summaryrefslogtreecommitdiffstats
path: root/src/install.sh
diff options
context:
space:
mode:
Diffstat (limited to 'src/install.sh')
-rw-r--r--src/install.sh31
1 files changed, 30 insertions, 1 deletions
diff --git a/src/install.sh b/src/install.sh
index 8b5291b..246240f 100644
--- a/src/install.sh
+++ b/src/install.sh
@@ -85,6 +85,27 @@ install_system()
return 0
}
+_usign_fingerprint()
+{
+ local key_data="${1}"
+ local usign=
+
+ if ${in_place} && ${USIGN_EMBEDDED}; then
+ usign="${builddir}/3rdparty/usign/usign"
+ else
+ usign="${USIGN}"
+ fi
+
+ IFS="${LF}"
+ if printf '%s\n' ${key_data} | "${usign}" -F -p -; then
+ unset IFS
+ return 0
+ else
+ unset IFS
+ return 1
+ fi
+}
+
install_find_pkgs()
{
local mirror="${1}"
@@ -99,6 +120,7 @@ install_find_pkgs()
local base_url=
local gzip=
local cert_url=
+ local root_key=
local cert_fd=
local dl_func=
local pkgs=
@@ -120,14 +142,21 @@ install_find_pkgs()
pkgs_fd=${FD}
if cert_url="$(profile_get_cert_url "${mirror}")"; then
+ # This is a hack to generate a fake certificate with some valid
+ # (but incorrect) key and the mirror-specific certificate URL to
+ # make opkg-cert download and verify the actual certificate.
mkdir -p "${root}/etc/opkg/keys/"
+ root_key="$(profile_get_root_key)"
+ printf '%s\n' "${root_key}"
+ >"${root}/etc/opkg/keys/$(_usign_fingerprint \
+ "${root_key}").root"
if ! fopen "${root}/etc/opkg/keys/temp.cert"; then
return 1
fi
cert_fd=${FD}
printf '%s\n---' "${cert_url}" >&${cert_fd}
IFS="${LF}"
- printf 'K: %s\n' $(profile_get_root_key) >&${cert_fd}
+ printf 'K: %s\n' ${root_key} >&${cert_fd}
unset IFS
printf '---' >&${cert_fd}
fclose ${cert_fd}