Hi Alexandru,
2017-05-11 7:59 GMT-07:00 Alexandru Ardelean <ardeleana...@gmail.com>:
> For cases when artifacts are stored on https:// accessible
> location and you don't want to install ca-certificates
> (for various reasons).
>
> I'll admit, using SSL like this is not recommended,
> but since wget (even uclient-fetch) allows the
> --no-check-certificate option, it would be nice
> for opkg to support setting it if needed/configured.
Why not name this option --no-check-certificate then ?
Regards
Etienne
>
> Signed-off-by: Alexandru Ardelean <ardeleana...@gmail.com>
> ---
> libopkg/opkg_conf.c | 1 +
> libopkg/opkg_conf.h | 1 +
> libopkg/opkg_download.c | 5 ++++-
> src/opkg-cl.c | 6 ++++++
> 4 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
> index 589fc49..1890145 100644
> --- a/libopkg/opkg_conf.c
> +++ b/libopkg/opkg_conf.c
> @@ -54,6 +54,7 @@ opkg_option_t options[] = {
> {"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
> {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
> {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
> + {"force_ssl", OPKG_OPT_TYPE_BOOL, &_conf.force_ssl},
> {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
> {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
> {"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
> diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
> index 9cf7681..a8c4a9e 100644
> --- a/libopkg/opkg_conf.h
> +++ b/libopkg/opkg_conf.h
> @@ -78,6 +78,7 @@ struct opkg_conf {
> int force_checksum;
> int check_signature;
> int force_signature;
> + int force_ssl;
> int nodeps; /* do not follow dependencies */
> int nocase; /* perform case insensitive matching */
> char *offline_root;
> diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
> index db4c90f..c8e0013 100644
> --- a/libopkg/opkg_download.c
> +++ b/libopkg/opkg_download.c
> @@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
>
> {
> int res;
> - const char *argv[8];
> + const char *argv[9];
> int i = 0;
>
> argv[i++] = "wget";
> argv[i++] = "-q";
> + if (conf->force_ssl) {
> + argv[i++] = "--no-check-certificate";
> + }
> if (conf->http_proxy || conf->ftp_proxy) {
> argv[i++] = "-Y";
> argv[i++] = "on";
> diff --git a/src/opkg-cl.c b/src/opkg-cl.c
> index c518bfc..77f59ff 100644
> --- a/src/opkg-cl.c
> +++ b/src/opkg-cl.c
> @@ -52,6 +52,7 @@ enum {
> ARGS_OPT_AUTOREMOVE,
> ARGS_OPT_CACHE,
> ARGS_OPT_FORCE_SIGNATURE,
> + ARGS_OPT_FORCE_SSL,
> ARGS_OPT_SIZE,
> };
>
> @@ -91,6 +92,8 @@ static struct option long_options[] = {
> {"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
> {"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
> {"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
> + {"force-ssl", 0, 0, ARGS_OPT_FORCE_SSL},
> + {"force_ssl", 0, 0, ARGS_OPT_FORCE_SSL},
> {"noaction", 0, 0, ARGS_OPT_NOACTION},
> {"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
> {"nodeps", 0, 0, ARGS_OPT_NODEPS},
> @@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
> case ARGS_OPT_FORCE_SIGNATURE:
> conf->force_signature = 1;
> break;
> + case ARGS_OPT_FORCE_SSL:
> + conf->force_ssl = 1;
> case ':':
> parse_err = -1;
> break;
> @@ -335,6 +340,7 @@ static void usage()
> printf
> ("\t--force-remove Remove package even if prerm script fails\n");
> printf("\t--force-checksum Don't fail on checksum mismatches\n");
> + printf("\t--force-ssl Don't validate the server's
> certificate\n");
> printf("\t--noaction No action -- test only\n");
> printf("\t--download-only No action -- download only\n");
> printf("\t--nodeps Do not follow dependencies\n");
> --
> 2.7.4
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
