Hi,
I try to understand the Signing Approach and I don't understand how OpenWRT 19.07 verifies the packages when installing a package offline from "/tmp". The docs mention that you can update the lists with "opkg update" and that the downloaded .sig files inside "/tmp/opkg-lists" are usign signature files.
But I can do a Factory Reset, transfer previously saved .ipk files with scp to /tmp and install them with "opkg install /tmp/xxx.ipk" before I connect the router to the internet and therefore without any lists or .sig files inside "/tmp/opkg-lists". So I wonder if there is another place with lists or how OpenWRT does verify the packages in this situation?
Hopefully somebody can understand my thoughts and tell me how this is working...
Best regards
Tour2020