From 9cdf852ae09e8b418d9ab5c462b95742dc2f0fc2 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 10 Jan 2017 13:02:33 +0100 Subject: [PATCH] opkg: drop S/MIME support It has never been used by default (due to being too bloated), and it is properly replaced by usign (which has been the default for a long time now). Remove this feature to simplify the build system Signed-off-by: Felix Fietkau --- package/Makefile | 28 ------------- package/base-files/image-config.in | 39 ----------------- package/system/opkg/Makefile | 67 ++++-------------------------- 3 files changed, 8 insertions(+), 126 deletions(-) diff --git a/package/Makefile b/package/Makefile index 17378a95ef..3250e7b7d0 100644 --- a/package/Makefile +++ b/package/Makefile @@ -74,15 +74,6 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/system/opkg/host/install $(curdir $(call prepare_rootfs,$(TARGET_DIR)) -PASSOPT="" -PASSARG="" -ifndef CONFIG_OPKGSMIME_PASSPHRASE - ifneq ($(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE)),) - PASSOPT="-passin" - PASSARG="file:$(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE))" - endif -endif - $(curdir)/index: FORCE @echo Generating package index... @for d in $(PACKAGE_SUBDIRS); do ( \ @@ -99,25 +90,6 @@ ifdef CONFIG_SIGNED_PACKAGES cd $$d || continue; \ $(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \ ); done -else -ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_KEY)),) - @echo Signing key has not been configured -else -ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_CERT)),) - @echo Certificate has not been configured -else - @echo Signing package index... - @for d in $(PACKAGE_SUBDIRS); do ( \ - [ -d $$d ] && \ - cd $$d || continue; \ - openssl smime -binary -in Packages.gz \ - -out Packages.sig -outform PEM -sign \ - -signer $(CONFIG_OPKGSMIME_CERT) \ - -inkey $(CONFIG_OPKGSMIME_KEY) \ - $(PASSOPT) $(PASSARG); \ - ); done -endif -endif endif $(curdir)/preconfig: diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in index 448fc1cd9f..b43d7c78cd 100644 --- a/package/base-files/image-config.in +++ b/package/base-files/image-config.in @@ -292,42 +292,3 @@ menuconfig PER_FEED_REPO Add not enabled feeds as commented out source lines to opkg.conf. source "tmp/.config-feeds.in" - - -menuconfig SMIMEOPT - bool "Package signing options" if IMAGEOPT - default n - help - These options configure the signing key and certificate to - be used for signing and verifying packages. - - config OPKGSMIME_CERT - string - prompt "Path to certificate (PEM certificate format)" if SMIMEOPT - help - Path to the certificate to use for signature verification - - config OPKGSMIME_KEY - string - prompt "Path to signing key (PEM private key format)" if SMIMEOPT - help - Path to the key to use for signing packages - - config OPKGSMIME_PASSPHRASE - bool - default y - prompt "Wait for a passphrase when signing packages?" if SMIMEOPT - help - If this value is set, then the build will pause and request a passphrase - from the command line when signing packages. This SHOULD NOT be used with - automatic builds. If this value is not set, a file can be specified from - which the passphrase will be read. - - config OPKGSMIME_PASSFILE - string - prompt "Path to a file containing the passphrase" if SMIMEOPT - depends on !OPKGSMIME_PASSPHRASE - help - Path to a file containing the passphrase for the signing key. - If the signing key is not encrypted and does not require a passphrase, - this option may be left blank. diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile index cbd731f54c..898d769b2e 100644 --- a/package/system/opkg/Makefile +++ b/package/system/opkg/Makefile @@ -37,7 +37,7 @@ PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/host-build.mk -define Package/opkg/Default +define Package/opkg SECTION:=base CATEGORY:=Base system TITLE:=opkg package manager @@ -46,7 +46,7 @@ define Package/opkg/Default MENU:=1 endef -define Package/opkg/Default/description +define Package/opkg/description Lightweight package management system opkg is the opkg Package Management System, for handling installation and removal of packages on a system. It can @@ -66,47 +66,12 @@ config OPKG_SUPPORT_MD5 Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha. endef -define Package/opkg - $(call Package/opkg/Default) - VARIANT:=unsigned -endef - -define Package/opkg/description - $(call Package/opkg/Default/description) -endef - define Package/opkg/conffiles /etc/opkg.conf /etc/opkg/keys/ /etc/opkg/customfeeds.conf endef - -define Package/opkg-smime - $(call Package/opkg/Default) - TITLE+= (with S/MIME signature support) - DEPENDS+=+PACKAGE_opkg-smime:libopenssl - VARIANT:=smime -endef - -define Package/opkg-smime/description - $(call Package/opkg/Default/description) - - This package allows the Package index to be verified with S/MIME. -endef - -define Package/opkg-smime/config -config OPKG_SMIME_SUPPORT_MD5 - bool - default n - depends on PACKAGE_opkg-smime - prompt "Support reading old md5 hashes." - help - Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha. -endef - -Package/opkg-smime/conffiles = $(Package/opkg/conffiles) - TARGET_CFLAGS += -ffunction-sections -fdata-sections EXTRA_CFLAGS += $(TARGET_CPPFLAGS) @@ -117,22 +82,13 @@ CONFIGURE_ARGS += \ --with-opkgetcdir=/etc \ --with-opkglockfile=/var/lock/opkg.lock -ifeq ($(BUILD_VARIANT),smime) - CONFIGURE_ARGS += --enable-openssl --disable-usign - ifeq ($(CONFIG_OPKG_SMIME_SUPPORT_MD5),y) - CONFIGURE_ARGS += --enable-md5 - else - CONFIGURE_ARGS += --disable-md5 - endif +ifndef CONFIG_SIGNED_PACKAGES + CONFIGURE_ARGS += --disable-usign +endif +ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y) + CONFIGURE_ARGS += --enable-md5 else - ifndef CONFIG_SIGNED_PACKAGES - CONFIGURE_ARGS += --disable-usign - endif - ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y) - CONFIGURE_ARGS += --enable-md5 - else - CONFIGURE_ARGS += --disable-md5 - endif + CONFIGURE_ARGS += --disable-md5 endif MAKE_FLAGS = \ @@ -163,12 +119,6 @@ define Package/opkg/install $(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/ endef -define Package/opkg-smime/install - $(call Package/opkg/Default/install,$(1),-smime) - $(INSTALL_DIR) $(1)/etc/ssl/certs - $(if $(CONFIG_OPKGSMIME_CERT),$(INSTALL_DATA) $(call qstrip,$(CONFIG_OPKGSMIME_CERT)) $(1)/etc/ssl/certs/opkg.pem,) -endef - define Build/InstallDev mkdir -p $(1)/usr/include $(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/ @@ -191,5 +141,4 @@ define Host/Install endef $(eval $(call BuildPackage,opkg)) -$(eval $(call BuildPackage,opkg-smime)) $(eval $(call HostBuild)) -- 2.25.1