cleanup /etc/opkg/keys on upgrades #2665
Comments
|
currently I have a bunch of Do you think there is any way to distinguish between the current and previous keys? I see 2 ways out:
Both ways include having a package which contains something like this (tested and works): #!/usr/bin/lua
local handle = io.popen("ls /etc/opkg/keys -1")
local files = handle:read("*a")
handle:close()
for file in files:gmatch("[^\r\n]+") do
local filePath = "/etc/opkg/keys/" .. file
local fileHandle = io.open(filePath, "r")
local fileContent = fileHandle:read("*all")
fileHandle:close()
if fileContent:find("untrusted comment: Local build key") then
os.remove(filePath)
print("Deleted file:", filePath)
end
endshould this be part of a optional gluon-package to be run on upgrade or is this more something for the community-repo? |
From the gluon meetupRoughly where this code can be added: Other code related to the autoupdater: |
|
That seems like a good way to do it: so that it gets picked up right after checking if the upgrade should actually be done here: |
- does trigger on autoupdate after checking that the image is correct fixes freifunk-gluon/gluon#2665
we discussed in today's gluon meetup that we want to clear old opkg signing keys on each upgrade
currently, nodes that are around for years might have a load of old signing keys in that directory if the keys weren't re-used for new builds by the community.
The text was updated successfully, but these errors were encountered: