Jo-Philipp Wich f565f276e2 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 21:22:27 +02:00

104 lines
2.7 KiB
Makefile

#
# Copyright (C) 2006-2015 OpenWrt.org
# Copyright (C) 2016-2017 LEDE Project
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=opkg
PKG_RELEASE:=1
PKG_FLAGS:=essential
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://git.openwrt.org/project/opkg-lede.git
PKG_SOURCE_DATE:=2019-06-14
PKG_SOURCE_VERSION:=dcbc142e51f5f5f2fb9e4e44657e013d3c36a52b
PKG_MIRROR_HASH:=fca7e71dd06f0d5ee0af0d0a493d641d4d5d7e403d64c67879a462a020aa2299
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
# Extend depends from version.mk
PKG_CONFIG_DEPENDS += \
CONFIG_SIGNATURE_CHECK \
CONFIG_TARGET_INIT_PATH
PKG_BUILD_PARALLEL:=1
HOST_BUILD_PARALLEL:=1
PKG_INSTALL:=1
HOST_BUILD_DEPENDS:=libubox/host
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/opkg
SECTION:=base
CATEGORY:=Base system
TITLE:=opkg package manager
DEPENDS:=+uclient-fetch +libpthread +libubox
URL:=$(PKG_SOURCE_URL)
MENU:=1
endef
define Package/opkg/description
Lightweight package management system
opkg is the opkg Package Management System, for handling
installation and removal of packages on a system. It can
recursively follow dependencies and download all packages
necessary to install a particular package.
opkg knows how to install both .ipk and .deb packages.
endef
define Package/opkg/conffiles
/etc/opkg.conf
/etc/opkg/keys/
/etc/opkg/customfeeds.conf
endef
TARGET_CFLAGS += -ffunction-sections -fdata-sections
EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
CMAKE_OPTIONS += \
-DBUILD_TESTS=OFF \
-DHOST_CPU=$(PKGARCH) \
-DPATH_SPEC="$(TARGET_INIT_PATH)" \
-DVERSION="$(PKG_SOURCE_VERSION) ($(PKG_SOURCE_DATE))"
CMAKE_HOST_OPTIONS += \
-DSTATIC_UBOX=ON \
-DBUILD_TESTS=OFF \
-DHOST_CPU=$(PKGARCH) \
-DLOCK_FILE=/tmp/opkg.lock \
-DVERSION="$(PKG_SOURCE_VERSION) ($(PKG_SOURCE_DATE))"
define Package/opkg/install
$(INSTALL_DIR) $(1)/usr/lib/opkg
$(INSTALL_DIR) $(1)/bin
$(INSTALL_DIR) $(1)/etc/opkg
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DATA) ./files/customfeeds.conf $(1)/etc/opkg/customfeeds.conf
$(INSTALL_DATA) ./files/opkg$(2).conf $(1)/etc/opkg.conf
$(INSTALL_BIN) ./files/20_migrate-feeds $(1)/etc/uci-defaults/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/opkg-cl $(1)/bin/opkg
ifneq ($(CONFIG_SIGNATURE_CHECK),)
echo "option check_signature" >> $(1)/etc/opkg.conf
endif
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
endef
define Host/Install
$(INSTALL_BIN) $(HOST_BUILD_DIR)/src/opkg-cl $(STAGING_DIR_HOST)/bin/opkg
endef
$(eval $(call BuildPackage,opkg))
$(eval $(call HostBuild))