On 5/16/21 3:26 PM, Hauke Mehrtens wrote:
Instead of adding all public signature keys from the openwrt-keyring repository only add the key which is used to sign the OpenWrt 21.02 feeds.If one of the other keys would be compromised this would not affect users of 21.02 release builds. Signed-off-by: Hauke Mehrtens <[email protected]> --- package/system/openwrt-keyring/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile index 6f3aa65622..e3078074b9 100644 --- a/package/system/openwrt-keyring/Makefile +++ b/package/system/openwrt-keyring/Makefile @@ -32,7 +32,8 @@ Build/Compile=define Package/openwrt-keyring/install$(INSTALL_DIR) $(1)/etc/opkg/keys/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/ + # Public usign key for 21.02 release builds + $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/ endef$(eval $(call BuildPackage,openwrt-keyring))
This patch is for the 21.02 release branch and the PKG_RELEASE should also get increased.
Hauke
OpenPGP_0x93DD20630910B515.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
