[LEDE-DEV] [PATCH] opkg: add --no-check-certificate argument
Alexandru Ardelean
ardeleanalex at gmail.com
Thu May 11 12:35:17 PDT 2017
On Thu, May 11, 2017 at 6:42 PM, Jo-Philipp Wich <jo at mein.io> wrote:
> Hi,
>
> comments inline.
>
>> ---
>> libopkg/opkg_conf.c | 1 +
>> libopkg/opkg_conf.h | 1 +
>> libopkg/opkg_download.c | 5 ++++-
>> src/opkg-cl.c | 6 ++++++
>> 4 files changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
>> index 589fc49..bab8f57 100644
>> --- a/libopkg/opkg_conf.c
>> +++ b/libopkg/opkg_conf.c
>> @@ -54,6 +54,7 @@ opkg_option_t options[] = {
>> {"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
>> {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
>> {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
>> + {"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
>> {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
>> {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
>> {"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
>> diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
>> index 9cf7681..b63a1e6 100644
>> --- a/libopkg/opkg_conf.h
>> +++ b/libopkg/opkg_conf.h
>> @@ -78,6 +78,7 @@ struct opkg_conf {
>> int force_checksum;
>> int check_signature;
>> int force_signature;
>> + int no_check_certificate;
>> int nodeps; /* do not follow dependencies */
>> int nocase; /* perform case insensitive matching */
>> char *offline_root;
>> diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
>> index db4c90f..36db231 100644
>> --- a/libopkg/opkg_download.c
>> +++ b/libopkg/opkg_download.c
>> @@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
>>
>> {
>> int res;
>> - const char *argv[8];
>> + const char *argv[9];
>> int i = 0;
>>
>> argv[i++] = "wget";
>> argv[i++] = "-q";
>> + if (conf->no_check_certificate) {
>> + argv[i++] = "--no-check-certificate";
>> + }
>> if (conf->http_proxy || conf->ftp_proxy) {
>> argv[i++] = "-Y";
>> argv[i++] = "on";
>> diff --git a/src/opkg-cl.c b/src/opkg-cl.c
>> index c518bfc..0ffad86 100644
>> --- a/src/opkg-cl.c
>> +++ b/src/opkg-cl.c
>> @@ -52,6 +52,7 @@ enum {
>> ARGS_OPT_AUTOREMOVE,
>> ARGS_OPT_CACHE,
>> ARGS_OPT_FORCE_SIGNATURE,
>> + ARGS_OPT_NO_CHECK_CERTIFICATE,
>> ARGS_OPT_SIZE,
>> };
>>
>> @@ -91,6 +92,8 @@ static struct option long_options[] = {
>> {"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
>> {"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
>> {"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
>> + {"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
>> + {"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
>> {"noaction", 0, 0, ARGS_OPT_NOACTION},
>> {"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
>> {"nodeps", 0, 0, ARGS_OPT_NODEPS},
>> @@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
>> case ARGS_OPT_FORCE_SIGNATURE:
>> conf->force_signature = 1;
>> break;
>> + case ARGS_OPT_NO_CHECK_CERTIFICATE:
>> + conf->no_check_certificate = 1;
>
> I think a break is missing in this case.
>
>> case ':':
>> parse_err = -1;
>> break;
>> @@ -335,6 +340,7 @@ static void usage()
>> printf
>> ("\t--force-remove Remove package even if prerm script fails\n");
>> printf("\t--force-checksum Don't fail on checksum mismatches\n");
>> + printf("\t--no-check-certificate Don't validate the server's certificate\n");
>
> In the help text I'd state something like "Do not validate SSL
> certificates."
For reference, the "Don't validate the server's certificate" message
here, is actually copy+pasted from wget's output.
But I'm fine to have it either form.
>
>> printf("\t--noaction No action -- test only\n");
>> printf("\t--download-only No action -- download only\n");
>> printf("\t--nodeps Do not follow dependencies\n");
>
>
> ~ Jo
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list