[yocto] opkg and gpg signed ipk packages

Paul Barker paul at paulbarker.me.uk
Thu May 7 13:09:11 PDT 2015 

On Thu, May 07, 2015 at 07:11:39PM +0000, Sona Sarmadi wrote:
> Hi,
> 
> Does opkg have support for gpg signed ipk packages? It seems like that opkg does not recognize gpg signed files. 
>

opkg 0.2.x only has support for checking the package feed signature. To use
this, add the line 'option check_signature 1' to your opkg.conf file and place a
Packages.sig file next to the Packages file in your package feed. ASCII-armoured
signatures are not supported.

opkg-0.3.0-rc2 extends this. Signatures for each package are supported, add the
line 'option check_pkg_signature 1' to your opkg.conf file to use this. Then
for a package named package_v1.ipk you'd need to create a package_v1.ipk.sig
file in the same directory. ASCII-armoured signatures are used with the file
extension .asc instead of .sig if the line 'option signature_type gpg-asc' is
added to your opkg.conf file. The 'Filename' in the package feed should always
refer to the ipk file, the signature is detached rather than included with the
file.

I've not used these options in a while so I might have remembered something
wrong, but the general idea is right.

> root at p2020rdb:~# opkg list-upgradable
> curl - 7.35.0-r2.0 - 7.35.0-r3.0
> curl-dbg - 7.35.0-r2.0 - 7.35.0-r3.0
> libcurl5 - 7.35.0-r2.0 - 7.35.0-r3.0
> root at p2020rdb:~# opkg upgrade curl
> Upgrading curl on root from 7.35.0-r2.0 to 7.35.0-r3.0...
> Downloading http://domain.com/tmp/ipk/ppce500v2/curl_7.35.0-r3.0_ppce500v2.ipk.asc.
> Collected errors:
>  * deb_extract: /tmp/opkg-tslkbd/curl_7.35.0-r3.0_ppce500v2.ipk.asc: invalid magic
>  * opkg_install_pkg: Failed to unpack control files from /tmp/opkg-tslkbd/curl_7.35.0-r3.0_ppce500v2.ipk.asc.
> root at p2020rdb:~#
> 
> I have updated the Package file manually:
> Package: curl
> Version: 7.35.0-r3.0
> Depends: libcurl5 (>= 7.35.0), libz1 (>= 1.2.8), libc6 (>= 2.19)
> Section: console/network
> Architecture: ppce500v2
> Maintainer: ENEA <issues at enea.com>
> MD5Sum: 725f019d72b6f70845ae19299230738a
> Size: 95616
> Filename: curl_7.35.0-r3.0_ppce500v2.ipk.asc
> Source: http://curl.haxx.se/download/curl-7.35.0.tar.bz2 file://pkgconfig_fix.patch file://CVE-2014-3613.patch file://configure_ac.patch
> Description:  Command line tool and library for client-side URL transfers  Command line
>  tool and library for client-side URL transfers.
> OE: curl
> HomePage: http://curl.haxx.se/
> License: MIT
> Priority: optional
> 
> Thanks
> //Sona

Thanks,

-- 
Paul Barker

Email: paul at paulbarker.me.uk
http://www.paulbarker.me.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20150507/39a19857/attachment.pgp>

More information about the yocto mailing list