Upgrading OpenWrt firmware using CLI

Talk about Documentation
1

Hi,

On the section Download and verify the OpenWrt firmware upgrade image, it wroted to use the command wget to retrieve the firmware and the sha256 checksum files.

But, I have realized, at least since version 19.07.4, when I'm using this tool:

# v="19.07.5"
# wget https://downloads.openwrt.org/releases/"${v}"/targets/ramips/mt7621/{openwrt-"${v}"-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin,sha256sums}
wget: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.
# wget http://downloads.openwrt.org/releases/"${v}"/targets/ramips/mt7621/{openwrt-"${v}"-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin,sha256sums}
Downloading 'http://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/{openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin,sha256sums}'
Connecting to 2a01:4f8:251:321::2:80
Failed to redirect to /releases/19.07.5/targets/ramips/mt7621/{openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin,sha256sums} on downloads.openwrt.org

Perhaps, indicate to use curl after install-it?!
(or indicate the install of needed libustream*…)

1 Like
2

BusyBox Ash cannot expand curly brackets.
Use space separated URL arguments.
Or invoke the download command separately for each URL.
And install the missing packages:

1 Like
3

OpenWrt server no longer allows http for images. As the error message says, you need to install libustream-wolfssl and ca-bundle to enable https support to wget. This requires about 1 MB of flash space. wolfssl is the smallest option if you don't already have another ssl library. If something depending on for example openssl is already installed, use libustream-openssl.

Technically you don't need ca-bundle, as you can choose not to verify the server certificate with --no-check-certificate, but that's insecure.

4

The servers do support plain http just fine, but you need to feed wget with a http:// address (and not https:// as in the pasted excerpt).

5

That used to work, but starting about last year it results in "Failure to redirect" because wget without ssl libraries can't make a redirect to https as the server insists.

root@OpenWrt:/tmp# wget http://downloads.openwrt.org/releases/19.07.5/targets/r
amips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin
Downloading 'http://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin'
Connecting to 168.119.138.211:80
Failed to redirect to /releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin on downloads.openwrt.org
2 Likes
6

pfff. It's run without no problem with curl !!!
It's not a bashism. It exists on few shell, and run on ash too:

# echo $SHELL
/bin/ash

# v="19.07.5"
# curl -O https://downloads.openwrt.org/releases/"${v}"/targets/ramips/mt7621/{openwrt-"${v}"-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin,sha256sums}

[1/2]: https://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin --> openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin
--_curl_--https://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3560k  100 3560k    0     0   886k      0  0:00:04  0:00:04 --:--:--  947k

[2/2]: https://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/sha256sums --> sha256sums
--_curl_--https://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/sha256sums
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  116k  100  116k    0     0   725k      0 --:--:-- --:--:-- --:--:--  725k

# sha256sum -c sha256sums 2> /dev/null | grep OK 
openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin: OK

for those who focus on the "must" saying problem with brackets:

# wget https://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin
wget: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.

# wget http://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin
Downloading 'http://downloads.openwrt.org/releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin'
Connecting to 168.119.138.211:80
Failed to redirect to /releases/19.07.5/targets/ramips/mt7621/openwrt-19.07.5-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin on downloads.openwrt.org

But in the fact, if you use or indicate to use wget, the user cant download firmware nor checksum files!

Yes.
(Personally, I prefer to install curl.)

It seems to me that readers should be warned of the necessity to install the lib in question or to use another tool, such as curl!
because in the state, they won't be able to download neither the firmware nor anything else....

7 
# touch {1,2}

# ls {1,2}
{1,2}

# echo ${SHELL}
/bin/ash

wget != curl

Read the warning:

Install the packages.

No problem.

8

this is not the problem, and the reason about my request here!
as I wrote in my previous post:

in fact, they are obliged to install some non-native binary to the system to be able to download the needed files.

9

Apparently I didn't fall into that trap last time (mostly using self-built images and including openssl anyways), however using the mirrors will work for most of them using plain http.