diff options
| author | ticktock35 <ticktock35@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358> | 2009-10-27 08:45:24 (EDT) |
|---|---|---|
| committer | ticktock35 <ticktock35@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358> | 2009-10-27 08:45:24 (EDT) |
| commit | 587f690ff0ba0ec6b91bd4b83fa39305120e8e93 (patch) | |
| tree | 0010f679707962e6636b5dd978c696c738af7a4d /configure.ac | |
| parent | 29b3b9d76a8d6b9af6d6465a9f501c2e5066bea0 (diff) | |
Opkg support for smime (pkcs7) packages list signing
Thanks to Camille Moncelier <moncelier@devlife.org>
http://groups.google.com/group/opkg-devel/browse_thread/thread/6071ce290d5ceb77?utoken=qjR-TC0AAADKDldt5ZXsDDLs9sWCpWZI1zgeariQUwksg5ob1tmaFTCAL7MTcQRO6S85GfHgQ_k
As promised :) here is a patch allowing opkg to authenticate
a package list using smime and openssl instead of gpgme
Example:
Sign a package list:
openssl smime -sign -in /path/to/repo/Packages \
-signer /root/server.pem -binary \
-outform PEM -out /path/to/repo/Packages.sig
Configuration in /etc/opkg/opkg.conf
option check_signature 1
option signature_ca_file /etc/serverCA.pem
option signature_ca_path /path/to/certs/dir
opkg update
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check passed
Package list corruption or MIM:
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check failed
Collected errors:
* Verification failure
Camille Moncelier
http://devlife.org/
git-svn-id: http://opkg.googlecode.com/svn/trunk@221 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 9c108f3..579a105 100644 --- a/configure.ac +++ b/configure.ac @@ -48,6 +48,17 @@ if test "x$want_sha256" = "xyes"; then fi AM_CONDITIONAL(HAVE_SHA256, test "x$want_sha256" = "xyes") +# check for openssl +AC_ARG_ENABLE(openssl, + AC_HELP_STRING([--enable-openssl], [Enable signature checking with OpenSSL + [[default=no]] ]), + [want_openssl="$enableval"], [want_openssl="no"]) + +if test "x$want_openssl" = "xyes"; then + PKG_CHECK_MODULES(OPENSSL, openssl) + AC_DEFINE(HAVE_OPENSSL, 1, [Define if you want OpenSSL support]) +fi + dnl ********** dnl GPGME @@ -171,6 +182,18 @@ if test x$opkgetcdir = x; then fi +dnl Some special cases for the wow64 build +if test "x$want_gpgme" = "xyes" +then + if test "x$want_openssl" = "xyes" + then + AC_MSG_ERROR([--enable-gpg and --enable-openssl are mutually exclusive. +Use --disable-gpg if you want OpenSSL smime signatures]) + fi +fi + + + AC_SUBST(opkglibdir) AC_SUBST(opkgetcdir) |