OpenWRT uses opkg to manage packages. By default, it will download file Packages and Packages.sig when run opkg update, then it will verify the signature file Packages.sig against the file Packages. It seems this a signature mechanism for whole repository. I want to know if there is a method to sign singleton ipk?
Yes, opkg (v0.3.0-rc0 onwards) verifies individual package signature file.
Enable package signature option in opkg.conf.
option check_pkg_signature 1
You can create the signature file using gpg or openssl and keep the signature file and package together from where opkg is configured to download package. The signature file should be created in the format: .ipk.sig
You can download the latest source by cloning git://git.yoctoproject.org/opkg or downloading from http://git.yoctoproject.org/cgit/cgit.cgi/opkg/