Menu
OpenWRT uses opkg to manage packages. By default, it will download file Packages and Packages.sig when run opkg update, then it will verify the signature file Packages.sig against the file Packages. It seems this a signature mechanism for whole repository. I want to know if there is a method to sign singleton ipk?
864
asked Oct 28 '25 07:10
Yes, opkg (v0.3.0-rc0 onwards) verifies individual package signature file.
Enable package signature option in opkg.conf.
option check_pkg_signature 1
You can create the signature file using gpg or openssl and keep the signature file and package together from where opkg is configured to download package. The signature file should be created in the format: .ipk.sig
You can download the latest source by cloning git://git.yoctoproject.org/opkg or downloading from http://git.yoctoproject.org/cgit/cgit.cgi/opkg/
189
answered Oct 30 '25 15:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With