Thanks, applied as d75a073299db04d0156396098bb7e6a72c6d542a. Michael
[sent from post-receive hook] On Wed, 25 May 2022 11:45:22 +0200, Christian Melki <christian.me...@t2data.com> wrote: > Various fixes and updates. Notable addition is zstd compression support. > Deprecated functions: Openssl signature validation and pathfinder > validation. > Seems the preferred validation method is using gpg. > > https://git.yoctoproject.org/opkg/log/ > > * Remove openssl, pathfinder support. > * Disable zstd by default. > * Remove signature handling from installation. > * Remove signature handling variables from opkg.conf > * Remove signature handling variables from ptxdist internal > "prepare_work_dir.sh" > > Signed-off-by: Christian Melki <christian.me...@t2data.com> > Message-Id: <20220513132057.1883947-1-christian.me...@t2data.com> > Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de> > > diff --git a/projectroot/etc/opkg/opkg.conf b/projectroot/etc/opkg/opkg.conf > index 67a64838ff63..dd1de5f4e2a0 100644 > --- a/projectroot/etc/opkg/opkg.conf > +++ b/projectroot/etc/opkg/opkg.conf > @@ -16,7 +16,3 @@ option info_dir /usr/share/opkg/info > arch @ARCH@ 10 > arch all 1 > arch noarch 1 > - > -@CHECKSIG@ > -@CAPATH@ > -@CAFILE@ > diff --git a/rules/opkg.in b/rules/opkg.in > index c9160509c366..fa913537c08d 100644 > --- a/rules/opkg.in > +++ b/rules/opkg.in > @@ -4,7 +4,6 @@ menuconfig OPKG > tristate > select LIBARCHIVE > select LIBCURL if OPKG_CURL > - select OPENSSL if OPKG_OPENSSL > prompt "opkg " > help > Opkg is a lightweight package management system based on Ipkg. > @@ -13,21 +12,6 @@ menuconfig OPKG > > if OPKG > > -config OPKG_PATHFINDER > - bool > - prompt "pathfinder support" > - # needs pathfinder-openssl > - depends on BROKEN > - help > - Pathfinder is designed to provide a mechanism for any > - program to perform RFC3280-compliant path validation > - of X.509 certificates, even when some of the intermediate > - certificates are not present on the local machine. It will > - automatically download any such certificates (and their > - CRLs) from the Internet as needed using the AIA and CRL > - distribution point extensions of the certificate it is > - processing. > - > config OPKG_CURL > bool > prompt "libcurl support" > @@ -42,12 +26,6 @@ config OPKG_SHA256 > help > FIXME > > -config OPKG_OPENSSL > - bool > - prompt "openssl signature checking" > - help > - FIXME > - > config OPKG_SSL_CURL > bool > prompt "libcurl certificate authentication" > @@ -57,8 +35,6 @@ config OPKG_SSL_CURL > config OPKG_GPG > bool > prompt "signature checking with gpg" > - # gpg and openssl are mutually exclusive > - depends on ! OPKG_OPENSSL > # needs gpgme > depends on BROKEN > help > @@ -97,17 +73,6 @@ config OPKG_OPKG_CONF_URL > > If you don't want to use this feature, keep the whole entry empty. > > -config OPKG_OPKG_CONF_CHECKSIG > - bool > - prompt "enable repository signature checking" > - depends on OPKG_OPENSSL > - help > - Set the following options in opkg.conf: > - option check_signature 1 > - option signature_ca_path /etc/ssl/certs > - option signature_ca_file /etc/ssl/certs/opkg.crt > - > - Repository will only be used if it's signature can be validated. > endif > > endif > diff --git a/rules/opkg.make b/rules/opkg.make > index 88d25ce29256..0ae8b4bce7b4 100644 > --- a/rules/opkg.make > +++ b/rules/opkg.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPKG) += opkg > # > # Paths and names > # > -OPKG_VERSION := 0.4.5 > -OPKG_MD5 := 5dc41ad37d88803b5e0f456a9c5a0811 > +OPKG_VERSION := 0.5.0 > +OPKG_MD5 := b85f4bafd53d0cdffbcef178319901fa > OPKG := opkg-$(OPKG_VERSION) > OPKG_SUFFIX := tar.gz > OPKG_URL := > http://downloads.yoctoproject.org/releases/opkg/$(OPKG).$(OPKG_SUFFIX) > @@ -38,13 +38,12 @@ OPKG_CONF_OPT := \ > $(GLOBAL_LARGE_FILE_OPTION) \ > --disable-libopkg-api \ > --disable-static \ > - --$(call ptx/endis, PTXCONF_OPKG_PATHFINDER)-pathfinder \ > --disable-xz \ > --disable-bzip2 \ > --disable-lz4 \ > + --disable-zstd \ > --$(call ptx/endis, PTXCONF_OPKG_CURL)-curl \ > --$(call ptx/endis, PTXCONF_OPKG_SHA256)-sha256 \ > - --$(call ptx/endis, PTXCONF_OPKG_OPENSSL)-openssl \ > --$(call ptx/endis, PTXCONF_OPKG_SSL_CURL)-ssl-curl \ > --$(call ptx/endis, PTXCONF_OPKG_GPG)-gpg \ > --without-static-libopkg \ > @@ -76,31 +75,12 @@ endif > > @$(call install_lib, opkg, 0, 0, 0644, libopkg) > > -ifdef PTXCONF_IMAGE_IPKG_SIGN_OPENSSL > - @$(call install_copy, opkg, 0, 0, 0644, > $(PTXCONF_IMAGE_IPKG_SIGN_OPENSSL_SIGNER), /etc/ssl/certs/opkg.crt) > -endif > - > ifdef PTXCONF_OPKG_OPKG_CONF > @$(call install_alternative, opkg, 0, 0, 0644, /etc/opkg/opkg.conf) > @$(call install_replace, opkg, /etc/opkg/opkg.conf, @SRC@, \ > $(PTXCONF_OPKG_OPKG_CONF_URL)) > @$(call install_replace, opkg, /etc/opkg/opkg.conf, @ARCH@, \ > $(PTXDIST_IPKG_ARCH_STRING)) > -ifdef PTXCONF_OPKG_OPKG_CONF_CHECKSIG > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ > - "option check_signature 1") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ > - "option signature_ca_path /etc/ssl/certs") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ > - "option signature_ca_file /etc/ssl/certs/opkg.crt") > -else > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ > - "#option check_signature 0") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ > - "#option signature_ca_path /etc/ssl/certs") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ > - "#option signature_ca_file /etc/ssl/certs/opkg.crt") > -endif > endif > > @$(call install_finish, opkg) > diff --git a/scripts/lib/ptxd_make_image_prepare_work_dir.sh > b/scripts/lib/ptxd_make_image_prepare_work_dir.sh > index fa65ce8ec3e1..aaa676e09544 100644 > --- a/scripts/lib/ptxd_make_image_prepare_work_dir.sh > +++ b/scripts/lib/ptxd_make_image_prepare_work_dir.sh > @@ -39,9 +39,6 @@ ${list[*]} > > ARCH="${PTXDIST_IPKG_ARCH_STRING}" \ > SRC="" \ > - CHECKSIG="" \ > - CAPATH="" \ > - CAFILE="" \ > ptxd_replace_magic "${ptxd_reply}" >> "${xpkg_conf}" && > > DESTDIR="${work_dir}" \