genrandconfig is used in autobuilders, and some autobuilders are running
on old distributions that are lacking the most recent CAs, causing build
failures because package sources can't be retrieved.
Do for the curl backend what we already did a while back for the wget
backend, with commit
0866a280e40a (utils/genrandconfig: use
--no-check-certificate in wget by default); in curl, the equivalent
would be --insecure, and applies to the ftps transport.
The integrity of the downloads are validated against our bundled hashes
so there is no risk of corruption of the downloaded files. The only
issue would be that an MITM could inspect the transaction, the same way
as for the wget --no-check-certificate in
0866a280e40a, but this is not
considered a high-level issue (we're anyway talking FTPS here, that's a
legacy protocol that has other issues).
Signed-off-by: Yann E. MORIN <[email protected]>
Signed-off-by: Thomas Petazzoni <[email protected]>
# Allow hosts with old certificates to download over https
configlines.append("BR2_WGET=\"wget -nd -t 3 --no-check-certificate\"\n")
+ configlines.append("BR2_CURL=\"curl --ftp-pasv --retry 3 --insecure\"\n")
# Per-package folder
if randint(0, 15) == 0:
projects / buildroot-mgba.git / commitdiff