opkg: drop S/MIME support

It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).

Remove this feature to simplify the build system

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/Makefile b/package/Makefile
index 17378a95ef53cc9889a5c1131872d10a506228b0..3250e7b7d0a8c9184893763a4902107acf246096 100644 (file)
--- a/package/Makefile
+++ b/package/Makefile
@@ -74,15 +74,6 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/system/opkg/host/install $(curdir
 
        $(call prepare_rootfs,$(TARGET_DIR))
 
 
        $(call prepare_rootfs,$(TARGET_DIR))
 

-PASSOPT=""
-PASSARG=""
-ifndef CONFIG_OPKGSMIME_PASSPHRASE
-  ifneq ($(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE)),)
-    PASSOPT="-passin"
-    PASSARG="file:$(call qstrip,$(CONFIG_OPKGSMIME_PASSFILE))"
-  endif
-endif
-

 $(curdir)/index: FORCE
        @echo Generating package index...
        @for d in $(PACKAGE_SUBDIRS); do ( \
 $(curdir)/index: FORCE
        @echo Generating package index...
        @for d in $(PACKAGE_SUBDIRS); do ( \


@@ -99,25 +90,6 @@ ifdef CONFIG_SIGNED_PACKAGES
                        cd $$d || continue; \
                $(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \
        ); done
                        cd $$d || continue; \
                $(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \
        ); done

-else
-ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_KEY)),)
-       @echo Signing key has not been configured
-else
-ifeq ($(call qstrip,$(CONFIG_OPKGSMIME_CERT)),)
-       @echo Certificate has not been configured
-else
-       @echo Signing package index...
-       @for d in $(PACKAGE_SUBDIRS); do ( \
-               [ -d $$d ] && \
-                       cd $$d || continue; \
-               openssl smime -binary -in Packages.gz \
-                       -out Packages.sig -outform PEM -sign \
-                       -signer $(CONFIG_OPKGSMIME_CERT) \
-                       -inkey $(CONFIG_OPKGSMIME_KEY) \
-                       $(PASSOPT) $(PASSARG); \
-       ); done
-endif
-endif

 endif
 
 $(curdir)/preconfig:
 endif
 
 $(curdir)/preconfig:

diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in
index 448fc1cd9ff269f32e058dbb8995bfc109df430d..b43d7c78cd115169df6503560d77ccb43958c3fb 100644 (file)
--- a/package/base-files/image-config.in
+++ b/package/base-files/image-config.in
@@ -292,42 +292,3 @@ menuconfig PER_FEED_REPO
                  Add not enabled feeds as commented out source lines to opkg.conf.
 
 source "tmp/.config-feeds.in"
                  Add not enabled feeds as commented out source lines to opkg.conf.
 
 source "tmp/.config-feeds.in"

-
-
-menuconfig SMIMEOPT
-       bool "Package signing options" if IMAGEOPT
-        default n
-       help
-               These options configure the signing key and certificate to
-               be used for signing and verifying packages.
-
-       config OPKGSMIME_CERT
-               string
-               prompt "Path to certificate (PEM certificate format)" if SMIMEOPT
-               help
-                 Path to the certificate to use for signature verification
-
-       config OPKGSMIME_KEY
-               string
-               prompt "Path to signing key (PEM private key format)" if SMIMEOPT
-               help
-                 Path to the key to use for signing packages
-
-       config OPKGSMIME_PASSPHRASE
-               bool
-               default y
-               prompt "Wait for a passphrase when signing packages?" if SMIMEOPT
-               help
-                 If this value is set, then the build will pause and request a passphrase
-                  from the command line when signing packages. This SHOULD NOT be used with
-                  automatic builds. If this value is not set, a file can be specified from
-                  which the passphrase will be read.
-
-       config OPKGSMIME_PASSFILE
-               string
-               prompt "Path to a file containing the passphrase" if SMIMEOPT
-                depends on !OPKGSMIME_PASSPHRASE
-               help
-                 Path to a file containing the passphrase for the signing key.
-                  If the signing key is not encrypted and does not require a passphrase,
-                  this option may be left blank.

diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index cbd731f54c97672d147c2846b658b8fc73708c7b..898d769b2e7e04e3e3ee7502a5db08f6c0c68f77 100644 (file)
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -37,7 +37,7 @@ PKG_INSTALL:=1
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/host-build.mk
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/host-build.mk
 

-define Package/opkg/Default
+define Package/opkg

   SECTION:=base
   CATEGORY:=Base system
   TITLE:=opkg package manager
   SECTION:=base
   CATEGORY:=Base system
   TITLE:=opkg package manager


@@ -46,7 +46,7 @@ define Package/opkg/Default
   MENU:=1
 endef
 
   MENU:=1
 endef
 

-define Package/opkg/Default/description
+define Package/opkg/description

   Lightweight package management system
   opkg is the opkg Package Management System, for handling
   installation and removal of packages on a system. It can
   Lightweight package management system
   opkg is the opkg Package Management System, for handling
   installation and removal of packages on a system. It can


@@ -66,47 +66,12 @@ config OPKG_SUPPORT_MD5
        Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
 endef
 
        Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
 endef
 

-define Package/opkg
-  $(call Package/opkg/Default)
-  VARIANT:=unsigned
-endef
-
-define Package/opkg/description
-  $(call Package/opkg/Default/description)
-endef
-

 define Package/opkg/conffiles
 /etc/opkg.conf
 /etc/opkg/keys/
 /etc/opkg/customfeeds.conf
 endef
 
 define Package/opkg/conffiles
 /etc/opkg.conf
 /etc/opkg/keys/
 /etc/opkg/customfeeds.conf
 endef
 

-
-define Package/opkg-smime
-  $(call Package/opkg/Default)
-  TITLE+= (with S/MIME signature support)
-  DEPENDS+=+PACKAGE_opkg-smime:libopenssl
-  VARIANT:=smime
-endef
-
-define Package/opkg-smime/description
-  $(call Package/opkg/Default/description)
-
-  This package allows the Package index to be verified with S/MIME.
-endef
-
-define Package/opkg-smime/config
-config OPKG_SMIME_SUPPORT_MD5
-  bool
-  default n
-  depends on PACKAGE_opkg-smime
-  prompt "Support reading old md5 hashes."
-  help
-       Old opkg used md5s, new uses sha. This options enables understanding both while prefering sha.
-endef
-
-Package/opkg-smime/conffiles = $(Package/opkg/conffiles)
-

 TARGET_CFLAGS += -ffunction-sections -fdata-sections
 EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
 
 TARGET_CFLAGS += -ffunction-sections -fdata-sections
 EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
 


@@ -117,22 +82,13 @@ CONFIGURE_ARGS += \
        --with-opkgetcdir=/etc \
        --with-opkglockfile=/var/lock/opkg.lock
 
        --with-opkgetcdir=/etc \
        --with-opkglockfile=/var/lock/opkg.lock
 

-ifeq ($(BUILD_VARIANT),smime)
-  CONFIGURE_ARGS += --enable-openssl --disable-usign
-  ifeq ($(CONFIG_OPKG_SMIME_SUPPORT_MD5),y)
-    CONFIGURE_ARGS += --enable-md5
-  else
-    CONFIGURE_ARGS += --disable-md5
-  endif
+ifndef CONFIG_SIGNED_PACKAGES
+  CONFIGURE_ARGS += --disable-usign
+endif
+ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
+  CONFIGURE_ARGS += --enable-md5

 else
 else

-  ifndef CONFIG_SIGNED_PACKAGES
-    CONFIGURE_ARGS += --disable-usign
-  endif
-  ifeq ($(CONFIG_OPKG_SUPPORT_MD5),y)
-    CONFIGURE_ARGS += --enable-md5
-  else
-    CONFIGURE_ARGS += --disable-md5
-  endif
+  CONFIGURE_ARGS += --disable-md5

 endif
 
 MAKE_FLAGS = \
 endif
 
 MAKE_FLAGS = \


@@ -163,12 +119,6 @@ define Package/opkg/install
        $(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
 endef
 
        $(INSTALL_BIN) ./files/opkg-key $(1)/usr/sbin/
 endef
 

-define Package/opkg-smime/install
-       $(call Package/opkg/Default/install,$(1),-smime)
-       $(INSTALL_DIR) $(1)/etc/ssl/certs
-       $(if $(CONFIG_OPKGSMIME_CERT),$(INSTALL_DATA) $(call qstrip,$(CONFIG_OPKGSMIME_CERT)) $(1)/etc/ssl/certs/opkg.pem,)
-endef
-

 define Build/InstallDev
        mkdir -p $(1)/usr/include
        $(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/
 define Build/InstallDev
        mkdir -p $(1)/usr/include
        $(CP) $(PKG_INSTALL_DIR)/usr/include/libopkg $(1)/usr/include/


@@ -191,5 +141,4 @@ define Host/Install
 endef
 
 $(eval $(call BuildPackage,opkg))
 endef
 
 $(eval $(call BuildPackage,opkg))

-$(eval $(call BuildPackage,opkg-smime))

 $(eval $(call HostBuild))
 $(eval $(call HostBuild))