[FS#3368] sysupgrade using CLI require downloading image from https but SSL support is not enabled in official

Sun Oct 4 10:37:14 EDT 2020

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - sp31415t1 (sp31415t1) 

Attached to Project - OpenWrt/LEDE Project
Summary - sysupgrade using CLI require downloading image from https but SSL support is not enabled in official
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - openwrt-19.07
Due in Version - Undecided
Due Date - Undecided
Details - Hi,

I would like to submit a feature/enhancement request more than a bug request.

Supply the following if possible:
 - Device problem occurs on
tested on xiaomi mi wifi 3G v1 (https://openwrt.org/toh/hwdata/xiaomi/xiaomi_miwifi_3g)
but probably occuring for all devices
 - Software versions of OpenWrt/LEDE release, packages, etc.
OpenWrt 19.07.4
 - Steps to reproduce
1/ upgrade to last stable firmware, so currently 19.07.4
2/ try to download the sysupgrade image
cd /tmp; wget --no-check-certificate "https://downloads.openwrt.org/releases/19.07.4/targets/ramips/mt7621/openwrt-19.07.4-ramips-mt7621-xiaomi_mir3g-squashfs-sysupgrade.bin"
wget: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.

Since a few month, upgrade images have to be downloaded with https, because http requests are now redirected to https.
I also think that redirecting to https, can be a good idea.

Extract of https://openwrt.org/docs/guide-user/installation/sysupgrade.cli :
 Download and check the firmware checksum with:
cd /tmp;wget $DOWNLOAD_LINK;wget $SHA256SUMS;sha256sum -c sha256sums 2>/dev/null|grep OK

When applied to my device and last stable release :
cd /tmp; wget --no-check-certificate "https://downloads.openwrt.org/releases/19.07.4/targets/ramips/mt7621/openwrt-19.07.4-ramips-mt7621-xiaomi_mir3g-squashfs-sysupgrade.bin"
wget: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.

As discussed in forum (https://forum.openwrt.org/t/problem-downloading-openwrt-release-to-router-using-wget/63805), there are alternatives.

But, it's a pain (at least not user friendly) to install a package, in order to download a new image to flash.
Can you add an ssl package to the default packages list ?

Another option is to permit download on http, but may not be the best idea.

I agree about the fact, that adding a package to all images is not so easy and maybe impossible due to space disk considerations.

As an openwrt user, I appreciate all the work, you are doing. Thank you for that project.

Regards,
Serge

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3368

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.