mirrors/openwrt
1
0
Fork 0
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2026-05-05 09:56:12 +02:00
Code Issues Projects Releases Wiki Activity
openwrt/target/sdk/files/Config.in
Hannu Nyman 9a6c754d7d sdk: add support to sign each .apk package by sdk 
Add support to signing each package's .apk file into SDK.
This adds into SDK the feature added by f20794a to the normal builds.

Currently SDK does not sign the compiled packages, causing untrusted
package errors at package installation. The reason is the logic of
defaulting to 'n' in BUILDBOT and 'y' elsewhere. As downloadable SDKs
are compiled by the buildbot, the option gets 'n' set as the default.
And the option is not among the few build options exposed in the SDK
menuconfig, so the user can't easily change it.

Enable the feature by default:

* Exclude the SIGN_EACH_PACKAGE option from sdk/convert-config.pl
* Default to 'y' and expose the option in the SDK config menu.

(Avoiding untrusted errors naturally requires the user to copy the
public key into the router, quite similar as with full builds.)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/23104
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2026-04-29 12:43:54 +02:00

164 lines
4.1 KiB
Plaintext
Raw Permalink Blame History

mainmenu "OpenWrt Configuration"
menu "Global build settings"
config ALL_NONSHARED
bool "Select all target specific packages by default"
default ALL
config ALL_KMODS
bool "Select all kernel module packages by default"
default ALL
config ALL
bool "Select all userspace packages by default"
default y
config SIGNED_PACKAGES
bool "Cryptographically sign package lists"
default y
config SIGN_EACH_PACKAGE
bool "Cryptographically sign each package .apk file"
depends on USE_APK
default y
help
Sign also the individual package .apk file. Removes the need for
--allow-untrusted when installing self-compiled packages to a
firmware compiled by the same buildhost as public key matches.
comment "General build options"
config BUILD_PATENTED
default n
bool "Compile with support for patented functionality"
help
When this option is disabled, software which provides patented functionality
will not be built. In case software provides optional support for patented
functionality, this optional support will get disabled for this package.
config BUILD_NLS
default n
bool "Compile with full language support"
help
When this option is enabled, packages are built with the full versions of
iconv and GNU gettext instead of the default OpenWrt stubs.
comment "Package build options"
config DEBUG
bool
prompt "Compile packages with debugging info"
help
Adds -g3 to the CFLAGS.
comment "Stripping options"
choice
prompt "Binary stripping method"
default USE_STRIP if USE_GLIBC
default USE_SSTRIP
help
Select the binary stripping method you wish to use.
config NO_STRIP
bool "none"
help
This will install unstripped binaries (useful for native
compiling/debugging).
config USE_STRIP
bool "strip"
help
This will install binaries stripped using strip from binutils.
config USE_SSTRIP
bool "sstrip"
depends on !USE_GLIBC
help
This will install binaries stripped using sstrip.
endchoice
config STRIP_ARGS
string
prompt "Strip arguments"
depends on USE_STRIP
default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
default "--strip-all"
help
Specifies arguments passed to the strip command when stripping binaries.
endmenu
menu "Advanced configuration options (for developers)"
config BROKEN
bool "Show broken packages"
config DOWNLOAD_FOLDER
string "Download folder"
default ""
help
Store downloaded source bundles in this directory.
If not set then defaults to './dl', which is removed by operations such as
'git clean -xdf' or 'make distclean'.
This option is useful if you have a low bandwidth Internet connection, and by
setting a path outside the OpenWrt tree downloads will be saved.
config LOCALMIRROR
string "Local mirror for source packages"
default ""
config AUTOREBUILD
bool "Automatic rebuild of packages"
default y
help
Automatically rebuild packages when their files change.
config AUTOREMOVE
bool "Automatic removal of build directories"
default y
help
Automatically delete build directories after make target completed.
This allows you to symlink build_dir into a scratch location, e.g. a ramdisk,
which does not have enough space to keep a complete build_dir.
config CCACHE
bool "Use ccache"
help
Compiler cache; see https://ccache.samba.org/
config CCACHE_DIR
string "Set ccache directory" if CCACHE
default ""
help
Store ccache in this directory.
If not set, uses './.ccache'
config BUILD_LOG
bool "Enable log files during build process"
help
If enabled, log files will be written to the ./log directory.
config SRC_TREE_OVERRIDE
bool "Enable package source tree override"
help
If enabled, you can force a package to use a git tree as source
code instead of the normal tarball. Create a symlink 'git-src'
in the package directory, pointing to the .git tree that you want
to pull the source code from.
endmenu
config IN_SDK
default y
bool
config MODULES
bool
default y
modules
source "Config-build.in"
source "tmp/.config-package.in"
Reference in New Issue View Git Blame Copy Permalink