9a6c754d7d
Add support to signing each package's .apk file into SDK.
This adds into SDK the feature added by f20794a to the normal builds.
Currently SDK does not sign the compiled packages, causing untrusted
package errors at package installation. The reason is the logic of
defaulting to 'n' in BUILDBOT and 'y' elsewhere. As downloadable SDKs
are compiled by the buildbot, the option gets 'n' set as the default.
And the option is not among the few build options exposed in the SDK
menuconfig, so the user can't easily change it.
Enable the feature by default:
* Exclude the SIGN_EACH_PACKAGE option from sdk/convert-config.pl
* Default to 'y' and expose the option in the SDK config menu.
(Avoiding untrusted errors naturally requires the user to copy the
public key into the router, quite similar as with full builds.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/23104
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
67 lines
1.5 KiB
Perl
Executable File
67 lines
1.5 KiB
Perl
Executable File
#!/usr/bin/env perl
|
|
use strict;
|
|
|
|
while (<>) {
|
|
my $match;
|
|
my $var;
|
|
my $val;
|
|
my $type;
|
|
chomp;
|
|
next if /^CONFIG_SIGNED_PACKAGES/;
|
|
next if /^CONFIG_SIGN_EACH_PACKAGE/;
|
|
|
|
if (/^CONFIG_((BINARY)|(DOWNLOAD))_FOLDER=(.*)$/) {
|
|
# We don't want to preserve the build setting of
|
|
# BINARY_FOLDER and DOWNLOAD_FOLDER.
|
|
$var = "$1_FOLDER";
|
|
$val = '""';
|
|
$type = "string";
|
|
} elsif (/^CONFIG_([^=]+)=(.*)$/) {
|
|
$var = $1;
|
|
$val = $2;
|
|
|
|
next if $var eq 'ALL';
|
|
|
|
if ($val eq 'y') {
|
|
$type = "bool";
|
|
} elsif ($val eq 'm') {
|
|
$type = "tristate";
|
|
} elsif ($val =~ /^".*"$/) {
|
|
$type = "string";
|
|
} elsif ($val =~ /^\d+$/) {
|
|
$type = "int";
|
|
} else {
|
|
warn "WARNING: no type found for symbol CONFIG_$var=$val\n";
|
|
next;
|
|
}
|
|
} elsif (/^# CONFIG_BUSYBOX_(.*) is not set/) {
|
|
$var = "BUSYBOX_$1";
|
|
$val = 'n';
|
|
$type = "bool";
|
|
} else {
|
|
# We don't want to preserve a record of deselecting
|
|
# packages because we may want build them in the SDK.
|
|
# non-package configs however may be important to preserve
|
|
# the same compilation settings for packages that get
|
|
# recompiled in the SDK.
|
|
# Also we want avoid preserving image generation settings
|
|
# because we set those while in ImageBuilder
|
|
next if /^(# )?CONFIG_PACKAGE/;
|
|
next if /^(# )?CONFIG_TARGET/;
|
|
if (/^# CONFIG_(.*) is not set/) {
|
|
$var = $1;
|
|
$val = 'n';
|
|
$type = "bool";
|
|
}
|
|
}
|
|
|
|
if (($var ne '') && ($type ne '') && ($val ne '')) {
|
|
print <<EOF;
|
|
config $var
|
|
$type
|
|
default $val
|
|
|
|
EOF
|
|
}
|
|
}
|