OpenWrt之opkg详解


OpenWrt之opkg详解


前言

opkg是OpenWrt的软件包的管理系统, 管理着整个OpenWrt的软件包以及驱动内核模块, 今天就来看看opkg在路由器都有哪些神奇的操作.


opkg Git Source

https://git.openwrt.org/project/opkg-lede.git


opkg download

opkg的下载方式是wget , 参考源码libopkg/opkg_download.c

{
		int res;
		const char *argv[11];
		int i = 0;

		argv[i++] = "wget";
		argv[i++] = "-q";
		if (conf->no_check_certificate) {
			argv[i++] = "--no-check-certificate";
		}
		if (conf->http_timeout) {
			argv[i++] = "--timeout";
			argv[i++] = conf->http_timeout;
		}
		if (conf->http_proxy || conf->https_proxy || conf->ftp_proxy) {
			argv[i++] = "-Y";
			argv[i++] = "on";
		}
		argv[i++] = "-O";
		argv[i++] = tmp_file_location;
		argv[i++] = src;
		argv[i++] = NULL;
		res = xsystem(argv);

		if (res) {
			opkg_msg(ERROR,
				 "Failed to download %s, wget returned %d.\n",
				 src, res);
			if (res == 4)
				opkg_msg(ERROR,
					 "Check your network settings and connectivity.\n\n");
			free(tmp_file_location);
			return -1;
		}
	}

opkg options

  • opkg的配置文件/etc/opkg.conf
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
option check_signature

配置项格式: <option> <type> <conf>

  • dest root /
    这个是根目录位置, 默认/

  • dest ram /tmp
    这个是内存的临时存放位置, 默认是/tmp

  • lists_dir ext /var/opkg-lists
    这个是opkg updatePackages.gz的保存位置, 默认是/var/opkg-lists

  • option overlay_root /overlay
    这个是根文件系统, 保持默认即可

  • option check_signature
    这个是检查包签名(.sig), 默认值是1, 开启, 类型为bool, option check_signature 0, 0为禁用


  • 选项源码在libopkg/opkg_conf

libopkg/opkg_conf.h

/* options */
int autoremove;
int force_depends;
int force_defaults;
int force_maintainer;
int force_overwrite;
int force_downgrade;
int force_reinstall;
int force_space;
int force_removal_of_dependent_packages;
int force_removal_of_essential_packages;
int force_postinstall;
int force_remove;
int force_checksum;
int check_signature;
int force_signature;
int no_check_certificate;
int nodeps;		/* do not follow dependencies */
int nocase;		/* perform case insensitive matching */
char *offline_root;
char *overlay_root;
int query_all;
int verbosity;
char *verify_program;
int noaction;
int size;
int strip_abi;
int download_only;
char *cache;

/* proxy options */
char *http_proxy;
char *http_timeout;
char *https_proxy;
char *ftp_proxy;
char *no_proxy;
char *proxy_user;
char *proxy_passwd;

char *signature_ca_file;
char *signature_ca_path;

libopkg/opkg_conf.c

opkg_option_t options[] = {
	{"cache", OPKG_OPT_TYPE_STRING, &_conf.cache},
	{"force_defaults", OPKG_OPT_TYPE_BOOL, &_conf.force_defaults},
	{"force_maintainer", OPKG_OPT_TYPE_BOOL, &_conf.force_maintainer},
	{"force_depends", OPKG_OPT_TYPE_BOOL, &_conf.force_depends},
	{"force_overwrite", OPKG_OPT_TYPE_BOOL, &_conf.force_overwrite},
	{"force_downgrade", OPKG_OPT_TYPE_BOOL, &_conf.force_downgrade},
	{"force_reinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_reinstall},
	{"force_space", OPKG_OPT_TYPE_BOOL, &_conf.force_space},
	{"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
	{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
	{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
	{"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
	{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
	{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
	{"http_timeout", OPKG_OPT_TYPE_STRING, &_conf.http_timeout},
	{"https_proxy", OPKG_OPT_TYPE_STRING, &_conf.https_proxy},
	{"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
	{"test", OPKG_OPT_TYPE_BOOL, &_conf.noaction},
	{"noaction", OPKG_OPT_TYPE_BOOL, &_conf.noaction},
	{"download_only", OPKG_OPT_TYPE_BOOL, &_conf.download_only},
	{"nodeps", OPKG_OPT_TYPE_BOOL, &_conf.nodeps},
	{"nocase", OPKG_OPT_TYPE_BOOL, &_conf.nocase},
	{"offline_root", OPKG_OPT_TYPE_STRING, &_conf.offline_root},
	{"overlay_root", OPKG_OPT_TYPE_STRING, &_conf.overlay_root},
	{"proxy_passwd", OPKG_OPT_TYPE_STRING, &_conf.proxy_passwd},
	{"proxy_user", OPKG_OPT_TYPE_STRING, &_conf.proxy_user},
	{"query-all", OPKG_OPT_TYPE_BOOL, &_conf.query_all},
	{"size", OPKG_OPT_TYPE_BOOL, &_conf.size},
	{"strip_abi", OPKG_OPT_TYPE_BOOL, &_conf.strip_abi},
	{"tmp_dir", OPKG_OPT_TYPE_STRING, &_conf.tmp_dir},
	{"verbosity", OPKG_OPT_TYPE_INT, &_conf.verbosity},
	{"verify_program", OPKG_OPT_TYPE_STRING, &_conf.verify_program},
	{NULL, 0, NULL}
};

通过上面的选项, 可以在/etc/opkg.conf中额外添加option, 比如我想添加不检查远程https证书, 找到该选项的类型, 按照格式填写进opkg.conf

dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
option check_signature
# 下面是我添加的
optinon no_check_certificate 1
# 添加代理
optinon http_proxy 127.0.0.1:7890
optinon https_proxy 127.0.0.1:7890
optinon ftp_proxy 127.0.0.1:7890
# 超时时间 单位: 秒
option http_timeout 5
# 代理认证信息, 没有请忽略
optinon proxy_user NueXini
optinon proxy_passwd NueXini

opkg usuage

src/opkg-cl.c --> static void usage()

opkg must have one sub-command argument
usage: opkg [options...] sub-command [arguments...]
where sub-command is one of:

Package Manipulation:
	update			Update list of available packages
	upgrade <pkgs>		Upgrade packages
	install <pkgs>		Install package(s)
	configure <pkgs>	Configure unpacked package(s)
	remove <pkgs|regexp>	Remove package(s)
	flag <flag> <pkgs>	Flag package(s)
	 <flag>=hold|noprune|user|ok|installed|unpacked (one per invocation)

Informational Commands:
	list			List available packages
	list-installed		List installed packages
	list-upgradable		List installed and upgradable packages
	list-changed-conffiles	List user modified configuration files
	files <pkg>		List files belonging to <pkg>
	search <file|regexp>	List package providing <file>
	find <regexp>		List packages whose name or description matches <regexp>
	info [pkg|regexp]	Display all info for <pkg>
	status [pkg|regexp]	Display all status for <pkg>
	download <pkg>		Download <pkg> to current directory
	compare-versions <v1> <op> <v2>
	                    compare versions using <= < > >= = << >>
	print-architecture	List installable package architectures
	depends [-A] [pkgname|pat]+
	whatdepends [-A] [pkgname|pat]+
	whatdependsrec [-A] [pkgname|pat]+
	whatrecommends[-A] [pkgname|pat]+
	whatsuggests[-A] [pkgname|pat]+
	whatprovides [-A] [pkgname|pat]+
	whatconflicts [-A] [pkgname|pat]+
	whatreplaces [-A] [pkgname|pat]+

Options:
	-A			Query all packages not just those installed
	-V[<level>]		Set verbosity level to <level>.
	--verbosity[=<level>]	Verbosity levels:
					0 errors only
					1 normal messages (default)
					2 informative messages
					3 debug
					4 debug level 2
	-f <conf_file>		Use <conf_file> as the opkg configuration file
	--conf <conf_file>
	--cache <directory>	Use a package cache
	-d <dest_name>		Use <dest_name> as the the root directory for
	--dest <dest_name>	package installation, removal, upgrading.
				<dest_name> should be a defined dest name from
				the configuration file, (but can also be a
				directory name in a pinch).
	-o <dir>		Use <dir> as the root directory for
	--offline-root <dir>	offline installation of packages.
	--verify-program <path>	Use the given program to verify usign signatures
	--add-arch <arch>:<prio>	Register architecture with given priority
	--add-dest <name>:<path>	Register destination with given path

Force Options:
	--force-depends		Install/remove despite failed dependencies
	--force-maintainer	Overwrite preexisting config files
	--force-reinstall	Reinstall package(s)
	--force-overwrite	Overwrite files from other package(s)
	--force-downgrade	Allow opkg to downgrade packages
	--force-space		Disable free space checks
	--force-postinstall	Run postinstall scripts even in offline mode
	--force-remove	Remove package even if prerm script fails
	--force-checksum	Don't fail on checksum mismatches
	--no-check-certificate Don't validate SSL certificates
	--noaction		No action -- test only
	--download-only	No action -- download only
	--nodeps		Do not follow dependencies
	--nocase		Perform case insensitive pattern matching
	--size			Print package size when listing available packages
	--strip-abi		Print package name without appended ABI version
	--force-removal-of-dependent-packages
				Remove package and all dependencies
	--autoremove		Remove packages that were installed
				automatically to satisfy dependencies
	-t			Specify tmp-dir.
	--tmp-dir		Specify tmp-dir.
	-l			Specify lists-dir.
	--lists-dir		Specify lists-dir.

 regexp could be something like 'pkgname*' '*file*' or similar
 e.g. opkg info 'libstd*' or opkg search '*libop*' or opkg remove 'libncur*'

用法: opkg [options...] sub-command [arguments...] , 下面讲几个常见的用法


opkg commands

  • opkg update 更新软件包, 不需要额外参数
  • opkg upgrade luci-app-sqm iptables-nft 升级软件包, 多个软件包使用空格分开, 如果luci-app-sqm未安装, 则会执行opkg install安装软件
  • opkg --nodeps install luci-app-sqm 安装软件但是不安装依赖, 多个软件包使用空格分开
  • opkg print-architecture 获取架构, 不需要额外参数
root@X-WRT:~# opkg print-architecture
arch all 1
arch noarch 1
arch mipsel_24kc 10
  • opkg whatdepends luci-app-ddns
root@X-WRT:~# opkg whatdepends luci-app-ddns
Root set:
  luci-app-ddns
What depends on root set
	luci-i18n-ddns-zh-cn git-22.205.58624-4d77b1b	depends on luci-app-ddns
  • 优先级问题

输入opkg --nodeps install luci-app-sqmnodeps的优先级 大于 /etc/opkg.conf里面option nodeps的优先级

/etc/opkg.conf假如添加了option nodeps 1, 输入opkg install luci-app-sqm时, 会附加--nodeps


opkg .ipk

.ipk文件的本质其实是一个压缩包, 我们以ip6tables-nft_1.8.8-1_mipsel_24kc.ipk为例, 拆解这个ipk看看葫芦里卖的什么药.

ipk里共有三个文件

hi@ubuntu:~$ tar -tvf ip6tables-nft_1.8.8-1_mipsel_24kc.ipk
-rw-r--r-- 0/0               4 2022-07-11 01:07 ./debian-binary
-rw-r--r-- 0/0             244 2022-07-11 01:07 ./data.tar.gz
-rw-r--r-- 0/0             606 2022-07-11 01:07 ./control.tar.gz
  • debian-binary
hi@ubuntu:~$ cat ./debian-binary
2.0
# 这个文件内容好像都是2.0 查看了几个ipk都是这样
  • data.tar.gz
hi@ubuntu:~$ tar -tvf data.tar.gz
drwxr-xr-x 0/0               0 2022-07-11 01:07 ./
drwxr-xr-x 0/0               0 2022-07-11 01:07 ./usr/
drwxr-xr-x 0/0               0 2022-07-11 01:07 ./usr/sbin/
lrwxrwxrwx 0/0               0 2022-07-11 01:07 ./usr/sbin/ip6tables-nft -> xtables-nft-multi
lrwxrwxrwx 0/0               0 2022-07-11 01:07 ./usr/sbin/ip6tables-nft-restore -> xtables-nft-multi
lrwxrwxrwx 0/0               0 2022-07-11 01:07 ./usr/sbin/ip6tables-nft-save -> xtables-nft-multi
lrwxrwxrwx 0/0               0 2022-07-11 01:07 ./usr/sbin/ip6tables-restore-translate -> xtables-nft-multi
lrwxrwxrwx 0/0               0 2022-07-11 01:07 ./usr/sbin/ip6tables-translate -> xtables-nft-multi

# 这几个应该是会安装到/usr/sbin/
  • control.tar.gz
hi@ubuntu:~$ tar -tvf control.tar.gz
drwxr-xr-x 0/0               0 2022-07-11 01:07 ./
-rw-r--r-- 0/0             662 2022-07-11 01:07 ./control
-rwxr-xr-x 0/0             160 2022-07-11 01:07 ./postinst
-rwxr-xr-x 0/0             117 2022-07-11 01:07 ./prerm
  • control.tar.gz --> control
Package: ip6tables-nft
Version: 1.8.8-1
Depends: libc, kmod-ip6tables, xtables-nft
Provides: ip6tables
Alternatives: 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi, 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi, 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
Source: package/network/utils/iptables
SourceName: ip6tables-nft
License: GPL-2.0
Section: net
SourceDateEpoch: 1657472867
CPE-ID: cpe:/a:netfilter_core_team:iptables
Architecture: mipsel_24kc
Installed-Size: 244
Description:  Extra ip6tables nftables nft binaries.
 ip6tables-nft
 ip6tables-nft-restore
 ip6tables-nft-save
 ip6tables-translate
 ip6tables-restore-translate
  • control.tar.gz --> postinst
#!/bin/sh
[ "${IPKG_NO_SCRIPT}" = "1" ] && exit 0
[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
. ${IPKG_INSTROOT}/lib/functions.sh
default_postinst $0 $@
  • control.tar.gz --> prerm
#!/bin/sh
[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
. ${IPKG_INSTROOT}/lib/functions.sh
default_prerm $0 $@
File explain Makefile
control 控制文件 include/package.mk
conffiles 配置文件 include/package-ipkg.mk
preinst 安装软件包之前执行的脚本 include/package-ipkg.mk
postinst 安装软件包之后执行脚本 include/package-ipkg.mk
prerm 安装软件包之前执行的脚本 include/package-ipkg.mk
postrm 安装软件包之后执行的脚本 include/package-ipkg.mk

Enjot it ~~

posted @ 2022-08-10 23:51  虐心i  阅读(4092)  评论(0编辑  收藏  举报