projects / project / luci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0864e6)
luci-mod-system: file naming improvement for repo key management
authorPaul Donald <[email protected]>
Sun, 2 Nov 2025 17:33:44 +0000 (18:33 +0100)
committerPaul Donald <[email protected]>
Sun, 2 Nov 2025 17:34:30 +0000 (18:34 +0100)
When downloading a key, try to get the filename of the key. opkg expects it to
match the key fingerprint when verifying .sig files. apk not so.

Try to save the public key file with the name from the provided URL, so it is
not named "key_blah" which won't match its fingerprint.

The alternative would be to call usign with the public key file as input, and
then rename it to its fingerprint. This is only necessary for opkg which is on
the way out.

If the public key file at the remote resource is not named according to its
fingerprint, that's on the repo owner.

Signed-off-by: Paul Donald <[email protected]>
modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js patch | blob | history

diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
index 5c059ac689b7da950d76df515a3c958219f93a8a..d8870aaef403e6c2344c827c26f8963bbac99d4b 100644 (file)
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
@@ -87,6 +87,7 @@ function refreshKeyList(list, keys) {
 
 function saveKeyFile(keyContent, file, fileContent) {
        const ts = Date.now();
+       // Note: opkg can only verify against a key with filename that matches its key hash
        // generate a file name in case key content was pasted
        const filename = file ? file?.name?.split('.')?.[0] + (KEYEXT || '') : null;
        const noname = 'key_' + ts + (KEYEXT || '');
@@ -167,8 +168,12 @@ function addKey(ev, file, fileContent) {
                                return;
                        }
 
-                       // Continue directly with fetched key
-                       addKey(ev, null, fetched);
+                       const filename = res?.url?.split('/').pop().split('?')[0].split('#')[0];
+
+                       // Remove extension if any (we'll re-add based on environment)
+                       const file = {name: filename.replace(/\.[^.]+$/, '') };
+
+                       addKey(ev, file, fetched);
                }).catch(err => {
                        ui.addTimeLimitedNotification(_('Failed to fetch key'), [
                                E('p', err.message),
Lua Configuration Interface (mirror)