A rough writeup for the commandline firmware upgrade wikipage

I bumped into this page: https://www.lede-project.org/docs/guide-quick-start/flashwithssh

And here is my attempt to explain how it works. Please verify, correct and add it to the wiki once it is good enough.

I now used the link to the LEDE snapshot, so once the first LEDE release is a fact then the link should probably point to that.


LEDE commandline firmware upgrade.

in this example i will use the GL.inet AR150 and do the firmware upgrade over SSH.

First i downloaded the firmware image.

In my case it sits in https://downloads.lede-project.org/snapshots/targets/ar71xx/generic/
And the file I need for the AR150 is named: lede-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin

You can use SSH, Putty, Minicom, HOTSSH, Cutecom, Screen or andy other means to get commandline acces to your device over SSH, or serial connection.
First of all connect to the device accordingly to the tool mentioned above. It would be cool to have a seperate manual for all the options. But for now I assume that you have at least one way to connect.

I also assume that the device is connected to the internet via WAN to be able to download the firmware directly from the website.

Once connected and having the command prompt on your terminal-screen you can upload the file to the /tmp folder on the AR150

cd /tmp    
wget http://downloads.lede-project.org/snapshots/targets/ar71xx/generic/lede-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin

once the file is has been downloaded you can flash the it to the ROM with the sysupgrade command as follows

sysupgrade -n -v lede-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin

The firmware will now be flashed to the device. Once the flashing completed the device will reboot.

And at this point you can reach the device at IP 192.168.1.1 Unless otherwise configured..

And you should be able to reach it with SSH:

ssh root@192.168.1.1

Or via USB/serial by for instance using screen:

sudo screen /dev/ttyUSB3 115200

Keep in mind that this last one was done on a GNU/Linux machine, in my case on USB3 and a baudrate of 115200.

That should be it!

When you have the firmware file on your laptop you can also upload the file manually by commandline with the put command

put /Downloads/path_to_your_file/lede-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin /tmp/lede-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin

Once uploaded you can do the sysupgrade command as stated above. This option you may need when you are not having a working internet connection or have other reasons not to be connected to the net when doing this.

[quote="charcoal, post:1, topic:464, full:true"]I bumped into this page: https://www.lede-project.org/docs/guide-quick-start/flashwithssh[/quote]Hm, it seems we need to merge that tutorial with this one (I imported it from OpenWRT wiki and also tested it, seems like richb-hanover didn't notice) https://www.lede-project.org/docs/user-guide/firmware-upgrade
I'm deleting that empty page and redirecting there, which should be enough for now.

@richb-hanover can you take a look at that wiki article and integrate any LuCI steps you didn't already cover? Then I can remove the LuCI steps from that article and it can become the "upgrade from commandline" tutorial. I don't like mixing luci and commandline instructions like that.

[quote]And here is my attempt to explain how it works. Please verify, correct and add it to the wiki once it is good enough.[/quote]I encourage you to add/edit things in the wiki directly. Maintainers are getting notified (well, at least I'm getting notified).
Feel free to a look at the current article and add what you think is missing.

O nice one @bobafetthotmail !
I didn't spot that either.

At first glance i'm missing the manual upload option with the put command that i mentioned at the bottom of my post

I think it would be nice to have a page with a list of commandline tools and the command so initiate a connection.

Specially newcomers may struggle to get a first serial connection for instance.

Also, connecting from an android device may be an interesting one? I never tried it, but now i think of it it would be convenient to have a firmware image on my phone and an option to flash it over a serial connection (Using OTG) to a router that is not connected to the internet.

:slight_smile: i never seen it mentioned before. And i wonder if i can even find an android app to make this work.

but the commandline upgrade by using the put command i would find most important. Since it lets you upgrade even when you don't have a working internet connection.

[quote="charcoal, post:3, topic:464, full:true"]Also, connecting from an android device may be an interesting one? I never tried it, but now i think of it it would be convenient to have a firmware image on my phone and an option to flash it over a serial connection (Using OTG) to a router that is not connected to the internet.[/quote]Over serial? There are quite a few apps that allow you to use a serial dongle over OTG (or connect through SSH if the device is connected to a wifi network) but I don't know if they allow you to use commands to transfer data over the serial connection. (over a network you can transfer whatever, Android has apps making servers of anything)
I think it is probably a bit too niche.

[quote]but the commandline upgrade by using the put command i would find most important. Since it lets you upgrade even when you don't have a working internet connection.
[/quote]You can add it. I have no experience with it so you probably know better there.

Hmm, now i'm unsure myself if this actually works over serial. I did this over ssh and thought it also would work over serial. I first have to try it but i don't want to mess up my current stuff.

Not sure if there are Andriod shh apps then that could eventually do the job as well.

@bobafetthotmail

I just realised that kernel messages on the console might corrupt uploads. So Upload over serial is probably not such a good idea at all. though it should be possible.

Does wget support https links in the default install of LEDE?

@stangri
woops.... i'll change that back to http

Thanks for the heads-up.

[quote="stangri, post:7, topic:464, full:true"]Does wget support https links in the default install of LEDE?[/quote]EDIT: there is something wrong on my side, please disregard this post.

Yes as it isn't wget but uclient-fetch disguised as wget.
that tool can deal with https as by default there is the encryption library needed by dropbear (the ssh server installed by default)
Might need to add a --no-check-certificate option for disable certififcate checking if the device does not have a certificate database (afaik by default it's not installed).

The flip side is that uclient-fetch is unable to download from ftp, unlike true wget.

You're missing the point. But, the main point aside, uclient-fetch does not support https without extra libraries installed and even installing some of those libraries does not guarantee proper https function. So far I know it works with libustream-mbedtls, but it doesn't properly work (or at least didn't work in the past) with libustream-polarssl.

[quote="stangri, post:10, topic:464, full:true"]You're missing the point. But, the main point aside, uclient-fetch does not support https without extra libraries installed and even installing some of those libraries does not guarantee proper https function. So far I know it works with libustream-mbedtls, but it doesn't properly work (or at least didn't work in the past) with libustream-polarssl.
[/quote]EDIT: there is something wrong on my side, please disregard this post.

I tested it on a default install a month ago or so, and it works fine with --no-check-certificate. Only reason why it fails without that option (or the certificate database package that you can also install) is because default install lacks a certificate database so it has no way to check if the certificate is valid or not.

SSL libs for it are installed by default as they are needed by dropbear (ssh server) that is also installed by default.

see here Toward a good "Flashing LEDE Instructions" page

Although I agree that if there is http it's better to use that.

[quote="bobafetthotmail, post:11, topic:464"]
SSL libs for it are installed by default as they are needed by dropbear (ssh server) that is also installed by default.
[/quote]With the default config uclient-fetch does NOT support https. Just like stangri already said. That also matches what Jow said in https://github.com/lede-project/source/pull/463#issuecomment-257545072 to which comment you referred in the linked comment above

Dropbear does NOT require extra ssl support:

  │ Symbol: PACKAGE_dropbear [=y]                                                                              │  
  │ Type  : tristate                                                                                           │  
  │ Prompt: dropbear........................................ Small SSH2 client/server                          │  
  │   Location:                                                                                                │  
  │ (5) -> Base system                                                                                         │  
  │   Defined at tmp/.config-package.in:174                                                                    │  
  │   Selects: PACKAGE_libssp [=n] && PACKAGE_libc [=y] && PACKAGE_libpthread [=n] && PACKAGE_librt [=n]       │  

You can verify that by deleting your .config, launching "make menuconfig" and selecting a simple device like MR3020 without anything else. No additional packages Then look at your .config and try to find ssl support. There is no ssl support.

uhttpd for luci-ssl is the first thing that requires ssl support and installs one of the libustream variants that also provide the ssl support for uclient-fetch. Even selecting plain Luci does not install ssl support.

So, the default flashing instructions should expect only http.

[quote="hnyman, post:12, topic:464, full:true"]You can verify that by deleting your .config, launching "make menuconfig" and selecting a simple device like MR3020 without anything else. No additional packages Then look at your .config and try to find ssl support. There is no ssl support.[/quote]Ok confirmed.

And now I need to figure out why in my router there is ssl support.

Installed adblock?

Reinstall packages: In the docu I found a reference to "scripts in user forums" but no link.
I am using malte Forkels one with success:
https://forum.openwrt.org/viewtopic.php?pid=194478#p194478

Ideally I would like to have a sysupgrade option that not only saves the configruation but the user installed packages as well. Any hints how to code that?

That does not work, given the (library-) dependency differences between old and new firmware, not to mention the needed space for doing so.