blob: 06df284254956e45b5f68b418e6a89ce09f4d168 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
.. SPDX-License-Identifier: GPL-2.0+:
.. index::
single: wget (command)
wget command
============
Synopsis
--------
::
wget [address] [host:]path
wget [address] url # lwIP only
wget cacert none|optional|required # lwIP only
wget cacert <address> <size> # lwIP only
Description
-----------
The wget command is used to download a file from an HTTP(S) server.
In order to use HTTPS you will need to compile wget with lwIP support.
Legacy syntax
~~~~~~~~~~~~~
The legacy syntax is supported by the legacy network stack (CONFIG_NET=y)
as well as by the lwIP base network stack (CONFIG_NET_LWIP=y). It supports HTTP
only.
By default the destination port is 80 and the source port is pseudo-random.
On the legacy nework stack the environment variable *httpdstp* can be used to
set the destination port
address
memory address for the data downloaded
host
IP address (or host name if `CONFIG_CMD_DNS` is enabled) of the HTTP
server, defaults to the value of environment variable *serverip*.
path
path of the file to be downloaded.
New syntax (lwIP only)
~~~~~~~~~~~~~~~~~~~~~~
In addition to the syntax described above, wget accepts URLs if the network
stack is lwIP.
address
memory address for the data downloaded
url
HTTP or HTTPS URL, that is: http[s]://<host>[:<port>]/<path>.
The cacert (stands for 'Certification Authority certificates') subcommand is
used to provide root certificates for the purpose of HTTPS authentication. It
also allows to enable or disable authentication.
wget cacert <address> <size>
address
memory address of the root certificates in X509 DER format
size
the size of the root certificates
wget cacert none|optional|required
none
certificate verification is disabled. HTTPS is used without any server
authentication (unsafe)
optional
certificate verification is enabled provided root certificates have been
provided via wget cacert <addr> <size> or wget cacert builtin. Otherwise
HTTPS is used without any server authentication (unsafe).
required
certificate verification is mandatory. If no root certificates have been
configured, HTTPS transfers will fail.
Examples
--------
Example with the legacy network stack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the example the following steps are executed:
* setup client network address
* download a file from the HTTP server
::
=> setenv autoload no
=> dhcp
BOOTP broadcast 1
*** Unhandled DHCP Option in OFFER/ACK: 23
*** Unhandled DHCP Option in OFFER/ACK: 23
DHCP client bound to address 192.168.1.105 (210 ms)
=> wget ${loadaddr} 192.168.1.254:/index.html
HTTP/1.0 302 Found
Packets received 4, Transfer Successful
Example with lwIP
~~~~~~~~~~~~~~~~~
In the example the following steps are executed:
* setup client network address
* download a file from the HTTPS server
::
=> dhcp
DHCP client bound to address 10.0.2.15 (3 ms)
=> wget https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.4-aarch64-minimal.iso
##########################################################################
##########################################################################
##########################################################################
[...]
1694892032 bytes transferred in 492181 ms (3.3 MiB/s)
Bytes transferred = 1694892032 (65060000 hex)
Here is an example showing how to configure built-in root certificates as
well as providing some at run time. In this example it is assumed that
CONFIG_WGET_BUILTIN_CACERT_PATH=DigiCertTLSRSA4096RootG5.crt downloaded from
https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt.
::
# Make sure IP is configured
=> dhcp
# When built-in certificates are configured, authentication is mandatory
# (i.e., "wget cacert required"). Use a test server...
=> wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/
1864 bytes transferred in 1 ms (1.8 MiB/s)
Bytes transferred = 1864 (748 hex)
# Another server not signed against Digicert will fail
=> wget https://www.google.com/
HTTP client error 4
Certificate verification failed
# Disable authentication to allow the command to proceed anyways
=> wget cacert none
=> wget https://www.google.com/
WARNING: no CA certificates, HTTPS connections not authenticated
16683 bytes transferred in 15 ms (1.1 MiB/s)
Bytes transferred = 16683 (412b hex)
# Force verification but unregister the CA certificates
=> wget cacert required
=> wget cacert 0 0
# Unsurprisingly, download fails
=> wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/
Error: cacert authentication mode is 'required' but no CA certificates given
# Get the same certificates as above from the network
=> wget cacert none
=> wget https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt
WARNING: no CA certificates, HTTPS connections not authenticated
1386 bytes transferred in 1 ms (1.3 MiB/s)
Bytes transferred = 1386 (56a hex)
# Register them and force authentication
=> wget cacert $fileaddr $filesize
=> wget cacert required
# Authentication is operational again
=> wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/
1864 bytes transferred in 1 ms (1.8 MiB/s)
Bytes transferred = 1864 (748 hex)
# The builtin certificates can be restored at any time
=> wget cacert builtin
Configuration
-------------
The command is only available if CONFIG_CMD_WGET=y.
To enable lwIP support set CONFIG_NET_LWIP=y. In this case, root certificates
support can be enabled via CONFIG_WGET_BUILTIN_CACERT=y
CONFIG_WGET_BUILTIN_CACERT_PATH=<some path> (for built-in certificates) and/or
CONFIG_WGET_CACERT=y (for the wget cacert command).
TCP Selective Acknowledgments in the legacy network stack can be enabled via
CONFIG_PROT_TCP_SACK=y. This will improve the download speed. Selective
Acknowledgments are enabled by default with lwIP.
Return value
------------
The return value $? is 0 (true) on success and 1 (false) otherwise.
|