summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile.am3
-rw-r--r--configure.ac1
-rw-r--r--libopkg/opkg_download.c28
-rw-r--r--src/Makefile.am5
-rw-r--r--utils/Makefile.am1
-rwxr-xr-xutils/opkg-key74
-rwxr-xr-xutils/update-alternatives (renamed from update-alternatives)0
7 files changed, 105 insertions, 7 deletions
diff --git a/Makefile.am b/Makefile.am
index 8783593..1b38e26 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,4 +1,4 @@
-SUBDIRS = libbb libopkg src tests
+SUBDIRS = libbb libopkg src tests utils
HOST_CPU=@host_cpu@
BUILD_CPU=@build_cpu@
@@ -9,7 +9,6 @@ pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libopkg.pc
-bin_SCRIPTS = update-alternatives
interceptdir = $(datadir)/opkg/intercept
intercept_DATA = intercept/ldconfig intercept/depmod intercept/update-modules
diff --git a/configure.ac b/configure.ac
index e9b264d..e71a5be 100644
--- a/configure.ac
+++ b/configure.ac
@@ -137,5 +137,6 @@ AC_OUTPUT(
tests/Makefile
src/Makefile
libbb/Makefile
+ utils/Makefile
libopkg.pc
)
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 6acdc32..1d882a1 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -233,27 +233,48 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
#ifdef HAVE_GPGME
int status = -1;
gpgme_ctx_t ctx;
- gpgme_data_t sig, text;
+ gpgme_data_t sig, text, key;
gpgme_error_t err = -1;
gpgme_verify_result_t result;
gpgme_signature_t s;
+ char *trusted_path = NULL;
err = gpgme_new (&ctx);
if (err)
return -1;
+ sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg");
+ err = gpgme_data_new_from_file (&key, trusted_path, 1);
+ free (trusted_path);
+ if (err)
+ {
+ return -1;
+ }
+ err = gpgme_op_import (ctx, key);
+ if (err)
+ {
+ gpgme_data_release (key);
+ return -1;
+ }
+ gpgme_data_release (key);
+
err = gpgme_data_new_from_file (&sig, sig_file, 1);
if (err)
+ {
+ gpgme_release (ctx);
return -1;
+ }
err = gpgme_data_new_from_file (&text, text_file, 1);
if (err)
+ {
+ gpgme_data_release (sig);
+ gpgme_release (ctx);
return -1;
+ }
err = gpgme_op_verify (ctx, sig, text, NULL);
- if (err)
- return -1;
result = gpgme_op_verify_result (ctx);
if (!result)
@@ -269,6 +290,7 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
s = s->next;
}
+
gpgme_data_release (sig);
gpgme_data_release (text);
gpgme_release (ctx);
diff --git a/src/Makefile.am b/src/Makefile.am
index 1fb3ec9..35aaa2a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,8 +1,9 @@
AM_CFLAGS = -I${top_srcdir}/libopkg ${ALL_CFLAGS}
-bin_PROGRAMS = opkg-cl
+bin_PROGRAMS = opkg-cl opkg-key
opkg_cl_SOURCES = opkg-frontend.c
opkg_cl_LDADD = $(top_builddir)/libopkg/libopkg.la \
$(top_builddir)/libbb/libbb.la
-
+opkg_key_SOURCES = opkg-key.c
+opkg_key_LDADD = $(GPGME_LIBS)
diff --git a/utils/Makefile.am b/utils/Makefile.am
new file mode 100644
index 0000000..7019e4b
--- /dev/null
+++ b/utils/Makefile.am
@@ -0,0 +1 @@
+bin_SCRIPTS = update-alternatives opkg-key
diff --git a/utils/opkg-key b/utils/opkg-key
new file mode 100755
index 0000000..266bb66
--- /dev/null
+++ b/utils/opkg-key
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+# Based on apt-key from apt-0.6.25
+# Licensed under GPL Version 2
+
+set -e
+
+usage() {
+ echo "Usage: opkg-key [options] command [arguments]"
+ echo
+ echo "Manage opkg's list of trusted keys"
+ echo
+ echo " opkg-key add <file> - add the key contained in <file> ('-' for stdin)"
+ echo " opkg-key del <keyid> - remove the key <keyid>"
+ echo " opkg-key list - list keys"
+ echo
+ echo "Options:"
+ echo " -o <root> Use <root> as the offline root directory"
+ echo
+}
+
+if [ "$1" = "-o" ]; then
+ ROOT=$2
+ shift 2
+ echo "Note: using \"$ROOT\" as root path"
+else
+ ROOT=""
+fi
+
+command="$1"
+if [ -z "$command" ]; then
+ usage
+ exit 1
+fi
+shift
+
+if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
+ echo >&2 "Warning: gnupg does not seem to be installed."
+ echo >&2 "Warning: opkg-key requires gnupg for most operations."
+ echo >&2
+fi
+
+# We don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available
+
+GPG="gpg --no-options --no-default-keyring --keyring $ROOT/etc/opkg/trusted.gpg --secret-keyring $ROOT/etc/opkg/secring.gpg --trustdb-name $ROOT/etc/opkg/trustdb.gpg"
+
+case "$command" in
+ add)
+ $GPG --quiet --batch --import "$1"
+ echo "OK"
+ ;;
+ del|rm|remove)
+ $GPG --quiet --batch --delete-key --yes "$1"
+ echo "OK"
+ ;;
+ list)
+ $GPG --batch --list-keys
+ ;;
+ finger*)
+ $GPG --batch --fingerprint
+ ;;
+ adv*)
+ echo "Executing: $GPG $*"
+ $GPG $*
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
+esac
diff --git a/update-alternatives b/utils/update-alternatives
index 4983e19..4983e19 100755
--- a/update-alternatives
+++ b/utils/update-alternatives