From 65bdfc61db169dcfbb81dae1d0df4ef7ddefe854 Mon Sep 17 00:00:00 2001 From: Paul Donald Date: Sun, 8 Jun 2025 17:24:50 +0200 Subject: [PATCH] luci-mod-system: repo key management Reject PEM in OPKG; reject non-PEM in APK Signed-off-by: Paul Donald --- .../resources/view/system/repokeys.js | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js index ced175044a..a5a247abd2 100644 --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js @@ -110,6 +110,22 @@ function removeKey(ev) { ]); } +function isPemFormat(content) { + return /-BEGIN ([A-Z ]+)?PUBLIC KEY-/.test(content); +} + +function keyEnvironmentCheck(key) { + const isPem = isPemFormat(key); + + // Reject PEM in OPKG; reject non-PEM in APK + if (KEYDIR === OPKG_DIR && isPem) + return _('This key appears to be in PEM format, which is not supported in an opkg environment.'); + if (KEYDIR === APK_DIR && !isPem) + return _('This key does not appear to be in PEM format, which is required in an apk environment.'); + + return null; +} + function addKey(ev, file, fileContent) { const list = findParent(ev.target, '.cbi-dynlist'); const input = list.querySelector('textarea[type="text"]'); @@ -118,6 +134,14 @@ function addKey(ev, file, fileContent) { if (!key.length) return; + const formatError = keyEnvironmentCheck(key); + if (formatError) { + ui.addTimeLimitedNotification(_('Invalid key format'), [ + E('p', formatError) + ], 7000, 'warning'); + return; + } + // Prevent duplicates const exists = Array.from(list.querySelectorAll('.item')).some( item => item.getAttribute('data-key') === normalizeKey(key) -- 2.30.2