Re: [LEDE-DEV] [PATCH][opkg-lede] opkg: add --force-ssl argument

Thu, 11 May 2017 08:58:20 -0700 


On 5/11/17 11:13, Etienne Champetier wrote:

Hi Alexandru,

2017-05-11 7:59 GMT-07:00 Alexandru Ardelean <ardeleana...@gmail.com>:

For cases when artifacts are stored on https:// accessible
location and you don't want to install ca-certificates
(for various reasons).

I'll admit, using SSL like this is not recommended,
but since wget (even uclient-fetch) allows the
--no-check-certificate option, it would be nice
for opkg to support setting it if needed/configured.

Why not name this option --no-check-certificate then ?

Regards
Etienne


I agree.  --force-ssl sounds like you are forcing the use of SSL. Not 
that you are ignoring a validation check with the local certificate 
storage.


I also prefer --no-check-certificate. It makes more sense to me at least.

--Andrew


Signed-off-by: Alexandru Ardelean <ardeleana...@gmail.com>
---
  libopkg/opkg_conf.c     | 1 +
  libopkg/opkg_conf.h     | 1 +
  libopkg/opkg_download.c | 5 ++++-
  src/opkg-cl.c           | 6 ++++++
  4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index 589fc49..1890145 100644
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -54,6 +54,7 @@ opkg_option_t options[] = {
         {"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
         {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
         {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
+       {"force_ssl", OPKG_OPT_TYPE_BOOL, &_conf.force_ssl},
         {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
         {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
         {"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 9cf7681..a8c4a9e 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -78,6 +78,7 @@ struct opkg_conf {
         int force_checksum;
         int check_signature;
         int force_signature;
+       int force_ssl;
         int nodeps;             /* do not follow dependencies */
         int nocase;             /* perform case insensitive matching */
         char *offline_root;
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index db4c90f..c8e0013 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,

         {
                 int res;
-               const char *argv[8];
+               const char *argv[9];
                 int i = 0;

                 argv[i++] = "wget";
                 argv[i++] = "-q";
+               if (conf->force_ssl) {
+                       argv[i++] = "--no-check-certificate";
+               }
                 if (conf->http_proxy || conf->ftp_proxy) {
                         argv[i++] = "-Y";
                         argv[i++] = "on";
diff --git a/src/opkg-cl.c b/src/opkg-cl.c
index c518bfc..77f59ff 100644
--- a/src/opkg-cl.c
+++ b/src/opkg-cl.c
@@ -52,6 +52,7 @@ enum {
         ARGS_OPT_AUTOREMOVE,
         ARGS_OPT_CACHE,
         ARGS_OPT_FORCE_SIGNATURE,
+       ARGS_OPT_FORCE_SSL,
         ARGS_OPT_SIZE,
  };

@@ -91,6 +92,8 @@ static struct option long_options[] = {
         {"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
         {"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
         {"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
+       {"force-ssl", 0, 0, ARGS_OPT_FORCE_SSL},
+       {"force_ssl", 0, 0, ARGS_OPT_FORCE_SSL},
         {"noaction", 0, 0, ARGS_OPT_NOACTION},
         {"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
         {"nodeps", 0, 0, ARGS_OPT_NODEPS},
@@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
                 case ARGS_OPT_FORCE_SIGNATURE:
                         conf->force_signature = 1;
                         break;
+               case ARGS_OPT_FORCE_SSL:
+                       conf->force_ssl = 1;
                 case ':':
                         parse_err = -1;
                         break;
@@ -335,6 +340,7 @@ static void usage()
         printf
             ("\t--force-remove  Remove package even if prerm script fails\n");
         printf("\t--force-checksum      Don't fail on checksum mismatches\n");
+       printf("\t--force-ssl           Don't validate the server's 
certificate\n");
         printf("\t--noaction            No action -- test only\n");
         printf("\t--download-only       No action -- download only\n");
         printf("\t--nodeps              Do not follow dependencies\n");
--
2.7.4


_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev



_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev






















					Reply via email to