openwrt-keyring: Only copy sign key for 19.07 and 21.02

Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 19.07
feeds and the 21.02 feeds to allow checking the next release.

If one of the other keys would be compromised this would not affect
users of 19.07 release builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
index 6f3aa65622d501373fd51bb09c6c4dff879156a9..037809a66795e5b15b69300a5ace8e635e4f31c7 100644 (file)
--- a/package/system/openwrt-keyring/Makefile
+++ b/package/system/openwrt-keyring/Makefile
@@ -3,7 +3,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwrt-keyring
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
@@ -32,7 +32,10 @@ Build/Compile=
 
 define Package/openwrt-keyring/install
        $(INSTALL_DIR) $(1)/etc/opkg/keys/
-       $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
+       # Public usign key for 19.07 release builds
+       $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/f94b9dd6febac963 $(1)/etc/opkg/keys/
+       # Public usign key for 21.02 release builds
+       $(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
 endef
 
 $(eval $(call BuildPackage,openwrt-keyring))