* rules.mk: Move DOWNLOAD_CHECK_CERTIFICATE to include/download.mk
Move DOWNLOAD_CHECK_CERTIFICATE to include/download.mk as it's a better
place than exporting it in the global rules.mk makefile.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* scripts/download.pl: Make the download tool configurable
Introduce a new option in the "Advanced configuration options" to
configure a custom download tool.
By declaring a string in "Use custom download tool" an user can force
what command to use to download package. With the string empty the
default tool used is curl, with wget as a fallback if not available.
download.pl supports 3 tools officially aria2c, curl and wget.
If one of the tool is used in this config, download.pl will use the
default args to make use of them.
If the provided string is different than aria2c, curl or wget, the command
is used as is and the download url will be appended at the end of such command.
While at it also tweak the tool selection logic and chose the tool only
once when the script is called and move aria2c specific variables in the
relevant section.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* scripts/download.pl: Pass aria2 config in ENV only
The aria2c command tries to load config from
${XDG_CONFIG_HOME:-${HOME}/.config}/aria2/aria2.conf by default,
which may result unexpected behavior.
As a replacement, people can use environment variable ARIA2C_OPTIONS
to custom arguments passed to aria2c like curl and wget below.
Including --conf-path=/path/to/config.conf in ARIA2C_OPTIONS can
also set a custom config file path easily if needed.
Signed-off-by: Zhang Hua <zhanghuadedn@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Zhang Hua <zhanghuadedn@gmail.com>
Co-authored-by: Christian Marangi <ansuelsmth@gmail.com>
Co-authored-by: Zhang Hua <zhanghuadedn@gmail.com>
Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.
TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"
Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* base-files: add option to make /var persistent
In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce
the amount of writes to the flash chip, which often have not the
greatest durability. As a result, things like DHCP or UPnP lease files,
are not persistent across reboots.
Since OpenWrt can run on devices with more durable storage, it makes
sense to have an option for a persistent /var. Add an option to make
/var persistent. When enabled, /var will no longer be symlinked to /tmp,
but /var/run will be symlink to /tmp/run, as it should contains only
files that should not be kept during reboot. The option is off by
default, to maintain the current behaviour.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: fix option to make /var persistent
The option was initially named TARGET_ROOTFS_LN_VAR_TMP, and the check
was correct. When renaming the option to something more suitable, the
check was changed to check for n, but when an option is not set, it's
not n but empty. This results in the check always evaluating to false.
Fix the check by checking for y with ifneq.
Fixes: 57807f50ded6 ("base-files: add option to make /var persistent")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
