-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cleanup /etc/opkg/keys on upgrades #2665
Comments
currently I have a bunch of Do you think there is any way to distinguish between the current and previous keys? I see 2 ways out:
Both ways include having a package which contains something like this (tested and works): #!/usr/bin/lua
local handle = io.popen("ls /etc/opkg/keys -1")
local files = handle:read("*a")
handle:close()
for file in files:gmatch("[^\r\n]+") do
local filePath = "/etc/opkg/keys/" .. file
local fileHandle = io.open(filePath, "r")
local fileContent = fileHandle:read("*all")
fileHandle:close()
if fileContent:find("untrusted comment: Local build key") then
os.remove(filePath)
print("Deleted file:", filePath)
end
end should this be part of a optional gluon-package to be run on upgrade or is this more something for the community-repo? |
From the gluon meetupRoughly where this code can be added: Other code related to the autoupdater: |
That seems like a good way to do it: so that it gets picked up right after checking if the upgrade should actually be done here: |
- does trigger on autoupdate after checking that the image is correct fixes freifunk-gluon/gluon#2665
we discussed in today's gluon meetup that we want to clear old opkg signing keys on each upgrade
currently, nodes that are around for years might have a load of old signing keys in that directory if the keys weren't re-used for new builds by the community.
The text was updated successfully, but these errors were encountered: