Verified Commit 51224abd authored by Karel Koci's avatar Karel Koci 🤘
Browse files

opkg-wrapper: allow ignoring custom feeds

This adds ignore list for opkg-wrapper. It is implemented using Lua
pattern matching function. If one of provided patters is matching given
line in customfeeds.conf then feed from such line is ignored. Source for
used patterns are files in a directory '/etc/updater/opkg-ignore'.
Every line is a patterns with exception of those starting with '#',
those are intended for commenting.

There is a situation where custom feed is added and to allow it to be
easily used it is added not only to opkg but also to updater. In such
case such feed is pulled twice because of opkg-wrapper. This would not
be huge problem unless there are some additional settings and both
downloads are not in fact same. This can decrease security by going
around of more secure updater's configuration and less secure URL from
opkg-wrapper.

Unfortunately we can't do this automatically because there is no access
to already known repositories. And even if such access would existed we
couldn't be sure that repository we are adding is not going to be added
later then opkg-wrapper is executed. Because of that much more better
solution is to have some sort of ignore list for opkg-wrapper.
parent 5d0a6501
......@@ -3,21 +3,44 @@ This file is part of updater-ng-opkg. Don't edit it.
]]
-- Repositories configured in opkg configuration.
-- We read only customfeeds.conf as that should be only file where user should add additional repositories
-- We read only customfeeds.conf as that should be only file where user should add additional repositories to
local custom_feed = io.open("/etc/opkg/customfeeds.conf")
if custom_feed then
-- Prepare list of custom keys added to opkg
local pubkeys = {}
for f in pairs(ls('/etc/opkg/keys')) do
table.insert(pubkeys, "file:///etc/opkg/keys/" .. f)
end
-- Read ignore expressions
local ignore_regs = {}
for f in pairs(ls('/etc/updater/opkg-ignore')) do
local ignore_f = io.open('/etc/updater/opkg-ignore/' .. f)
for line in ignore_f:lines() do
if not line:match('^#') then
ignore_regs[line] = true
end
end
end
-- Read opkg feeds and register them to updater
for line in custom_feed:lines() do
if line:match('^%s*src/gz ') then
local name, feed_uri = line:match('src/gz[%s]+([^%s]+)[%s]+([^%s]+)')
if name and feed_uri then
DBG("Adding custom opkg feed " .. name .. " (" .. feed_uri .. ")")
Repository(name, feed_uri, {pubkey = pubkeys, ignore = {"missing"}})
local not_ignored = true
for reg in pairs(ignore_regs) do
if line:match(reg) then
not_ignored = false
break
end
end
if not_ignored then
local name, feed_uri = line:match('src/gz[%s]+([^%s]+)[%s]+([^%s]+)')
if name and feed_uri then
DBG("Adding custom opkg feed " .. name .. " (" .. feed_uri .. ")")
Repository(name, feed_uri, {pubkey = pubkeys, ignore = {"missing"}})
else
WARN("Malformed line in customfeeds.conf:\n" .. line)
end
else
WARN("Malformed line in customfeeds.conf:\n" .. line)
DBG("Line from customfeeds.conf ignored:\n" .. line)
end
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment