projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: af68f43)
attendedsyuspgrade-common: add key and set server 8356/head
authorPaul Spooren <mail@aparcar.org>
Wed, 6 Mar 2019 20:43:01 +0000 (21:43 +0100)
committerPaul Spooren <mail@aparcar.org>
Wed, 6 Mar 2019 22:24:08 +0000 (23:24 +0100)
In collaboration with @dangowrt the server makes use of `ucert`.  Active
workers sign created firmware and clients check if the signature is
valid. Certs of *hacked* or inactive workers can be revoked.  Private CA
key is **not** stored on the upgrade server.

Only for devices already supporting ucert via firmware metadata.

Signed-off-by: Paul Spooren <mail@aparcar.org>
utils/attendedsysupgrade-common/Makefile patch | blob | history
utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults patch | blob | history
utils/attendedsysupgrade-common/files/c06d891233ba699 [new file with mode: 0644] patch | blob

diff --git a/utils/attendedsysupgrade-common/Makefile b/utils/attendedsysupgrade-common/Makefile
index d1419ae1a0ab143a9a73175a70e3cac8012136f8..52170404b31bb152b2f21dd46ef0d844ec5e89ba 100644 (file)
--- a/utils/attendedsysupgrade-common/Makefile
+++ b/utils/attendedsysupgrade-common/Makefile
@@ -5,8 +5,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=attendedsysupgrade-common
-PKG_VERSION:=0.1
-PKG_RELEASE:=2
+PKG_VERSION:=0.2
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
@@ -51,6 +51,9 @@ endef
 define Package/attendedsysupgrade-common/install
        $(INSTALL_DIR) $(1)/etc/uci-defaults/
        $(INSTALL_BIN) ./files/attendedsysupgrade.defaults $(1)/etc/uci-defaults/attendedsysupgrade
+
+       $(INSTALL_DIR) $(1)/etc/opkg/keys/
+       $(INSTALL_BIN) ./files/c06d891233ba699 $(1)/etc/opkg/keys/c06d891233ba699
 endef
 
 $(eval $(call BuildPackage,attendedsysupgrade-common))
diff --git a/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults b/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults
index f7fb1ebdebbf2ce4db17066ff5fbcf5918841147..3d65afba3d51887903eebc542573728e1142bda6 100644 (file)
--- a/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults
+++ b/utils/attendedsysupgrade-common/files/attendedsysupgrade.defaults
@@ -6,7 +6,7 @@ touch /etc/config/attendedsysupgrade
 
 uci -q batch <<EOF
 set attendedsysupgrade.server=server
-set attendedsysupgrade.server.url='https://example.org'
+set attendedsysupgrade.server.url='https://chef.libremesh.org'
 
 set attendedsysupgrade.client=client
 set attendedsysupgrade.client.upgrade_packages='1'
diff --git a/utils/attendedsysupgrade-common/files/c06d891233ba699 b/utils/attendedsysupgrade-common/files/c06d891233ba699
new file mode 100644 (file)
index 0000000..94edfd8
--- /dev/null
+++ b/utils/attendedsysupgrade-common/files/c06d891233ba699
@@ -0,0 +1,2 @@
+untrusted comment: public key c06d891233ba699
+RWQMBtiRIzummeTc81jtKdJ3XwnaZGtHLRwjls0ovGsKoTnTmS7fj4Na
Mirror of packages feed