opkg: drop S/MIME support

It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).

Remove this feature to simplify the build system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2017-01-10 13:02:33 +01:00
parent f5c649d7c6
commit 9cdf852ae0
3 changed files with 8 additions and 126 deletions

View file

@ -74,15 +74,6 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/system/opkg/host/install $(curdir
$(call prepare_rootfs,$(TARGET_DIR))
PASSOPT=""
PASSARG=""
ifndef CONFIG_OPKGSMIME_PASSPHRASE
ifneq ($(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE)),)
PASSOPT="-passin"
PASSARG="file:$(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE))"
endif
endif
$(curdir)/index: FORCE
@echo Generating package index...
@for d in $(PACKAGE_SUBDIRS); do ( \
@ -99,25 +90,6 @@ ifdef CONFIG_SIGNED_PACKAGES
cd $$d || continue; \
$(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \
); done
else
ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_KEY)),)
@echo Signing key has not been configured
else
ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_CERT)),)
@echo Certificate has not been configured
else
@echo Signing package index...
@for d in $(PACKAGE_SUBDIRS); do ( \
[ -d $$d ] && \
cd $$d || continue; \
openssl smime -binary -in Packages.gz \
-out Packages.sig -outform PEM -sign \
-signer $(CONFIG_OPKGSMIME_CERT) \
-inkey $(CONFIG_OPKGSMIME_KEY) \
$(PASSOPT) $(PASSARG); \
); done
endif
endif
endif
$(curdir)/preconfig:

View file

@ -292,42 +292,3 @@ menuconfig PER_FEED_REPO
Add not enabled feeds as commented out source lines to opkg.conf.
source "tmp/.config-feeds.in"
menuconfig SMIMEOPT
bool "Package signing options" if IMAGEOPT
default n
help
These options configure the signing key and certificate to
be used for signing and verifying packages.
config OPKGSMIME_CERT
string
prompt "Path to certificate (PEM certificate format)" if SMIMEOPT
help
Path to the certificate to use for signature verification
config OPKGSMIME_KEY
string
prompt "Path to signing key (PEM private key format)" if SMIMEOPT
help
Path to the key to use for signing packages
config OPKGSMIME_PASSPHRASE
bool
default y
prompt "Wait for a passphrase when signing packages?" if SMIMEOPT
help
If this value is set, then the build will pause and request a passphrase
from the command line when signing packages. This SHOULD NOT be used with
automatic builds. If this value is not set, a file can be specified from
which the passphrase will be read.
config OPKGSMIME_PASSFILE
string
prompt "Path to a file containing the passphrase" if SMIMEOPT
depends on !OPKGSMIME_PASSPHRASE
help
Path to a file containing the passphrase for the signing key.
If the signing key is not encrypted and does not require a passphrase,
this option may be left blank.

View file

@ -37,7 +37,7 @@ PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
define Package/opkg/Default
define Package/opkg
SECTION:=base
CATEGORY:=Base system
TITLE:=opkg package manager
@ -46,7 +46,7 @@ define Package/opkg/Default
MENU:=1
endef
define Package/opkg/Default/description
define Package/opkg/description
Lightweight package management system
opkg is the opkg Package Management System, for handling
installation and removal of packages on a system. It can
@ -66,47 +66,12 @@ config OPKG_SUPPORT_MD5
Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
endef
define Package/opkg
$(call Package/opkg/Default)
VARIANT:=unsigned
endef
define Package/opkg/description
$(call Package/opkg/Default/description)
endef
define Package/opkg/conffiles
/etc/opkg.conf
/etc/opkg/keys/
/etc/opkg/customfeeds.conf
endef
define Package/opkg-smime
$(call Package/opkg/Default)
TITLE+= (with S/MIME signature support)
DEPENDS+=+PACKAGE_opkg-smime:libopenssl
VARIANT:=smime
endef
define Package/opkg-smime/description
$(call Package/opkg/Default/description)
This package allows the Package index to be verified with S/MIME.
endef
define Package/opkg-smime/config
config OPKG_SMIME_SUPPORT_MD5
bool
default n
depends on PACKAGE_opkg-smime
prompt "Support reading old md5 hashes."
help
Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
endef
Package/opkg-smime/conffiles = $(Package/opkg/conffiles)
TARGET_CFLAGS += -ffunction-sections -fdata-sections
EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
@ -117,22 +82,13 @@ CONFIGURE_ARGS += \
--with-opkgetcdir=/etc \
--with-opkglockfile=/var/lock/opkg.lock
ifeq ($(BUILD_VARIANT),smime)
CONFIGURE_ARGS += --enable-openssl --disable-usign
ifeq ($(CONFIG_OPKG_SMIME_SUPPORT_MD5),y)
CONFIGURE_ARGS += --enable-md5
else
CONFIGURE_ARGS += --disable-md5
endif
ifndef CONFIG_SIGNED_PACKAGES
CONFIGURE_ARGS += --disable-usign
endif
ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
CONFIGURE_ARGS += --enable-md5
else
ifndef CONFIG_SIGNED_PACKAGES
CONFIGURE_ARGS += --disable-usign
endif
ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
CONFIGURE_ARGS += --enable-md5
else
CONFIGURE_ARGS += --disable-md5
endif
CONFIGURE_ARGS += --disable-md5
endif
MAKE_FLAGS = \
@ -163,12 +119,6 @@ define Package/opkg/install
$(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
endef
define Package/opkg-smime/install
$(call Package/opkg/Default/install,$(1),-smime)
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(if $(CONFIG_OPKGSMIME_CERT),$(INSTALL_DATA) $(call qstrip,$(CONFIG_OPKGSMIME_CERT)) $(1)/etc/ssl/certs/opkg.pem,)
endef
define Build/InstallDev
mkdir -p $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/
@ -191,5 +141,4 @@ define Host/Install
endef
$(eval $(call BuildPackage,opkg))
$(eval $(call BuildPackage,opkg-smime))
$(eval $(call HostBuild))