From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 25 May 2022 11:47:53 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ntncP-008VMc-Jz for lore@lore.pengutronix.de; Wed, 25 May 2022 11:47:53 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ntncO-0002ZK-Nk; Wed, 25 May 2022 11:47:52 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ntna1-0007Xb-2S; Wed, 25 May 2022 11:45:25 +0200 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1ntna1-004RBj-1E; Wed, 25 May 2022 11:45:23 +0200 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1ntnZy-00BwPr-BG; Wed, 25 May 2022 11:45:22 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Wed, 25 May 2022 11:45:22 +0200 Message-Id: <20220525094522.2846115-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220513132057.1883947-1-christian.melki@t2data.com> References: <20220513132057.1883947-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [ptxdist] [APPLIED] opkg: Version bump. 0.4.5 -> 0.5.0. X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Christian Melki Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as d75a073299db04d0156396098bb7e6a72c6d542a. Michael [sent from post-receive hook] On Wed, 25 May 2022 11:45:22 +0200, Christian Melki wrote: > Various fixes and updates. Notable addition is zstd compression support. > Deprecated functions: Openssl signature validation and pathfinder > validation. > Seems the preferred validation method is using gpg. > > https://git.yoctoproject.org/opkg/log/ > > * Remove openssl, pathfinder support. > * Disable zstd by default. > * Remove signature handling from installation. > * Remove signature handling variables from opkg.conf > * Remove signature handling variables from ptxdist internal > "prepare_work_dir.sh" > > Signed-off-by: Christian Melki > Message-Id: <20220513132057.1883947-1-christian.melki@t2data.com> > Signed-off-by: Michael Olbrich > > diff --git a/projectroot/etc/opkg/opkg.conf b/projectroot/etc/opkg/opkg.conf > index 67a64838ff63..dd1de5f4e2a0 100644 > --- a/projectroot/etc/opkg/opkg.conf > +++ b/projectroot/etc/opkg/opkg.conf > @@ -16,7 +16,3 @@ option info_dir /usr/share/opkg/info > arch @ARCH@ 10 > arch all 1 > arch noarch 1 > - > -@CHECKSIG@ > -@CAPATH@ > -@CAFILE@ > diff --git a/rules/opkg.in b/rules/opkg.in > index c9160509c366..fa913537c08d 100644 > --- a/rules/opkg.in > +++ b/rules/opkg.in > @@ -4,7 +4,6 @@ menuconfig OPKG > tristate > select LIBARCHIVE > select LIBCURL if OPKG_CURL > - select OPENSSL if OPKG_OPENSSL > prompt "opkg " > help > Opkg is a lightweight package management system based on Ipkg. > @@ -13,21 +12,6 @@ menuconfig OPKG > > if OPKG > > -config OPKG_PATHFINDER > - bool > - prompt "pathfinder support" > - # needs pathfinder-openssl > - depends on BROKEN > - help > - Pathfinder is designed to provide a mechanism for any > - program to perform RFC3280-compliant path validation > - of X.509 certificates, even when some of the intermediate > - certificates are not present on the local machine. It will > - automatically download any such certificates (and their > - CRLs) from the Internet as needed using the AIA and CRL > - distribution point extensions of the certificate it is > - processing. > - > config OPKG_CURL > bool > prompt "libcurl support" > @@ -42,12 +26,6 @@ config OPKG_SHA256 > help > FIXME > > -config OPKG_OPENSSL > - bool > - prompt "openssl signature checking" > - help > - FIXME > - > config OPKG_SSL_CURL > bool > prompt "libcurl certificate authentication" > @@ -57,8 +35,6 @@ config OPKG_SSL_CURL > config OPKG_GPG > bool > prompt "signature checking with gpg" > - # gpg and openssl are mutually exclusive > - depends on ! OPKG_OPENSSL > # needs gpgme > depends on BROKEN > help > @@ -97,17 +73,6 @@ config OPKG_OPKG_CONF_URL > > If you don't want to use this feature, keep the whole entry empty. > > -config OPKG_OPKG_CONF_CHECKSIG > - bool > - prompt "enable repository signature checking" > - depends on OPKG_OPENSSL > - help > - Set the following options in opkg.conf: > - option check_signature 1 > - option signature_ca_path /etc/ssl/certs > - option signature_ca_file /etc/ssl/certs/opkg.crt > - > - Repository will only be used if it's signature can be validated. > endif > > endif > diff --git a/rules/opkg.make b/rules/opkg.make > index 88d25ce29256..0ae8b4bce7b4 100644 > --- a/rules/opkg.make > +++ b/rules/opkg.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPKG) += opkg > # > # Paths and names > # > -OPKG_VERSION := 0.4.5 > -OPKG_MD5 := 5dc41ad37d88803b5e0f456a9c5a0811 > +OPKG_VERSION := 0.5.0 > +OPKG_MD5 := b85f4bafd53d0cdffbcef178319901fa > OPKG := opkg-$(OPKG_VERSION) > OPKG_SUFFIX := tar.gz > OPKG_URL := http://downloads.yoctoproject.org/releases/opkg/$(OPKG).$(OPKG_SUFFIX) > @@ -38,13 +38,12 @@ OPKG_CONF_OPT := \ > $(GLOBAL_LARGE_FILE_OPTION) \ > --disable-libopkg-api \ > --disable-static \ > - --$(call ptx/endis, PTXCONF_OPKG_PATHFINDER)-pathfinder \ > --disable-xz \ > --disable-bzip2 \ > --disable-lz4 \ > + --disable-zstd \ > --$(call ptx/endis, PTXCONF_OPKG_CURL)-curl \ > --$(call ptx/endis, PTXCONF_OPKG_SHA256)-sha256 \ > - --$(call ptx/endis, PTXCONF_OPKG_OPENSSL)-openssl \ > --$(call ptx/endis, PTXCONF_OPKG_SSL_CURL)-ssl-curl \ > --$(call ptx/endis, PTXCONF_OPKG_GPG)-gpg \ > --without-static-libopkg \ > @@ -76,31 +75,12 @@ endif > > @$(call install_lib, opkg, 0, 0, 0644, libopkg) > > -ifdef PTXCONF_IMAGE_IPKG_SIGN_OPENSSL > - @$(call install_copy, opkg, 0, 0, 0644, $(PTXCONF_IMAGE_IPKG_SIGN_OPENSSL_SIGNER), /etc/ssl/certs/opkg.crt) > -endif > - > ifdef PTXCONF_OPKG_OPKG_CONF > @$(call install_alternative, opkg, 0, 0, 0644, /etc/opkg/opkg.conf) > @$(call install_replace, opkg, /etc/opkg/opkg.conf, @SRC@, \ > $(PTXCONF_OPKG_OPKG_CONF_URL)) > @$(call install_replace, opkg, /etc/opkg/opkg.conf, @ARCH@, \ > $(PTXDIST_IPKG_ARCH_STRING)) > -ifdef PTXCONF_OPKG_OPKG_CONF_CHECKSIG > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ > - "option check_signature 1") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ > - "option signature_ca_path /etc/ssl/certs") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ > - "option signature_ca_file /etc/ssl/certs/opkg.crt") > -else > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CHECKSIG@, \ > - "#option check_signature 0") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAPATH@, \ > - "#option signature_ca_path /etc/ssl/certs") > - @$(call install_replace, opkg, /etc/opkg/opkg.conf, @CAFILE@, \ > - "#option signature_ca_file /etc/ssl/certs/opkg.crt") > -endif > endif > > @$(call install_finish, opkg) > diff --git a/scripts/lib/ptxd_make_image_prepare_work_dir.sh b/scripts/lib/ptxd_make_image_prepare_work_dir.sh > index fa65ce8ec3e1..aaa676e09544 100644 > --- a/scripts/lib/ptxd_make_image_prepare_work_dir.sh > +++ b/scripts/lib/ptxd_make_image_prepare_work_dir.sh > @@ -39,9 +39,6 @@ ${list[*]} > > ARCH="${PTXDIST_IPKG_ARCH_STRING}" \ > SRC="" \ > - CHECKSIG="" \ > - CAPATH="" \ > - CAFILE="" \ > ptxd_replace_magic "${ptxd_reply}" >> "${xpkg_conf}" && > > DESTDIR="${work_dir}" \