给本地openwrt/LEDE软件源添加软件包,更新Package.sig签名文件,解决Signature check failed问题

先说说为什么要搭建本地软件源,openwrt/LEDE稳定版软件,驱动版本都比较旧,trunk版呢又更新的很快,系统装上几天又想要从官方服务器上使用opkg装软件可能就装不上了,所以最好的解决办法就是在本地搭建一个软件源,把正在使用的系统版本的所有软件保存下来。而且官方的源在国外,访问速度极慢,使用本地的源可以跑满内网带宽。

官方的软件源只有系统的基本软件和不多的功能插件,克隆到本地后,就有了对本地源完全的权限,我们就可以往源添加新编译的软件了。

为了保证软件的兼容性,一般来说添加到源上的软件都应该使用从相应的源提供的SDK打包,直接从系统源码和版本不一致的SDK打包的软件都有可能装不上。

给源添加软件首先肯定是把编译出来的ipk文件上传到服务器,接着就是在索引中添加新增的软件包的信息,在软件包生成的目录中我们可以发现除了我们选中的软件包之外还有三个文件生成——Packages,Packages.gz,Packages.manifest,这几个文件就是提供软件包的索引(在SDK下使用make package/xxxx/compile生成软件包后不会生成索引,要直接使用make),索引类似下面的一段内容

Package: gdut-drcom
Version: 1.6.8-3
Depends: libc
License: GPL-3.0+
Section: net
Architecture: mips_24kc
Installed-Size: 18513
Filename: gdut-drcom_1.6.8-3_mips_24kc.ipk
Size: 19427
SHA256sum: 4e35ea4c3efd54b0e7c02e90706dd61eb5645f1b8e7466b3c87f5247a0cdcc6e
Description:  gdut-drcom for openwrt is a third party drcom client openwrt.

得到索引信息之后就是把这些信息插到软件源服务器的索引中,最好按照软件包的字母顺序插入,尽量不要打乱原有文件结构。

更新了3个索引文件之后,先去路由里面修改源服务器,配置文件是
/etc/opkg/distfeeds.conf ,按照原来的格式把服务器地址改为本地服务器地址

#src/gz reboot_core http://downloads.lede-project.org/snapshots/targets/ar71xx/generic/packages 
#src/gz reboot_base http://downloads.lede-project.org/snapshots/packages/mips_24kc/base 
#src/gz reboot_luci http://downloads.lede-project.org/snapshots/packages/mips_24kc/luci 
#src/gz reboot_packages http://downloads.lede-project.org/snapshots/packages/mips_24kc/packages 
#src/gz reboot_routing http://downloads.lede-project.org/snapshots/packages/mips_24kc/routing 
#src/gz reboot_telephony http://downloads.lede-project.org/snapshots/packages/mips_24kc/telephony 

src/gz reboot_packages http://10.99.100.160:8082/lede/package/mips_24kc/packages 
src/gz reboot_base http://10.99.100.160:8082/lede/package/mips_24kc/base 
src/gz reboot_luci http://10.99.100.160:8082/lede/package/mips_24kc/luci 
src/gz reboot_routing http://10.99.100.160:8082/lede/package/mips_24kc/routing 
src/gz reboot_telephony http://10.99.100.160:8082/lede/package/mips_24kc/telephony 

保存之后运行opkg update更新本地索引

root@LEDE:~# opkg update
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_packages
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/packages/Packages.sig
Signature check passed.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_base
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/base/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_luci
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/luci/Packages.sig
Signature check passed.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_routing
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/routing/Packages.sig
Signature check passed.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_telephony
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/telephony/Packages.sig
Signature check passed.

可以看到路由已经从本地的源服务器更新索引了,但是……我们修改过的那个base中的package签名不通过,上网搜索了一晚上,终于在openwrt官方论坛上找到了签名的生成方法,我在这里再翻译一遍吧
首先,找到生成签名的工具——usign,ubuntu中apt安装不成功,纳闷了许久最终在sdk里面找到了这个工具,这个工具藏在,sdk目录/staging_dir/host/bin中,下面就可以跟着官方论坛上的方法生成签名了
第一步,生成一对公钥和私钥,公钥用于路由对签名文件进行校验,私钥用于我们生成签名文件

hokamyuen@hokamyuen-linux:~/lede-sdk-ar71xx-generic_gcc-5.4.0_musl.Linux-x86_64/staging_dir/host/bin$ ./usign -G -s mime.key -p mime.pub

第二步,利用生成的私钥对服务器上的Packages文件生成签名文件,Packages文件不在当前目录的话要加上路径

hokamyuen@hokamyuen-linux:~/lede-sdk-ar71xx-generic_gcc-5.4.0_musl.Linux-x86_64/staging_dir/host/bin$ ./usign -S -m Packages -s mime.key -x Packages.sig

第三步,把签名文件上传到服务器上,把公钥上传到路由,在路由上新增我们生成的公钥

root@LEDE:~# scp [email protected]:~/lede-sdk-ar71xx-generic_gcc-5.4.0_musl.Linux-x86_64/staging_dir/host/bin/mime.pub /tmp
hokamyuen@192.168.1.150's password: 
mime.pub                                                                                                        100%  104     0.1KB/s   00:00    
root@LEDE:~# cd /tmp
root@LEDE:/tmp# opkg-key add mime.pub
root@LEDE:/tmp# 

最后,在路由上重新更新软件索引

root@LEDE:/tmp# opkg update
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_packages
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/packages/Packages.sig
Signature check passed.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_base
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/base/Packages.sig
Signature check passed.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_luci
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/luci/Packages.sig
Signature check passed.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_routing
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/routing/Packages.sig
Signature check passed.
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_telephony
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/telephony/Packages.sig
Signature check passed.

可以看到,签名通过了,哈哈哈哈!
接下来就可以用opkg直接从服务器上新编译安装软件了

root@LEDE:/tmp# opkg install gdut-drcom
Installing gdut-drcom (1.6.8-3) to root...
Downloading http://10.99.100.160:8082/lede/package/mips_24kc/base/gdut-drcom_1.6.8-3_mips_24kc.ipk
Configuring gdut-drcom.
post install: patching ppp.sh
patched!
post install: patching ppp.sh
patched!
'radio0' is disabled
root@LEDE:/tmp# 

最后再写一个添加索引的注意事项
有些包的索引会比服务器上的多了一些奇怪的东西,例如

Package: libstdcpp
Version: 5.4.0-1
License: GPL-3.0-with-GCC-exception
Section: libs
Status: unknown hold not-installed
Essential: yes
Architecture: mips_24kc
Installed-Size: 375927
Filename: libstdcpp_5.4.0-1_mips_24kc.ipk
Size: 374075
SHA256sum: 689a6a67156f76afcafb4f3d545b02ac7972aa87ddb7b165406d98abe63fc070
Description:  GNU Standard C++ Library v3

只要把多出来的Status和Essential项删掉就好。

参考文章:https://forum.openwrt.org/viewtopic.php?id=57733

你可能感兴趣的:(openwrt,LEDE)