As promised :) here is a patch allowing opkg to authenticate a package list using smime and openssl instead of gpgme
Example: # Sign a package list: openssl smime -sign -in /path/to/repo/Packages \ -signer /root/server.pem -binary \ -outform PEM -out /path/to/repo/Packages.sig # Configuration in /etc/opkg/opkg.conf option check_signature 1 option signature_ca_file /etc/serverCA.pem # option signature_ca_path /path/to/certs/dir # opkg update Downloading http://repo:8000/Packages Updated list of available packages in /usr/lib/opkg/lists/angstrom Downloading http://repo:8000/Packages.sig Signature check passed # Package list corruption or MIM: Downloading http://repo:8000/Packages Updated list of available packages in /usr/lib/opkg/lists/angstrom Downloading http://repo:8000/Packages.sig Signature check failed Collected errors: * Verification failure Camille Moncelier http://devlife.org/
opkg-read-only-x509-smime-package-list-signature-support.patch
Description: Binary data
_______________________________________________ Openembedded-devel mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
