From 587f690ff0ba0ec6b91bd4b83fa39305120e8e93 Mon Sep 17 00:00:00 2001
From: ticktock35 <ticktock35@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358>
Date: Tue, 27 Oct 2009 08:45:24 -0400
Subject: Opkg support for smime (pkcs7) packages list signing

Thanks to Camille Moncelier <moncelier@devlife.org>
http://groups.google.com/group/opkg-devel/browse_thread/thread/6071ce290d5ceb77?utoken=qjR-TC0AAADKDldt5ZXsDDLs9sWCpWZI1zgeariQUwksg5ob1tmaFTCAL7MTcQRO6S85GfHgQ_k

As promised :) here is a patch allowing opkg to authenticate
a package list using smime and openssl instead of gpgme

Example:

 Sign a package list:
openssl smime -sign -in /path/to/repo/Packages \
       -signer /root/server.pem -binary \
       -outform PEM -out /path/to/repo/Packages.sig

 Configuration in /etc/opkg/opkg.conf
option check_signature 1
option signature_ca_file /etc/serverCA.pem
 option signature_ca_path /path/to/certs/dir

 opkg update
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check passed

 Package list corruption or MIM:
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check failed
Collected errors:
 * Verification failure

Camille Moncelier
http://devlife.org/

git-svn-id: http://opkg.googlecode.com/svn/trunk@221 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358
---
(limited to 'libopkg/opkg_conf.h')

diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index ca2661b..4bd50e5 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -82,6 +82,9 @@ struct opkg_conf
      char *proxy_user;
      char *proxy_passwd;
 
+     char *signature_ca_file;
+     char *signature_ca_path;
+
      hash_table_t pkg_hash;
      hash_table_t file_hash;
      hash_table_t obs_file_hash;
--
cgit v0.9.1