Using HTTPS with opkg
If you prefer a secure connection between the Entware repo and your device(s), you can switch from HTTP to HTTPS.
The opkg package manager uses wget to fetch packages, so you need a version of wget with HTTPS support:
opkg install wget-ssl ca-certificates
Open /opt/etc/opkg.conf with your favorite text editor and replace http://bin.entware.net/… with https://bin.entware.net/….
The system PATH variable may need to be reordered because, for many systems, the paths to Entware binaries may be at the end of the PATH variable. Because opkg calls wget, the shell might use the system's wget instead of Entware's wget (wget returned 1, not a HTTP or FTP URI).
If your device uses a read-only filesystem, making permanent changes to the PATH impossible, the current shell PATH value must be modified for every session. You can store the modified PATH variable somewhere and then import it whenever you want, for example:
Take a look at your current shell paths
# $PATH
-sh: /bin:/usr/bin:/sbin:/usr/sbin:/jffs/sbin:/jffs/bin:/jffs/usr/sbin:/jffs/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin
Reorder them and form the "export PATH=" line, and use echo to write that to a file, like /opt/PATH
# echo export PATH=/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin:/bin:/usr/bin:/sbin:/usr/sbin:/jffs/sbin:/jffs/bin:/jffs/usr/sbin:/jffs/usr/bin: > /opt/PATH
Whenever you need the shell to prioritize Entware, you can quickly change it
# source /opt/PATH
To bring it back to normal, start a new shell or restart the current one
Now opkg should secure connection to repo:
# opkg update
Downloading https://bin.entware.net/mipselsf-k3.4/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/entware
If wget still gives error, check if wget-nossl package is installed and remove it
# opkg list-installed wget-nossl
wget-nossl - 1.24.5-1
# opkg remove wget-nossl
Removing package wget-nossl from root...
- HTTPS wiki page - https://en.wikipedia.org/wiki/HTTPS
- Basic opkg usage - https://github.com/Entware/Entware/wiki#using-repo
- wget doesn't have https support - https://www.snbforums.com/threads/solved-entware-packages-not-updating-wget-doesnt-have-https-support.83180/
- Android
- ASUS stock firmware (ASUSWRT)
- ASUSTOR NAS
- Asuswrt-Merlin
- DD-WRT
- FreshTomato (TomatoUSB)
- Oleg's firmware
- Padavan firmware
- QNAP NAS
- Remarkable tablet
- Synology NAS
- TerraMaster NAS
- Zyxel NAS326 / NAS542
- aria2
- asciinema
- cron
- deluge
- dnscrypt-proxy
- Let's Encrypt (ACME)
- ownCloud
- pyload
- rtmpdump
- rtorrent
- SANE
- tmux
- transmission
- Adding a new package
- Cross-compiling packages from source
- Download mirrors
- Native compilation (using GCC)
