fix(repo): Add usign package signing and fix ACL conflict

- Add usign dependency for package signing - Sign Packages files after generation in repo-sync - Generate signing keys automatically if not present - Remove duplicate ACL file (now only in luci-app-repo) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-18 12:29:48 +01:00 · 2026-03-18 12:29:48 +01:00 · 86d6889285
commit 86d6889285
parent 088b6e749f
2 changed files with 24 additions and 4 deletions
--- a/package/secubox/secubox-app-repo/Makefile
+++ b/package/secubox/secubox-app-repo/Makefile
@ -13,7 +13,7 @@ define Package/secubox-app-repo
  SECTION:=secubox
  CATEGORY:=SecuBox
  TITLE:=SecuBox Package Repository Manager
-  DEPENDS:=+uhttpd +wget +gzip +coreutils-stat
+  DEPENDS:=+uhttpd +wget +gzip +coreutils-stat +usign
  PKGARCH:=all
 endef

@ -37,9 +37,6 @@ define Package/secubox-app-repo/install
 	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
 	$(INSTALL_BIN) ./root/usr/libexec/rpcd/luci.repo $(1)/usr/libexec/rpcd/

-	$(INSTALL_DIR) $(1)/usr/share/rpcd/acl.d
-	$(INSTALL_DATA) ./root/usr/share/rpcd/acl.d/luci-app-repo.json $(1)/usr/share/rpcd/acl.d/
-
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./root/etc/init.d/repo-server $(1)/etc/init.d/

--- a/package/secubox/secubox-app-repo/root/usr/sbin/repo-sync
+++ b/package/secubox/secubox-app-repo/root/usr/sbin/repo-sync
@ -90,10 +90,33 @@ for basedir in "$REPO_DIR/packages" "$REPO_DIR/luci"; do
        done > Packages

        gzip -9c Packages > Packages.gz
+
+        # Sign the Packages file if signing key exists
+        if [ -f /etc/opkg/keys/secubox.sec ]; then
+            usign -S -m Packages -s /etc/opkg/keys/secubox.sec 2>/dev/null
+        fi
+
        log "  $(basename "$dir"): $(grep -c '^Package:' Packages 2>/dev/null || echo 0) packages"
    done
 done

+# Generate signing keys if not present and sign all packages
+if [ ! -f /etc/opkg/keys/secubox.sec ]; then
+    log "Generating signing keys..."
+    mkdir -p /etc/opkg/keys
+    usign -G -s /etc/opkg/keys/secubox.sec -p /etc/opkg/keys/secubox.pub -c "SecuBox Local Repository"
+    FINGERPRINT=$(usign -F -p /etc/opkg/keys/secubox.pub)
+    cp /etc/opkg/keys/secubox.pub "/etc/opkg/keys/$FINGERPRINT"
+    log "  Key fingerprint: $FINGERPRINT"
+
+    # Sign all Packages files
+    for basedir in "$REPO_DIR/packages" "$REPO_DIR/luci"; do
+        for dir in "$basedir"/*; do
+            [ -d "$dir" ] && [ -f "$dir/Packages" ] && usign -S -m "$dir/Packages" -s /etc/opkg/keys/secubox.sec 2>/dev/null
+        done
+    done
+fi
+
 # Create index.html
 cat > "$REPO_DIR/index.html" << 'HTML'
 <!DOCTYPE html>