From 3efd1303d81364e5bcdf71e981518aebcedbe70e Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 6 Apr 2015 19:38:37 +0000 Subject: [PATCH] opkg: add patch for supporting signature checking through usign Signed-off-by: Felix Fietkau SVN-Revision: 45284 --- .../opkg/patches/200-usign_support.patch | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 package/system/opkg/patches/200-usign_support.patch diff --git a/package/system/opkg/patches/200-usign_support.patch b/package/system/opkg/patches/200-usign_support.patch new file mode 100644 index 0000000000..991708a8a3 --- /dev/null +++ b/package/system/opkg/patches/200-usign_support.patch @@ -0,0 +1,91 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -169,6 +169,15 @@ if test "x$want_gpgme" = "xyes"; then + fi + fi + ++AC_ARG_ENABLE(usign, ++ AC_HELP_STRING([--enable-usign], [Enable signature checking with usign ++ [[default=yes]] ]), ++ [want_usign="$enableval"], [want_usign="yes"]) ++ ++if test "x$want_usign" = "xyes"; then ++ AC_DEFINE(HAVE_USIGN, 1, [Define if you want usign support]) ++fi ++ + AC_SUBST(GPGME_CFLAGS) + AC_SUBST(GPGME_LIBS) + +--- a/libopkg/opkg.c ++++ b/libopkg/opkg.c +@@ -599,7 +599,7 @@ opkg_update_package_lists(opkg_progress_ + } + free(url); + +-#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) ++#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN) + if (conf->check_signature) { + char *sig_file_name; + /* download detached signitures to verify the package lists */ +--- a/libopkg/opkg_cmd.c ++++ b/libopkg/opkg_cmd.c +@@ -169,7 +169,7 @@ opkg_update_cmd(int argc, char **argv) + list_file_name); + } + free(url); +-#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) ++#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN) + if (conf->check_signature) { + /* download detached signitures to verify the package lists */ + /* get the url for the sig file */ +--- a/libopkg/opkg_install.c ++++ b/libopkg/opkg_install.c +@@ -1288,7 +1288,7 @@ opkg_install_pkg(pkg_t *pkg, int from_up + } + + /* check that the repository is valid */ +- #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) ++ #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN) + char *list_file_name, *sig_file_name, *lists_dir; + + /* check to ensure the package has come from a repository */ +--- a/libopkg/opkg_download.c ++++ b/libopkg/opkg_download.c +@@ -19,6 +19,7 @@ + + #include "config.h" + ++#include + #include + #include + #include +@@ -342,7 +343,28 @@ opkg_prepare_url_for_install(const char + int + opkg_verify_file (char *text_file, char *sig_file) + { +-#if defined HAVE_GPGME ++#if defined HAVE_USIGN ++ int status = -1; ++ int pid; ++ ++ if (conf->check_signature == 0 ) ++ return 0; ++ ++ pid = fork(); ++ if (pid < 0) ++ return -1; ++ ++ if (!pid) { ++ execl("/usr/sbin/opkg-key", "opkg-key", "verify", sig_file, text_file, NULL); ++ exit(255); ++ } ++ ++ waitpid(pid, &status, 0); ++ if (!WIFEXITED(status) || WEXITSTATUS(status)) ++ return -1; ++ ++ return 0; ++#elif defined HAVE_GPGME + if (conf->check_signature == 0 ) + return 0; + int status = -1; -- 2.25.1