From patchwork Thu May 11 14:59:43 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexandru Ardelean <ardeleanalex@gmail.com>
X-Patchwork-Id: 761150
Return-Path: 
 <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3wNxBS18dpz9s8V
	for <incoming@patchwork.ozlabs.org>;
	Fri, 12 May 2017 01:01:03 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="Mzv00fw5";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="GNrBM9zZ"; dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id:
	Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=+qp7sXBktmPLgoAx6pFEzXNx/rLdeaNgqmr0UOL3XTk=;
	b=Mzv00fw5zyHxoK
	mJbCD/FGOQUz6E14clYkNxiUKzeo6UCL8bMLdFoqo6DtxQZORQVI8WUWcWOWMTquE2YTeQtT4ujXg
	nGKWB3yniNMbv+lvA7Md5DiAokJY/UzT8J/srUDUdx6H3JIwr7cH29sf/WuVo7D1ffZvFdOaaZR0l
	NBL6g9KREYJctu4bQicyJ/sIlO874vQHuObG6RE2LoUBJaPvFR3klG55KqsyJEH6dXXcbuGHxXKvG
	wMAE2ntLfY+W2Zs+aMHJGoUVpMr3w3m9BGR1INZaElApH8wsjVhKMQzxl9w/v0c0jkbjm8I9Gn6+U
	TwpHgus78nqQ7uVzzB4A==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1d8paI-0004BX-LG; Thu, 11 May 2017 15:00:54 +0000
Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1d8pZf-0002nD-8V
	for lede-dev@lists.infradead.org; Thu, 11 May 2017 15:00:17 +0000
Received: by mail-wr0-x244.google.com with SMTP id w50so3979870wrc.0
	for <lede-dev@lists.infradead.org>;
	Thu, 11 May 2017 07:59:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=qnWT76P3Sk1FCL43oxhVfKygQQTRSN5IysMroi15XrA=;
	b=GNrBM9zZR79F5HiRRkEh4GHXgY40Ho2H3gQ+mpxijqbuUvpkBNZ1mReOwPbiqr1TLZ
	8NqrKyibenXaxsooOE8MAPrU7EcbRiFkc+l491EtCcKSVwj9QyRVKdarUELdsEZ4tUc/
	V9/mAL2NO2fUOISRk9MNCRLUTVe/DdsyU9/6yzOwEG4u7DBUQm48Bi84BvFiOdosGpc5
	7OCVwshRRvNgO4A1mgjAjWScfy1vL9+7hUeMiXDkWtVye40oc7JeHhQODWq2plVo7Kuh
	gL8YEhSeKWqUdKwY0g8x2jCMmmVRZWwUiSoiPkS0bOAxXXUbRw7DtH4Xw0IYqmaNbSrx
	nN6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=qnWT76P3Sk1FCL43oxhVfKygQQTRSN5IysMroi15XrA=;
	b=AcbAVhY015zpHbGFtdNES9Va4wPswPB4cE3V+jSiyfIvs09pT8GUQShM4m/6dK7++s
	8ckZOX51nWPcCP+AywM83f+6NyiwAJZbu2Ea78GWGlFfXu++YI65XmnngQtyzVu8LTti
	/IhxddRCZvsSFmDvvb0nyXkjEOktfCrA/3TjD9dlUErOmH3TRkOM6glgtCpnJJoN67Yt
	fGbiLpdI3ymuCf2Yro0VFC+cvXP3Hg9eUNfszcLFsTJvtGaU+FVd1HT9/XH12p/D8YAy
	NQx/+NzWHk1/F1KD+nPCcMDeOdN2QYqxzW1yXz4MFfFD2NjJZop5x5un5lH0iRfKQF/s
	3lxg==
X-Gm-Message-State: AODbwcDUxMRvKJeLVnBQY3pMoSapU7deyG+GC6Kkv7uQfn13QVr3uRfr
	BGgSAkmB8p8A5UW9
X-Received: by 10.223.167.153 with SMTP id j25mr581192wrc.101.1494514792505;
	Thu, 11 May 2017 07:59:52 -0700 (PDT)
Received: from localhost.localdomain ([5.2.198.78])
	by smtp.googlemail.com with ESMTPSA id
	k7sm437468wrk.45.2017.05.11.07.59.50
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 11 May 2017 07:59:51 -0700 (PDT)
From: Alexandru Ardelean <ardeleanalex@gmail.com>
To: lede-dev@lists.infradead.org
Date: Thu, 11 May 2017 17:59:43 +0300
Message-Id: <1494514783-28782-1-git-send-email-ardeleanalex@gmail.com>
X-Mailer: git-send-email 2.7.4
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170511_080015_462078_96775EC0 
X-CRM114-Status: GOOD (  12.94  )
X-Spam-Score: -2.0 (--)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-2.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no
	trust [2a00:1450:400c:c0c:0:0:0:244 listed in] [list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (ardeleanalex[at]gmail.com)
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Subject: [LEDE-DEV] [PATCH][opkg-lede] opkg: add --force-ssl argument
X-BeenThere: lede-dev@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <lede-dev.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/lede-dev/>
List-Post: <mailto:lede-dev@lists.infradead.org>
List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>
Cc: Alexandru Ardelean <ardeleanalex@gmail.com>
MIME-Version: 1.0
Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org>
Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

For cases when artifacts are stored on https:// accessible
location and you don't want to install ca-certificates
(for various reasons).

I'll admit, using SSL like this is not recommended,
but since wget (even uclient-fetch) allows the
--no-check-certificate option, it would be nice
for opkg to support setting it if needed/configured.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
---
 libopkg/opkg_conf.c     | 1 +
 libopkg/opkg_conf.h     | 1 +
 libopkg/opkg_download.c | 5 ++++-
 src/opkg-cl.c           | 6 ++++++
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index 589fc49..1890145 100644
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -54,6 +54,7 @@ opkg_option_t options[] = {
 	{"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
 	{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
 	{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
+	{"force_ssl", OPKG_OPT_TYPE_BOOL, &_conf.force_ssl},
 	{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
 	{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
 	{"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 9cf7681..a8c4a9e 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -78,6 +78,7 @@ struct opkg_conf {
 	int force_checksum;
 	int check_signature;
 	int force_signature;
+	int force_ssl;
 	int nodeps;		/* do not follow dependencies */
 	int nocase;		/* perform case insensitive matching */
 	char *offline_root;
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index db4c90f..c8e0013 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
 
 	{
 		int res;
-		const char *argv[8];
+		const char *argv[9];
 		int i = 0;
 
 		argv[i++] = "wget";
 		argv[i++] = "-q";
+		if (conf->force_ssl) {
+			argv[i++] = "--no-check-certificate";
+		}
 		if (conf->http_proxy || conf->ftp_proxy) {
 			argv[i++] = "-Y";
 			argv[i++] = "on";
diff --git a/src/opkg-cl.c b/src/opkg-cl.c
index c518bfc..77f59ff 100644
--- a/src/opkg-cl.c
+++ b/src/opkg-cl.c
@@ -52,6 +52,7 @@ enum {
 	ARGS_OPT_AUTOREMOVE,
 	ARGS_OPT_CACHE,
 	ARGS_OPT_FORCE_SIGNATURE,
+	ARGS_OPT_FORCE_SSL,
 	ARGS_OPT_SIZE,
 };
 
@@ -91,6 +92,8 @@ static struct option long_options[] = {
 	{"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
 	{"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
 	{"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
+	{"force-ssl", 0, 0, ARGS_OPT_FORCE_SSL},
+	{"force_ssl", 0, 0, ARGS_OPT_FORCE_SSL},
 	{"noaction", 0, 0, ARGS_OPT_NOACTION},
 	{"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
 	{"nodeps", 0, 0, ARGS_OPT_NODEPS},
@@ -226,6 +229,8 @@ static int args_parse(int argc, char *argv[])
 		case ARGS_OPT_FORCE_SIGNATURE:
 			conf->force_signature = 1;
 			break;
+		case ARGS_OPT_FORCE_SSL:
+			conf->force_ssl = 1;
 		case ':':
 			parse_err = -1;
 			break;
@@ -335,6 +340,7 @@ static void usage()
 	printf
 	    ("\t--force-remove	Remove package even if prerm script fails\n");
 	printf("\t--force-checksum	Don't fail on checksum mismatches\n");
+	printf("\t--force-ssl		Don't validate the server's certificate\n");
 	printf("\t--noaction		No action -- test only\n");
 	printf("\t--download-only	No action -- download only\n");
 	printf("\t--nodeps		Do not follow dependencies\n");