[oe] [PATCH] Opkg support for smime (pkcs7) packages list signing
Camille Moncelier
moncelier at devlife.org
Thu Oct 15 16:34:55 UTC 2009
As promised :) here is a patch allowing opkg to authenticate
a package list using smime and openssl instead of gpgme
Example:
# Sign a package list:
openssl smime -sign -in /path/to/repo/Packages \
-signer /root/server.pem -binary \
-outform PEM -out /path/to/repo/Packages.sig
# Configuration in /etc/opkg/opkg.conf
option check_signature 1
option signature_ca_file /etc/serverCA.pem
# option signature_ca_path /path/to/certs/dir
# opkg update
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check passed
# Package list corruption or MIM:
Downloading http://repo:8000/Packages
Updated list of available packages in /usr/lib/opkg/lists/angstrom
Downloading http://repo:8000/Packages.sig
Signature check failed
Collected errors:
* Verification failure
Camille Moncelier
http://devlife.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opkg-read-only-x509-smime-package-list-signature-support.patch
Type: application/octet-stream
Size: 9344 bytes
Desc: not available
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20091015/2c2d5110/attachment-0002.obj>
More information about the Openembedded-devel
mailing list