Paul Spooren 395ac4d018 build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:44:26 +01:00

59 lines
1.1 KiB
Bash
Executable File

#!/bin/sh
OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}"
usage() {
cat <<EOF
Usage: $0 <command> <arguments...>
Commands:
add <file>: Add keyfile <file> to opkg trusted keys
remove <file>: Remove keyfile matching <file> from opkg trusted keys
verify <sigfile> <list>: Check list file <list> against signature file <sigfile>
EOF
exit 1
}
opkg_key_verify() {
local sigfile="$1"
local msgfile="$2"
(
zcat "$msgfile" 2>/dev/null ||
cat "$msgfile" 2>/dev/null
) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m -
}
opkg_key_add() {
local key="$1"
[ -n "$key" ] || usage
[ -f "$key" ] || echo "Cannot open file $1"
local fingerprint="$(usign -F -p "$key")"
mkdir -p "$OPKG_KEYS"
cp "$key" "$OPKG_KEYS/$fingerprint"
}
opkg_key_remove() {
local key="$1"
[ -n "$key" ] || usage
[ -f "$key" ] || echo "Cannot open file $1"
local fingerprint="$(usign -F -p "$key")"
rm -f "$OPKG_KEYS/$fingerprint"
}
case "$1" in
add)
shift
opkg_key_add "$@"
;;
remove)
shift
opkg_key_remove "$@"
;;
verify)
shift
opkg_key_verify "$@"
;;
*) usage ;;
esac