Add package signing infrastructure

Add package signing key and certificate configuration options to the
"Image configuration" submenu. If enabled, the Packages.gz list will
be signed as file Packages.sig. The passphrase for the signing key can
be sourced from a file or entered by the user. The signing certificate
is automatically added to the firmware image if opkg-smime is selected.

Signed-off-by: Evan Hunt <each@isc.org>
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38284 3c298f89-4303-0410-b956-a3cf2f4a3e73

2 files changed, 6 insertions, 2 deletions

diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index eb3b10a776..3327a8e1ad 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -109,8 +109,12 @@ define Package/opkg/Default/install
 endef
 
 Package/opkg/install = $(call Package/opkg/Default/install,$(1),)
-Package/opkg-smime/install = $(call Package/opkg/Default/install,$(1),-smime)
 
+define Package/opkg-smime/install
+	$(call Package/opkg/Default/install,$(1),-smime)
+	$(INSTALL_DIR) $(1)/etc/ssl/certs
+	$(if $(CONFIG_OPKGSMIME_CERT),$(INSTALL_DATA) $(call qstrip,$(CONFIG_OPKGSMIME_CERT)) $(1)/etc/ssl/certs/opkg.pem,)
+endef
 
 define Build/InstallDev
 	mkdir -p $(1)/usr/include
diff --git a/package/system/opkg/files/opkg-smime.conf b/package/system/opkg/files/opkg-smime.conf
index 103f231842..849bb65b20 100644
--- a/package/system/opkg/files/opkg-smime.conf
+++ b/package/system/opkg/files/opkg-smime.conf
@@ -4,4 +4,4 @@ dest ram /tmp
 lists_dir ext /var/opkg-lists
 option overlay_root /overlay
 option check_signature 1
-option signature_ca_path /etc/ssl/certs/
+option signature_ca_file /etc/ssl/certs/opkg.pem