OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version openwrt-19.07
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by sp31415t1 - 04.10.2020

FS#3368 - sysupgrade using CLI require downloading image from https but SSL support is not enabled in official

Hi,

I would like to submit a feature/enhancement request more than a bug request.

Supply the following if possible:
- Device problem occurs on
tested on xiaomi mi wifi 3G v1 (https://openwrt.org/toh/hwdata/xiaomi/xiaomi_miwifi_3g)
but probably occuring for all devices
- Software versions of OpenWrt/LEDE release, packages, etc.
OpenWrt 19.07.4
- Steps to reproduce
1/ upgrade to last stable firmware, so currently 19.07.4
2/ try to download the sysupgrade image
cd /tmp; wget –no-check-certificate “https://downloads.openwrt.org/releases/19.07.4/targets/ramips/mt7621/openwrt-19.07.4-ramips-mt7621-xiaomi_mir3g-squashfs-sysupgrade.bin” wget: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.

Since a few month, upgrade images have to be downloaded with https, because http requests are now redirected to https.
I also think that redirecting to https, can be a good idea.

Extract of https://openwrt.org/docs/guide-user/installation/sysupgrade.cli :
Download and check the firmware checksum with:
cd /tmp;wget $DOWNLOAD_LINK;wget $SHA256SUMS;sha256sum -c sha256sums 2>/dev/null|grep OK

When applied to my device and last stable release :
cd /tmp; wget –no-check-certificate “https://downloads.openwrt.org/releases/19.07.4/targets/ramips/mt7621/openwrt-19.07.4-ramips-mt7621-xiaomi_mir3g-squashfs-sysupgrade.bin” wget: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.

As discussed in forum (https://forum.openwrt.org/t/problem-downloading-openwrt-release-to-router-using-wget/63805), there are alternatives.

But, it’s a pain (at least not user friendly) to install a package, in order to download a new image to flash.
Can you add an ssl package to the default packages list ?

Another option is to permit download on http, but may not be the best idea.

I agree about the fact, that adding a package to all images is not so easy and maybe impossible due to space disk considerations.

As an openwrt user, I appreciate all the work, you are doing. Thank you for that project.

Regards,
Serge

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing