base-files: fix ucert verification
authorFelix Fietkau <nbd@nbd.name>
Tue, 12 Feb 2019 15:37:30 +0000 (16:37 +0100)
committerFelix Fietkau <nbd@nbd.name>
Tue, 12 Feb 2019 15:42:03 +0000 (16:42 +0100)
ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
package/base-files/files/lib/upgrade/fwtool.sh

index 6d7300b..a0b3fb0 100644 (file)
@@ -18,7 +18,8 @@ fwtool_check_signature() {
                return 0
        fi
 
-       ucert -V -m "$1" -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
+       fwtool -q -T -s /dev/null "$1" | \
+               ucert -V -m - -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
 
        return $?
 }