From: Paul Spooren Date: Wed, 8 Oct 2025 09:42:51 +0000 (+0200) Subject: package: do not sign individual APK packages X-Git-Tag: v25.12.0-rc1~977 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=084697eb62f8fae6185af285e12f5cd0268114de;p=thirdparty%2Fopenwrt.git package: do not sign individual APK packages APK, unlike OPKG, can sign individual packages and not just indexes. Since OpenWrt uses a distributed build infrastructure and only the build master owns the private keys, signing of individual buildworkers doesn't work. Right now, each buildworker creates a temporary build key to sign packages, then transmits the package index to the buildmaster for a signature. As a result, all individual packages contain a nonsensical signature, making them harder to reproduce. This commit removes the individual package signing. Since APK requires signatures per default, explicitly allow installation of unsigned packages during the build process. The config option here is for historical reasons misleading, SIGNED_PACKAGES refers to the package index, not the individual packages. Signed-off-by: Paul Spooren --- diff --git a/include/package-pack.mk b/include/package-pack.mk index f82b1b7b7bf..2baceae72a4 100644 --- a/include/package-pack.mk +++ b/include/package-pack.mk @@ -408,8 +408,7 @@ else $$(APK_SCRIPTS_$(1)) \ --info "depends:$$(foreach depends,$$(subst $$(comma),$$(space),$$(subst $$(space),,$$(subst $$(paren_right),,$$(subst $$(paren_left),,$$(Package/$(1)/DEPENDS))))),$$(depends))" \ --files "$$(IDIR_$(1))" \ - --output "$$(PACK_$(1))" \ - --sign "$(BUILD_KEY_APK_SEC)" + --output "$$(PACK_$(1))" endif @[ -f $$(PACK_$(1)) ] diff --git a/package/Makefile b/package/Makefile index eddec65b43d..097ee17151b 100644 --- a/package/Makefile +++ b/package/Makefile @@ -70,7 +70,8 @@ ifneq ($(CONFIG_USE_APK),) (cd $(PACKAGE_DIR_ALL) && $(STAGING_DIR_HOST)/bin/apk mkndx \ --root $(TOPDIR) \ --keys-dir $(TOPDIR) \ - --sign $(BUILD_KEY_APK_SEC) \ + --allow-untrusted \ + $(if $(CONFIG_SIGNED_PACKAGES),--sign $(BUILD_KEY_APK_SEC),) \ --output packages.adb \ *.apk; \ ) @@ -100,6 +101,7 @@ ifneq ($(CONFIG_USE_APK),) $(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg)))) $(call apk,$(TARGET_DIR)) add --no-cache --initdb --no-scripts --arch $(ARCH_PACKAGES) \ --repositories-file /dev/null --repository file://$(PACKAGE_DIR_ALL)/packages.adb \ + $(if $(CONFIG_SIGNED_PACKAGES),,--allow-untrusted) \ $$(cat $(TMP_DIR)/apk_install_list) \ "base-files=$(shell cat $(TMP_DIR)/base-files.version)" \ "libc=$(shell cat $(TMP_DIR)/libc.version)" \ @@ -133,7 +135,8 @@ ifneq ($(CONFIG_USE_APK),) $(STAGING_DIR_HOST)/bin/apk mkndx \ --root $(TOPDIR) \ --keys-dir $(TOPDIR) \ - --sign $(BUILD_KEY_APK_SEC) \ + --allow-untrusted \ + $(if $(CONFIG_SIGNED_PACKAGES),--sign $(BUILD_KEY_APK_SEC),) \ --output packages.adb \ *.apk; \ $(STAGING_DIR_HOST)/bin/apk adbdump --format json packages.adb | \