| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | OPKG_KEYS="${OPKG_KEYS:-/etc/opkg/keys}" |
| 4 | |
| 5 | usage() { |
| 6 | cat <<EOF |
| 7 | Usage: $0 <command> <arguments...> |
| 8 | Commands: |
| 9 | add <file>: Add keyfile <file> to opkg trusted keys |
| 10 | remove <file>: Remove keyfile matching <file> from opkg trusted keys |
| 11 | verify <sigfile> <list>: Check list file <list> against signature file <sigfile> |
| 12 | |
| 13 | EOF |
| 14 | exit 1 |
| 15 | } |
| 16 | |
| 17 | opkg_key_verify() { |
| 18 | local sigfile="$1" |
| 19 | local msgfile="$2" |
| 20 | |
| 21 | ( |
| 22 | zcat "$msgfile" 2>/dev/null || |
| 23 | cat "$msgfile" 2>/dev/null |
| 24 | ) | usign -V -P "$OPKG_KEYS" -q -x "$sigfile" -m - |
| 25 | } |
| 26 | |
| 27 | opkg_key_add() { |
| 28 | local key="$1" |
| 29 | [ -n "$key" ] || usage |
| 30 | [ -f "$key" ] || echo "Cannot open file $1" |
| 31 | local fingerprint="$(usign -F -p "$key")" |
| 32 | mkdir -p "$OPKG_KEYS" |
| 33 | cp "$key" "$OPKG_KEYS/$fingerprint" |
| 34 | } |
| 35 | |
| 36 | opkg_key_remove() { |
| 37 | local key="$1" |
| 38 | [ -n "$key" ] || usage |
| 39 | [ -f "$key" ] || echo "Cannot open file $1" |
| 40 | local fingerprint="$(usign -F -p "$key")" |
| 41 | rm -f "$OPKG_KEYS/$fingerprint" |
| 42 | } |
| 43 | |
| 44 | case "$1" in |
| 45 | add) |
| 46 | shift |
| 47 | opkg_key_add "$@" |
| 48 | ;; |
| 49 | remove) |
| 50 | shift |
| 51 | opkg_key_remove "$@" |
| 52 | ;; |
| 53 | verify) |
| 54 | shift |
| 55 | opkg_key_verify "$@" |
| 56 | ;; |
| 57 | *) usage ;; |
| 58 | esac |