Using HTTPS with opkg - Entware/Entware GitHub Wiki

Introduction

If you prefer a secure connection between the Entware repo and your device(s), you can switch from HTTP to HTTPS.

Installation

The opkg package manager uses wget to fetch packages, so you need a version of wget with HTTPS support:

opkg install wget-ssl ca-certificates

Open /opt/etc/opkg.conf with your favorite text editor and replace http://bin.entware.net/… with https://bin.entware.net/….

Using opkg

The system PATH variable may need to be reordered because, for many systems, the paths to Entware binaries may be at the end of the PATH variable. Because opkg calls wget, the shell might use the system's wget instead of Entware's wget (wget returned 1, not a HTTP or FTP URI).

If your device uses a read-only filesystem, making permanent changes to the PATH impossible, the current shell PATH value must be modified for every session. You can store the modified PATH variable somewhere and then import it whenever you want, for example:

Take a look at your current shell paths

# $PATH
-sh: /bin:/usr/bin:/sbin:/usr/sbin:/jffs/sbin:/jffs/bin:/jffs/usr/sbin:/jffs/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin

Reorder them and form the "export PATH=" line, and use echo to write that to a file, like /opt/PATH

# echo export PATH=/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin:/bin:/usr/bin:/sbin:/usr/sbin:/jffs/sbin:/jffs/bin:/jffs/usr/sbin:/jffs/usr/bin: > /opt/PATH

Whenever you need the shell to prioritize Entware, you can quickly change it

# source /opt/PATH

To bring it back to normal, start a new shell or restart the current one

Now opkg should secure connection to repo:

# opkg update
Downloading https://bin.entware.net/mipselsf-k3.4/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/entware

Links

• HTTPS wiki page - https://en.wikipedia.org/wiki/HTTPS
• Basic opkg usage - https://github.com/Entware/Entware/wiki#using-repo