From 587f690ff0ba0ec6b91bd4b83fa39305120e8e93 Mon Sep 17 00:00:00 2001 From: ticktock35 Date: Tue, 27 Oct 2009 08:45:24 -0400 Subject: Opkg support for smime (pkcs7) packages list signing Thanks to Camille Moncelier http://groups.google.com/group/opkg-devel/browse_thread/thread/6071ce290d5ceb77?utoken=qjR-TC0AAADKDldt5ZXsDDLs9sWCpWZI1zgeariQUwksg5ob1tmaFTCAL7MTcQRO6S85GfHgQ_k As promised :) here is a patch allowing opkg to authenticate a package list using smime and openssl instead of gpgme Example: Sign a package list: openssl smime -sign -in /path/to/repo/Packages \ -signer /root/server.pem -binary \ -outform PEM -out /path/to/repo/Packages.sig Configuration in /etc/opkg/opkg.conf option check_signature 1 option signature_ca_file /etc/serverCA.pem option signature_ca_path /path/to/certs/dir opkg update Downloading http://repo:8000/Packages Updated list of available packages in /usr/lib/opkg/lists/angstrom Downloading http://repo:8000/Packages.sig Signature check passed Package list corruption or MIM: Downloading http://repo:8000/Packages Updated list of available packages in /usr/lib/opkg/lists/angstrom Downloading http://repo:8000/Packages.sig Signature check failed Collected errors: * Verification failure Camille Moncelier http://devlife.org/ git-svn-id: http://opkg.googlecode.com/svn/trunk@221 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358 --- (limited to 'TODO') -- cgit v0.9.1