From patchwork Thu May 11 15:38:43 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexandru Ardelean <ardeleanalex@gmail.com>
X-Patchwork-Id: 761212
Return-Path: 
 <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3wNy2d37Vsz9s2s
	for <incoming@patchwork.ozlabs.org>;
	Fri, 12 May 2017 01:39:21 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="DMdZzYfn";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="uIa4Nz/F"; dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id:
	Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=8b7hM4YkShTTZF9ESgVfR7YCB9rRBn6QCtNFrCeh0y4=;
	b=DMdZzYfnqYzFtd
	PFB+yJCv0BktVXPBv7SdhekndYSRoPGSfaxIWCv6yxxkALEr7fpREHOtq3FhWK1EY4AbJBObe9Nda
	B/r2L2Dn1z5q1dfCNsF/jwjCb+sBfPDNR/3RekZUmcY96334VmVTKTtXIt2Fy8mvlRwwlPQfvjpSB
	QuHXr0kHMHlVWDEjZYHC4ly60/ZHop/Cyb5F2QENIlHv+mKQIC73DaP+VICZEIt0n2ir9TxXmOGjF
	55Bm+q8ZnDEwBvdqo1fQeVOZaTTLPKjcTqD7tagFIMj8mRzQI4/Oi9qlNZzXJzpov2uDfBINoRV8D
	ggnHG/GJbPV6swUCGfRA==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1d8qBQ-0001e2-4I; Thu, 11 May 2017 15:39:16 +0000
Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1d8qBM-0001aY-Ug
	for lede-dev@lists.infradead.org; Thu, 11 May 2017 15:39:14 +0000
Received: by mail-wr0-x242.google.com with SMTP id w50so4136985wrc.0
	for <lede-dev@lists.infradead.org>;
	Thu, 11 May 2017 08:38:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=GU6ZTbmhMb0duDMwQ9EIQX1jxzxbqfUD/XNqdAWsANI=;
	b=uIa4Nz/F1c0VFZ/sa5zFn3N5nOREflEPwFNFNKHwDOZ4BlhoKXB78DJPeu8pKWOWvM
	8W5WGgKONWP+9sMrRIT55uP10OfB6VvEw1f5K7Ujh1fzoQ9hwo6PPibhFnKruUQlY9+q
	0hjY+z1qjGqH+Elsl3o8Fha/J6EONHRuwz7onU+vyo3oINZA1aK7c4NOZ7xhbLcqLE0D
	Ghz0ASKatL4fPNVkJ1E7/C8oo+HnuJApSMEH4AyeseXaG8IxF7Vmn3q8nPiSk/pmbXVE
	90gJd6t7/6O+Ltc2LfJlozf6Q2M8sP5tO30xmOn/Q8vZr8dVk6UU9cXxuPRvBRSeLKc/
	J9uA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=GU6ZTbmhMb0duDMwQ9EIQX1jxzxbqfUD/XNqdAWsANI=;
	b=F9EpiriOPmk4TZ2V/3BugM4Ed1V8SL2k8yMHQR29WlBntX3vrv/A7eTdp+3EUuaTjl
	16LNNYJibev99CgDM+NGx7DGsXwNzp37YmerK+K97ltGecqSUGEra7s8i+CGRDNzSaDr
	bnTL0GOyCKiLssKGvFKt7e2XT0uDga1wGldt/9HO/KNzMImIeORr369vY0bP+0jmloCf
	Aq5b+vna//eXqItUouDqpKrcDxcyyiAP9o1ag2HlX3G7L7pj63Dzy9pdch0QH+sRAGg1
	nqcubuDt8Rj/2ZNiX2y5Uz/GzgnAF7JSMUsfpr7LWzZ2Up6uJJhyO5weUWJHdlyl1WDR
	PWAA==
X-Gm-Message-State: AODbwcA2umv5fUKec4RFGIADG0bTXmNeTotaPha2Iqb522+EPhUTtbtp
	6O8WI2tlrydDUEPP
X-Received: by 10.223.133.35 with SMTP id 32mr734450wrh.200.1494517130778;
	Thu, 11 May 2017 08:38:50 -0700 (PDT)
Received: from localhost.localdomain ([5.2.198.78])
	by smtp.googlemail.com with ESMTPSA id
	f2sm1017760wmh.27.2017.05.11.08.38.48
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 11 May 2017 08:38:49 -0700 (PDT)
From: Alexandru Ardelean <ardeleanalex@gmail.com>
To: lede-dev@lists.infradead.org
Date: Thu, 11 May 2017 18:38:43 +0300
Message-Id: <1494517123-13094-1-git-send-email-ardeleanalex@gmail.com>
X-Mailer: git-send-email 2.7.4
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170511_083913_150962_7CFB3653 
X-CRM114-Status: GOOD (  12.76  )
X-Spam-Score: -2.0 (--)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-2.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no
	trust [2a00:1450:400c:c0c:0:0:0:242 listed in] [list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (ardeleanalex[at]gmail.com)
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Subject: [LEDE-DEV] [PATCH] opkg: add --no-check-certificate argument
X-BeenThere: lede-dev@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <lede-dev.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/lede-dev/>
List-Post: <mailto:lede-dev@lists.infradead.org>
List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>
Cc: Alexandru Ardelean <ardeleanalex@gmail.com>
MIME-Version: 1.0
Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org>
Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

For cases when artifacts are stored on https:// accessible
location and you don't want to install ca-certificates
(for various reasons).

I'll admit, using SSL like this is not recommended,
but since wget (even uclient-fetch) allows the
--no-check-certificate option, it would be nice
for opkg to support setting it if needed/configured.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
---
 libopkg/opkg_conf.c     | 1 +
 libopkg/opkg_conf.h     | 1 +
 libopkg/opkg_download.c | 5 ++++-
 src/opkg-cl.c           | 6 ++++++
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index 589fc49..bab8f57 100644
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -54,6 +54,7 @@ opkg_option_t options[] = {
 	{"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
 	{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
 	{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
+	{"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
 	{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
 	{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
 	{"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 9cf7681..b63a1e6 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -78,6 +78,7 @@ struct opkg_conf {
 	int force_checksum;
 	int check_signature;
 	int force_signature;
+	int no_check_certificate;
 	int nodeps;		/* do not follow dependencies */
 	int nocase;		/* perform case insensitive matching */
 	char *offline_root;
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index db4c90f..36db231 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
 
 	{
 		int res;
-		const char *argv[8];
+		const char *argv[9];
 		int i = 0;
 
 		argv[i++] = "wget";
 		argv[i++] = "-q";
+		if (conf->no_check_certificate) {
+			argv[i++] = "--no-check-certificate";
+		}
 		if (conf->http_proxy || conf->ftp_proxy) {
 			argv[i++] = "-Y";
 			argv[i++] = "on";
diff --git a/src/opkg-cl.c b/src/opkg-cl.c
index c518bfc..0ffad86 100644
--- a/src/opkg-cl.c
+++ b/src/opkg-cl.c
@@ -52,6 +52,7 @@ enum {
 	ARGS_OPT_AUTOREMOVE,
 	ARGS_OPT_CACHE,
 	ARGS_OPT_FORCE_SIGNATURE,
+	ARGS_OPT_NO_CHECK_CERTIFICATE,
 	ARGS_OPT_SIZE,
 };
 
@@ -91,6 +92,8 @@ static struct option long_options[] = {
 	{"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
 	{"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
 	{"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
+	{"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
+	{"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
 	{"noaction", 0, 0, ARGS_OPT_NOACTION},
 	{"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
 	{"nodeps", 0, 0, ARGS_OPT_NODEPS},
@@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
 		case ARGS_OPT_FORCE_SIGNATURE:
 			conf->force_signature = 1;
 			break;
+		case ARGS_OPT_NO_CHECK_CERTIFICATE:
+			conf->no_check_certificate = 1;
 		case ':':
 			parse_err = -1;
 			break;
@@ -335,6 +340,7 @@ static void usage()
 	printf
 	    ("\t--force-remove	Remove package even if prerm script fails\n");
 	printf("\t--force-checksum	Don't fail on checksum mismatches\n");
+	printf("\t--no-check-certificate Don't validate the server's certificate\n");
 	printf("\t--noaction		No action -- test only\n");
 	printf("\t--download-only	No action -- download only\n");
 	printf("\t--nodeps		Do not follow dependencies\n");