| Message ID | 20200825223743.2661355-1-mail@aparcar.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v3] treewide: switch to HTTPS by default | expand |
On 25-08-20, Paul Spooren wrote: > From: Petr Štetiar <ynezz@true.cz> > > As there is now wolfSSL included by default due to SAE/WPA3 we can > finally switch to TLS/SSL in other parts as well. The commit message needs improvement, especially "treewide: switch to HTTPS by default". What is switched to HTTPS exactly? It could be source download URL, package download URL on the device, package download URL on the imagebuilder... What parts of OpenWrt are expected to be impacted by this? Other comments below: > --- a/include/target.mk > +++ b/include/target.mk > @@ -13,13 +13,41 @@ __target_inc=1 > DEVICE_TYPE?=router > > # Default packages - the really basic set > -DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd > +DEFAULT_PACKAGES:=\ > + base-files \ > + busybox \ > + ca-bundle \ > + dropbear \ > + fstools \ > + libc \ > + libgcc \ > + logd \ > + mtd \ > + netifd \ > + opkg \ > + uci \ > + uclient-fetch \ > + urandom-seed \ > + urngd This is hard to read, please drop the cosmetic changes or move them to a separate commit. Also, it seems it's missing the actual change, i.e. libustream-wolfssl? > --- a/include/version.mk > +++ b/include/version.mk > @@ -32,7 +32,7 @@ VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE)) > VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION)) > > VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO)) > -VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/snapshots) > +VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots) > > VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST)) > VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt) VERSION_REPO needs to be updated as well in package/base-files/image-config.in It's not used by default (because it's guarded by IMAGEOPT and VERSIONOPT) but it can be used to customize the download URL. So it's more logical if it starts with the same value as the default download URL. Also, several scripts will need adaptation: - makebranch.sh in maintainer-tools - maketag.sh in maintainer-tools. This one should be adapted carefully so that it still works for 19.07.X. Baptiste
diff --git a/include/target.mk b/include/target.mk index 6ed6565bda..aa405c3427 100644 --- a/include/target.mk +++ b/include/target.mk @@ -13,13 +13,41 @@ __target_inc=1 DEVICE_TYPE?=router # Default packages - the really basic set -DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd +DEFAULT_PACKAGES:=\ + base-files \ + busybox \ + ca-bundle \ + dropbear \ + fstools \ + libc \ + libgcc \ + logd \ + mtd \ + netifd \ + opkg \ + uci \ + uclient-fetch \ + urandom-seed \ + urngd # For the basic set DEFAULT_PACKAGES.basic:= # For nas targets -DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm +DEFAULT_PACKAGES.nas:=\ + block-mount \ + fdisk \ + lsblk \ + mdadm # For router targets -DEFAULT_PACKAGES.router:=dnsmasq iptables ip6tables ppp ppp-mod-pppoe firewall odhcpd-ipv6only odhcp6c kmod-ipt-offload +DEFAULT_PACKAGES.router:=\ + dnsmasq \ + firewall \ + ip6tables \ + iptables \ + kmod-ipt-offload \ + odhcp6c \ + odhcpd-ipv6only \ + ppp \ + ppp-mod-pppoe ifneq ($(DUMP),) all: dumpinfo diff --git a/include/version.mk b/include/version.mk index 7d3c1ad640..b7f42e13bb 100644 --- a/include/version.mk +++ b/include/version.mk @@ -32,7 +32,7 @@ VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE)) VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION)) VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO)) -VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/snapshots) +VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots) VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST)) VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)