diff mbox series

[19.07,2/2] openwrt-keyring: Only copy sign key for 19.07 and 21.02

Message ID 20210516135551.3221641-2-hauke@hauke-m.de
State Accepted
Delegated to: Hauke Mehrtens
Headers show
Series [19.07,1/2] openwrt-keyring: add OpenWrt 21.02 GPG/usign keys | expand

Commit Message

Hauke Mehrtens May 16, 2021, 1:55 p.m. UTC
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 19.07
feeds and the 21.02 feeds to allow checking the next release.

If one of the other keys would be compromised this would not affect
users of 19.07 release builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 package/system/openwrt-keyring/Makefile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Paul Spooren May 17, 2021, 6:09 p.m. UTC | #1
On 5/16/21 3:55 PM, Hauke Mehrtens wrote:
> Instead of adding all public signature keys from the openwrt-keyring
> repository only add the key which is used to sign the OpenWrt 19.07
> feeds and the 21.02 feeds to allow checking the next release.
>
> If one of the other keys would be compromised this would not affect
> users of 19.07 release builds.
>
> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
> ---
Acked-by: Paul Spooren <mail@aparcar.org>
>   package/system/openwrt-keyring/Makefile | 7 +++++--
>   1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
> index 6f3aa65622..037809a667 100644
> --- a/package/system/openwrt-keyring/Makefile
> +++ b/package/system/openwrt-keyring/Makefile
> @@ -3,7 +3,7 @@
>   include $(TOPDIR)/rules.mk
>   
>   PKG_NAME:=openwrt-keyring
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>   
>   PKG_SOURCE_PROTO:=git
>   PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
> @@ -32,7 +32,10 @@ Build/Compile=
>   
>   define Package/openwrt-keyring/install
>   	$(INSTALL_DIR) $(1)/etc/opkg/keys/
> -	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
> +	# Public usign key for 19.07 release builds
> +	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/f94b9dd6febac963 $(1)/etc/opkg/keys/
> +	# Public usign key for 21.02 release builds
> +	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
>   endef
>   
>   $(eval $(call BuildPackage,openwrt-keyring))
diff mbox series

Patch

diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
index 6f3aa65622..037809a667 100644
--- a/package/system/openwrt-keyring/Makefile
+++ b/package/system/openwrt-keyring/Makefile
@@ -3,7 +3,7 @@ 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwrt-keyring
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
@@ -32,7 +32,10 @@  Build/Compile=
 
 define Package/openwrt-keyring/install
 	$(INSTALL_DIR) $(1)/etc/opkg/keys/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
+	# Public usign key for 19.07 release builds
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/f94b9dd6febac963 $(1)/etc/opkg/keys/
+	# Public usign key for 21.02 release builds
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
 endef
 
 $(eval $(call BuildPackage,openwrt-keyring))