6

I'm working on setting up an OPKG repository to be used by embedded linux devices. We'd like to secure the server so that only our devices have access to the packages. I couldn't find any information on how to do this other than some references to http proxy username and passwords. Is there a way this can be achieved? I believe opkg repositories use the same system as ipkg.

gabe_torres
  • 105
  • 1
  • 8
  • I am also looking the same, have you been able to find anything on this? Thanks! – Ahsan Feb 19 '15 at 10:56
  • 1
    @Ahsan, I ended up patching the OPKG source so that it would use HTTP Authentication through libcurl. I have not had a chance to clean up my changes and make a formal contribution to the project but I can definitely send you my changes if you want. – gabe_torres Feb 23 '15 at 14:11
  • Yes, Definitely I need that. You can answer your own question, so that it can help others. Would appreciate if you also mention the steps (commands) to do on`opkg` target side. Thanks! – Ahsan Feb 23 '15 at 15:28
  • @gabe_torres can you please help me with those changes you made as well? I need to secure my OPKG repo too and I would really appreciate your help. If it's not too much I'll appreciate you giving me an email address or something where we can further discuss about this as what to use to make this possible ( ex. weTransfer). only if it's not much of a bother for you, thank you very much! – 123123d Feb 02 '16 at 12:08
  • or maybe @Ahsan ..I see that gabe didn't got online for some time..did you receive those changes from him? I'd really appreciate your help. – 123123d Feb 02 '16 at 12:13
  • @123123d Nope, He didn't respond. – Ahsan Feb 02 '16 at 14:18

2 Answers2

6

You don't really need to modify the sources - compiling OPKG with libcurl will enable http basic auth: ./configure --enable-curl before running make

In opkg.conf just add option http_auth user:pass and it works.

I remember seeing this change was added some time ago - don't recall when or which version but it works with the latest.

danf
  • 2,629
  • 21
  • 28
1

Maybe OPKG changed in time but now I was able to secure repo with basic auth like here HTTP Basic Authentication credentials passed in URL and encryption)

So /etc/opkg/customfeeds.conf contain something like this:

src/gz closed_repo http://login:password@example.com/path/to/repo

Just to be clear: I use lede project build.

Alexander K
  • 11
  • 3