I am using the CONFIG_TARGET_DEVICE_PACKAGES feature quite happily for a few ar71xx devices, but it seems like I am unable to install packages through opkg on firmwares built with this neat feature.
I e.g. build for my (ramips) DIR-860L and (x86) APU2. That's just one device per architecture. On both, I can get opkg to download and verify my own package lists just fine:
root@PC Engines APU2:~# opkg update
Downloading https://volatilesystems.org/dl/lede/17.01/latest/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/designated_driver_core
Downloading https://volatilesystems.org/dl/lede/17.01/latest/targets/x86/64/packages/Packages.sig
Signature check passed.
[...]
On any ar71xx device (WNDR3700, UniFi AP AC Pro, ...), however, I get a failed signature check, despite them all having been built in one run. Packages included may differ between the targets, but they all use the same binary packages I'd think.
root@UniFi AP AC Pro 1:~# opkg update
Downloading https://volatilesystems.org/dl/lede/17.01/latest/targets/ar71xx/generic/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/designated_driver_core
Downloading https://volatilesystems.org/dl/lede/17.01/latest/targets/ar71xx/generic/packages/Packages.sig
Signature check failed.
Remove wrong Signature file.
[...]
There's something weird going on there. The UniFi e.g. has its keys in that path, but other ar71xx devices have it in a subdir. The UniFi is missing a 'local build' key, but the other ar71xx devices have it.
root@UniFi AP AC Pro 1:/etc/opkg/keys# cat *
untrusted comment: LEDE usign key of Hans Dedecker
RWRRUfaUIMP1CAL9wvk3ABBHdUM+3SjMvIuJlK68b3b04Pw3wiaiAfxX
untrusted comment: LEDE usign key of Jo-Philipp Wich
RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL
untrusted comment: LEDE 17.01 "Reboot" public key
RWR5LZ2bOfGA3FGliZosEDhodiAKDOISmQs/mmjo4rhcbFtqkibJqMzo
untrusted comment: LEDE usign key of Álvaro Fernández Rojas
RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2
untrusted comment: LEDE usign key for unattended build jobs
RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+
untrusted comment: LEDE usign key of Ted Hess
RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ
untrusted comment: LEDE usign key of John Crispin
RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp
The TL-WR1043ND v2 has them in /etc/opkg/target-dir-1a37ae4d.opkg/keys, and has an extra 'local build key'. My WNDR3700 has a similar subdir, and a local build key as well.
root@LEDE:/etc/opkg/target-dir-1a37ae4d.opkg/keys# cat *
untrusted comment: LEDE usign key of Hans Dedecker
RWRRUfaUIMP1CAL9wvk3ABBHdUM+3SjMvIuJlK68b3b04Pw3wiaiAfxX
untrusted comment: Local build key
RWQFa8bW97CKKBvikUN2uWwGnHs1tfACHrFR+GWu2gXGFFFskcHrHdlY
untrusted comment: LEDE usign key of Jo-Philipp Wich
RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL
untrusted comment: LEDE 17.01 "Reboot" public key
RWR5LZ2bOfGA3FGliZosEDhodiAKDOISmQs/mmjo4rhcbFtqkibJqMzo
untrusted comment: LEDE usign key of Álvaro Fernández Rojas
RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2
untrusted comment: LEDE usign key for unattended build jobs
RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+
untrusted comment: LEDE usign key of Ted Hess
RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ
untrusted comment: LEDE usign key of John Crispin
RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp
The weird thing is all three devices are running the same build (17.01-SNAPSHOT, r3805+4-9934231670). I know for sure the TP-Link and WNDR3700 had a clean flash, but the UniFi might have been flashed with a vanilla 17.01 build first before I flashed mine over it. That seems to make a difference.
If I move the keys/ subdir into /etc/opkg/ directly then opkg update runs fine on both the TP-Link and the Netgear. Adding the local build key to the UniFi's keys makes the UniFi validate the signatures as well.
Do you need a diffconfig for my buildroot? I don't know where the target-dir weirdness comes from.
Can you remove the - from both -mv calls and issue a make target/linux/install V=s ?
I wonder if you have some permission or file system problems on your host or we face a race condition here.
I am overriding /etc/opkg/distfeeds.conf through files/ (so it points to my repo).
I have some stuff in files/etc/uci/defaults/, but that does not touch opkg (it configures IP, DHCP, unbound, firewall and dropbear settings, timezone and zonename). I can pastebin those as well though if you suspect they'd interfere nonetheless.
I will edit tomorrow the include/image.mk code and report back to you.
My diff is below. At first glance, I don't se anything in the diff that might interfere, but then again...