opkg: add --no-check-certificate argument

For cases when artifacts are stored on https:// accessible
locations and you don't want to install ca-certificates
(for various reasons).

I'll admit, using SSL like this is not recommended,
but since wget (even uclient-fetch) allows the
--no-check-certificate option, it would be nice
for opkg to support setting it if needed/configured.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

libopkg/opkg_conf.c

@@ -54,6 +54,7 @@ opkg_option_t options[] = {
 	{"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
 	{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
 	{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
+	{"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
 	{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
 	{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
 	{"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},

libopkg/opkg_conf.h

@@ -78,6 +78,7 @@ struct opkg_conf {
 	int force_checksum;
 	int check_signature;
 	int force_signature;
+	int no_check_certificate;
 	int nodeps;		/* do not follow dependencies */
 	int nocase;		/* perform case insensitive matching */
 	char *offline_root;

libopkg/opkg_download.c

@@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
 
 	{
 		int res;
-		const char *argv[8];
+		const char *argv[9];
 		int i = 0;
 
 		argv[i++] = "wget";
 		argv[i++] = "-q";
+		if (conf->no_check_certificate) {
+			argv[i++] = "--no-check-certificate";
+		}
 		if (conf->http_proxy || conf->ftp_proxy) {
 			argv[i++] = "-Y";
 			argv[i++] = "on";

src/opkg-cl.c

@@ -52,6 +52,7 @@ enum {
 	ARGS_OPT_AUTOREMOVE,
 	ARGS_OPT_CACHE,
 	ARGS_OPT_FORCE_SIGNATURE,
+	ARGS_OPT_NO_CHECK_CERTIFICATE,
 	ARGS_OPT_SIZE,
 };
 
@@ -91,6 +92,8 @@ static struct option long_options[] = {
 	{"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
 	{"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
 	{"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
+	{"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
+	{"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
 	{"noaction", 0, 0, ARGS_OPT_NOACTION},
 	{"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
 	{"nodeps", 0, 0, ARGS_OPT_NODEPS},
@@ -226,6 +229,9 @@ static int args_parse(int argc, char *argv[])
 		case ARGS_OPT_FORCE_SIGNATURE:
 			conf->force_signature = 1;
 			break;
+		case ARGS_OPT_NO_CHECK_CERTIFICATE:
+			conf->no_check_certificate = 1;
+			break;
 		case ':':
 			parse_err = -1;
 			break;
@@ -335,6 +341,7 @@ static void usage()
 	printf
 	    ("\t--force-remove	Remove package even if prerm script fails\n");
 	printf("\t--force-checksum	Don't fail on checksum mismatches\n");
+	printf("\t--no-check-certificate Don't validate SSL certificates\n");
 	printf("\t--noaction		No action -- test only\n");
 	printf("\t--download-only	No action -- download only\n");
 	printf("\t--nodeps		Do not follow dependencies\n");