Re: [LEDE-DEV] [PATCH] opkg: add --no-check-certificate argument

2017-05-11 Thread Alexandru Ardelean 
On Thu, May 11, 2017 at 6:42 PM, Jo-Philipp Wich  wrote:
> Hi,
>
> comments inline.
>
>> ---
>>  libopkg/opkg_conf.c | 1 +
>>  libopkg/opkg_conf.h | 1 +
>>  libopkg/opkg_download.c | 5 -
>>  src/opkg-cl.c   | 6 ++
>>  4 files changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
>> index 589fc49..bab8f57 100644
>> --- a/libopkg/opkg_conf.c
>> +++ b/libopkg/opkg_conf.c
>> @@ -54,6 +54,7 @@ opkg_option_t options[] = {
>>   {"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
>>   {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
>>   {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
>> + {"no_check_certificate", OPKG_OPT_TYPE_BOOL, 
>> &_conf.no_check_certificate},
>>   {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
>>   {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
>>   {"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
>> diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
>> index 9cf7681..b63a1e6 100644
>> --- a/libopkg/opkg_conf.h
>> +++ b/libopkg/opkg_conf.h
>> @@ -78,6 +78,7 @@ struct opkg_conf {
>>   int force_checksum;
>>   int check_signature;
>>   int force_signature;
>> + int no_check_certificate;
>>   int nodeps; /* do not follow dependencies */
>>   int nocase; /* perform case insensitive matching */
>>   char *offline_root;
>> diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
>> index db4c90f..36db231 100644
>> --- a/libopkg/opkg_download.c
>> +++ b/libopkg/opkg_download.c
>> @@ -87,11 +87,14 @@ opkg_download(const char *src, const char 
>> *dest_file_name,
>>
>>   {
>>   int res;
>> - const char *argv[8];
>> + const char *argv[9];
>>   int i = 0;
>>
>>   argv[i++] = "wget";
>>   argv[i++] = "-q";
>> + if (conf->no_check_certificate) {
>> + argv[i++] = "--no-check-certificate";
>> + }
>>   if (conf->http_proxy || conf->ftp_proxy) {
>>   argv[i++] = "-Y";
>>   argv[i++] = "on";
>> diff --git a/src/opkg-cl.c b/src/opkg-cl.c
>> index c518bfc..0ffad86 100644
>> --- a/src/opkg-cl.c
>> +++ b/src/opkg-cl.c
>> @@ -52,6 +52,7 @@ enum {
>>   ARGS_OPT_AUTOREMOVE,
>>   ARGS_OPT_CACHE,
>>   ARGS_OPT_FORCE_SIGNATURE,
>> + ARGS_OPT_NO_CHECK_CERTIFICATE,
>>   ARGS_OPT_SIZE,
>>  };
>>
>> @@ -91,6 +92,8 @@ static struct option long_options[] = {
>>   {"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
>>   {"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
>>   {"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
>> + {"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
>> + {"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
>>   {"noaction", 0, 0, ARGS_OPT_NOACTION},
>>   {"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
>>   {"nodeps", 0, 0, ARGS_OPT_NODEPS},
>> @@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
>>   case ARGS_OPT_FORCE_SIGNATURE:
>>   conf->force_signature = 1;
>>   break;
>> + case ARGS_OPT_NO_CHECK_CERTIFICATE:
>> + conf->no_check_certificate = 1;
>
> I think a break is missing in this case.
>
>>   case ':':
>>   parse_err = -1;
>>   break;
>> @@ -335,6 +340,7 @@ static void usage()
>>   printf
>>   ("\t--force-remove  Remove package even if prerm script fails\n");
>>   printf("\t--force-checksum  Don't fail on checksum mismatches\n");
>> + printf("\t--no-check-certificate Don't validate the server's 
>> certificate\n");
>
> In the help text I'd state something like "Do not validate SSL
> certificates."

For reference, the "Don't validate the server's certificate" message
here, is actually copy+pasted from wget's output.
But I'm fine to have it either form.

>
>>   printf("\t--noactionNo action -- test only\n");
>>   printf("\t--download-only   No action -- download only\n");
>>   printf("\t--nodeps  Do not follow dependencies\n");
>
>
> ~ Jo
>
>
> ___
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] [PATCH] opkg: add --no-check-certificate argument

2017-05-11 Thread Jo-Philipp Wich 
Hi,

comments inline.

> ---
>  libopkg/opkg_conf.c | 1 +
>  libopkg/opkg_conf.h | 1 +
>  libopkg/opkg_download.c | 5 -
>  src/opkg-cl.c   | 6 ++
>  4 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
> index 589fc49..bab8f57 100644
> --- a/libopkg/opkg_conf.c
> +++ b/libopkg/opkg_conf.c
> @@ -54,6 +54,7 @@ opkg_option_t options[] = {
>   {"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
>   {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
>   {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
> + {"no_check_certificate", OPKG_OPT_TYPE_BOOL, 
> &_conf.no_check_certificate},
>   {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
>   {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
>   {"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
> diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
> index 9cf7681..b63a1e6 100644
> --- a/libopkg/opkg_conf.h
> +++ b/libopkg/opkg_conf.h
> @@ -78,6 +78,7 @@ struct opkg_conf {
>   int force_checksum;
>   int check_signature;
>   int force_signature;
> + int no_check_certificate;
>   int nodeps; /* do not follow dependencies */
>   int nocase; /* perform case insensitive matching */
>   char *offline_root;
> diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
> index db4c90f..36db231 100644
> --- a/libopkg/opkg_download.c
> +++ b/libopkg/opkg_download.c
> @@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
>  
>   {
>   int res;
> - const char *argv[8];
> + const char *argv[9];
>   int i = 0;
>  
>   argv[i++] = "wget";
>   argv[i++] = "-q";
> + if (conf->no_check_certificate) {
> + argv[i++] = "--no-check-certificate";
> + }
>   if (conf->http_proxy || conf->ftp_proxy) {
>   argv[i++] = "-Y";
>   argv[i++] = "on";
> diff --git a/src/opkg-cl.c b/src/opkg-cl.c
> index c518bfc..0ffad86 100644
> --- a/src/opkg-cl.c
> +++ b/src/opkg-cl.c
> @@ -52,6 +52,7 @@ enum {
>   ARGS_OPT_AUTOREMOVE,
>   ARGS_OPT_CACHE,
>   ARGS_OPT_FORCE_SIGNATURE,
> + ARGS_OPT_NO_CHECK_CERTIFICATE,
>   ARGS_OPT_SIZE,
>  };
>  
> @@ -91,6 +92,8 @@ static struct option long_options[] = {
>   {"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
>   {"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
>   {"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
> + {"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
> + {"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
>   {"noaction", 0, 0, ARGS_OPT_NOACTION},
>   {"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
>   {"nodeps", 0, 0, ARGS_OPT_NODEPS},
> @@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
>   case ARGS_OPT_FORCE_SIGNATURE:
>   conf->force_signature = 1;
>   break;
> + case ARGS_OPT_NO_CHECK_CERTIFICATE:
> + conf->no_check_certificate = 1;

I think a break is missing in this case.

>   case ':':
>   parse_err = -1;
>   break;
> @@ -335,6 +340,7 @@ static void usage()
>   printf
>   ("\t--force-remove  Remove package even if prerm script fails\n");
>   printf("\t--force-checksum  Don't fail on checksum mismatches\n");
> + printf("\t--no-check-certificate Don't validate the server's 
> certificate\n");

In the help text I'd state something like "Do not validate SSL
certificates."

>   printf("\t--noactionNo action -- test only\n");
>   printf("\t--download-only   No action -- download only\n");
>   printf("\t--nodeps  Do not follow dependencies\n");


~ Jo


___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

[LEDE-DEV] [PATCH] opkg: add --no-check-certificate argument

2017-05-11 Thread Alexandru Ardelean 
For cases when artifacts are stored on https:// accessible
location and you don't want to install ca-certificates
(for various reasons).

I'll admit, using SSL like this is not recommended,
but since wget (even uclient-fetch) allows the
--no-check-certificate option, it would be nice
for opkg to support setting it if needed/configured.

Signed-off-by: Alexandru Ardelean 
---
 libopkg/opkg_conf.c | 1 +
 libopkg/opkg_conf.h | 1 +
 libopkg/opkg_download.c | 5 -
 src/opkg-cl.c   | 6 ++
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index 589fc49..bab8f57 100644
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -54,6 +54,7 @@ opkg_option_t options[] = {
{"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
+   {"no_check_certificate", OPKG_OPT_TYPE_BOOL, 
&_conf.no_check_certificate},
{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
{"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 9cf7681..b63a1e6 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -78,6 +78,7 @@ struct opkg_conf {
int force_checksum;
int check_signature;
int force_signature;
+   int no_check_certificate;
int nodeps; /* do not follow dependencies */
int nocase; /* perform case insensitive matching */
char *offline_root;
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index db4c90f..36db231 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
 
{
int res;
-   const char *argv[8];
+   const char *argv[9];
int i = 0;
 
argv[i++] = "wget";
argv[i++] = "-q";
+   if (conf->no_check_certificate) {
+   argv[i++] = "--no-check-certificate";
+   }
if (conf->http_proxy || conf->ftp_proxy) {
argv[i++] = "-Y";
argv[i++] = "on";
diff --git a/src/opkg-cl.c b/src/opkg-cl.c
index c518bfc..0ffad86 100644
--- a/src/opkg-cl.c
+++ b/src/opkg-cl.c
@@ -52,6 +52,7 @@ enum {
ARGS_OPT_AUTOREMOVE,
ARGS_OPT_CACHE,
ARGS_OPT_FORCE_SIGNATURE,
+   ARGS_OPT_NO_CHECK_CERTIFICATE,
ARGS_OPT_SIZE,
 };
 
@@ -91,6 +92,8 @@ static struct option long_options[] = {
{"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
{"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
{"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
+   {"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
+   {"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
{"noaction", 0, 0, ARGS_OPT_NOACTION},
{"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
{"nodeps", 0, 0, ARGS_OPT_NODEPS},
@@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
case ARGS_OPT_FORCE_SIGNATURE:
conf->force_signature = 1;
break;
+   case ARGS_OPT_NO_CHECK_CERTIFICATE:
+   conf->no_check_certificate = 1;
case ':':
parse_err = -1;
break;
@@ -335,6 +340,7 @@ static void usage()
printf
("\t--force-remove  Remove package even if prerm script fails\n");
printf("\t--force-checksum  Don't fail on checksum mismatches\n");
+   printf("\t--no-check-certificate Don't validate the server's 
certificate\n");
printf("\t--noactionNo action -- test only\n");
printf("\t--download-only   No action -- download only\n");
printf("\t--nodeps  Do not follow dependencies\n");
-- 
2.7.4


___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev