KEY).pub -s $(BUILD_KEY)
|
||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
define Package/base-files/install-key
|
||||||
|
mkdir -p $(1)/etc/opkg/keys
|
||||||
|
$(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
|
||||||
|
|
||||||
|
endef
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifeq ($(CONFIG_NAND_SUPPORT),)
|
ifeq ($(CONFIG_NAND_SUPPORT),)
|
||||||
@ -124,16 +130,9 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
|
|||||||
endef
|
endef
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_INSTALL_LOCAL_KEY
|
|
||||||
define Package/base-files/install-local-key
|
|
||||||
mkdir -p $(1)/etc/opkg/keys
|
|
||||||
$(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign \
|
|
||||||
-F -p $(BUILD_KEY).pub`
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/base-files/install
|
define Package/base-files/install
|
||||||
$(CP) ./files/* $(1)/
|
$(CP) ./files/* $(1)/
|
||||||
$(Package/base-files/install-local-key)
|
$(Package/base-files/install-key)
|
||||||
$(Package/base-files/nand-support)
|
$(Package/base-files/nand-support)
|
||||||
if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
|
if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
|
||||||
$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
|
$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
|
||||||
|
Loading…
Reference in New Issue
Block a user