opkg: add --no-check-certificate argument
authorAlexandru Ardelean <ardeleanalex@gmail.com>
Thu, 11 May 2017 19:42:02 +0000 (22:42 +0300)
committerJo-Philipp Wich <jo@mein.io>
Thu, 11 May 2017 23:18:41 +0000 (01:18 +0200)
For cases when artifacts are stored on https:// accessible
locations and you don't want to install ca-certificates
(for various reasons).

I'll admit, using SSL like this is not recommended,
but since wget (even uclient-fetch) allows the
--no-check-certificate option, it would be nice
for opkg to support setting it if needed/configured.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
libopkg/opkg_conf.c
libopkg/opkg_conf.h
libopkg/opkg_download.c
src/opkg-cl.c

index 589fc49..bab8f57 100644 (file)
@@ -54,6 +54,7 @@ opkg_option_t options[] = {
        {"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
        {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
        {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
+       {"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
        {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
        {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
        {"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
index 9cf7681..b63a1e6 100644 (file)
@@ -78,6 +78,7 @@ struct opkg_conf {
        int force_checksum;
        int check_signature;
        int force_signature;
+       int no_check_certificate;
        int nodeps;             /* do not follow dependencies */
        int nocase;             /* perform case insensitive matching */
        char *offline_root;
index db4c90f..36db231 100644 (file)
@@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
 
        {
                int res;
-               const char *argv[8];
+               const char *argv[9];
                int i = 0;
 
                argv[i++] = "wget";
                argv[i++] = "-q";
+               if (conf->no_check_certificate) {
+                       argv[i++] = "--no-check-certificate";
+               }
                if (conf->http_proxy || conf->ftp_proxy) {
                        argv[i++] = "-Y";
                        argv[i++] = "on";
index c518bfc..a3ea5c1 100644 (file)
@@ -52,6 +52,7 @@ enum {
        ARGS_OPT_AUTOREMOVE,
        ARGS_OPT_CACHE,
        ARGS_OPT_FORCE_SIGNATURE,
+       ARGS_OPT_NO_CHECK_CERTIFICATE,
        ARGS_OPT_SIZE,
 };
 
@@ -91,6 +92,8 @@ static struct option long_options[] = {
        {"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
        {"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
        {"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
+       {"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
+       {"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
        {"noaction", 0, 0, ARGS_OPT_NOACTION},
        {"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
        {"nodeps", 0, 0, ARGS_OPT_NODEPS},
@@ -226,6 +229,9 @@ static int args_parse(int argc, char *argv[])
                case ARGS_OPT_FORCE_SIGNATURE:
                        conf->force_signature = 1;
                        break;
+               case ARGS_OPT_NO_CHECK_CERTIFICATE:
+                       conf->no_check_certificate = 1;
+                       break;
                case ':':
                        parse_err = -1;
                        break;
@@ -335,6 +341,7 @@ static void usage()
        printf
            ("\t--force-remove  Remove package even if prerm script fails\n");
        printf("\t--force-checksum      Don't fail on checksum mismatches\n");
+       printf("\t--no-check-certificate Don't validate SSL certificates\n");
        printf("\t--noaction            No action -- test only\n");
        printf("\t--download-only       No action -- download only\n");
        printf("\t--nodeps              Do not follow dependencies\n");