From 3efd1303d81364e5bcdf71e981518aebcedbe70e Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Mon, 6 Apr 2015 19:38:37 +0000
Subject: [PATCH] opkg: add patch for supporting signature checking through
 usign

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45284
---
 .../opkg/patches/200-usign_support.patch      | 91 +++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 package/system/opkg/patches/200-usign_support.patch

diff --git a/package/system/opkg/patches/200-usign_support.patch b/package/system/opkg/patches/200-usign_support.patch
new file mode 100644
index 0000000000..991708a8a3
--- /dev/null
+++ b/package/system/opkg/patches/200-usign_support.patch
@@ -0,0 +1,91 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -169,6 +169,15 @@ if test "x$want_gpgme" = "xyes"; then
+   fi
+ fi
+ 
++AC_ARG_ENABLE(usign,
++    AC_HELP_STRING([--enable-usign], [Enable signature checking with usign
++      [[default=yes]] ]),
++    [want_usign="$enableval"], [want_usign="yes"])
++
++if test "x$want_usign" = "xyes"; then
++  AC_DEFINE(HAVE_USIGN, 1, [Define if you want usign support])
++fi
++
+ AC_SUBST(GPGME_CFLAGS)
+ AC_SUBST(GPGME_LIBS)
+ 
+--- a/libopkg/opkg.c
++++ b/libopkg/opkg.c
+@@ -599,7 +599,7 @@ opkg_update_package_lists(opkg_progress_
+ 		}
+ 		free(url);
+ 
+-#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL)
++#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN)
+ 		if (conf->check_signature) {
+ 			char *sig_file_name;
+ 			/* download detached signitures to verify the package lists */
+--- a/libopkg/opkg_cmd.c
++++ b/libopkg/opkg_cmd.c
+@@ -169,7 +169,7 @@ opkg_update_cmd(int argc, char **argv)
+ 			    list_file_name);
+ 	  }
+ 	  free(url);
+-#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL)
++#if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN)
+           if (conf->check_signature) {
+               /* download detached signitures to verify the package lists */
+               /* get the url for the sig file */
+--- a/libopkg/opkg_install.c
++++ b/libopkg/opkg_install.c
+@@ -1288,7 +1288,7 @@ opkg_install_pkg(pkg_t *pkg, int from_up
+      }
+ 
+      /* check that the repository is valid */
+-     #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL)
++     #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN)
+      char *list_file_name, *sig_file_name, *lists_dir;
+ 
+      /* check to ensure the package has come from a repository */
+--- a/libopkg/opkg_download.c
++++ b/libopkg/opkg_download.c
+@@ -19,6 +19,7 @@
+ 
+ #include "config.h"
+ 
++#include <sys/wait.h>
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <libgen.h>
+@@ -342,7 +343,28 @@ opkg_prepare_url_for_install(const char 
+ int
+ opkg_verify_file (char *text_file, char *sig_file)
+ {
+-#if defined HAVE_GPGME
++#if defined HAVE_USIGN
++	int status = -1;
++	int pid;
++
++    if (conf->check_signature == 0 )
++        return 0;
++
++	pid = fork();
++	if (pid < 0)
++		return -1;
++
++	if (!pid) {
++		execl("/usr/sbin/opkg-key", "opkg-key", "verify", sig_file, text_file, NULL);
++		exit(255);
++	}
++
++	waitpid(pid, &status, 0);
++	if (!WIFEXITED(status) || WEXITSTATUS(status))
++		return -1;
++
++	return 0;
++#elif defined HAVE_GPGME
+     if (conf->check_signature == 0 )
+         return 0;
+     int status = -1;
-- 
2.30.2