From de7a3ab3c348243d24a3a3ac954ff57656d2ff23 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 21 Nov 2024 06:19:19 +0100 Subject: [PATCH 1/2] build: add APK feed into the image --- build/build.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build/build.sh b/build/build.sh index dee0b18..c31bf50 100755 --- a/build/build.sh +++ b/build/build.sh @@ -139,6 +139,10 @@ MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE1NSmLpdMjXJpDQki9ziqW3Ve0aIX99t uAc1Yn5TexwhBhHsGxUxICHS63pDXYj9xg1AZHlvbEnFrBNrsdjJQQ== -----END PUBLIC KEY----- EOF1 + apkdir="embedded-files/etc/apk" + mkdir -p "$apkdir/keys" "$apkdir/repositories.d" + cp -av keys/falter.snapshot.pem "$apkdir/keys/" + echo "$adburl" >"$apkdir/repositories.d/falter.list" else if [ -n "$feed" ]; then echo "src/gz falter $feed" >>repositories.conf From 4c317e5cb49dc1a1ab7849f0516afac9d8be684a Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 21 Nov 2024 07:30:57 +0100 Subject: [PATCH 2/2] build: handle custom OPKG and APK feeds correctly --- build/build.sh | 61 +++++++++++++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 23 deletions(-) diff --git a/build/build.sh b/build/build.sh index c31bf50..abf8e79 100755 --- a/build/build.sh +++ b/build/build.sh @@ -53,7 +53,12 @@ function usage() { echo "FALTER_FEED env variable:" echo " customizes the falter package feed." echo " default: https://firmware.berlin.freifunk.net/feed//packages//falter" - echo " example: file:///tmp/falter-packages/out/snapshot/x86/64/falter" + echo " opkg example: file:///tmp/falter-packages/out/main/x86_64/falter" + echo " apk example: file:///tmp/falter-packages/out/main/x86_64/falter/packages.adb" + echo + echo "FALTER_FEEDKEY env variable:" + echo " specifies an APK signing key for a custom package feed." + echo " apk example: /tmp/falter-packages/out/main/x86_64/public-key.pem" echo exit 1 } @@ -78,6 +83,8 @@ variant="tunneldigger" [ -z "$FALTER_VARIANT" ] || variant="$FALTER_VARIANT" feed="" [ -z "$FALTER_FEED" ] || feed="$FALTER_FEED" +feedkey="" +[ -z "$FALTER_FEEDKEY" ] || feedkey="$FALTER_FEEDKEY" set -o pipefail set -e @@ -126,43 +133,51 @@ packageset="$(cat "packageset/$(echo "$fversion" | cut -d'-' -f1)/$variant.txt" usage "$frelease" "$target" ) - # falter feed for imagebuilder + # falter package feed, APK for snapshot, OPKG for older branches arch="$(grep CONFIG_TARGET_ARCH_PACKAGES .config | cut -d'=' -f 2 | tr -d '"')" if [ "x$orelease" = "xsnapshot" ]; then - # TODO falter feed available within the running image - # TODO disable signature check for custom feed url - adburl="$fmirror/feed/$frelease/packages/$arch/falter/packages.adb" - echo "$adburl" >>repositories + + # install falter signing key, regardless of feed choice + apkdir="embedded-files/etc/apk" + mkdir -p "$apkdir/keys" "$apkdir/repositories.d" cat <keys/falter.snapshot.pem -----BEGIN PUBLIC KEY----- MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE1NSmLpdMjXJpDQki9ziqW3Ve0aIX99t uAc1Yn5TexwhBhHsGxUxICHS63pDXYj9xg1AZHlvbEnFrBNrsdjJQQ== -----END PUBLIC KEY----- EOF1 - apkdir="embedded-files/etc/apk" - mkdir -p "$apkdir/keys" "$apkdir/repositories.d" cp -av keys/falter.snapshot.pem "$apkdir/keys/" - echo "$adburl" >"$apkdir/repositories.d/falter.list" + + # custom feed vs. official falter feed + if [ -n "$feed" ]; then + echo "$feed" >>repositories + echo "$feed" >>"$apkdir/repositories.d/falter.list" + cp -av "$feedkey" keys/falter.custom.pem + cp -av "$feedkey" "$apkdir/keys/falter.custom.pem" + else + adburl="$fmirror/feed/$frelease/packages/$arch/falter/packages.adb" + echo "$adburl" >>repositories + echo "$adburl" >"$apkdir/repositories.d/falter.list" + fi else + # install falter signing key, regardless of feed choice + opkgdir="embedded-files/etc/opkg" + mkdir -p "$opkgdir/keys" + { + echo "untrusted comment: Falter OPKG Key 2024" + echo "$fkey" + } >"keys/$fkeyfp" + cp -av "keys/$fkeyfp" "$opkgdir/keys/" + + # custom feed vs. official falter feed if [ -n "$feed" ]; then - echo "src/gz falter $feed" >>repositories.conf sed -i 's/option check_signature//g' repositories.conf + echo "src/gz falter $feed" >>repositories.conf + echo "src/gz falter $feed" >>"$opkgdir/customfeeds.conf" else feedurl="$fmirror/feed/$frelease/packages/$arch/falter" echo "src/gz falter $feedurl" >>repositories.conf - { - echo "untrusted comment: Falter OPKG Key 2024" - echo "$fkey" - } >"keys/$fkeyfp" - fi - - # falter feed for the running image - mkdir -p embedded-files/etc/opkg/keys - if [ -n "$feed" ]; then - echo "src/gz falter $feed" >>embedded-files/etc/opkg/customfeeds.conf - else - echo "src/gz falter $feedurl" >>embedded-files/etc/opkg/customfeeds.conf - cp "keys/$fkeyfp" embedded-files/etc/opkg/keys + echo "src/gz falter $feedurl" >>"$opkgdir/customfeeds.conf" fi fi