Revert "build: separate signing logic"

This reverts commit 4a45e69d190f72ed94878487b271ed7651dd9efa.

This broke the buildbots

Signed-off-by: John Crispin <[email protected]>

config/Config-build.in

@@ -37,21 +37,13 @@ menu "Global build settings"
 		  - Enabling per-device rootfs support
 		  ...
 
-	config INSTALL_LOCAL_KEY
-		bool "Install local usign key into image"
-		default n
-
 	config SIGNED_PACKAGES
 		bool "Cryptographically signed package lists"
-		default n
-
-	config SIGNED_IMAGES
-		bool "Cryptographically signed firmware images"
-		default n
+		default y
 
 	config SIGNATURE_CHECK
 		bool "Enable signature checking in opkg"
-		default y
+		default SIGNED_PACKAGES
 
 	comment "General build options"
 

include/image-commands.mk

@@ -373,14 +373,11 @@ metadata_json = \
 
 define Build/append-metadata
 	$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
-	[ -z "$(SIGNED_IMAGES)" \
-		-o ! -s "$(BUILD_KEY)" \
-		-o ! -s "$(BUILD_KEY).ucert" \
-		-o ! -s "$@" ] || { \
-			cp "$(BUILD_KEY).ucert" "[email protected]" ;\
-			usign -S -m "$@" -s "$(BUILD_KEY)" -x "[email protected]" ;\
-			ucert -A -c "[email protected]" -x "[email protected]" ;\
-			fwtool -S "[email protected]" "$@" ;\
+	[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
+		cp "$(BUILD_KEY).ucert" "[email protected]" ;\
+		usign -S -m "$@" -s "$(BUILD_KEY)" -x "[email protected]" ;\
+		ucert -A -c "[email protected]" -x "[email protected]" ;\
+		fwtool -S "[email protected]" "$@" ;\
 	}
 endef
 

package/base-files/Makefile

@@ -37,7 +37,7 @@ endif
 define Package/base-files
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNATURE_CHECK:usign +SIGNATURE_CHECK:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
   TITLE:=Base filesystem for OpenWrt
   URL:=http://openwrt.org/
   VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -116,6 +116,12 @@ ifdef CONFIG_SIGNED_PACKAGES
 		$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p $(BUILD_KEY).pub -s $(BUILD_KEY)
 
   endef
+
+  define Package/base-files/install-key
+	mkdir -p $(1)/etc/opkg/keys
+	$(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
+
+  endef
 endif
 
 ifeq ($(CONFIG_NAND_SUPPORT),)
@@ -124,16 +130,9 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
   endef
 endif
 
-ifdef CONFIG_INSTALL_LOCAL_KEY
-  define Package/base-files/install-local-key
-	mkdir -p $(1)/etc/opkg/keys
-	$(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign \
-		-F -p $(BUILD_KEY).pub`
-endef
-
 define Package/base-files/install
 	$(CP) ./files/* $(1)/
-	$(Package/base-files/install-local-key)
+	$(Package/base-files/install-key)
 	$(Package/base-files/nand-support)
 	if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
 		$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \