feed_download_cert(): New function

1 files changed, 42 insertions, 0 deletions

diff --git a/src/feed.sh b/src/feed.sh
index 7e4a19b..db53f57 100644
--- a/src/feed.sh
+++ b/src/feed.sh
@@ -52,6 +52,48 @@ feed_download()
 	return 0
 }
 
+feed_download_cert()
+{
+	local base_url="${1}"
+	local list_file="${2}"
+	local use_gzip="${3}"
+	local url=
+	local usign=
+
+	if ${use_gzip}; then
+		url="${base_url}/Packages.gz"
+		# Don't bother with gunzip, because only opkg-lede after storing
+		# compressed package lists (commit cd113c7) supports signature
+		# checking with usign (commit 71f02a3).
+	else
+		url="${base_url}/Packages"
+	fi
+
+	if ! ${WGET} -q -O "${list_file}.tmp" "${url}"; then
+		return 1
+	fi
+	if ! ${WGET} -q -O "${list_file}.sig" "${base_url}/Packages.sig"; then
+		rm -f "${list_file}.tmp"
+		return 1
+	fi
+
+	if ${in_place} && ${USIGN_EMBEDDED}; then
+		usign="${builddir}/3rdparty/usign/usign"
+	else
+		usign="${USIGN}"
+	fi
+
+	if ! ROOT="${root}" TMPDIR="${root}/tmp" USIGN="${usign}" \
+			WGET="${WGET}" GUNZIP="${GUNZIP}" "${OPKG_CERT}" \
+			verify "${list_file}.sig" "${list_file}.tmp"; then
+		rm -f "${list_file}.tmp" "${list_file}.sig"
+		return 1
+	fi
+	mv "${list_file}.tmp" "${list_file}"
+
+	return 0
+}
+
 feed_find_pkgs()
 {
 	local feed_idx="${1}"