From b530b857c9b4f3b15192e3d532ebccecf692a95a Mon Sep 17 00:00:00 2001 From: Avinash Tahakik Date: Mon, 12 Sep 2016 13:17:30 +0530 Subject: [PATCH 1/2] enable package signing Signed-off-by: Avinash Tahakik --- creator-platform-all-cascoda.config | 5 +++++ creator-platform-all.config | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/creator-platform-all-cascoda.config b/creator-platform-all-cascoda.config index c05ed8b..9cbdbee 100755 --- a/creator-platform-all-cascoda.config +++ b/creator-platform-all-cascoda.config @@ -10,6 +10,10 @@ CONFIG_KERNEL_KALLSYMS=y CONFIG_IMAGEOPT=y CONFIG_LOCALMIRROR="https://downloads.creatordev.io/pistachio/marduk/dl" CONFIG_OPENSSL_WITH_EC=y +CONFIG_OPKGSMIME_CERT="$(TOPDIR)/cert.pem" +CONFIG_OPKGSMIME_KEY="$(TOPDIR)/key.pem" +CONFIG_OPKGSMIME_PASSFILE="$(TOPDIR)/pass.txt" +# CONFIG_OPKGSMIME_PASSPHRASE is not set CONFIG_PACKAGE_ca-certificates=y CONFIG_PACKAGE_libopenssl=y CONFIG_PACKAGE_libustream-openssl=y @@ -17,6 +21,7 @@ CONFIG_PACKAGE_opkg-smime=y # CONFIG_PACKAGE_usign is not set CONFIG_PACKAGE_zlib=y # CONFIG_SIGNED_PACKAGES is not set +CONFIG_SMIMEOPT=y CONFIG_VERSIONOPT=y CONFIG_VERSION_DIST="OpenWrt" CONFIG_VERSION_NICK="Ci40All" diff --git a/creator-platform-all.config b/creator-platform-all.config index 96cf957..7159412 100755 --- a/creator-platform-all.config +++ b/creator-platform-all.config @@ -10,6 +10,10 @@ CONFIG_KERNEL_KALLSYMS=y CONFIG_IMAGEOPT=y CONFIG_LOCALMIRROR="https://downloads.creatordev.io/pistachio/marduk/dl" CONFIG_OPENSSL_WITH_EC=y +CONFIG_OPKGSMIME_CERT="$(TOPDIR)/cert.pem" +CONFIG_OPKGSMIME_KEY="$(TOPDIR)/key.pem" +CONFIG_OPKGSMIME_PASSFILE="$(TOPDIR)/pass.txt" +# CONFIG_OPKGSMIME_PASSPHRASE is not set CONFIG_PACKAGE_ca-certificates=y CONFIG_PACKAGE_libopenssl=y CONFIG_PACKAGE_libustream-openssl=y @@ -17,6 +21,7 @@ CONFIG_PACKAGE_opkg-smime=y # CONFIG_PACKAGE_usign is not set CONFIG_PACKAGE_zlib=y # CONFIG_SIGNED_PACKAGES is not set +CONFIG_SMIMEOPT=y CONFIG_VERSIONOPT=y CONFIG_VERSION_DIST="OpenWrt" CONFIG_VERSION_NICK="Ci40All" From 53c26f20586e1125fe60da53fd3859c7af2ef949 Mon Sep 17 00:00:00 2001 From: Avinash Tahakik Date: Mon, 12 Sep 2016 14:05:07 +0530 Subject: [PATCH 2/2] download certificate and key Added command to download certificate and key in makefile Added rule to remove downloaded keys once build is complete Signed-off-by: Avinash Tahakik --- Makefile | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 29e7ebf..b3de7fc 100755 --- a/Makefile +++ b/Makefile @@ -7,14 +7,17 @@ all: openwrt openwrt: build_openwrt echo "OpenWrt Done!" -clean: clean_openwrt clean_feeds clean_binaries +clean: clean_openwrt clean_feeds clean_binaries clean_keys # Building OpenWRT $(DIR__CI)/patched: git submodule init openwrt;git submodule update --remote; \ cd $(DIR__OPENWRT); \ ./scripts/feeds update -a; \ - ./scripts/feeds install -a; + ./scripts/feeds install -a;\ + /vault read -field=key secret/creator/packagesigning > key.pem; \ + /vault read -field=cert secret/creator/packagesigning > cert.pem; \ + /vault read -field=password secret/creator/packagesigning > pass.txt ifneq (_,_$(findstring all,$P)) cd $(DIR__OPENWRT)/feeds/packages; patch -p1 < $(DIR__CI)/0001-glib2-make-libiconv-dependent-on-ICONV_FULL-variable.patch;\ patch -p1 < $(DIR__CI)/0001-node-host-turn-off-verbose.patch; @@ -67,3 +70,10 @@ clean_feeds: clean_patches clean_binaries: rm -rf $(DIR__OPENWRT)/bin/pistachio/ +.PHONY: clean_keys +clean_keys: + cd $(DIR__OPENWRT); \ + rm -f key.pem; \ + rm -f cert.pem; \ + rm -f pass.txt; +