Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#3368 - sysupgrade using CLI require downloading image from https but SSL support is not enabled in official #8231

Open
openwrt-bot opened this issue Oct 4, 2020 · 3 comments
Labels
flyspray release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release

Comments

@openwrt-bot
Copy link

sp31415t1:

Hi,

I would like to submit a feature/enhancement request more than a bug request.

Supply the following if possible:

Since a few month, upgrade images have to be downloaded with https, because http requests are now redirected to https.
I also think that redirecting to https, can be a good idea.

Extract of https://openwrt.org/docs/guide-user/installation/sysupgrade.cli :
Download and check the firmware checksum with:
cd /tmp;wget $DOWNLOAD_LINK;wget $SHA256SUMS;sha256sum -c sha256sums 2>/dev/null|grep OK

When applied to my device and last stable release :
cd /tmp; wget --no-check-certificate "https://downloads.openwrt.org/releases/19.07.4/targets/ramips/mt7621/openwrt-19.07.4-ramips-mt7621-xiaomi_mir3g-squashfs-sysupgrade.bin"
wget: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.

As discussed in forum (https://forum.openwrt.org/t/problem-downloading-openwrt-release-to-router-using-wget/63805), there are alternatives.

But, it's a pain (at least not user friendly) to install a package, in order to download a new image to flash.
Can you add an ssl package to the default packages list ?

Another option is to permit download on http, but may not be the best idea.

I agree about the fact, that adding a package to all images is not so easy and maybe impossible due to space disk considerations.

As an openwrt user, I appreciate all the work, you are doing. Thank you for that project.

Regards,
Serge

@openwrt-bot
Copy link
Author

luizluca:

FYI, the next major release might require ssl for wpa3, which would allow wget https:// by default.

@openwrt-bot
Copy link
Author

ukleinek:

After upgrading for a few iterations (I'm on 19.07.7 now) I still have http: links in /etc/opkg/distfeeds.conf and so I cannot install libustream-.* or ca-bundle. Catch22!

Maybe this is worth to bump the priority a bit?

@openwrt-bot
Copy link
Author

jow-:

The download server has specific exceptions to allow downloading /Packages. and /.ipk URLs via plain HTTP if the requesting user agent is either "uclient-fetch" or "Wget", so opkg specific install issues are unrelated to this ticket (which talks about the ability to fetch images via HTTPS) unless you somehow replaced the download utility used by opkg with something which is neither uclient-fetch nor GNU Wget or Busybox wget.

@aparcar aparcar added the release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release
Projects
None yet
Development

No branches or pull requests

2 participants