From c668fcec731bed7acc21b3f88f9a94cb55b9b498 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 11 May 2017 22:42:02 +0300 Subject: [PATCH] opkg: add --no-check-certificate argument For cases when artifacts are stored on https:// accessible locations and you don't want to install ca-certificates (for various reasons). I'll admit, using SSL like this is not recommended, but since wget (even uclient-fetch) allows the --no-check-certificate option, it would be nice for opkg to support setting it if needed/configured. Signed-off-by: Alexandru Ardelean --- libopkg/opkg_conf.c | 1 + libopkg/opkg_conf.h | 1 + libopkg/opkg_download.c | 5 ++++- src/opkg-cl.c | 7 +++++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c index 589fc49..bab8f57 100644 --- a/libopkg/opkg_conf.c +++ b/libopkg/opkg_conf.c @@ -54,6 +54,7 @@ opkg_option_t options[] = { {"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall}, {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum}, {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature}, + {"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate}, {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy}, {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy}, {"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy}, diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h index 9cf7681..b63a1e6 100644 --- a/libopkg/opkg_conf.h +++ b/libopkg/opkg_conf.h @@ -78,6 +78,7 @@ struct opkg_conf { int force_checksum; int check_signature; int force_signature; + int no_check_certificate; int nodeps; /* do not follow dependencies */ int nocase; /* perform case insensitive matching */ char *offline_root; diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index db4c90f..36db231 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name, { int res; - const char *argv[8]; + const char *argv[9]; int i = 0; argv[i++] = "wget"; argv[i++] = "-q"; + if (conf->no_check_certificate) { + argv[i++] = "--no-check-certificate"; + } if (conf->http_proxy || conf->ftp_proxy) { argv[i++] = "-Y"; argv[i++] = "on"; diff --git a/src/opkg-cl.c b/src/opkg-cl.c index c518bfc..a3ea5c1 100644 --- a/src/opkg-cl.c +++ b/src/opkg-cl.c @@ -52,6 +52,7 @@ enum { ARGS_OPT_AUTOREMOVE, ARGS_OPT_CACHE, ARGS_OPT_FORCE_SIGNATURE, + ARGS_OPT_NO_CHECK_CERTIFICATE, ARGS_OPT_SIZE, }; @@ -91,6 +92,8 @@ static struct option long_options[] = { {"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM}, {"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE}, {"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE}, + {"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE}, + {"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE}, {"noaction", 0, 0, ARGS_OPT_NOACTION}, {"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY}, {"nodeps", 0, 0, ARGS_OPT_NODEPS}, @@ -226,6 +229,9 @@ static int args_parse(int argc, char *argv[]) case ARGS_OPT_FORCE_SIGNATURE: conf->force_signature = 1; break; + case ARGS_OPT_NO_CHECK_CERTIFICATE: + conf->no_check_certificate = 1; + break; case ':': parse_err = -1; break; @@ -335,6 +341,7 @@ static void usage() printf ("\t--force-remove Remove package even if prerm script fails\n"); printf("\t--force-checksum Don't fail on checksum mismatches\n"); + printf("\t--no-check-certificate Don't validate SSL certificates\n"); printf("\t--noaction No action -- test only\n"); printf("\t--download-only No action -- download only\n"); printf("\t--nodeps Do not follow dependencies\n"); -- 2.25.1