Opkg support for smime (pkcs7) packages list signing
Thanks to Camille Moncelier <moncelier@devlife.org>
http://groups.google.com/group/opkg-devel/browse_thread/thread/
6071ce290d5ceb77?utoken=qjR-TC0AAADKDldt5ZXsDDLs9sWCpWZI1zgeariQUwksg5ob1tmaFTCAL7MTcQRO6S85GfHgQ_k
As promised :) here is a patch allowing opkg to authenticate
a package list using smime and openssl instead of gpgme
Example:
Sign a package list:
openssl smime -sign -in /path/to/repo/Packages \
-signer /root/server.pem -binary \
-outform PEM -out /path/to/repo/Packages.sig
Configuration in /etc/opkg/opkg.conf
option check_signature 1
option signature_ca_file /etc/serverCA.pem
option signature_ca_path /path/to/certs/dir
opkg update
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check passed
Package list corruption or MIM:
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check failed
Collected errors:
* Verification failure
Camille Moncelier
http://devlife.org/
git-svn-id: http://opkg.googlecode.com/svn/trunk@221
e8e0d7a0-c8d9-11dd-a880-
a1081c7ac358