From c1c3a195512eca6f92b9375b6c3b9ddcc93a137e Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Sun, 07 Apr 2019 17:05:43 -0400 Subject: dev/archive/signing: Note switch to opkg-lede, usign, and Ed25519 --- diff --git a/dev/archive/signing.mdwn b/dev/archive/signing.mdwn index 43904bc..5d3b0d0 100644 --- a/dev/archive/signing.mdwn +++ b/dev/archive/signing.mdwn @@ -11,6 +11,10 @@ retrieve packages from the archive. Implementation ============== +**TODO:** ProteanOS is implementing [Ed25519][ed25519] signatures, likely +without OpenPGP PKI. The pro-archman and prokit sections below will need some +rethinking. + ProteanOS Archive Manager ------------------------- @@ -63,9 +67,9 @@ Suggestions welcome. Opkg ---- -The opkg source package now builds opkg-gpg and opkg binary packages with and -without support for package feed verification using the [GnuPG Made Easy (GPGME) -library][gpgme] and its dependencies. +ProteanOS [[now|dev/opkg/future]] uses [opkg-lede][] with [usign][], a +lightweight implementation of the [Ed25519][ed25519] public-key signature +system. Archive Keyring --------------- @@ -75,4 +79,6 @@ Key transitions, expiration changes, and revocations will be performed by revisions to this package. It should possibly be upgraded automatically to ensure that installed systems always have up-to-date keys. -[gpgme]: https://www.gnupg.org/software/gpgme/index.html +[opkg-lede]: https://git.openwrt.org/?p=project/opkg-lede.git;a=summary +[usign]: https://git.openwrt.org/?p=project/usign.git;a=summary +[ed25519]: https://ed25519.cr.yp.to/ -- cgit v0.9.1