luci-mod-system: repo key management

Reject PEM in OPKG; reject non-PEM in APK Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2026-04-15 10:51:51 +00:00 · 2025-06-08 17:24:50 +02:00
parent 1896723055
commit 65bdfc61db
1 changed files with 24 additions and 0 deletions
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
@@ -110,6 +110,22 @@ function removeKey(ev) {
 	]);
 }

+function isPemFormat(content) {
+	return /-BEGIN ([A-Z ]+)?PUBLIC KEY-/.test(content);
+}
+
+function keyEnvironmentCheck(key) {
+	const isPem = isPemFormat(key);
+
+	// Reject PEM in OPKG; reject non-PEM in APK
+	if (KEYDIR === OPKG_DIR && isPem)
+		return _('This key appears to be in PEM format, which is not supported in an opkg environment.');
+	if (KEYDIR === APK_DIR && !isPem)
+		return _('This key does not appear to be in PEM format, which is required in an apk environment.');
+
+	return null;
+}
+
 function addKey(ev, file, fileContent) {
 	const list = findParent(ev.target, '.cbi-dynlist');
 	const input = list.querySelector('textarea[type="text"]');
@@ -118,6 +134,14 @@ function addKey(ev, file, fileContent) {
 	if (!key.length)
 		return;

+	const formatError = keyEnvironmentCheck(key);
+	if (formatError) {
+		ui.addTimeLimitedNotification(_('Invalid key format'), [
+			E('p', formatError)
+		], 7000, 'warning');
+		return;
+	}
+
 	// Prevent duplicates
 	const exists = Array.from(list.querySelectorAll('.item')).some(
 		item => item.getAttribute('data-key') === normalizeKey(key)