Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-11-14 11:43:56 +08:00 · 2024-11-14 11:43:56 +08:00 · 4e4c43b15a
commit 4e4c43b15a
parent c0c480daa7 27c2c140b1
4 changed files with 175 additions and 10 deletions
--- a/package/base-files/files/etc/uci-defaults/50-root-passwd
+++ b/package/base-files/files/etc/uci-defaults/50-root-passwd
@ -3,10 +3,16 @@
 json_init
 json_load "$(cat /etc/board.json)"
-json_select credentials
+if json_is_a credentials object; then
-	json_get_vars root_password_hash root_password_hash
+	json_select credentials
-	[ -z "$root_password_hash" ] || sed -i "s|^root:[^:]*|root:$root_password_hash|g" /etc/shadow
+		json_get_vars root_password_hash root_password_hash
 		if [ -n "$root_password_hash" ]; then
 			sed -i "s|^root:[^:]*|root:$root_password_hash|g" /etc/shadow
 		fi
-	json_get_vars root_password_plain root_password_plain
+		json_get_vars root_password_plain root_password_plain
-	[ -z "$root_password_plain" ] || { (echo "$root_password_plain"; sleep 1; echo "$root_password_plain") | passwd root }
+		if [ -n "$root_password_plain" ]; then
-json_select ..
+			(echo "$root_password_plain"; sleep 1; echo "$root_password_plain") | passwd root
 		fi
 	json_select ..
 fi
--- a/package/system/apk/Makefile
+++ b/package/system/apk/Makefile
@ -5,9 +5,9 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://gitlab.alpinelinux.org/alpine/apk-tools.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2024-11-08
+PKG_SOURCE_DATE:=2024-11-13
-PKG_SOURCE_VERSION:=d9c24813d983df9524fa7a2b78fc3132c159a20f
+PKG_SOURCE_VERSION:=417a93ceae540444fdbd3f76d1dadf0e15621fdc
-PKG_MIRROR_HASH:=3d1a79c08ef8c8b9404f9287d9acda6468b8b1c2a99dd384287f522ed3b1a047
+PKG_MIRROR_HASH:=3888aa506f0ce808cbe0287b98abfb7ba92e68b1eb17516fef4b58068bc72131
 PKG_VERSION=3.0.0_pre$(subst -,,$(PKG_SOURCE_DATE))
--- a/scripts/download-check-artifact.sh
+++ b/scripts/download-check-artifact.sh
@ -0,0 +1,159 @@
 #!/usr/bin/env bash
 # Script to perform verified file downloads.
 # Exit codes:
 #  0 - File downloaded successfully and verified
 #  1 - Failed to download requested file
 #  2 - Failed to download sha256sums file
 #  3 - Failed to download sha256sums.gpg file
 #  4 - GnuPG is available but fails to verify the signature (missing pubkey, file integrity error, ...)
 #  5 - The checksums do not match
 #  6 - Unable to copy the requested file to its final destination
 #  254 - The script got interrupted by a signal
 #  255 - A suitable download or checksum utility is missing
 [ -n "$1" ] || {
 	echo "$0 - Download and verify build artifacts"
 	echo "Usage: $0 <url>" >&2
 	exit 1
 }
 finish() {
 	[ -e "/tmp/verify.$$" ] && {
 		echo "Cleaning up."
 		rm -r "/tmp/verify.$$"
 	}
 	exit "$1"
 }
 trap "finish 254" INT TERM
 destdir="$(pwd)"
 image_url="$1"
 image_file="${image_url##*/}"
 sha256_url="${image_url%/*}/sha256sums"
 gpgsig_url="${image_url%/*}/sha256sums.asc"
 keyserver_url="hkp://keyserver.ubuntu.com"
 # Find a suitable download utility
 if which curl >/dev/null; then
 	download() { curl --progress-bar -o "$1" "$2"; }
 elif which wget >/dev/null; then
 	download() { wget -O "$1" "$2"; }
 elif which fetch >/dev/null; then
 	download() { fetch -o "$1" "$2"; }
 else
 	echo "No suitable download utility found, cannot download files!" >&2
 	finish 255
 fi
 # Find a suitable checksum utility
 if which sha256sum >/dev/null; then
 	checksum() { sha256sum -c --ignore-missing "sha256sums"; }
 elif which shasum >/dev/null; then
 	checksum() {
 		local sum
 		sum="$(shasum -a 256 "$image_file")";
 		grep -xF "${sum%% *} *$image_file" "sha256sums";
 	}
 else
 	echo "No SHA256 checksum executable installed, cannot verify checksums!" >&2
 	finish 255
 fi
 # Check for gpg availability
 if which gpg >/dev/null; then
 	runpgp() { gpg "$@"; }
 else
 	runpgp() {
 		echo "WARNING: No GnuPG installed, cannot verify digital signature!" >&2
 		return 0
 	}
 fi
 tmpdir="$(mktemp -d)"
 cd "$tmpdir" || {
 	echo "Failed to create temporary directory!" >&2
 	finish 255
 }
 echo ""
 echo "1) Downloading artifact file"
 echo "========================="
 download "$image_file" "$image_url" || {
 	echo "Failed to download image file!" >&2
 	finish 1
 }
 echo ""
 echo "2) Downloading checksum file"
 echo "============================"
 download "sha256sums" "$sha256_url" || {
 	echo "Failed to download checksum file!" >&2
 	finish 2
 }
 echo ""
 echo "3) Downloading the GPG signature"
 echo "================================"
 download "sha256sums.gpg" "$gpgsig_url" || {
 	echo "Failed to download GPG signature!" >&2
 	finish 3
 }
 echo ""
 echo "4) Verifying GPG signature"
 echo "=========================="
 missing_key=$(runpgp --status-fd 1 --with-fingerprint --verify \
 	"sha256sums.gpg" "sha256sums" 2>/dev/null | sed -ne 's!^.* NO_PUBKEY !!p')
 if [ -n "$missing_key" ]; then
 	echo "The signature was signed by a public key with the id $missing_key" >&2
 	echo "which is not present on this system."                              >&2
 	echo ""                                                                  >&2
 	echo "Provide a public keyserver url below or press enter to accept the" >&2
 	echo "default suggestion. Hit Ctrl-C to abort the operation."            >&2
 	echo ""                                                                  >&2
 	while true; do
 		printf 'Keyserver to use? [%s] > ' "$keyserver_url"
 		read -r url; case "${url:-$keyserver_url}" in
 			hkp://*)
 				gpg --keyserver "${url:-$keyserver_url}" --recv-keys "$missing_key" || {
 					echo "Failed to download public key." >&2
 					finish 7
 				}
 				break
 			;;
 			*)
 				echo "Expecting a key server url in the form 'hkp://hostname'." >&2
 			;;
 		esac
 	done
 fi
 runpgp --with-fingerprint --verify "sha256sums.gpg" "sha256sums" || {
 	echo "Failed to verify checksum file with GPG signature!" >&2
 	finish 4
 }
 echo ""
 echo "5) Verifying SHA256 checksum"
 echo "============================"
 checksum || {
 	echo "Checksums do not match!" >&2
 	finish 5
 }
 cp "$image_file" "$destdir/$image_file" || {
 	echo "Failed to write '$destdir/$image_file'" >&2
 	finish 6
 }
 echo ""
 echo "Verification done!"
 echo "=================="
 echo "Downloaded artifact placed in '$destdir/$image_file'."
 echo ""
 finish 0
--- a/target/imagebuilder/files/Makefile
+++ b/target/imagebuilder/files/Makefile
@ -249,7 +249,7 @@ ifeq ($(CONFIG_USE_APK),)
 else
 	$(if $(CONFIG_SIGNATURE_CHECK), \
 		$(if $(ADD_LOCAL_KEY), \
-			mkdir -p $(TARGET_DIR)/etc/opkg/keys/; \
+			mkdir -p $(TARGET_DIR)/etc/apk/keys/; \
 			cp $(BUILD_KEY_APK_PUB) $(TARGET_DIR)/etc/apk/keys/; \
 		) \
 	)