From: Christian Melki <christian.melki@t2data.com>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH 1/2] opkg: Version bump. 0.4.5 -> 0.5.0.
Date: Fri, 13 May 2022 15:20:56 +0200 [thread overview]
Message-ID: <20220513132057.1883947-1-christian.melki@t2data.com> (raw)
Various fixes and updates. Notable addition is zstd compression support.
Deprecated functions: Openssl signature validation and pathfinder
validation.
Seems the preferred validation method is using gpg.
https://git.yoctoproject.org/opkg/log/
* Remove openssl, pathfinder support.
* Disable zstd by default.
* Remove signature handling from installation.
* Remove signature handling variables from opkg.conf
* Remove signature handling variables from ptxdist internal
"prepare_work_dir.sh"
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
projectroot/etc/opkg/opkg.conf | 4 ---
rules/opkg.in | 33 -------------------
rules/opkg.make | 26 ++-------------
.../lib/ptxd_make_image_prepare_work_dir.sh | 3 --
4 files changed, 3 insertions(+), 63 deletions(-)
diff --git a/projectroot/etc/opkg/opkg.conf b/projectroot/etc/opkg/opkg.conf
index 67a64838f..dd1de5f4e 100644
--- a/projectroot/etc/opkg/opkg.conf
+++ b/projectroot/etc/opkg/opkg.conf
@@ -16,7 +16,3 @@ option info_dir /usr/share/opkg/info
arch @ARCH@ 10
arch all 1
arch noarch 1
-
-@CHECKSIG@
-@CAPATH@
-@CAFILE@
diff --git a/rules/opkg.in b/rules/opkg.in
index c9160509c..2ab09503e 100644
--- a/rules/opkg.in
+++ b/rules/opkg.in
@@ -4,7 +4,6 @@ menuconfig OPKG
tristate
select LIBARCHIVE
select LIBCURL if OPKG_CURL
- select OPENSSL if OPKG_OPENSSL
prompt "opkg "
help
Opkg is a lightweight package management system based on Ipkg.
@@ -13,21 +12,6 @@ menuconfig OPKG
if OPKG
-config OPKG_PATHFINDER
- bool
- prompt "pathfinder support"
- # needs pathfinder-openssl
- depends on BROKEN
- help
- Pathfinder is designed to provide a mechanism for any
- program to perform RFC3280-compliant path validation
- of X.509 certificates, even when some of the intermediate
- certificates are not present on the local machine. It will
- automatically download any such certificates (and their
- CRLs) from the Internet as needed using the AIA and CRL
- distribution point extensions of the certificate it is
- processing.
-
config OPKG_CURL
bool
prompt "libcurl support"
@@ -42,12 +26,6 @@ config OPKG_SHA256
help
FIXME
-config OPKG_OPENSSL
- bool
- prompt "openssl signature checking"
- help
- FIXME
-
config OPKG_SSL_CURL
bool
prompt "libcurl certificate authentication"
@@ -97,17 +75,6 @@ config OPKG_OPKG_CONF_URL
If you don't want to use this feature, keep the whole entry empty.
-config OPKG_OPKG_CONF_CHECKSIG
- bool
- prompt "enable repository signature checking"
- depends on OPKG_OPENSSL
- help
- Set the following options in opkg.conf:
- option check_signature 1
- option signature_ca_path /etc/ssl/certs
- option signature_ca_file /etc/ssl/certs/opkg.crt
-
- Repository will only be used if it's signature can be validated.
endif
endif
diff --git a/rules/opkg.make b/rules/opkg.make
index 88d25ce29..0ae8b4bce 100644
--- a/rules/opkg.make
+++ b/rules/opkg.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPKG) += opkg
#
# Paths and names
#
-OPKG_VERSION := 0.4.5
-OPKG_MD5 := 5dc41ad37d88803b5e0f456a9c5a0811
+OPKG_VERSION := 0.5.0
+OPKG_MD5 := b85f4bafd53d0cdffbcef178319901fa
OPKG := opkg-$(OPKG_VERSION)
OPKG_SUFFIX := tar.gz
OPKG_URL := http://downloads.yoctoproject.org/releases/opkg/$(OPKG).$(OPKG_SUFFIX)
@@ -38,13 +38,12 @@ OPKG_CONF_OPT := \
$(GLOBAL_LARGE_FILE_OPTION) \
--disable-libopkg-api \
--disable-static \
- --$(call ptx/endis, PTXCONF_OPKG_PATHFINDER)-pathfinder \
--disable-xz \
--disable-bzip2 \
--disable-lz4 \
+ --disable-zstd \
--$(call ptx/endis, PTXCONF_OPKG_CURL)-curl \
--$(call ptx/endis, PTXCONF_OPKG_SHA256)-sha256 \
- --$(call ptx/endis, PTXCONF_OPKG_OPENSSL)-openssl \
--$(call ptx/endis, PTXCONF_OPKG_SSL_CURL)-ssl-curl \
--$(call ptx/endis, PTXCONF_OPKG_GPG)-gpg \
--without-static-libopkg \
@@ -76,31 +75,12 @@ endif
@$(call install_lib, opkg, 0, 0, 0644, libopkg)
-ifdef PTXCONF_IMAGE_IPKG_SIGN_OPENSSL
- @$(call install_copy, opkg, 0, 0, 0644, $(PTXCONF_IMAGE_IPKG_SIGN_OPENSSL_SIGNER), /etc/ssl/certs/opkg.crt)
-endif
-
ifdef PTXCONF_OPKG_OPKG_CONF
@$(call install_alternative, opkg, 0, 0, 0644, /etc/opkg/opkg.conf)
@$(call install_replace, opkg, /etc/opkg/opkg.conf, @SRC@, \
$(PTXCONF_OPKG_OPKG_CONF_URL))
@$(call install_replace, opkg, /etc/opkg/opkg.conf, @ARCH@, \
$(PTXDIST_IPKG_ARCH_STRING))
-ifdef PTXCONF_OPKG_OPKG_CONF_CHECKSIG
- @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \
- "option check_signature 1")
- @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \
- "option signature_ca_path /etc/ssl/certs")
- @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \
- "option signature_ca_file /etc/ssl/certs/opkg.crt")
-else
- @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \
- "#option check_signature 0")
- @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \
- "#option signature_ca_path /etc/ssl/certs")
- @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \
- "#option signature_ca_file /etc/ssl/certs/opkg.crt")
-endif
endif
@$(call install_finish, opkg)
diff --git a/scripts/lib/ptxd_make_image_prepare_work_dir.sh b/scripts/lib/ptxd_make_image_prepare_work_dir.sh
index fa65ce8ec..aaa676e09 100644
--- a/scripts/lib/ptxd_make_image_prepare_work_dir.sh
+++ b/scripts/lib/ptxd_make_image_prepare_work_dir.sh
@@ -39,9 +39,6 @@ ${list[*]}
ARCH="${PTXDIST_IPKG_ARCH_STRING}" \
SRC="" \
- CHECKSIG="" \
- CAPATH="" \
- CAFILE="" \
ptxd_replace_magic "${ptxd_reply}" >> "${xpkg_conf}" &&
DESTDIR="${work_dir}" \
--
2.34.1
next reply other threads:[~2022-05-13 13:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-13 13:20 Christian Melki [this message]
2022-05-13 13:20 ` [ptxdist] [PATCH 2/2] host-opkg: Follow options after upgrade of opkg Christian Melki
2022-05-25 9:45 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-05-25 9:45 ` [ptxdist] [APPLIED] opkg: Version bump. 0.4.5 -> 0.5.0 Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220513132057.1883947-1-christian.melki@t2data.com \
--to=christian.melki@t2data.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox