On 3/30/21 10:53 AM, Paul Spooren wrote:
The ./usign folder is added to every OpenWrt image, it should only
contain the most necessary keys. At this point it contains both a
selection of personal developer keys and keys of EOL releases.
Remove them all and only keep the 21.02 key.
A future commit should add a "next release" key, which is later renamed
to the next release name (e.g. 21.08). This approach should allow secure
upgrade between releases.
Signed-off-by: Paul Spooren <m...@aparcar.org>
---
This commit should be merged into a `openwrt-21.02` branch which is then
selected by the 21.02 release.
--- a/usign/b5043e70f9a75cde
+++ /dev/null
@@ -1,2 +0,0 @@
-untrusted comment: Public usign key for unattended snapshot builds
-RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+
This key should probably not get deleted in master.
I would prefer if we only copy some keys in
package/system/openwrt-keyring/Makefile to the final image. This way we
can keep the existing repository and do not have to branch it, but we
can just add some keys to each release.
Hauke
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
