Skip to content

Commit

Permalink
openwrt-keyring: Only copy sign key for snapshots
Browse files Browse the repository at this point in the history 
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the master feeds.

If one of the other keys would be compromised this would not affect
users of master snapshot builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  • Loading branch information
@hauke
hauke committed May 17, 2021
1 parent f2844a6 commit 097dc94
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions package/system/openwrt-keyring/Makefile
View file
Expand Up @@ -3,7 +3,7 @@
include $(TOPDIR)/rules.mk

PKG_NAME:=openwrt-keyring
PKG_RELEASE:=1
PKG_RELEASE:=2

PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
Expand Down Expand Up @@ -32,7 +32,8 @@ Build/Compile=

define Package/openwrt-keyring/install
$(INSTALL_DIR) $(1)/etc/opkg/keys/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
# Public usign key for unattended snapshot builds
$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/b5043e70f9a75cde $(1)/etc/opkg/keys/
endef

$(eval $(call BuildPackage,openwrt-keyring))

0 comments on commit 097dc94

Please sign in to comment.