base-files: fix ucert verification

ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check

Signed-off-by: Felix Fietkau <[email protected]>

package/base-files/files/lib/upgrade/fwtool.sh

@@ -18,7 +18,8 @@ fwtool_check_signature() {
 		return 0
 	fi
 
-	ucert -V -m "$1" -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
+	fwtool -q -T -s /dev/null "$1" | \
+		ucert -V -m - -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
 
 	return $?
 }