From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 13 May 2022 15:21:36 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1npVEe-00BzOF-Ly for lore@lore.pengutronix.de; Fri, 13 May 2022 15:21:36 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1npVEe-0004Sq-0G; Fri, 13 May 2022 15:21:36 +0200 Received: from mail-am6eur05on2040.outbound.protection.outlook.com ([40.107.22.40] helo=EUR05-AM6-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1npVEC-0004Pu-OA for ptxdist@pengutronix.de; Fri, 13 May 2022 15:21:10 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aljqEGtMPt55cTVCU3Ms21bzjCSYNLLUK8zcAMXdM1TBqKKtmdhlWKLK1FoUn0y1JlentjqvDAyS1CpQbkWesy0taUf7Js1OeezBP/91q0Gjaz2hys4vMle4orsh1uNQFX2j107qeHypzvdqzPciQV0R2yvjYgEt5xuna0a+ShtXSlca4428pKbyrCHJ81ckrgfviZmxVvj2URqaecb4EIr/yusnwQE2ihVuLxFMYAG3SlK0+aicn9a5B0DQOe8RJHRSqEocAizjtSVnEDPSQkfK2bLeiwWIQMBtANsyIDo7r1+KfA+FU6VWVTTZDM9OjSbrMyDwLC0u7DEhTd7qhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=B1UJjFaN7MClFpEsj5Vld4LkCBPpss/Qpx56eecTxIo=; b=Xh/EYQGNic55n6sU/eGdfRPDsbe2dbER6LQy1yI2m+2BSwHMLhrxg5g1ZdkGFD2R5wKVbwuu31YDUUqeKdG24K4pk1VZpsFdlEQcqaq3vRekASmiB44H25kVQ8m3T0pzhhYT/IbUioM2jlIh7AfEJSX/xNb31q+gkduLwGVdJ/DMexl/dugbPe24zZx71f1BJor1qPpJVa5t8nXZFJY2WZozhuU3C97vINWDPG+BZVnBQCZkzM3mlfpFrDhtPVrkks8CGkSxeJUuiTN7T/9zZpujY9Go4eHUmgAVgOufyiDcf61mxONJ4EvWUjG/rFMZXgqT6VdhEuUTvLW21cc2Lg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B1UJjFaN7MClFpEsj5Vld4LkCBPpss/Qpx56eecTxIo=; b=HnYYxQHLFmOufq1QVpg6dtgBmchnwbfJJnABP1D48QFBR/qCOvJ16WT1C8XFZDDD4q0Zi4TqPIp0g0kbXhodG1rclCAJKLu2mR/zqMOxJguRg+7eWjXcBqFwhlZ+8a34ZHlEhdU81hSWiuCDCpAhqiBJeRWTOYf8h/3jPrX3aek= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DB9P251MB0201.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:2ca::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Fri, 13 May 2022 13:21:04 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af%8]) with mapi id 15.20.5250.014; Fri, 13 May 2022 13:21:04 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Fri, 13 May 2022 15:20:56 +0200 Message-Id: <20220513132057.1883947-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV3P280CA0047.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:9::15) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 53826cb3-e777-4e3c-6095-08da34e36e8b X-MS-TrafficTypeDiagnostic: DB9P251MB0201:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cIEu9Ms2ghYTbkafnPhBXRo5BO7ZNOWB2/07/DV+F8KwwngPyY0CDRg1Vw+ADxHRRodwo7JA8mxURqeQrSCKrygM1+YdMYe4KtKT6ob8oXI81Gp8xqJI//QgFgCq4RLVCOfOrR1k0JVxP6RBDiNYKttnburoPTNy7m0bLQJ3eDMhZ4L7ZPliWvy0AlMrZoAjag+KpYHnT3zRF1Lax6R7gC0GAnORhhMiG7qse1YcmvWKOep6zlpRVaUS/483hc8NLwUYYdLlycqHu8oTXWwGimBXxExB+Mcy762OM3nip/daQUBhn0GhTXAmrptLxRu9n5GCGxX3ENSa0utwcHYxwNWAMABQq3yJtYsWwwamt6EjpVGEv4xGBLhmMPo8CVMxjCgpP8GSyBUVmkD9OcvqJsb8OOHZyMMMV8z50vitmCZ7ZXZ3hWqO+w08xO0Hyi/nDAUTms7HFxU6Vck1edxjVTdut1h6UjCSNDIBJvojj9sp9oSxsZmjhEGvU8Zk96UxCtHj7MZ/59Ys5b+1NPKcgf87I0f0OufyI9vERRWPQmyoBDBnsU83nupiOVJ8wmdHlf3Yg/6eNgZUaosGfTZk9lxk6KTsIVEztKTf0dCKCIO/3GFntiDjqFUYUlAo//nTnDFAYRELUVkV7eb3t223WUIfgjRhwfi3I2FEZNEaZ99R5SvnzzGm1f0PKFFbMF2l/iBO8oJfvNgkxU3BIlc/iYXQEm1ftC+n5309qJOCe3IzY5V5c/F75x+G1zUWndP/k1GfniWZkoTcsEIGwWlkIfsYLLtDPY5RbR/sbnhb9Xo= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(39830400003)(396003)(376002)(346002)(366004)(136003)(316002)(8676002)(66556008)(66946007)(966005)(508600001)(6486002)(86362001)(186003)(38100700002)(6916009)(83380400001)(1076003)(66476007)(66574015)(38350700002)(6666004)(52116002)(26005)(6506007)(2616005)(6512007)(2906002)(5660300002)(44832011)(36756003)(8936002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?0GYXjjKB4EcjFdlRGQQGKKU80Ysd35mAdE+IxLWnrYE254Sn13+asHGLHuH/?= =?us-ascii?Q?YYX2c2NK3OO1BoJUFUbkfgLCiN+njUUruX1oBdRQvVVRBsVPV5qaq41Zzadp?= =?us-ascii?Q?Fuooc/NCVPR/m9SL7ocWSOdxzr4DAsFh1MYeoWBc7bNxFky2PVujWWVMtumh?= =?us-ascii?Q?GQpDDqcI82RN6GGwfrhFV+IHxhHEldLTXw3PkEA6Py5h1WnTGxBlfyuMq5fq?= =?us-ascii?Q?1FM6C75gS9fAaUWIHKXPbLZKY+TfDxpYTt5J8+GqagaayU6P2V5gi8W65Fem?= =?us-ascii?Q?00l7k7Xq71xeVHggVCjwVKVyx26rfIO7WUuMwX1ZWFAuxvWhGVthGeN/lOgN?= =?us-ascii?Q?guJTuLUK2ykpzi5+cSJxnjM0h7YeT0Ew/Rq2FaA7sehMYOSeMJ5/9U4xUMS4?= =?us-ascii?Q?D19scwt8SKeFgLkH9ytN0txm+k/Es5SsEfn3x9vHf35zFowncwlLT/tiJJ+K?= =?us-ascii?Q?N/iLfguXTOq5wRC611JMf67OKs7f0tVypS50ZOuGD5I/KSRwbz69AqZpRw93?= =?us-ascii?Q?T87aK6r4kMSEAmBrRH54U5pBngzxHqk18lclXLYuswZpO6S486QNK+jvsbCA?= =?us-ascii?Q?itslfd75HnYjRG6B9WnCNGj2kpWjVaif20SeA8xK9i4cdDiiSdwNClZfbalt?= =?us-ascii?Q?aBl08YWBknwLkMl6NC6rRnr4B58+a2WdcLh5xLbpR0kBZlEkvVRyPrail4nT?= =?us-ascii?Q?1tR5S8kZBNLMQ8iar/S3gCsr14uIirWR5h8gbj2rCRB3Z24cCf6r8La+f3Ro?= =?us-ascii?Q?0HmpQYHGz7qvVeQgN+Bx1p6a273+T+z5MX5BtucfctlhJg1yOmTm1TwPLOB7?= =?us-ascii?Q?h/eF5+DmBdHESErFaUDP+FiZigEoXPJwRG6spss0VB8FrxJITEZD3TcFgN2A?= =?us-ascii?Q?TuN5j3RFpIsQTFevWhLZw6WONB8M5/C4CwdUohJrXsrEopO/5Ywq1YQH8FKD?= =?us-ascii?Q?62h8BSsqTfLy/Tgv5TuDBD3SMPYM0T6uSif40nPoF0jd71hgy+TvfhT9KC0N?= =?us-ascii?Q?PEIp8cCr+3Ni/f1cC6YwYmL1HS1lyZsHbl3YBOJeBdDukDqkNwFA9Q9E6AEJ?= =?us-ascii?Q?TG8bjnmmb7KBWKDXZ3G3cf7WtcXxTXPxWsOsIy9CmtEip0AHGK1qGcBgeeXf?= =?us-ascii?Q?XfKjpzxRIDtgGqfQAWPZDG1Xj/GHMQj1dpR71wHoPGbSrIVsLZyIZK63CVRo?= =?us-ascii?Q?kzvk5daynbI2YzdJmJ5BQvk6h5CLzr8kSjZm7/rcnqdr+HeJDdK3/O/umtWi?= =?us-ascii?Q?jZqzpLZg8q3cPaLFiKCTORE2ncbRR9Gc6kffcJKwzLg+j/kOoGS5kw8Rrtkz?= =?us-ascii?Q?eMtqS4nM5hOsbvzr4eoAmCywV3ZkzM1n309j5t+oxJpBl7sd/m7yDree8hfH?= =?us-ascii?Q?UZrV9+WRgojhekkXjtAwHLsBguSFGItU41lC54etpjhCiyf/RGsc89llyMRK?= =?us-ascii?Q?POF44lrKJOKwgMwcy+29e6QJgiFKILuuiohng8g/xNJ66kUI/+5jFWgrv7wH?= =?us-ascii?Q?hShmM+o9mI5gWNpJ4hY5a4PPCgl07b9rzECOIGZFlJQFC4QyJs6tpLSyphLv?= =?us-ascii?Q?3Y0O8A/kJPzQ8ISX/aegF4h6asPHutyhLcoXFOEarN9Gdf675AL05dDeXTM9?= =?us-ascii?Q?eAko4Qi3+WoA2v/PptaK9HSxaKHH/NbbS8FVDOQd/cYw+qoxEgh5GNyEKvDR?= =?us-ascii?Q?8SrGHCNgf46BYCICvez73U+Cc5MIarMSeSvh2zuRR6GlVSChBKWtTckVBHHC?= =?us-ascii?Q?bl3nubDCeCO8lVhlDOayI5Q7ECEfjA9FDWVVatBbKTtBinxVS1PM?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 53826cb3-e777-4e3c-6095-08da34e36e8b X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 May 2022 13:21:04.4132 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uWIcyAAKQyg3lR1tH15Fse7dJ37NmN1fPcD6Lh6GEirBS7rfIhJSANwyotvG7HSOvc3aaf2ZvuCMsXi3GRbBAAuQeQGtekaRpuKtC/58v34= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P251MB0201 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_RED autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH 1/2] opkg: Version bump. 0.4.5 -> 0.5.0. X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Various fixes and updates. Notable addition is zstd compression support. Deprecated functions: Openssl signature validation and pathfinder validation. Seems the preferred validation method is using gpg. https://git.yoctoproject.org/opkg/log/ * Remove openssl, pathfinder support. * Disable zstd by default. * Remove signature handling from installation. * Remove signature handling variables from opkg.conf * Remove signature handling variables from ptxdist internal "prepare_work_dir.sh" Signed-off-by: Christian Melki --- projectroot/etc/opkg/opkg.conf | 4 --- rules/opkg.in | 33 ------------------- rules/opkg.make | 26 ++------------- .../lib/ptxd_make_image_prepare_work_dir.sh | 3 -- 4 files changed, 3 insertions(+), 63 deletions(-) diff --git a/projectroot/etc/opkg/opkg.conf b/projectroot/etc/opkg/opkg.conf index 67a64838f..dd1de5f4e 100644 --- a/projectroot/etc/opkg/opkg.conf +++ b/projectroot/etc/opkg/opkg.conf @@ -16,7 +16,3 @@ option info_dir /usr/share/opkg/info arch @ARCH@ 10 arch all 1 arch noarch 1 - -@CHECKSIG@ -@CAPATH@ -@CAFILE@ diff --git a/rules/opkg.in b/rules/opkg.in index c9160509c..2ab09503e 100644 --- a/rules/opkg.in +++ b/rules/opkg.in @@ -4,7 +4,6 @@ menuconfig OPKG tristate select LIBARCHIVE select LIBCURL if OPKG_CURL - select OPENSSL if OPKG_OPENSSL prompt "opkg " help Opkg is a lightweight package management system based on Ipkg. @@ -13,21 +12,6 @@ menuconfig OPKG if OPKG -config OPKG_PATHFINDER - bool - prompt "pathfinder support" - # needs pathfinder-openssl - depends on BROKEN - help - Pathfinder is designed to provide a mechanism for any - program to perform RFC3280-compliant path validation - of X.509 certificates, even when some of the intermediate - certificates are not present on the local machine. It will - automatically download any such certificates (and their - CRLs) from the Internet as needed using the AIA and CRL - distribution point extensions of the certificate it is - processing. - config OPKG_CURL bool prompt "libcurl support" @@ -42,12 +26,6 @@ config OPKG_SHA256 help FIXME -config OPKG_OPENSSL - bool - prompt "openssl signature checking" - help - FIXME - config OPKG_SSL_CURL bool prompt "libcurl certificate authentication" @@ -97,17 +75,6 @@ config OPKG_OPKG_CONF_URL If you don't want to use this feature, keep the whole entry empty. -config OPKG_OPKG_CONF_CHECKSIG - bool - prompt "enable repository signature checking" - depends on OPKG_OPENSSL - help - Set the following options in opkg.conf: - option check_signature 1 - option signature_ca_path /etc/ssl/certs - option signature_ca_file /etc/ssl/certs/opkg.crt - - Repository will only be used if it's signature can be validated. endif endif diff --git a/rules/opkg.make b/rules/opkg.make index 88d25ce29..0ae8b4bce 100644 --- a/rules/opkg.make +++ b/rules/opkg.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPKG) += opkg # # Paths and names # -OPKG_VERSION := 0.4.5 -OPKG_MD5 := 5dc41ad37d88803b5e0f456a9c5a0811 +OPKG_VERSION := 0.5.0 +OPKG_MD5 := b85f4bafd53d0cdffbcef178319901fa OPKG := opkg-$(OPKG_VERSION) OPKG_SUFFIX := tar.gz OPKG_URL := http://downloads.yoctoproject.org/releases/opkg/$(OPKG).$(OPKG_SUFFIX) @@ -38,13 +38,12 @@ OPKG_CONF_OPT := \ $(GLOBAL_LARGE_FILE_OPTION) \ --disable-libopkg-api \ --disable-static \ - --$(call ptx/endis, PTXCONF_OPKG_PATHFINDER)-pathfinder \ --disable-xz \ --disable-bzip2 \ --disable-lz4 \ + --disable-zstd \ --$(call ptx/endis, PTXCONF_OPKG_CURL)-curl \ --$(call ptx/endis, PTXCONF_OPKG_SHA256)-sha256 \ - --$(call ptx/endis, PTXCONF_OPKG_OPENSSL)-openssl \ --$(call ptx/endis, PTXCONF_OPKG_SSL_CURL)-ssl-curl \ --$(call ptx/endis, PTXCONF_OPKG_GPG)-gpg \ --without-static-libopkg \ @@ -76,31 +75,12 @@ endif @$(call install_lib, opkg, 0, 0, 0644, libopkg) -ifdef PTXCONF_IMAGE_IPKG_SIGN_OPENSSL - @$(call install_copy, opkg, 0, 0, 0644, $(PTXCONF_IMAGE_IPKG_SIGN_OPENSSL_SIGNER), /etc/ssl/certs/opkg.crt) -endif - ifdef PTXCONF_OPKG_OPKG_CONF @$(call install_alternative, opkg, 0, 0, 0644, /etc/opkg/opkg.conf) @$(call install_replace, opkg, /etc/opkg/opkg.conf, @SRC@, \ $(PTXCONF_OPKG_OPKG_CONF_URL)) @$(call install_replace, opkg, /etc/opkg/opkg.conf, @ARCH@, \ $(PTXDIST_IPKG_ARCH_STRING)) -ifdef PTXCONF_OPKG_OPKG_CONF_CHECKSIG - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ - "option check_signature 1") - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ - "option signature_ca_path /etc/ssl/certs") - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ - "option signature_ca_file /etc/ssl/certs/opkg.crt") -else - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ - "#option check_signature 0") - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ - "#option signature_ca_path /etc/ssl/certs") - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ - "#option signature_ca_file /etc/ssl/certs/opkg.crt") -endif endif @$(call install_finish, opkg) diff --git a/scripts/lib/ptxd_make_image_prepare_work_dir.sh b/scripts/lib/ptxd_make_image_prepare_work_dir.sh index fa65ce8ec..aaa676e09 100644 --- a/scripts/lib/ptxd_make_image_prepare_work_dir.sh +++ b/scripts/lib/ptxd_make_image_prepare_work_dir.sh @@ -39,9 +39,6 @@ ${list[*]} ARCH="${PTXDIST_IPKG_ARCH_STRING}" \ SRC="" \ - CHECKSIG="" \ - CAPATH="" \ - CAFILE="" \ ptxd_replace_magic "${ptxd_reply}" >> "${xpkg_conf}" && DESTDIR="${work_dir}" \ -- 2.34.1